Careful Of That Big Virus On This Site...

[Toro]

I hope admin finds a way to resolve this. USMB will start losing people if it does not.

 

[ekrem]

I hope admin finds a way to resolve this. USMB will start losing people if it does not.

It is not possible to get a virus on usmb.com, unless a script/code is being executed, which has been uploaded to Server by someone who shouldn't have write-permissions on Server. Vbulletin itself is secure.

If Server would've been hacked, we'd really get viruses and site would be down or its content replaced by porn or something else.
USMB runs for years and would the Admin not know how to run a Server, usmb wouldn't have run for years but would've been hacked and brought down already multiple times.

The Server sends Identification of the used Software (Versions of Nginx and PHP).
These versions are a little bit outdated, but still secure. Better is not to send these identifications so a hacker doesn't even know what Software is being used.
To disable sending this identification, the configuration files have to be updated.

In nginx config-file this line must be added in server-bracket

server
{
server_tokens off;
}

And in php.ini

From
expose_php = On
to
expose_php = Off

Reason for outdated software is probably installation of software using System's packet-manager, which only has newest software if you are using a "testing"-branch like Debian Wheezy (not recommended for a Server).
Big version updates for Software in System's package-manager only occurs when System itself is being updated from old stable-branch to the next version.
Testing repositories always have "new" software.

 

[ekrem]

Ok this might be a dumb question but . . . if you use AdBlock and the virus is in an ad would that mean you've effectively blocked the virus? Inquiring minds want to know.

Use noscript
https://addons.mozilla.org/de/firefox/addon/noscript/

And only allow scripts being executed by the top-level domain.
With this configuration, you'll only be served scripts which are hosted by nytimes.com if you surf New York Times.
Rest won't be downloaded to your PC.

 

[Toro]

I hope admin finds a way to resolve this. USMB will start losing people if it does not.

It is not possible to get a virus on usmb.com, unless a script/code is being executed, which has been uploaded to Server by someone who shouldn't have write-permissions on Server. Vbulletin itself is secure.

If Server would've been hacked, we'd really get viruses and site would be down or its content replaced by porn or something else.

I know next to zero about software but we've had several posters now claim that this site has infected their computers.

 

[ekrem]

I know next to zero about software but we've had several posters now claim that this site has infected their computers.

They infected their PCs elsewhere if they've an infected PC.
Otherwise all other users surfing usmb.com would also have that "virus".

 

[Vengeance]

May not be related but I get an occasional notiifcation when I enter USMB telling me that the page has been altered to prevent cross scripting- some kind of Java born bug perhaps?

The persistent (or stored) XSS vulnerability is a more devastating variant of a cross-site scripting flaw: it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing, without proper HTML escaping. A classic example of this is with online message boards where users are allowed to post HTML formatted messages for other users to read

For example, suppose there is a dating website where members scan the profiles of other members to see if they look interesting. For privacy reasons, this site hides everybody's real name and email. These are kept secret on the server. The only time a member's real name and email are in the browser is when the member is signed in, and they can't see anyone else's.

Cross-site scripting - Wikipedia, the free encyclopedia

 

[catzmeow]

I know next to zero about software but we've had several posters now claim that this site has infected their computers.

They infected their PCs elsewhere if they've an infected PC.
Otherwise all other users surfing usmb.com would also have that "virus".

I disagree. I think only certain combinations of operating systems and virus software are vulnerable to the specific virus that is here. Most people on here probably aren't vulnerable, but every time I log in these days, Kaspersky and malwarebytes notify me that they've blocked another virus attack. And it's ONLY on this site.

 

[Toro]

I know next to zero about software but we've had several posters now claim that this site has infected their computers.

They infected their PCs elsewhere if they've an infected PC.
Otherwise all other users surfing usmb.com would also have that "virus".

I disagree. I think only certain combinations of operating systems and virus software are vulnerable to the specific virus that is here. Most people on here probably aren't vulnerable, but every time I log in these days, Kaspersky and malwarebytes notify me that they've blocked another virus attack. And it's ONLY on this site.

