• New here? Register here now for access to all the forums, download game torrents, private messages, polls, Sportsbook, etc. Plus, stay connected and follow BP on Instagram @buckeyeplanet and Facebook.

Malware (in a link to another site) warning

MD Buckeye

BP Soft Verbal
Staff member
BP Recruiting Team
Bookie
Former BPCFFB II Champ
Former FF League III Champ
Site Supporter: VIP
Just got this warning.....

warninga.png
 
Deety;2174471; said:
I'll do a text replacement for that domain to break any links site-wide. These are often temporary attacks on sites, so if someone can confirm it's clean later, this action can be reversed.

Thanks!
 
Upvote 0
Thanks, Deety.

This isn't malware on BP, nor would anyone have been infected as the result of this link. Someone linked a picture of Matt Barkley into that thread from sportsreport360 which is currently a site that's been tagged as being suspicious.

Either way, breaking the link (as Deety already did) is the prudent course as we don't want people wandering over to that place until it's cleaned up.

These things happen, and that's why it's always a little safer to put images on a well-established file hosting site and link them that way (or at least link/leech from a major player (CNN, ESPN, etc.)) than to pull them in-line from another (particularly smaller/more-independent) site. Smaller independent sites are the most vulnerable.

Thanks for the notice and correction to both of you. We're regularly having to break links to infected sites, so this is just another reality of life on the net.

I'm editing the subject line to avoid misunderstandings.

--edit--
Interestingly, Google has that domain listed as suspicious but clean... So either it's a brand new infection over there, or a false positive. Either way, everyone should avoid it until it's cleared.

These days, before visiting ANY domain with which I'm not familiar, I check it via a link like the one below (just plug in any domain at the end in place of google.com). What you're looking for is "has this site hosted malware" and "has this site acted as an intermediary." Each may suggest (and it's just a suggestion/warning, as you'll see if you click through the google link below reporting on itself) that the site itself might be infected, whereas pings under "what happened when Google visited this site" may just be telling you about benign links to infected or suspicious sites. For example, if Google had happened upon our link today, then we would have shown up with that type of note despite not being infected ourselves. We should still have one in there from another link (from a thread that was 5-7 years old) that I cleaned out a few weeks ago.

http://google.com/safebrowsing/diagnostic?site=google.com
 
Last edited:
Upvote 0
Clarity;2174476; said:
This isn't malware on BP, nor would anyone have been infected as the result of this link. Someone linked a picture of Matt Barkley into that thread from sportsreport360 which is currently a site that's been tagged as being suspicious.

Careful, folks. Matt Barkley has been known to carry viruses.
 
Upvote 0
FYI - I keep getting a Malware message that says it blocked a potentially malicious site: 94.102.48.40

Here is the log:

2012/10/15 16:48:07 -0400 IP-BLOCK 94.102.48.40 (Type: outgoing, Port: 56027, Process: iexplore.exe)
2012/10/15 16:48:07 -0400 IP-BLOCK 94.102.48.40 (Type: outgoing, Port: 56026, Process: iexplore.exe)
2012/10/15 16:48:07 -0400 IP-BLOCK 94.102.48.40 (Type: outgoing, Port: 56028, Process: iexplore.exe)
 
Upvote 0
Where are you when you get that?

We scan clean (Sucuri, Google, Microsoft, PrevX, and urlvoid), and I find no references anywhere to that IP. When is the last time you scanned for viruses/malware? That sounds (to a layman) like something on your machine reaching out to a potentially bad site, but maybe I'm misunderstanding what I'm seeing.

--edit--
That IP seems to be related to spammers and a botnet controller (per Spamhaus - http://www.spamhaus.org/query/ip/94.102.48.40). I can't speak in absolutes, but I highly recommend you make sure your antivirus software is up to date, running, and that it has completed a full scan recently. There are people far more knowledgeable than I (might check the computers/tech forum) who can help on this front.

I will, of course, continue to dig around here to make sure there isn't a problem on BP's end although I've exhausted nearly every check I can do, including combing through caches and templates looking for anything out of place. Do let me know where you were when you got those notices when you return, and whether you continue to receive them.




buxfan4life;2235464; said:
FYI - I keep getting a Malware message that says it blocked a potentially malicious site: 94.102.48.40

Here is the log:

2012/10/15 16:48:07 -0400 IP-BLOCK 94.102.48.40 (Type: outgoing, Port: 56027, Process: iexplore.exe)
2012/10/15 16:48:07 -0400 IP-BLOCK 94.102.48.40 (Type: outgoing, Port: 56026, Process: iexplore.exe)
2012/10/15 16:48:07 -0400 IP-BLOCK 94.102.48.40 (Type: outgoing, Port: 56028, Process: iexplore.exe)
 
Last edited:
Upvote 0
Back
Top