Stories - possible virus

bella (imported) · Post by **bella (imported)** » Tue May 28, 2013 12:26 pm

I am getting this error reported on the story site

"eunuchworld.org/s_index.php";"Exploit Blackhole Exploit Kit (type 2704)";"Object was blocked"

Blackhole Exploit Kit

AVG Detects This Highly Active Webthreat And Its 157 Known Variants.

The most popular variants of Blackhole Exploit Kit are Blackhole Exploit Kit (type 2704), Blackhole Exploit Kit (type 2292), Blackhole Exploit Kit (type 2709) more ...

What is Blackhole Exploit Kit?

Blackhole Exploit Kit is caused by a code that can be hacked into a webpage. When you browse to a webpage with Blackhole Exploit Kit, it will identify and make use of the vulnerabilities in your internet browser/plugins and force adware, phishing programs or any other type of fraudulent software to be installed on your device.

Riverwind (imported) · Tue May 28, 2013 1:32 pm

bella (imported) wrote: Tue May 28, 2013 12:26 pm I am getting this error reported on the story site

"eunuchworld.org/s_index.php";"Exploit Blackhole Exploit Kit (type 2704)";"Object was blocked"

Blackhole Exploit Kit

AVG Detects This Highly Active Webthreat And Its 157 Known Variants.

The most popular variants of Blackhole Exploit Kit are Blackhole Exploit Kit (type 2704), Blackhole Exploit Kit (type 2292), Blackhole Exploit Kit (type 2709) more ...

What is Blackhole Exploit Kit?

Blackhole Exploit Kit is caused by a code that can be hacked into a webpage. When you browse to a webpage with Blackhole Exploit Kit, it will identify and make use of the vulnerabilities in your internet browser/plugins and force adware, phishing programs or any other type of fraudulent software to be installed on your device.

I believe its being looked at, Thanks,

River

Paolo · Post by **Paolo** » Tue May 28, 2013 4:04 pm

The site wanted to execute a script from millszimer.co.il, which I have no idea what it is.

A Google search yields what looks like sites with descriptions in Arabic characters.

It's gone now.

Note: Israel? Have we somehow pissed off the Jews now???

talula · Post by **talula** » Tue May 28, 2013 4:10 pm

The bastards! Yes. There is something. I'm testing. It might be something wierd.

Done with testing. I can trace it but eunuchworld is going down for a couple of days. Sorry.

Paolo · Post by **Paolo** » Tue May 28, 2013 4:38 pm

Dammit anyway.

Someone in Israel is pissed at us.

Cainanite (imported) · Tue May 28, 2013 5:36 pm

Paolo wrote: Tue May 28, 2013 4:38 pm Dammit anyway.

Someone in Israel is pissed at us.

Was it my post on circumcision restoration?

Uhh.... Oops.

talula · Post by **talula** » Tue May 28, 2013 6:04 pm

Yep. That was it hehehe. Eunuchworld.org is officially down for maintenance.

speedvogel (imported) · Tue May 28, 2013 7:23 pm

talula wrote: Tue May 28, 2013 6:04 pm Yep. That was it hehehe. Eunuchworld.org is officially down for maintenance.

Good catch. It gives me a warm fuzzy to know that you devote your time to caring for the flock.

Speed

Prudence (imported) · Tue May 28, 2013 10:18 pm

Try using NMAP or ZENMAP (Google those if you are unfamiliar with them) -- these tools might be able to tell you what plugins/components of the web server are open for exploits.

Also, if you are using any flavor of "the-thing-that-should-not-be" (ie: Java) make sure to un-install any old versions (no matter what it breaks -- uninstall them, period) and install the very latest version. Even versions of Java that are just a few months old are so full of holes you might as well put the Admin Password on your Home Page...

talula · Post by **talula** » Wed May 29, 2013 2:17 pm

Prudence (imported) wrote: Tue May 28, 2013 10:18 pm Try using NMAP or ZENMAP (Google those if you are unfamiliar with them) -- these tools might be able to tell you what plugins/components of the web server are open for exploits.

No. I use them every day of the week. You use it and let me know in private if you find something I missed. 4 eyes are better than 2.

Prudence (imported) wrote: Tue May 28, 2013 10:18 pm Also, if you are using any flavor of "the-thing-that-should-not-be" (ie: Java) make sure to un-install any old versions (no matter what it breaks -- uninstall them, period) and install the very latest version. Even versions of Java that are just a few months old are so full of holes you might as well put the Admin Password on your Home Page...

We don't run a tomcat server. There are no java packages installed.

I spent most of the day going through the logs and tightening down some aspects. The damage isn't really that bad but it is enough I'll be doing some writing for the index page. Good news is though that within minutes of tightening stuff down I caught someone trying to break in and is now banned:

person: Evgeniy German

address: 30 Smirnova Street, Tomsk, Russia

phone: +7 3822 76-53-20

mnt-by: TOMLINE-MNT

Lessoned learned? Read your logs 24 hours a day, 7 days a week and never sleep. hehehehe.

Stories - possible virus

Posting Rank

Stories - possible virus

Posting Rank

Re: Stories - possible virus

Posting Rank

Re: Stories - possible virus

Posting Rank

Re: Stories - possible virus

Posting Rank

Re: Stories - possible virus

Posting Rank

Re: Stories - possible virus

Posting Rank

Re: Stories - possible virus

Posting Rank

Re: Stories - possible virus

Posting Rank

Re: Stories - possible virus

Posting Rank

Re: Stories - possible virus