Pedelecs reported as an attack site

rsscott

Administrator
Staff member
Aug 17, 2006
1,399
195
We've checked the site again and not found any dodgy code. Google has also given it a clean bill of health. I'm wondering whether it takes a little while for all the antivirus/spam providers to update their own lists once Google has given it the all-clear.
 

Tara

Pedelecer
Aug 13, 2011
95
0
Torbay, South Devon
Hi

I haven't logged in here since the end of last year (and never had this concern before)
As said already, Kaspersky is picking up the site (even before log in) as a 'phishing URL'

Capture10.JPG

I think mods need to take a look at the screenshot I've attached, which says http://directmarketingline.in/tds/ is the cause of the problem :eek:

Tara
 

flecc

Member
Oct 25, 2006
53,152
30,567
There's definitely something still around. If I google 'Pedelecs' and then clink on the link 'Forum', (second one down) I get taken to this link URL123.INFO - free url redirection and masking service which is basically spam. It's the same for both iphone and win7 PC
I'm ok with normal entry Nick, but trying that entry brings up the same problem. It seems to be instigated by Google and it could be the problem is more with their detection system picking up the information collection cookie activity on this site. I think they are overstepping themselves with this activity, intruding in areas that don't concern them.
 

rsscott

Administrator
Staff member
Aug 17, 2006
1,399
195
We've found the culprit, someone had managed to insert an outgoing link into one of the vbulletin source files. All traces have been removed and we've reported the attack to vBulletin so they can patch it.
 

FJJ

Pedelecer
Feb 7, 2011
76
0
West Lothian
Sounds like the permissions on the www directory might need looking at to prevent that happening again...
 

Teejay

Pedelecer
Jan 22, 2008
74
11
NW London
Um, are we out of the woods I wonder? My Avast kept coming up with 'Threat has been detected. Malicious Website blocked' a few nights ago, on every page change - making browsing the forum very difficult and of course I gave up after reading this thread.

Since then, it's been fine.

But, about half-hour ago, it all started up again...
 

Jimod

Esteemed Pedelecer
Aug 9, 2010
1,065
634
Polmont
On my laptop Malwarebytes reports blocking access to a website when I'm looking at some of the pages on pedelecs. It did it about 5 minutes ago.
 

Tara

Pedelecer
Aug 13, 2011
95
0
Torbay, South Devon
We've found the culprit, someone had managed to insert an outgoing link into one of the vbulletin source files. All traces have been removed and we've reported the attack to vBulletin so they can patch it.

Russ, the issue isn't fixed...

Please look at the
newest screenshot attached. At 11:48pm / 1st March, Kaspersky (KIS) is still flagging this site as malicious:

Capture1.JPG

The first capture I posted above on the 26th Feb gave this info: http://directmarketingline.in/tds/

Now the URL causing the problem is: http://discount12-promo.in/home.php


I'm not happy to use the site whilst these issues are still active, so I won't be posting back for a while - Hopefully you can get this sorted out quickly.

Tara
 

Blew it

Esteemed Pedelecer
Jun 8, 2008
1,472
97
Swindon, Wiltshire
I'm not really sure what's going on in this site. I've had no problems up until yesterday, then lots of weird stuff started coming up.

This evening I was informed 'this site uses java script' and it took several attempts to get into the forum. Then a warning about some 'redirect' thingy. I don't think there is any real threat, it's just annoying.
 

eddieo

Banned
Jul 7, 2008
5,070
6
well i just tried it again out of interest and it is still doing it!
 

shemozzle999

Esteemed Pedelecer
Sep 28, 2009
2,826
686
3 attacks this morning on opening page. Nod AV captured OK and deleted.
Seems the naughty boys operate overnight.
No problems when I reconnected at 9.00am.
 
Last edited:

mike killay

Esteemed Pedelecer
Feb 17, 2011
3,012
1,629
I had a bad attack last night, everything seemed infected AVG appears to have removed them to the vault.
Who is doing this, and why?
 

flecc

Member
Oct 25, 2006
53,152
30,567
I'm using AVG and Firefox and have absolutely no problems since Russ first reported clear.
 
C

Cyclezee

Guest
Likewise, using Google Chrome on a Mac with Sophos AV, no problemo?
 

funkylyn

Esteemed Pedelecer
Feb 22, 2011
3,172
27
South Shields, Tyne & Wear
Well....I havent been attacked for ages.......maybe my AVG protects me well......or maybe
its the Poms....:D

Lynda :)
 

rsscott

Administrator
Staff member
Aug 17, 2006
1,399
195
The exploit is within vBulletin. Unfortunately we can patch it but not stop it entirely yet until vBulletin release an update. There are quite a few vB sites affected.
 
D

Deleted member 4366

Guest
Meanwhile, my computer is very ill.
If your pc gets really infected and you can't get them out, you can download Ubuntu Linux onto a pen drive.There's instructions how to do it on the Homepage | Ubuntu site. Then you set your pc to boot from USB, put in the stick and start your pc. Once it's going you can use the Ubuntu software centre to download Clam antivirus that will then scan and remove the viruses without Windows running. Sometimes the really clever viruses stop your anti-virus from running or detecting them, then this method is necessary. You can keep the memory stick and use it whenever you need to visit dodgy sites where the risk is high. It makes you invulnerable like when you use "God Mode" in games. Use a version of Ubuntu 11.04 or lower. The later ones take a bit of figuring out.