The forum of the forums
Welcome to the Official Support Forum of Forumotion!

To take full advantage of everything offered by our forum, please log in if you are already a member, or join our community if you've not yet.



Create a free forum like this one.

Web Attack. Malicious File Download.

View previous topic View next topic Go down

Pro Admin Web Attack. Malicious File Download.

Post by parbrook on June 10th 2014, 10:24 pm

When I open my forum www.hyperparathyroid.forumotion.co.uk, Norton reports blocking a "Web attack: malicious file download 12".

The Attack details are as follows:
"download.adobaaoan.us (91.236.116.81, 80)","download.adobaaoan.us/Flashplay/Lem/App/CD/UKa/auload.html?installer=Flash_Player_11_for_Other_Browsers&browser_type=KHTML&dualoffer=false".
Traffic description: TCP, www-http.
Network traffic from <b>download.adobaaoan.us/Flashplay/Lem/App/CD/UKa/auload.html?installer=Flash_Player_11_for_Other_Browsers&browser_type=KHTML&dualoffer=false matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE.

I now cannot access my forum. When I open the forum home page, it is displayed for a second. Then the adverts appear and the browser is redirected to the above file download.

I am assuming that Norton is doing its job correctly in preventing this download, so why is my browser being hijacked and how can I access my forum without being exposed to this malicious file download?

parbrook
Forumember

Posts : 85
Reputation : 1
Language : English
Location : Somerset, UK

http://parathyroid.forumotion.co.uk

Back to top Go down

Pro Admin Re: Web Attack. Malicious File Download.

Post by ddoesmc on June 10th 2014, 10:55 pm

@parbrook wrote:I am assuming that Norton is doing its job correctly in preventing this download
Norton is protecting you from this page, it could be firefox. Also do you have any add ons in firefox?
Norton report

ddoesmc
Forumember

Male Posts : 283
Reputation : 10
Language : Mainly english
Location : New Jersey

http://www.officialmc.forumotion.com

Back to top Go down

Pro Admin Re: Web Attack. Malicious File Download.

Post by parbrook on June 10th 2014, 11:02 pm

I have a few add-ons but I do not see how these would be related to a redirection that happens as soon as the adverts appear.

This issue only happens on the forum home page, not any other website - just like the iPad redirection problem that I reported yesterday, which may be related.

The common factor is the adverts.

parbrook
Forumember

Posts : 85
Reputation : 1
Language : English
Location : Somerset, UK

http://parathyroid.forumotion.co.uk

Back to top Go down

Pro Admin Re: Web Attack. Malicious File Download.

Post by Derri on June 11th 2014, 1:04 am

I'll report this to our Pro Admin who might be able to tell us why this is happening to your forum in the event it isn't something on your end.


Forum Rules: :Forumotion Staff: :Appeal A Warning: :FAQ: :Tips & Tricks: :Forgotten Password/Login Issues
You need one post to send a PM
When your topic has been solved, ensure you mark the topic solved
Never post your email in public


Derri
Administrator
Administrator

Male Posts : 8386
Reputation : 577
Language : English & Basic French
Location : Scotland, United Kingdom

Back to top Go down

Pro Admin Re: Web Attack. Malicious File Download.

Post by Jophy on June 11th 2014, 5:59 am

Hello,

It is advisable to provide screenshot for the pro admin to check, thanks.

Jophy
ForumGuru

Male Posts : 17924
Reputation : 835
Language : English
Location : Somewhere

Back to top Go down

Pro Admin Re: Web Attack. Malicious File Download.

Post by parbrook on June 11th 2014, 9:50 am

@Jophy wrote:Hello,

It is advisable to provide screenshot for the pro admin to check, thanks.

OK, but a screenshot of what?

You have a choice of a Firefox message reporting disconnection from the server (thanks to Norton blocking the redirection) and the URL of the hijack destination (which is the same as I reported above), or the Norton Internet Security report, which I have already given above.

parbrook
Forumember

Posts : 85
Reputation : 1
Language : English
Location : Somerset, UK

http://parathyroid.forumotion.co.uk

Back to top Go down

Pro Admin Re: Web Attack. Malicious File Download.

Post by Leviosa on June 11th 2014, 10:39 am

Hello

I manage to enter your forum properly: http://hyperparathyroid.forumotion.co.uk/
I have checked your forum on Sucuri http://sitecheck.sucuri.net/results/hyperparathyroid.forumotion.co.uk/
I have also checked your forum on Northon:


All look good.

Thanks for providing more information.


No help without your forum url
No support via private message



Leviosa
Administrator
Administrator

Female Posts : 15587
Reputation : 1589
Language : French, English

http://help.forumotion.com

Back to top Go down

Pro Admin Re: Web Attack. Malicious File Download.

Post by parbrook on June 11th 2014, 10:59 am

I also checked the site using securi.net.

I think that the problem is caused by some specific adverts, so you would need to be very lucky to run the security check at the same time as the malicious redirection adverts are appearing.

For your information, the malicious redirection only happens when adverts are displayed.
When I am logged-in as Administrator, adverts are not displayed and I have no problem accessing the forum.

Also, please remember that we have iPad users being redirected to the App Store when they try to log-in.

parbrook
Forumember

Posts : 85
Reputation : 1
Language : English
Location : Somerset, UK

http://parathyroid.forumotion.co.uk

Back to top Go down

Pro Admin Re: Web Attack. Malicious File Download.

Post by parbrook on June 12th 2014, 11:05 am

I have noticed that there is a related thread here: http://help.forumotion.com/t133064-913-java-ads

It seems to be Java and Flash adverts that cause the redirections.

I realise the Forumotion do not control the adverts, but it is a major problem when members and visitors cannot access the forums.

parbrook
Forumember

Posts : 85
Reputation : 1
Language : English
Location : Somerset, UK

http://parathyroid.forumotion.co.uk

Back to top Go down

Pro Admin Re: Web Attack. Malicious File Download.

Post by Jophy on June 12th 2014, 1:11 pm

Hello,

Just to inform that Buttercup is on leave today, she'll be back by tomorrow to assist you further in this issue. Thanks.

Jophy
ForumGuru

Male Posts : 17924
Reputation : 835
Language : English
Location : Somewhere

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum