Author |
Message |
NikolaiLev
Joined: Fri Aug 26, 2011 3:06 am Posts: 42
|
DataRealms Website Malware Warning
Hello. Every now and then (it occasionally goes away) the Data Realms site is apparently being reported for distributing malware. Either someone's being silly, or there's a problem I haven't noticed yet. I'm using Opera, this is just the built-in malware warning thingy. This has been going on for a few months now. I've bypassed this warning and unless Avast fails me, I haven't been infected with anything.
|
Fri Jun 08, 2012 11:59 pm |
|
|
Gotcha!
Joined: Tue Apr 01, 2008 4:49 pm Posts: 1972 Location: The Netherlands
|
Re: DataRealms Website Malware Warning
Interesting that you say this.
I am having great issues reaching this site for almost a week now and at one point I contacted my ISP about it. They mentioned their system checked this site out to be a... non-trustable website, to put it kindly.
Although I believe it to be nonsense ofcourse, it's strange that it came from the number one ISP in my country. :S
|
Sat Jun 09, 2012 12:22 am |
|
|
NikolaiLev
Joined: Fri Aug 26, 2011 3:06 am Posts: 42
|
Re: DataRealms Website Malware Warning
The first time I saw it, I went to the AVG site and sent a "False Positive" report. I'd do it again, but frankly, now that it's up again I'm kind of wary of doing that.
Investigation is warranted, methinks. It could just be an angry person/group trying to mess with the site by sending bogus reports, but it's better to be safe.
By the way, the forums are being fairly slow for me. Anyone else getting that?
|
Sat Jun 09, 2012 3:18 am |
|
|
TorrentHKU
Loose Canon
Joined: Sun Mar 29, 2009 11:07 pm Posts: 2992 Location: --------------->
|
Re: DataRealms Website Malware Warning
Honestly I'm starting to think someone is doing all they can to ♥♥♥♥ up the forums. I've never seen it this slow except when DRL was being DDoS'd way back when. And considering we've never gone over 130 or so users on at any one time and not had problems, I'm inclined to think that the recent "heavy" traffic from B27 isn't the problem.
|
Sat Jun 09, 2012 4:17 am |
|
|
Daman
Joined: Fri Jan 26, 2007 3:22 am Posts: 1451
|
Re: DataRealms Website Malware Warning
it's definitely the mysqldb being unmaintained. the forums as well as the wiki will error out every now and then because the mysql config is not configured correctly atm.
reports of malicious site is from the security groups downloading any binaries automatically(this includes the CC installer from the front page), and getting that false-positive that some people are apparently getting.
|
Sat Jun 09, 2012 7:12 am |
|
|
Bad Boy
Joined: Fri Sep 10, 2010 1:48 am Posts: 666 Location: Halifax, Canada
|
Re: DataRealms Website Malware Warning
Not entirely related but in case it helps anyone with the relevant know-how, I'm unable to upload attachments and get the following error message. I haven't yet confirmed if this is the same problem Gotcha's suffering from (he's also unable to upload attachments) but either way I hope it helps: Code: Could not upload attachment to ./files/12692_5483e7446c4f1991bc6dcd37f13ffced.
|
Sat Jun 09, 2012 8:09 am |
|
|
NikolaiLev
Joined: Fri Aug 26, 2011 3:06 am Posts: 42
|
Re: DataRealms Website Malware Warning
By the way, I'd like to encourage everyone to file an Incorrect Page Rating Report, as this does harm the website and it's certainly not legitimate. If this is from automatically downloading binaries, how come it's taken so long for this warning to pop up? I still think some nonsense is afoot.
|
Sat Jun 09, 2012 11:31 pm |
|
|
Gotcha!
Joined: Tue Apr 01, 2008 4:49 pm Posts: 1972 Location: The Netherlands
|
Re: DataRealms Website Malware Warning
My problem is definitely different, due to the fact that I can't reach the forum -at all-, except through proxy websites. ;_;
|
Sat Jun 09, 2012 11:59 pm |
|
|
Daman
Joined: Fri Jan 26, 2007 3:22 am Posts: 1451
|
Re: DataRealms Website Malware Warning
NikolaiLev wrote: By the way, I'd like to encourage everyone to file an Incorrect Page Rating Report, as this does harm the website and it's certainly not legitimate. If this is from automatically downloading binaries, how come it's taken so long for this warning to pop up? I still think some nonsense is afoot. Previous releases didn't trigger the false-positive b27 has.
|
Sun Jun 10, 2012 2:24 am |
|
|
NikolaiLev
Joined: Fri Aug 26, 2011 3:06 am Posts: 42
|
Re: DataRealms Website Malware Warning
Daman wrote: Previous releases didn't trigger the false-positive b27 has.
This warning came up before B27 was out. Since a little before the "Finishing the tech implementations" video, in fact.
|
Sun Jun 10, 2012 11:11 am |
|
|
Natti
Data Realms Elite
Joined: Fri Jul 03, 2009 11:05 am Posts: 3878
|
Re: DataRealms Website Malware Warning
|
Sun Jun 10, 2012 12:51 pm |
|
|
NikolaiLev
Joined: Fri Aug 26, 2011 3:06 am Posts: 42
|
Re: DataRealms Website Malware Warning
I just got this email. Now I'm a little worried about what this actually does, and whether or not I need to worry about my machine. Can anyone tell what it does? Further, is anyone forwarding this to the relevant people? I don't know who the website people are for DR, and I certainly want this fixed as much as anyone.
|
Sun Jun 10, 2012 3:55 pm |
|
|
Lizardheim
DRL Developer
Joined: Fri May 15, 2009 10:29 am Posts: 4107 Location: Russia
|
Re: DataRealms Website Malware Warning
Yeah, we know about it.
Forwarded the response to data, btw.
|
Sun Jun 10, 2012 4:00 pm |
|
|
findude
Joined: Tue Dec 12, 2006 3:10 pm Posts: 495 Location: Uncertain quantum state
|
Re: DataRealms Website Malware Warning
I've seen some shady third-party sites in the noscript list of the main page now and then; just now I saw "http://prostofoto.eu" there, now it's gone though. They seem to be "It works!" leaseweb sites. Suspicious.
|
Mon Jun 11, 2012 12:36 am |
|
|
Daman
Joined: Fri Jan 26, 2007 3:22 am Posts: 1451
|
Re: DataRealms Website Malware Warning
Hahahaha, lol, haHAAHAHAhaha. That's great. Hope the server is properly secured, I.E. apache is run on a separate user that only has access to what it needs to have access to. Is payment information stored in a database whose credentials are readable by the same user running apache that serves the infected page? That's pretty probable. I don't think datarealms runs any ads, does it? That'd mean there's an actual security hole. That's a shame. Anyone get the full javascript? It apparently only appears once per IP. e: betting the vulnerability they used is the devlog's wordpress timthumb file. here, data: http://markmaunder.com/2012/04/23/intro ... ty-plugin/findude wrote: I've seen some shady third-party sites in the noscript list of the main page now and then; just now I saw "http://prostofoto.eu" there, now it's gone though. They seem to be "It works!" leaseweb sites. Suspicious. If you get the full URL that is accessed you'll see that the result is a blackhole kit that runs checking for any vulnerable plugins you're using, and exploiting any found holes to add you to a botnet.
|
Mon Jun 11, 2012 8:53 am |
|
|
|