TMLfans.ca

Site Support & Feedback => General Info => Topic started by: Rick Couchman on December 02, 2014, 11:17:06 AM

Title: Virus
Post by: Rick Couchman on December 02, 2014, 11:17:06 AM
Our server got hacked a few weeks ago.  There's a lingering file somewhere on our server that is still listed as malware.  Problem is I don't know where it is - a few people here have said a warning comes up.

If you see a warning - please lemme know the details that you see - name of the virus alert, whether it's on our front page of TMLfans, or if it's in the forums - and does it come up on a specific thread or forum??

Thanks!
Title: Re: Virus
Post by: Heroic Shrimp on December 02, 2014, 11:39:24 AM
My alert to "Mal/HTML-Gen-A" came up when refreshing "recent posts" in the forums.
Title: Re: Virus
Post by: Rick Couchman on December 02, 2014, 11:48:46 AM
Hmm.  That's a start!  Anyone else get any warnings of any kid?  I can't seem to find the one HS found.  I need better scanning!!
Title: Re: Virus
Post by: LittleHockeyFan on December 02, 2014, 01:33:20 PM
I'm on a Mac, but I have to admit that for the first time in my entire computer using life, we had a virus on one up until yesterday. It was on my safari, buggered up my google (kept defaulting to bing, even though I set google as the preferred search engine...) I don't remember exactly what it was but it had minbari in its name... and it was targetting OSX specifically.  If that helps you at all....... (I'm not saying I got the virus from here, but I did apparently download it from someplace)
Title: Re: Virus
Post by: Rick Couchman on December 02, 2014, 01:38:55 PM
The hack & virus that got us was an automated phishing one.  Some lowlife hacked into the server then used scripts that created fake bank pages.  Ever seen an email in your spam mailbox that says "Your account at XXX bank has been changed.  Please log in here".  That place you then supposedly go to is on a hacked fake page on our server ;)  The lowlife gets your real login and password from this page, then THEY go to the real bank page and use your login/password to access your account.
Title: Re: Virus
Post by: Heroic Shrimp on December 02, 2014, 01:45:36 PM
The hack & virus that got us was an automated phishing one.  Some lowlife hacked into the server then used scripts that created fake bank pages.  Ever seen an email in your spam mailbox that says "Your account at XXX bank has been changed.  Please log in here".  That place you then supposedly go to is on a hacked fake page on our server ;)  The lowlife gets your real login and password from this page, then THEY go to the real bank page and use your login/password to access your account.
Wait a second... you're telling me I can no longer do my RBC banking at TMLfans.ca...?
Title: Re: Virus
Post by: Rick Couchman on December 02, 2014, 01:49:00 PM
Wait a second... you're telling me I can no longer do my RBC banking at TMLfans.ca...?
The International Bank of Couchman   8)
Title: Re: Virus
Post by: LittleHockeyFan on December 02, 2014, 03:50:52 PM
Wait a second... you're telling me I can no longer do my RBC banking at TMLfans.ca...?
The International Bank of Couchman   8)

LMAO
Title: Re: Virus
Post by: herman on December 02, 2014, 06:26:07 PM
My alert to "Mal/HTML-Gen-A" came up when refreshing "recent posts" in the forums.

My anti-virus (Sophos) is blocking the tmlfans domain for the above piece of malware. You can submit a Reassessment Request (https://secure2.sophos.com/en-us/threat-center/reassessment-request.aspx) with them to see if the virus remnant is still lingering. From what their forums say, they might be able to help you clear it up if it turns out to still be on your web server, or remove your domain from the naughty list.
Title: Re: Virus
Post by: Heroic Shrimp on December 03, 2014, 08:52:49 AM
My alert to "Mal/HTML-Gen-A" came up when refreshing "recent posts" in the forums.

My anti-virus (Sophos) is blocking the tmlfans domain for the above piece of malware. You can submit a Reassessment Request (https://secure2.sophos.com/en-us/threat-center/reassessment-request.aspx) with them to see if the virus remnant is still lingering. From what their forums say, they might be able to help you clear it up if it turns out to still be on your web server, or remove your domain from the naughty list.
Same antivirus and response for me. I sent a reassessment request last night. I'll let the forum know if I get a response.
Title: Re: Virus
Post by: Heroic Shrimp on December 03, 2014, 11:11:26 AM
My alert to "Mal/HTML-Gen-A" came up when refreshing "recent posts" in the forums.

My anti-virus (Sophos) is blocking the tmlfans domain for the above piece of malware. You can submit a Reassessment Request (https://secure2.sophos.com/en-us/threat-center/reassessment-request.aspx) with them to see if the virus remnant is still lingering. From what their forums say, they might be able to help you clear it up if it turns out to still be on your web server, or remove your domain from the naughty list.

Same antivirus and response for me. I sent a reassessment request last night. I'll let the forum know if I get a response.

No direct response from Sophos at this time, although my computer does now directly access the forums again without being blocked or warned.
Title: Re: Virus
Post by: Rick Couchman on December 03, 2014, 01:07:19 PM
Are the virus warnings gone today?  Anyone?  I did a HUGE overhaul last night.
Title: Re: Virus
Post by: Heroic Shrimp on December 03, 2014, 04:06:50 PM
Are the virus warnings gone today?  Anyone?  I did a HUGE overhaul last night.

I'm all clear today, thank you.
Title: Re: Virus
Post by: seahawk on December 05, 2014, 10:16:16 AM
I'm still getting warnings through Norton, but just found how to resubmit the site for review.

Rick, the site report also mentions this, "http://tmlfans.ca/g_doc/index.php" if that helps at all.