# Google blocking access to TUG



## winnipiseogee

Morning - I tried accessing tugbbs through google chrome this morning and was told that google would not allow it due to malware being present on the TUGBBS.  When you review the diagnostics it says that they haven't actually found any malware but are suspicious of it.  I had to use a different web browser to get here.


----------



## vacationhopeful

I got the same BS. I think it is another way to get your to BUY their virus protection. After getting bounced around, I clicked on the button where it looks like you getting into the chain to buy their "whatever", I found the "NO, THANKS" button. Brought me right into TUGBBS.

I have been wondering when the CHROME upgrade was going to start to try and collect money from users.


----------



## dioxide45

Seeing the same thing this morning.



> *The Website Ahead Contains Malware!*
> 
> Google Chrome has blocked access to tugbbs.com for now.
> 
> Even if you have visited this website safely in the past, visiting it now is very likely to infect your computer with malware.
> 
> Malware is malicious software that causes things like identity theft, financial loss, and permanent file deletion. Learn more


----------



## jmurp62

*Attack site*

Using Firefox. My warning from AVG says Tug BBS is a reported attack site?????


----------



## dioxide45

jmurp62 said:


> Using Firefox. My warning from AVG says Tug BBS is a reported attack site?????



McAfee is also providing warnings as reported in this thread. I wonder if the Trojan attacks a few months back didn't get TUGBBS added to a database somewhere as an unsafe site.


----------



## dioxide45

winnipiseogee said:


> Morning - I tried accessing tugbbs through google chrome this morning and was told that google would not allow it due to malware being present on the TUGBBS.  When you review the diagnostics it says that they haven't actually found any malware but are suspicious of it.  I had to use a different web browser to get here.



You can click the Advanced link and then there is a link for "Proceed at your own risk"


----------



## dioxide45

Here is a link with more information that is provided on the warning splash page after clicking advanced.

http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fwww.tugbbs.com%2Fforums%2Fusercp.php&client=googlechrome&hl=en-US


----------



## Tia

*Same warning here*

clicked to come here like always and up popped the page REPORTED  ATTACK SITE, had to click past it and the warning is till at the top under my address bar!


----------



## lcml11

Internet Explorer going to the Google Search site is showing the following:

Warning - visiting this web site may harm your computer!
Suggestions:
Return to the previous page and pick another result.
Try another search to find what you're looking for.
Or you can continue to http://www.tugbbs.com/ at your own risk. For detailed information about the problems we found, visit Google's Safe Browsing diagnostic page for this site.

For more information about how to protect yourself from harmful software online, you can visit StopBadware.org.

If you are the owner of this web site, you can request a review of your site using Google's Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
Advisory provided by


----------



## Kagehitokiri2

in firefox i had to go into options and turn off this warning <bravo sierra> in order to log in


----------



## BobDE

Using Firefox I got the same warning. Had to jump through all kinds of hoops to get on. Oh well, if that is the worst thing that happens to me.......


----------



## LisaRex

Got the Firefox Website warning this morning as well.  Ignored it.  Have McAfee installed.


----------



## frankf3

I got the same firefox warnings this morning.

I followed one of the links and got to this:

http://www.stopbadware.org/firefox?...m/forums/showthread.php?p=1400629#post1400629

The link I supplied has a button the "site owner" can click to start the process to "review and remove any badware".   I didn't go any farther with that since I'm just a new member.  But an admin might want to look into this.

Thanks,
   Frank


----------



## ampaholic

probably an attack by some ticked off timeshare salesman - "Hey Google - did you hear TUG is bad medicine".

The shame is it will cut way down on newbies following the links to TUG.


----------



## csxjohn

I use avast anti virus with IE 8 and get no warnings.


----------



## Ken555

Unfortunately, it seems the site is back on Google's list. If you go to Google and search for tug you'll see it display "This site may harm your computer" under the link. Google thinks there are issues with the site, and that it may distribute a virus or malware to your system. Usually Google is correct with these statements, and you should proceed only if you are certain you are protected, etc. I'm sure the admins at TUG will work on this ASAP; a similar issue occurred earlier this year.


----------



## gnorth16

I have the Google Chrome warning, McAfee warning and it also caused Firefox to crash...


----------



## 55plus

My Firefox browser also blocked and warned me. I emailed TUG about the waring.


----------



## dioxide45

Ken555 said:


> Unfortunately, it seems the site is back on Google's list. If you go to Google and search for tug you'll see it display "This site may harm your computer" under the link. Google thinks there are issues with the site, and that it may distribute a virus or malware to your system. Usually Google is correct with these statements, and you should proceed only if you are certain you are protected, etc. I'm sure the admins at TUG will work on this ASAP; a similar issue occurred earlier this year.