I think ekrem is wrong.

Several posters have claimed they have contracted a severe virus from here. That is very bad for the reputation of USMB and should be fixed.

 

[ekrem]

May not be related but I get an occasional notiifcation when I enter USMB telling me that the page has been altered to prevent cross scripting- some kind of Java born bug perhaps?

The persistent (or stored) XSS vulnerability is a more devastating variant of a cross-site scripting flaw: it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing, without proper HTML escaping. A classic example of this is with online message boards where users are allowed to post HTML formatted messages for other users to read

For example, suppose there is a dating website where members scan the profiles of other members to see if they look interesting. For privacy reasons, this site hides everybody's real name and email. These are kept secret on the server. The only time a member's real name and email are in the browser is when the member is signed in, and they can't see anyone else's.

Cross-site scripting - Wikipedia, the free encyclopedia

Before "posts" are saved into Database, all user-submitted content is cleaned by a function which takes into consideration such vulnerabilities.
We are talking here about a forum-software which is very secure and which is commercially developed.

When I wrote this message there was an invisible input element under the textbox, where an alphanumeric combination has been set as value. This combination is like an identity for the server-request you are going to make.
Once you'll press "Submit Reply" button the Server checks if it is actually you who is making the request or whether you've been hijacked and request comes another machine.
Most of websites even save your identity in Sessions which are very hard to hijack, with the right configuration even impossible.

You can not just claim that usmb.com sends viruses or is a threat to your internet-security. You must show evidence, and the biggest evidence against your claim is, that the majority doesn't make such claims.
I never witnessed anything on usmb.com which is a security-threat to my Internet identity or the health of my PC.

 

[ekrem]

I disagree. I think only certain combinations of operating systems and virus software are vulnerable to the specific virus that is here. Most people on here probably aren't vulnerable, but every time I log in these days, Kaspersky and malwarebytes notify me that they've blocked another virus attack. And it's ONLY on this site.

Please make a Screenshot of this attack next time.
The window of your "anti-virus" program.
Then we can see what kind of attack we're talking about and whether this attack is coming from usmb.com's IP.

 

[The Professor]

About four months ago I was on the computer when a pop-up appeared. The ad warned me that I had a virus which might damage my computer. The ad also told me that I could get rid of the threatening virus by subscribing to their virus protection program called “Security Protection.” I was unable to get rid of the ad no matter what I did. The computer would not respond to my commands and I could not access my document files or any other program. Even restarting the computer didn't help; when I restarted the computer the ad reappeared. I was desperate to get back to working on my computer but I didn't know how. It was about 2:00 am and I couldn't call anyone for advice so I paid for the program which cost around $60.

After my payment was confirmed, the ad disappeared and the computer worked again. However, it was much slower than it had previously been so I took it to Star Tech, a computer repair shop in Lake City Florida. I was told the virus protection program I paid $60 for was actually a virus. They removed the virus and got my computer running well again. This is what they told me to do if I ever saw the ad again:

(1) Do not click on to any part of the ad, not even the "X" which is typically used to get rid of other images. Once you do that, the virus is installed.

(2) Hit control-alt-delete then select “end program” and end all programs.

(3) Restart the computer.

I paid for the bogus virus protection with PayPal. I challenged the payment with PayPal and my credit card company and won, so in the end the crooks got no money. It did cost me a few bucks for the computer repair guys but at least I learned something in the process. By the way, I did have an active virus protection program installed when the pop-up managed to get through. This virus is a monster.

I hope this helps someone.

 

[Full-Auto]

May not be related but I get an occasional notiifcation when I enter USMB telling me that the page has been altered to prevent cross scripting- some kind of Java born bug perhaps?

The persistent (or stored) XSS vulnerability is a more devastating variant of a cross-site scripting flaw: it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing, without proper HTML escaping. A classic example of this is with online message boards where users are allowed to post HTML formatted messages for other users to read

For example, suppose there is a dating website where members scan the profiles of other members to see if they look interesting. For privacy reasons, this site hides everybody's real name and email. These are kept secret on the server. The only time a member's real name and email are in the browser is when the member is signed in, and they can't see anyone else's.

