+ Reply to Thread
Page 1 of 2 1 2 LastLast
Results 1 to 30 of 55

Thread: Forum Compromised?

  1. #1
    Dave Henderson
    Join Date
    Jul 2010
    Posts
    623
    Thanks
    230
    Thanked 349 Times in 152 Posts

    Forum Compromised?

    I keep getting a message on my screen from Webmaster saying that the forum has been compromised. Anyone else get ever this?

  2. #2
    Dave Henderson saints alive ?'s Avatar
    Join Date
    Jul 2010
    Location
    rialto
    Posts
    642
    Thanks
    549
    Thanked 57 Times in 38 Posts
    not me anyway
    i am confused about being confused

  3. #3
    Noel Mernagh
    Join Date
    Jul 2010
    Posts
    111
    Thanks
    6
    Thanked 67 Times in 24 Posts
    yeah it pops up every time i log in or change forums

  4. #4
    Patrons
    Join Date
    Jul 2010
    Location
    Dublin, , Ireland
    Posts
    67
    Thanks
    223
    Thanked 47 Times in 15 Posts
    Forum won't let me log in 1st time keeps showing password then directing me to a second log-in attempt

  5. #5
    Ricky O'Flaherty
    Join Date
    Dec 2011
    Location
    Clondalkin
    Posts
    1,178
    Thanks
    1,562
    Thanked 760 Times in 292 Posts
    Quote Originally Posted by SaintBollie View Post
    Forum won't let me log in 1st time keeps showing password then directing me to a second log-in attempt

    This happens me on every forum site. No idea why but don't put in your username or password. If you just click the forum button in the top left it goes back to normal. Bit of a weird one.

    No forum compromised messages for me either

  6. #6
    Super Moderator Jimdagym's Avatar
    Join Date
    Jul 2010
    Location
    Balbriggan
    Posts
    4,052
    Thanks
    471
    Thanked 956 Times in 529 Posts
    Quote Originally Posted by Richsaint View Post
    I keep getting a message on my screen from Webmaster saying that the forum has been compromised. Anyone else get ever this?
    Give us your pin number and we will check it out for you.
    There is no emoticon for what I am feeling.

  7. The Following 2 Users Say Thank You to Jimdagym For This Useful Post:


  8. #7
    Noel Campbell harry potter's Avatar
    Join Date
    Jul 2010
    Location
    Cherry Orchard
    Posts
    1,456
    Thanks
    598
    Thanked 534 Times in 258 Posts
    Thought this would have been about the Rovers forum

  9. #8
    Packie Lynch
    Join Date
    Sep 2010
    Location
    Tallaght
    Posts
    703
    Thanks
    359
    Thanked 86 Times in 46 Posts
    Quote Originally Posted by Richsaint View Post
    I keep getting a message on my screen from Webmaster saying that the forum has been compromised. Anyone else get ever this?
    im getting it aswell
    Liam Buckleys red and White Army

  10. #9
    Administrator
    Join Date
    Jul 2010
    Posts
    11,753
    Thanks
    1,537
    Thanked 6,034 Times in 2,721 Posts
    Nothing happening here lads but we'll look into it

    BTW if you use saintsforum.net instead of www.saintsforum.net it won't remember your log in (so use www.saintsforum.net)
    "We've seen you come, we'll see you go"

  11. #10
    Patrons
    Join Date
    Jul 2010
    Posts
    1,089
    Thanks
    396
    Thanked 1,381 Times in 400 Posts
    Getting this too. It says "if you see this notice then you are linking to our site via an iframe likely in the footer of yoir forum and/or website. Go to your admin area in your forum and check your templates for an iframe, remove it, then this message will go away."

    Staerted yesterday, and it's a pain - comes back everytime you go to another page or thread.

  12. #11
    Ricky O'Flaherty Rathcoolesaint's Avatar
    Join Date
    Jul 2010
    Location
    Co. Laois
    Posts
    1,075
    Thanks
    234
    Thanked 342 Times in 173 Posts
    getting it also

  13. #12
    Peter Carpenter
    Join Date
    Jul 2010
    Posts
    334
    Thanks
    115
    Thanked 215 Times in 107 Posts
    Quote Originally Posted by Rathcoolesaint View Post
    getting it also
    getting it too , i think its the mods snooping

  14. #13
    Dave Henderson
    Join Date
    Jul 2010
    Posts
    623
    Thanks
    230
    Thanked 349 Times in 152 Posts
    Quote Originally Posted by Jimdagym View Post
    Give us your pin number and we will check it out for you.
    Thanks, my pin no. is s.a.f.e.t.y. I find using letters is more seure than no.'s. Let me know how you get on.

  15. #14
    Patrons
    Join Date
    Jul 2010
    Posts
    1,089
    Thanks
    396
    Thanked 1,381 Times in 400 Posts
    The message appears if I'm using Internet Explorer, but not if I'm using Chrome.

  16. #15
    Administrator
    Join Date
    Jul 2010
    Posts
    11,753
    Thanks
    1,537
    Thanked 6,034 Times in 2,721 Posts
    thats my next question. What browser and forum are people using?

    Nothing for me on firefox and 'default' (the blue one)
    "We've seen you come, we'll see you go"

  17. #16
    Paul Osam St. Robbie's Avatar
    Join Date
    Jul 2010
    Location
    Madrid
    Posts
    3,045
    Thanks
    1,770
    Thanked 1,763 Times in 665 Posts
    Happens me aswell. Using Internet Explorer
    Christy Fagan - He scores big goals

  18. #17
    Patrons
    Join Date
    Jul 2010
    Posts
    873
    Thanks
    1,108
    Thanked 297 Times in 132 Posts
    I get the message when I use IE. Chrome and Firefox give no warnings.