When you follow the link that Google provides you see this:



> What is the current listing status for tugbbs.com?
> Site is listed as suspicious - visiting this web site may harm your computer.
> 
> Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.
> 
> What happened when Google visited this site?
> Of the 43 pages we tested on the site over the past 90 days, 3 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-12-23, and the last time suspicious content was found on this site was on 2012-12-23.
> Malicious software includes 1 exploit(s). Successful infection resulted in an average of 7 new process(es) on the target machine.
> 
> Malicious software is hosted on 1 domain(s), including hivanopi.longmusic.com/.
> 
> This site was hosted on 1 network(s) including AS32244 (LIQUID).
> 
> Has this site acted as an intermediary resulting in further distribution of malware?
> Over the past 90 days, tugbbs.com did not appear to function as an intermediary for the infection of any sites.
> 
> Has this site hosted malware?
> No, this site has not hosted malicious software over the past 90 days.
> 
> How did this happen?
> In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
> 
> Next steps:
> Return to the previous page.
> If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.



I wonder if it is related to this.


----------



## TUGBrian

seems things like to happen when I leave town...home now and looking into this.

i personally get no warnings when using either firefox or IE...i can also access the forums without warning using google chrome.

working with our server support to scan the machine for malware now.


----------



## timeos2

I got it today with Firefox / Trend Micro from Google. Based on the information screen it takes me to it is not a current server issue but rather a previously reported "reputation" from the prior problem we saw. Seems to be a case of too little too late reporting. May require some type of proof that it was handled.


----------



## dioxide45

timeos2 said:


> I got it today with Firefox / Trend Micro from Google. Based on the information screen it takes me to it is not a current server issue but rather a previously reported "reputation" from the prior problem we saw. Seems to be a case of too little too late reporting. May require some type of proof that it was handled.



This is my understanding also. It isn't any kind of current threat, just something that has come up before and TUG was added to a "list" somewhere. The problem is that this will scare new people and some veterans away. It doesn't bode well for the forum.


----------



## TUGBrian

scans are coming up blank on our end as well...is anyone getting any local virus warning notifications when browsing the site?

or just this redirect message?


----------



## Negma

I am getting it on chrome. Running windows 8 w/ mcafee. New computer


----------



## TUGBrian

you are getting a local virus warning, or the chrome browser site warning?


----------



## Negma

Browser warning.


----------



## BocaBum99

I got several warnings.

1) Google Chrome

2) Then, I went to Firefox, got blocked there as well.

3) When I went to IE, my Kaspersky Internet Security gave me a Trojan horse warning.

After an hour or so, I came back to IE and got in which is how I am posting now.


----------



## dioxide45

TUGBrian said:


> you are getting a local virus warning, or the chrome browser site warning?



Chrome Browser Site Warning here. No virus warning from the anti-virus software.


----------



## BocaBum99

This the current warning I am getting from Firefox:

Reported Attack Page!







          This web page at www.tugbbs.com has been reported as an attack page and has been blocked based on your security preferences.





          Attack pages try to install programs that steal private information, use your computer to attack others, or damage your system.Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.


----------



## BocaBum99

This is the warning I get from Google Chrome:

The Website Ahead Contains Malware!
Google Chrome has blocked access to www.tugbbs.com for now.
Even if you have visited this website safely in the past, visiting it now is very likely to infect your computer with malware.
Malware is malicious software that causes things like identity theft, financial loss, and permanent file deletion. Learn more


----------



## Negma

Chrome warning. I can get in through explorer


----------



## Passepartout

I'm not getting any warning at all entering direct on my iPad/Safari. I DO get the Google site warning if I try to enter TUG via Google. Bing search brings up TUGBBS with no probs.

Jim


----------



## BocaBum99

After I clicked "this site is not....", here is what I get from Firefox.  It looks like Firefox is getting the Google warning.

TUG needs to contact Google to get off their black list.


Wait! Please don't visit that site right now!

Google detected badware on the site you were visiting. Firefox uses Google's blacklist to warn you about "Reported attack sites." We understand that you may know and trust this site, but it's possible for good sites to be infected with badware without the site owners' knowledge or permission.


----------



## TUGBrian

yea...its definately google that has blacklisted the site...ive verified this with about 8 different online "scanners" (many of which suggested by google themselves)...the only issue it shows with all of them is that google lists the site as "suspect" but all malware scans come up clean.

It lets me file a petition within google webmaster tools, so ill do that here shortly.


----------



## dioxide45

I was able to turn off the warning in Chrome by going in to the Settings and clicking the Show Advanced Settings link. Then un-checking the _Enable phishing and malware protection_ box. Perhaps not the wisest thing, but it prevents the warning from coming up.


----------



## TUGBrian

and the extra weird part is i get no error in chrome now...only in firefox.


----------



## dioxide45

TUGBrian said:


> and the extra weird part is i get no error in chrome now...only in firefox.



Are you closing out of your browser sessions and going back in? I found once I overrode the Chrome warning, I wouldn't get warned again unless I closed out of Chrome and went back in.


----------



## TUGBrian

yea...totally opened a new chrome browser.  (i dont normally use chrome, just keep it ont he computer for compatibility testing)


----------



## TUGBrian

maybe it only impacts it if you are logged into google (gmail etc) when browsing in chrome.


----------



## BocaBum99

Brian,

The first time I tried IE, my Kaspersky said there was a Trojan Horse.  I wonder if that was what caused the problem?  Then, I when I came back later, nothing.  So, it was cleared up.   However, the black list on Google remains.


----------



## dioxide45

TUGBrian said:


> maybe it only impacts it if you are logged into google (gmail etc) when browsing in chrome.



I thought you had to have a Google account and be logged in to use Chrome? I know that I am logged in. Still seeing the message if I turn on the Phishing and Malware detection option.


----------



## TUGBrian

nah...it asks me to log into gmail on chrome (i dont keep it saved on there etc)

after logging in and going back to tugbbs...i get the warning within chrome.


----------



## artringwald

The Firefox warning I just got was from the browser, not from my anti virus program.


----------



## artringwald

I just got the message from Firefox, not my antivirus. Here's what they said:

Safe Browsing
Diagnostic page for tugbbs.com

What is the current listing status for tugbbs.com?

    Site is listed as suspicious - visiting this web site may harm your computer.

    Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

    Of the 43 pages we tested on the site over the past 90 days, 3 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-12-23, and the last time suspicious content was found on this site was on 2012-12-23.

    Malicious software includes 1 exploit(s). Successful infection resulted in an average of 7 new process(es) on the target machine.

    Malicious software is hosted on 1 domain(s), including hivanopi.longmusic.com/.

    This site was hosted on 1 network(s) including AS32244 (LIQUID).

Has this site acted as an intermediary resulting in further distribution of malware?

    Over the past 90 days, tugbbs.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

    No, this site has not hosted malicious software over the past 90 days.

How did this happen?

    In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

    Return to the previous page.
    If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.


----------



## persia

Yep, Chrome warned me about tugbbs.com, but let me "proceed at my own risk."



The Website Ahead Contains Malware!
Google Chrome has blocked access to tugbbs.com for now.
Even if you have visited this website safely in the past, visiting it now is very likely to infect your Mac with malware.
Malware is malicious software that causes things like identity theft, financial loss, and permanent file deletion. Learn more


----------



## persia

Safari also warns about malware.

I only Safari and Chrome, no other browsers to test.


----------



## TUGBrian

yea...that message above is the result of the google blocking...it gives me the same thing when I go into the webmaster tools.

hopefully filing this petition will take care of it as google seems to be the source of all this.

really kinda bugs me given the OVERWHELMING amount of spam i get on a daily basis...that those sites can remain running...yet TUG get listed as "suspicious"


----------



## m61376

I too get those messages with both Safari and Firefox. Even with ignoring the warning Safari will let me in to a page, but I get the same error message at every new page and it won't let me post. If I click on "ignore warning" in Firefox it lets me in and allows me to access the site fully.


----------



## ricoba

BocaBum99 said:


> This the current warning I am getting from Firefox:
> 
> Reported Attack Page!
> 
> 
> 
> 
> 
> 
> 
> This web page at www.tugbbs.com has been reported as an attack page and has been blocked based on your security preferences.
> 
> 
> 
> 
> 
> Attack pages try to install programs that steal private information, use your computer to attack others, or damage your system.Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.





BocaBum99 said:


> This is the warning I get from Google Chrome:
> 
> The Website Ahead Contains Malware!
> Google Chrome has blocked access to www.tugbbs.com for now.
> Even if you have visited this website safely in the past, visiting it now is very likely to infect your computer with malware.
> Malware is malicious software that causes things like identity theft, financial loss, and permanent file deletion. Learn more





Got both these same warnings on Firefox and Chrome and am now in without problem on IE.


----------



## Ron98GT

Using Firefox, I get the same message as Dioxide45:



Safe Browsing
Diagnostic page for tugbbs.com

What is the current listing status for tugbbs.com?

    Site is listed as suspicious - visiting this web site may harm your computer.

    Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.


What happened when Google visited this site?

Of the 43 pages we tested on the site over the past 90 days, 3 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-12-23, and the last time suspicious content was found on this site was on 2012-12-23.


    Malicious software includes 1 exploit(s). Successful infection resulted in an average of 7 new process(es) on the target machine.

    Malicious software is hosted on 1 domain(s), including hivanopi.longmusic.com/.


    This site was hosted on 1 network(s) including AS32244 (LIQUID).


Has this site acted as an intermediary resulting in further distribution of malware?.

Over the past 90 days, tugbbs.com did not appear to function as an intermediary for the infection of any sites.


Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days. 


How did this happen?

    In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

    Return to the previous page.
    If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.


----------



## krmlaw

I got a virus last week.our contracted it company traced it back to either the timesunion paper or tug, he couldn't figure which


----------



## Tia

http://safebrowsing.clients.google....refox&hl=en-US&site=http://tugbbs.com/forums/ 

Is the page that has my warning/explanation on it.


----------



## nalismom

I have Tug bookmarked in Safari and gained access with no warning.  If I google Tug it lists the warning for this site. 

The other strange thing is that I first saw this issue in the Tug Lounge thread which is closed now...however the last post has a link back to this thread.  When I clicked on it and attempted to post as I am now it asked for my user ID and password which I thought was strange since I was already logged in.  I backed out of the thread that was linked and re-entered this thread by returning to home page and opening this thread......sure enough .......I was logged in as I should have been.


----------



## brigian

*Strange message from tug*

I come on tug everyday and for the first time I got this message, anybody else get it ? Should I be concerned ? I have never seen this on any other website before. I went and deleted all my cookies and even did a system restore but it still pops up when i visit this site. Here it is :

Reported Attack Page!                



          This web page at tugbbs.com has been reported as an attack page and has been blocked based on your security preferences.               


          Attack pages try to install programs that steal private information, use your computer to attack others, or damage your system.Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.


----------



## pjrose

I get the warning messages using safari on a MacBook pro.  I do not use chrome and am not logged on to google.  I couldn't even post this message on the MacBook with safari; I'm on an iPad with Safari now.


----------



## Luvstotravel

I also got the warnings.  I use Firefox, Windows 7.


----------



## TUGBrian

our host finally found a malicious string in the vbulletin code and removed it...so hopefully this ends the actual risk to any visitors to the site.

now for removing the google block.


----------



## mistalong

Someone added a music file which the virus protection is noticing


----------



## TUGBrian

mistalong said:


> Someone added a music file which the virus protection is noticing




eh?  pardon?


----------



## Ron98GT

mistalong said:


> Someone added a music file which the virus protection is noticing



"Malicious software is hosted on 1 domain(s), including hivanopi.longmusic.com/."

This by any chance


----------



## ampaholic

I get a "reported attack site" warning with Firefox but not with IE. I don't get even a peep from my up to date Norton AV.


----------



## TUGBrian

well at this point the malicious stuff has been removed/disabled (if it was even causing that trigger in the first place)....sadly all the file names and modified dates remain unchanged even on the suspect files...preventing us from determining when this may have even started.

however, im guessing it will take some time for google to review my "petition" for them to remove the malicious site tag off the TUGBBS.com forums.

There should however be no damage or risk in browsing the site (bypassing the error).  I would NOT however suggest disabling the feature...just in case it actually works for a malicious site in the future.


----------



## MuranoJo

I'm coming in through msn and have never had problems, nor did I when this happened a few months ago.


----------



## RLG

TUGBrian said:


> our host finally found a malicious string in the vbulletin code and removed it



so how did it get in there?


----------



## Bwolf

Got the browser message this morning using Firefox.  Kaspersky did not react at all.


----------



## irish

got the same warning last night using SAFARI. i emailed the admin. and this morning DEC 24, NO PROBLEM getting on the site.


----------



## dioxide45

I re-enabled the "Enable phishing and malware protection" setting and am not getting the warning in Chrome this morning.

However, McAfee SiteAdvisor is still warning about TUG as was reported in this thread a while back. I just added TUG to the trusted sites list, but SiteAdvisor still shows a red SiteAdvisor icon instead of a green one.


----------



## krmlaw

google chrome let me on this morning with no warning so must be ok!


----------



## Tia

I originally got on here this am and no warning, read the updates here, then pressed the back button and up it came with the warning page again!


----------



## csxjohn

I'm using Google chrome just to see what happens.  I typed www.tugbbs.com/forums at the top and I'm now on the site with no warnings from my avast anti virus protection.


----------



## littlestar

No malware warning today on a Macbook Pro (unlike yesterday). 

I never received any warnings when using an I-Pad or Kindle Fire device to access the boards yesterday.


----------



## SueDonJ

pjrose said:


> I get the warning messages using safari on a MacBook pro.  I do not use chrome and am not logged on to google.  I couldn't even post this message on the MacBook with safari ...





littlestar said:


> No malware warning today on a Macbook Pro (unlike yesterday). ...



Same as these two for me, yesterday I had to bypass the warnings in order to read and couldn't post or send PM's.  This is my first TUG stop this morning but so far so good, no warnings.  I feel like Santa's IT guys left a present.  :rofl:


----------



## Ron98GT

Just got in using Firefox, without last nites Google warning, surprisingly.  Security settings may be set-up differently on this computer though.

Happy Christmas Eve


----------



## Makai Guy

RLG said:


> so how did it get in there?


That, my friend, is the $64,000 question.  We cannot find anything in the server logs that indicates how this stuff gets inserted.


----------



## Negma

I had problems yesterday with chrome. Now I am in!!


----------



## persia

No problem with Chrome or Safari on my MacBook Air.


----------



## T_R_Oglodyte

No problem this morning, until I tried to post this message.


----------



## Passepartout

I was able to enter TUGBBS via Google just fine


----------



## Makai Guy

Several modern browsers utilize a service from Google which alerts you if trying to access a site which has been found to be hazardous.  Once listed as such at Google, the warnings continue until the site has been cleansed and Google has taken the site off the warning list.  We found the problem last night and Google has now cleared us.   

There is no need to report things are now okay, but we sure do want to hear if this pops back up in the future.


----------



## TUGBrian

While I got no response through the google webmaster tools, it now shows in the "malware" section that google shows no threat on the TUGBBS site.

sorry for the trouble folks!


----------



## LynnW

No problems today!

Lynn


----------



## T_R_Oglodyte

At first this morning I was accessing the site without warnings (Firefox user). 

The Google warnings are now reappearing persistently, and I can only access the site by specifically directing Firefox to ignore the warning.


----------



## TUGBrian

hrm...just rechecked the google applet and it still shows the site is clear.

i cant imagine it would revert back for whatever reason in such a short time (since it appeard to get the all clear mark around 9am eastern this morning)


----------



## T_R_Oglodyte

TUGBrian said:


> hrm...just rechecked the google applet and it still shows the site is clear.
> 
> i cant imagine it would revert back for whatever reason in such a short time (since it appeard to get the all clear mark around 9am eastern this morning)



Cleared cache, closed browser, and returned.  No popups this time - neither on entry (I have "New Posts" bookmarked as my TUG entry portal) nor when opening the "Post Reply" window.


----------



## T_R_Oglodyte

T_R_Oglodyte said:


> Cleared cache, closed browser, and returned.  No popups this time - neither on entry (I have "New Posts" bookmarked as my TUG entry portal) nor when opening the "Post Reply" window.


And now I return to the site, still in the same browser session, and the Google block reappears.


----------



## persia

Probably time for you to join the mass exodus from Firefox, it's a sinking ship....


----------



## TUGBrian

ive actually yet to get a warning at all within firefox TBH...i could only get it in chrome yesterday.


----------



## SueDonJ

T_R_Oglodyte said:


> And now I return to the site, still in the same browser session, and the Google block reappears.



Steve, I hardly ever use Firefox but tried it to see if it duplicates your problem.  Nope, no issues here with it, TUG is working fine.  If it matters, the info is "Version 17.0.1, Firefox is up to date, You are currently on the *release* update channel."  (Have no idea what any of it means but thought you might ...)

eta ... This posted just fine in Firefox.


----------



## TUGBrian

it may very well be just that "safebrowsing" site being slow to update the change google made in listing the forums as malicious.


----------



## BocaBum99

I am back to normal on all browsers.


----------



## tonyg

It is back, it was OK until I went to Sightings:

Diagnostic page for www.tugbbs.com/forums
What is the current listing status for www.tugbbs.com/forums?
This site is not currently listed as suspicious.
Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.
What happened when Google visited this site?
Of the 43 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-12-23, and the last time suspicious content was found on this site was on 2012-12-23.
Malicious software includes 1 exploit(s). Successful infection resulted in an average of 7 new process(es) on the target machine.
Malicious software is hosted on 1 domain(s), including hivanopi.longmusic.com/.
This site was hosted on 1 network(s) including AS32244 (LIQUID).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, www.tugbbs.com/forums did not appear to function as an intermediary for the infection of any sites.
Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.
Next steps:
Return to the previous page.
If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.


----------



## Htoo0

Still here for me. FF


----------



## TUGBrian

this just has to be some cached or legacy stuff leftover...im baffled as to any other reason.


----------



## dioxide45

TUGBrian said:


> this just has to be some cached or legacy stuff leftover...im baffled as to any other reason.



I haven't seen anything with Chrome today.


----------



## Larry

*also received warning*

Just got malaware warning as well and my anti virus says it removed the malaware threat.


----------



## TUGBrian

you are saying your local antivirus client gave you a warning?  could you give me details?


----------



## m61376

I hope all that means there was never really a threat in the first place, since I had bypassed it earlier. Now it seems to be working just fine in Safari, which repeatedly gave me an error message yesterday and would not let me post at all.


----------



## TUGBrian

now I just got the warning from firefox about the site again....however I have verified yet again via google that the site has cleared their "suspicious" listing and is back to normal.

I did see in the "stopbadware.com" pages that it can take a few days for them to update the google flags...although one would think if it blocks ALL firefox clients...that would be a bit quicker to update.

very frustrating situation for sure.


----------



## TUGBrian

that site has a discussion forum...and nearly EVERY topic on it is some other webmaster claiming that their site is still being blocked by their service within firefox despite google claiming they are clear of malware and good to go.

how ridiculous.


----------



## Mr. Vker

Don't know if it matters. I am not having the problem-but did yesterday.

I got the Google warning. If I clicked to proceed, I then was warned directly by my Macbook. This was using Safari. All seems well now.


----------



## csxjohn

When I first came to TUG this morning I had two windows pop up from my avast anti virus, each telling me that it had blocked malware that was attempting to enter my computer.

I don't have time today to investigate further but it appears there may still be a problem.

I had just signed out of Craig's list and gmail at the time but when I came to TUG both notices appeared.  

I mention it here because of the warnings others have gotten recently.

I hope everyone has a Merry Christmas.


----------



## Larry

csxjohn said:


> When I first came to TUG this morning I had two windows pop up from my avast anti virus, each telling me that it had blocked malware that was attempting to enter my computer.
> 
> QUOTE]
> 
> I also have avast anti virus and received the same warnings yesterday and that they blocked the virus. Just got on this morning with no problems.


----------



## falmouth3

I'm still getting the warning through Firefox, but not IE.


----------



## TUGBrian

we have identified "something" that shouldnt be on the site...and are working to correct it.

as its been explained to me (as its well above my head)...it doesnt actually trigger for every visit...just at random...thus making it extremely difficult to detect and diagnose for our techs.

It does however sound like most antivirus clients are blocking it when triggered...so if you are going to browse TUG, please ensure you do so with a modern and updated antivirus client actively protecting your computer and browser until we get this removed and sorted out.


----------



## falmouth3

Thanks from all of us, Brian for working on this over the holiday.

Sue


----------



## Henry M.

I ran into the problem of logging into the BBS yesterday. I clicked though the warning once to try to report it, but the thread I started didn't show up. 

Today I had a bunch of reply's of invalid addresses. It might just be coincidence, but apparently something tried to send e-mail to everyone on my contact list. I use Google Mail, and Google detected some irregular activity and disabled my account until I changed the password. Sending e-mail has been disabled for 24 hours. The error is due to having sent more than 500 e-mails.

I am running a full scan on my computer to see if I can find anything, but so far Avast hasn't flagged anything.   

The Google block of this forum is the only unusual activity in the last couple of days. Otherwise I haven't been to any strange sites or received any software that I would suspect of having introduced a virus to my machine.

I can't find any e-mails either in the Sent Items folder of my e-mail client (Entourage 2008 on a Mac) or in the sent items of Google Mail using a web browser to connect to my Google Mail account. I am not entirely sure how to track down how my account was somehow hacked. The e-mail was a link to some web site, and was sent to people in my contacts list, so it is not just someone using my e-mail address.


----------



## judyjht

I still get the message in Firefox today - 12/27


----------



## TUGBrian

its definately still being listed on that badwarebusters website....just no longer in google.


----------



## T_R_Oglodyte

TUGBrian said:


> its definately still being listed on that badwarebusters website....just no longer in google.



I'm still getting Google warnings - happens intermittently, consistent with what you noted previously.  Even though the site comes up clean the first time in a session, if I come back later in the same session I'm apt to get the warning.


----------



## TUGBrian

well the "google" warning is the badware site...they work with chrome and firefox to block malicious sites.

going into google webmaster tools...it says they have verified the site is clean...so *shrug


----------



## sjuhawk_jd

I got the same warning few days ago through IE as well as Firefox. I ignored the warning and went to TUG anyways. Now, my computer is shut down with 240 infected files and the XP defender pops up and wants me to activate their fulll blown version to clean my computer. When I click on activate, it goes nowhere, since I am at a resort and I need to be able to open a browswer and sign in for the internet access. XP defender will not let me open a browser to be able to sign up for the internet and since there is no internet access on that computer, the activate for XP defender does not work either. So, my computer has no internet access. I am using my daughter's MAC now. I was planning to use skype on my computer to call internationally during this trip, but I can not do that now. Pretty upset with this stuff!!!


----------



## TUGBrian

I certainly apologize if it was TUG that caused the infection.  It still baffles me as I have a separate computer...running all 3 browsers...and ZERO virus protection that i use for testing purposes (its a virtual machine)...and it has no impact running the forum on any browser.

on top of that, LW has been going over our server all day every day since reported and they cannot find anything!


I am familiar with those "defender" fake virus download software thingys...try to boot your machine in safe mode to get it running normally...you should be able to download a virus scanner to clean it off your machine.

I prefer malwarebytes antimalware personally.


----------



## Passepartout

I have been away from my PC since this brouhaha erupted, and mentioned that I couldn't replicate it on my iPad after Google cleared the site.

Now I'm home, Malwarebytes downloaded an update before I even started a browser. I did a full scan of the drive, and it found nothing. Zip. Nada.

No one wants to hear of someone who frequents some of the same online haunts we do getting infected. We have to remember there are other places and activities that are not as scrupulously monitored as TUG.

Thanks, Brian, for what you and the TUG team do behind the scenes.  

Jim


----------



## timeos2

There does not appear to be any active infections taking place but the warning(s) are troublesome. I would advise keeping your quality anti-virus and anti-malware programs as current as possible just in case something is lurking waiting for the un or under protected client to visit to strike. 

What a frustrating thing to have to deal with! Thanks to all that are doing the grunt work to figure it out.


----------



## T_R_Oglodyte

sjuhawk_jd said:


> I got the same warning few days ago through IE as well as Firefox. I ignored the warning and went to TUG anyways. Now, my computer is shut down with 240 infected files and the XP defender pops up and wants me to activate their fulll blown version to clean my computer. When I click on activate, it goes nowhere, since I am at a resort and I need to be able to open a browswer and sign in for the internet access. XP defender will not let me open a browser to be able to sign up for the internet and since there is no internet access on that computer, the activate for XP defender does not work either. So, my computer has no internet access. I am using my daughter's MAC now. I was planning to use skype on my computer to call internationally during this trip, but I can not do that now. Pretty upset with this stuff!!!



Your problem is not TUG; your problem is that you downloaded XP Defender from somewhere else (almost certainly not TUG). XP Defender is a fake virus detection and removal program.  The infection messages it produces are completely phony; the sole purpose of XP Defender is to scare people into thinking their computers are infected and pay to download their phony cleanup utility.

From your message it would appear that they sucked you in.  Your computer is most certainly infected; it's infected with XP Defender and that is what you need to remove.  

Google "XP Defender" and you will see lots of sites that will show you how to get it off your machine.


----------



## TUGBrian

is anyone still getting the warnings within chrome or firefox?

I show even the stopbadware site has removed the flag.


----------



## falmouth3

No, my warnings with Firefox disappeared a couple of days ago.

Sue


----------



## artringwald

Just got another with Firefox.


----------



## Quiet Pine

TUGBrian said:


> is anyone still getting the warnings within chrome or firefox?



If I type in tugbbs.com, I get the attack warning. If I open a new tab and go to a previous BBS page, I get in fine. I suspect there's a cookie somewhere. Or some setting that's bringing up old news.


----------



## Tia

Yes my Foxfire continues to warn me re coming here


----------



## TUGBrian

geez...i wish things would simply be consistent one way or the other...this is ridiculous.


----------



## nalismom

Haven't gotten any warnings using my iPad.


----------



## Laurie

McAfee Site advisor still shows the www. site as dangerous, when searching for tug bbs on google using chrome browser. But, no such marking for the ISP listing instead, so that's how I'm getting here, not knowing whether it makes any difference. At least I think that's what it is - starts with 69. and ends with .4.  Does it make a diff? Do you want the complete URL?


----------



## Passepartout

Laurie, why not clear your cookies, do a hard reboot, and see if that clears up the warnings so you can enter the site as you usually do. Might not help, but it's worth a shot. From what others' experiences have been, it seems that most are generated from within your computer and NOT from TUG BBS.


----------



## Laurie

I pretty much do that daily (clear everything), and nothing has changed. 

I'm not totally blocked - just shows site as dangerous and allows me to proceed if I want to live dangerously. So something has been tagged as problematic by McAfee SiteAdvisor, and not untagged. 

I'll report back if/when that goes away - but wondered about the URL that must go directly to the server, or one of them, assuming that's what an ISP in the URL means.

Or maybe McAfee is still on the lam.


----------



## Makai Guy

We, and our server host, have knocked ourselves out trying to find anything amiss here, and we can't.

But some of these bad guys are clever as [heck] at disguising their infections.  And since they are written to not affect every login and/or access, catching the actual problem so that it can be investigated is very difficult.

Repeating the Google/Whoever 'this site is dangerous' notice that allows you to click through it doesn't help us much in tracking this down, as they are just based on a reported infection that gets us on a list, not on that particular access encountering malware.

What WOULD be of great help would be reporting any error reported by your actual antivirus software installed on your computer which gives the details of the malware it has intercepted/blocked.  If you run into something like this, a report of the full text of that notice would be much appreciated.

And, meanwhile, be darned sure you have a good antivirus program installed, is configured to check every file you receive, and is kept completely up to date.


----------



## dioxide45

Laurie said:


> I pretty much do that daily (clear everything), and nothing has changed.
> 
> I'm not totally blocked - just shows site as dangerous and allows me to proceed if I want to live dangerously. So something has been tagged as problematic by McAfee SiteAdvisor, and not untagged.
> 
> I'll report back if/when that goes away - but wondered about the URL that must go directly to the server, or one of them, assuming that's what an ISP in the URL means.
> 
> Or maybe McAfee is still on the lam.



My McAfee SiteAdvisor has been reporting TUG as a dangerous site now for weeks. Long before Google ever said a thing. This however is different from the recent Google warning that people have been seeing. Right now SiteAdvisor is showing a red colored icon on TUG, usually it is green. I added TUG to the trusted sites list to avoid the warning page when trying to visit.


----------



## Htoo0

For the first time today besides the regular warning I also got this from my antivirus.  Hope it helps.

URL:	http://xifehisome.changeip.name/xoh1m6zx...
Process:	C:\Program Files (x86)\Mozilla Firefox\f...
Infection:	URL:Mal


----------



## dioxide45

Here is the site report that I can view with McAfee SiteAdvisor.