Cross-site scripting - Wikipedia, the free encyclopedia

Before "posts" are saved into Database, all user-submitted content is cleaned by a function which takes into consideration such vulnerabilities.
We are talking here about a forum-software which is very secure and which is commercially developed.

When I wrote this message there was an invisible input element under the textbox, where an alphanumeric combination has been set as value. This combination is like an identity for the server-request you are going to make.
Once you'll press "Submit Reply" button the Server checks if it is actually you who is making the request or whether you've been hijacked and request comes another machine.
Most of websites even save your identity in Sessions which are very hard to hijack, with the right configuration even impossible.

You can not just claim that usmb.com sends viruses or is a threat to your internet-security. You must show evidence, and the biggest evidence against your claim is, that the majority doesn't make such claims.
I never witnessed anything on usmb.com which is a security-threat to my Internet identity or the health of my PC.

I have had no less then a dozen intrusion attempts. From this site, no others.

Trying to use not many are complaining is weak on so many levels, I will leave it to you to figure out why.

 

[Big Black Dog]

I thought the only virus on this site was Dante.

 

[derk]

About four months ago I was on the computer when a pop-up appeared. The ad warned me that I had a virus which might damage my computer. The ad also told me that I could get rid of the threatening virus by subscribing to their virus protection program called “Security Protection.” I was unable to get rid of the ad no matter what I did. The computer would not respond to my commands and I could not access my document files or any other program. Even restarting the computer didn't help; when I restarted the computer the ad reappeared. I was desperate to get back to working on my computer but I didn't know how. It was about 2:00 am and I couldn't call anyone for advice so I paid for the program which cost around $60.

After my payment was confirmed, the ad disappeared and the computer worked again. However, it was much slower than it had previously been so I took it to Star Tech, a computer repair shop in Lake City Florida. I was told the virus protection program I paid $60 for was actually a virus. They removed the virus and got my computer running well again. This is what they told me to do if I ever saw the ad again:

(1) Do not click on to any part of the ad, not even the "X" which is typically used to get rid of other images. Once you do that, the virus is installed.

(2) Hit control-alt-delete then select “end program” and end all programs.

(3) Restart the computer.

I paid for the bogus virus protection with PayPal. I challenged the payment with PayPal and my credit card company and won, so in the end the crooks got no money. It did cost me a few bucks for the computer repair guys but at least I learned something in the process. By the way, I did have an active virus protection program installed when the pop-up managed to get through. This virus is a monster.

I hope this helps someone.

Microsoft says once its gone if you still have issues the only thing you can do is reformat the hard drive.

 

[007]

My Malwarebytes just alerted me to the fact that it just stopped a threat to my computer from this website... what the hell is going on here?

I'd suggest that everyone here download the free scanner version of Malwarebytes and SCAN THEIR COMPUTER. It's probably infected and you're being spied on.

 

[ekrem]

Still no Screenshots? USMB drama at its finest.

 

[uscitizen]

Obama started the virius!

 

[Amelia]

Still no Screenshots? USMB drama at its finest.

Kinda hard to get a screenshot when the malware has frozen your computer.

 

[Dot Com]

I've gotten a header from McAfee saying this site has been shown to...

Next time I'll copy the text & post it. No probs on my end though AFAICS

 

[Dot Com]

I've gotten a header from McAfee saying this site has been shown to...

Next time I'll copy the text & post it. No probs on my end though AFAICS

Here's the pop up header I get:

We tested this page and blocked content that comes from potentially dangerous or suspicious sites. Allow this content only if you're sure it comes from safe sites.
McAfee

I know its a "Harry Homeowner" type of alert w/o specifics. As others mentioned, they have more detailed reports. I agree w/ the user who said the forum program is one of the strongest:

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2012, vBulletin Solutions, Inc.