  19. #18
    Patrons
    Join Date
    Jul 2010
    Location
    Camac Towers
    Posts
    441
    Thanks
    278
    Thanked 422 Times in 158 Posts
    If it's any help this is what Norton comes up with when that message is shown.....

    Category: Intrusion Prevention
    Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
    2012-07-01 15:45:10,High,An intrusion attempt by yeivna.info was blocked.,Blocked,No Action Required,Web Attack: JRE Concurrency CVE-2012-0507,No Action Required,No Action Required,"yeivna.info (37.59.136.63, 80)",yeivna.info/getfile.php?i=4&key=e80e7508f56b6b1f08a4d733ceb3fc f7,
    Network traffic from <b>yeivna.info/getfile.php?i=4&key=e80e7508f56b6b1f08a4d733ceb3fc f7</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\JAVA\JRE6\BIN\JAVA.EXE.

  20. #19
    Patrons
    Join Date
    Jul 2010
    Location
    Cherry Orchard
    Posts
    628
    Thanks
    136
    Thanked 523 Times in 185 Posts
    Quote Originally Posted by tom View Post
    Getting this too. It says "if you see this notice then you are linking to our site via an iframe likely in the footer of yoir forum and/or website. Go to your admin area in your forum and check your templates for an iframe, remove it, then this message will go away."
    Getting the same pop-up as Tom, using IE. Only happening here, not on other vBulletin forums.

  21. #20
    Dinny Lowry
    Join Date
    Jul 2010
    Posts
    2,107
    Thanks
    487
    Thanked 809 Times in 379 Posts
    IP address seems to be from Paris, most likely on a vpn mods should report this to abuse@ovh.com

  22. #21
    Dave Henderson
    Join Date
    Jul 2010
    Posts
    623
    Thanks
    230
    Thanked 349 Times in 152 Posts
    Is ther anything that can be done about this?

  23. #22
    Dinny Lowry
    Join Date
    Jul 2010
    Posts
    2,107
    Thanks
    487
    Thanked 809 Times in 379 Posts
    Maybe it's a Bray hacker ?
    I'd imagine kdjac is waiting for his offer of a bag of cans to fix it

    If it's really an intrusion attack it's more than likely someone trying to set up a JDB so that they can spread bots on a forum

  24. #23
    Patrons
    Join Date
    Jul 2010
    Posts
    1,089
    Thanks
    396
    Thanked 1,381 Times in 400 Posts
    If it's really an intrusion attack it's more than likely someone trying to set up a JDB so that they can spread bots on a forum[/QUOTE]

    For the benefit of oldies like me, can you give the Computers for Dummies version of that?

  25. #24
    Dave Henderson
    Join Date
    Jul 2010
    Posts
    623
    Thanks
    230
    Thanked 349 Times in 152 Posts
    And for the benefit of the rest of us can he give us a solution?

  26. #25
    Administrator
    Join Date
    Jul 2010
    Posts
    11,753
    Thanks
    1,537
    Thanked 6,034 Times in 2,721 Posts
    Quote Originally Posted by Richsaint View Post
    And for the benefit of the rest of us can he give us a solution?
    use chrome or firefox nd there's no issue

    still working on it btw
    "We've seen you come, we'll see you go"

  27. The Following User Says Thank You to Dodge For This Useful Post:


  28. #26
    Dinny Lowry
    Join Date
    Jul 2010
    Posts
    2,107
    Thanks
    487
    Thanked 809 Times in 379 Posts
    Quote Originally Posted by tom View Post
    If it's really an intrusion attack it's more than likely someone trying to set up a JDB so that they can spread bots on a forum
    For the benefit of oldies like me, can you give the Computers for Dummies version of that?[/QUOTE]

    Spread bots ( a virus that can receive a command )
    JBD ( Java Drive By )

    Bots are used for downloading files or else people can sell Youtube watches , Facebook Likes or Twitter follows

    People also use bots to install RATS ( Remote Access Terminals )
    If your ratted , people can control your computer ( If I have you ratted I coukd turn on your webcam and you wouldn't know , fuck around with computer ect.. )

    Looks like dodge has it sorted tho

  29. The Following User Says Thank You to decokh For This Useful Post:

    tom

  30. #27
    Administrator
    Join Date
    Jul 2010
    Posts
    11,753
    Thanks
    1,537
    Thanked 6,034 Times in 2,721 Posts
    Dodge hasn't a breeze. I'm just saying 'people' are working on it.

    It seems it only affects Internet Exporer
    "We've seen you come, we'll see you go"

  31. #28
    Patrons
    Join Date
    Jul 2010
    Posts
    50
    Thanks
    61
    Thanked 8 Times in 3 Posts
    Quote Originally Posted by Dodge View Post
    use chrome or firefox nd there's no issue

    still working on it btw
    I'm using chrome and the issue is there for me

  32. The Following User Says Thank You to MikeHunt For This Useful Post:


  33. #29
    Dinny Lowry
    Join Date
    Jul 2010
    Posts
    2,107
    Thanks
    487
    Thanked 809 Times in 379 Posts
    Could someone post a screenshot of the " message " and not the warning from norton, I would know a JDB if u seen one

    BTW I've used chrome , safari & IE and had no problems

  34. #30
    Martin Russell
    Join Date
    Jul 2010
    Posts
    584
    Thanks
    153
    Thanked 417 Times in 135 Posts
    We're all fucked. That latvian tina and the chap Dan stole a scarf from have it in for us.

+ Reply to Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts