Trip Posted June 29, 2010 Posted June 29, 2010 (edited) they are running phpbb and keep getting attacked http://dubstepforum.com/ avast is detecting and blocking malware but they are struggling to find the source / block this attack im all ears for any suggestions *seems to have stopped* ill screen grab the error avast throws ... i think its a dodgy ad server tbh tho Edited June 29, 2010 by Trip Quote
Mr-Protocol Posted June 29, 2010 Posted June 29, 2010 Avast is running on a webserver? :| Block IP ranges. Change the IP of the server in the DNS lookup temporarily. (Make them connect to NSA.gov for fun and keep strain of your servers til it's upgraded/patched/fixed) Quote
h3%5kr3w Posted June 30, 2010 Posted June 30, 2010 +1. You need something more than avast! unless it's actually made for a server environment... Quote
Infiltrator Posted June 30, 2010 Posted June 30, 2010 +1. You need something more than avast! unless it's actually made for a server environment... Avast has a server edition as well and I have been using it for while and its really good. Quote
Infiltrator Posted June 30, 2010 Posted June 30, 2010 (edited) they are running phpbb and keep getting attacked http://dubstepforum.com/ avast is detecting and blocking malware but they are struggling to find the source / block this attack im all ears for any suggestions *seems to have stopped* ill screen grab the error avast throws ... i think its a dodgy ad server tbh tho Why do you set up some honeypots to do a research on the type of attacks they are using against your favorite website. And then based on the results, you can determine what action to take. Edited June 30, 2010 by Infiltrator Quote
Trip Posted June 30, 2010 Author Posted June 30, 2010 (edited) lol i dont know what they're using as av on the server (im running avast atm) ... im sure they have contacted the people that program phpbb and reported this problem if i find any more information ill let you guys know. .... i was going to post when they first got attacked but they took the site down and 'seemed' to have sorted it out but it happened again yesterday so im presuming these 'hackers' have another route into the server n e way ill keep you updated Edited June 30, 2010 by Trip Quote
digip Posted July 1, 2010 Posted July 1, 2010 Have you been in contact with the sites admins? Do you even know for certain their site was hacked? or are you only assuming because YOUR anti-virus alarmed when viewing their site? First thing you should do is contact them if you suspect something. Without jumping the gun, it could also have been a false positive. I've been to a few sites that did the same thing because of code in one of the sites images, but it was a generic false positive because of heuristic data it found in an image on the site. Could be the same thing in your case. Quote
Trip Posted July 1, 2010 Author Posted July 1, 2010 (edited) ^^ im just a user ... but this is what keeps happening im sure we could counter hack that ip :) Edited July 1, 2010 by Trip Quote
wh1t3 and n3rdy Posted July 1, 2010 Posted July 1, 2010 http://www.ip-adress.com/ip_tracer/91.213.174.35 Quote
Infiltrator Posted July 1, 2010 Posted July 1, 2010 (edited) Most of these attacks if are not originated from Russia are from China. Amazing facts..... Best bet would be to block these ip addresses. Edited July 1, 2010 by Infiltrator Quote
Trip Posted July 1, 2010 Author Posted July 1, 2010 i dont understand why they'd target the dubstepforum tho :( Quote
Trip Posted July 1, 2010 Author Posted July 1, 2010 Probably drum and bass fans... yeah ... sad thing is most people that like dnb also like dubstep Quote
Corrosion. Posted July 1, 2010 Posted July 1, 2010 i dont understand why they'd target the dubstepforum tho :( The site probably has good traffic, they target that website because it had poor security. Most likily outdated forum software. and so they put something on their site using an exploit. My guess is something like adware or a backdoor trojan to add the sites users to a botnet or something along those lines. Your fav sites admins if they're smart will block the guys ip, report it, and update their forums software. Quote
Trip Posted July 2, 2010 Author Posted July 2, 2010 yeah they keep blocking ips i believe i feel for all the noobs that dont have their pc's setup correctly Quote
H@L0_F00 Posted July 2, 2010 Posted July 2, 2010 yeah they keep blocking ips i believe i feel for all the noobs that dont have their pc's setup correctly LOL is having Avast your idea of having your PC setup "correctly?" Quote
Trip Posted July 3, 2010 Author Posted July 3, 2010 avast is better than most what would you recommend if i could afford a license id be using sophos Quote
H@L0_F00 Posted July 4, 2010 Posted July 4, 2010 I'm not trying to sound elitist or anything, but I haven't ran a real-time anti-virus in at least a year or so. Sandboxie/VMs are good enough for me IF I even need them. Just be smart and conscious about what you're doing, and most of your problems will disappear. Quote
VaKo Posted July 6, 2010 Posted July 6, 2010 I used to be like that. Eventually I decided that given I was running Windows, and the places on the net I spent my time on, it was probally a good idea given that its not even like an AV client uses any significant resources these days. Its like condoms, if your in a monogamous, safe trusting relationship then you can forgo them, but if your not, its stupid not to use them. As for free AV clients of merit, MS Security Essentials or AntiVir, both of these I like. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.