----------



## simpsontruckdriver

I am still getting the message that this is an "attack site" as of the last 15 minutes ago.

TS


----------



## Makai Guy

dioxide45 said:


> Here is the site report that I can view with McAfee SiteAdvisor.



Thanks.  When I click on your link, this is what I see:




.. which says we're clear of any problems.   Perhaps this has been updated since you posted it.   Do you still see problems listed?


----------



## Makai Guy

Htoo0 said:


> For the first time today besides the regular warning I also got this from my antivirus.  Hope it helps.
> 
> URL:	http://xifehisome.changeip.name/xoh1m6zx...
> Process:	C:\Program Files (x86)\Mozilla Firefox\f...
> Infection:	URL:Mal


I appreciate the effort, but, actually, no it doesn't help.  The URL you've posted appears an invalid URL.  As a result, when I click on the link it is doesn't go anywhere.   While changeip.name is a valid server name, it has no xifehisome.changeip.name registered there.


----------



## dioxide45

Makai Guy said:


> Thanks.  When I click on your link, this is what I see:
> 
> 
> 
> 
> .. which says we're clear of any problems.   Perhaps this has been updated since you posted it.   Do you still see problems listed?



I still see a red SiteAdvisor icon on my browser toolbar, but when I go to the site profile, I see the same thing you do. If I go to other sites such as Yahoo or Google, I see a green SiteAdvisor icon instead of the red.

ETA: If I remove TUGBBS from my list of trusted sites, I still get a warning splash page when I try to visit TUG. I will try to post an image.


----------



## dioxide45

Notice the green Site Advisor icon (M) in the upper right of the screen. When I am on TUG, that is always red.


----------



## Makai Guy

dioxide45 said:


> I still see a red SiteAdvisor icon on my browser toolbar, but when I go to the site profile, I see the same thing you do. If I go to other sites such as Yahoo or Google, I see a green SiteAdvisor icon instead of the red.
> 
> ETA: If I remove TUGBBS from my list of trusted sites, I still get a warning splash page when I try to visit TUG. I will try to post an image.



Try clearing your browser cache -- the warning may be coming from a cached copy already on your machine.  Might also help to exit your browser, then reload it and try to come to tugbbs.com.


----------



## Tia

My antivirus quarantined a something called care2PetitionHelper yesterday am on start-up, not sure how to share that or if it would be helpful



Makai Guy said:


> What WOULD be of great help would be reporting any error reported by your actual antivirus software installed on your computer which gives the details of the malware it has intercepted/blocked.  If you run into something like this, a report of the full text of that notice would be much appreciated.
> 
> And, meanwhile, be darned sure you have a good antivirus program installed, is configured to check every file you receive, and is kept completely up to date.


----------



## dioxide45

Makai Guy said:


> Try clearing your browser cache -- the warning may be coming from a cached copy already on your machine.  Might also help to exit your browser, then reload it and try to come to tugbbs.com.



Have done all that. When I go back to TUGBBS, I get the warning. Not sure why since the Site Report indicates all is well. As soon as I opt to "Visit Anyway" it adds TUGBBS to the trusted sites list and I no longer get the warning.


----------



## Makai Guy

dioxide45 said:


> Have done all that. When I go back to TUGBBS, I get the warning. Not sure why since the Site Report indicates all is well. As soon as I opt to "Visit Anyway" it adds TUGBBS to the trusted sites list and I no longer get the warning.


I have a feeling they may only update their problem site list periodically, as a batch job, such that it may take a while after the analysis shows a site to be clean for it to drop off the list.   Don't really know, but that seems to fit the facts.


----------



## Makai Guy

Warning -- what follows has a high probability of making your eyes glaze over ....



Makai Guy said:


> I appreciate the effort, but, actually, no it doesn't help.  The URL you've posted appears an invalid URL.  As a result, when I click on the link it is doesn't go anywhere.   While changeip.name is a valid server name, it has no xifehisome.changeip.name registered there.



More on this --
Changeid.name is a server where you can take out a free subdomain name that will be redirected to a different domain of your choice.  So in the original malware warning from Htoo0, his antivirus detected malware in a link to xifehisome.changeip.name, which actually redirected to someplace else -- wherever the bad guys that took out the xifehisome subdomain had it go to.  By the time I saw his message, the xifehisome.changeip.name subdomain had already been taken down and thus was invalid.

From what I've been reading on these exploits, they continually shift the link addresses around, making it very difficult to track them down.


----------



## Henry M.

There's a discussion about e-mails being sent with rogue links at the google forums at https://productforums.google.com/forum/#!msg/gmail/HM2Ujgu9OD4/4KeUUlmeNqsJ

The title of the discussion is: "Is this a virus or fishing attempt?" 

In my case, after going through the warning about TUG being a dangerous site, a set of e-mails was sent to all my contacts containing links to 

http://"some changing web site URL"/components/com_ag_google_analytics2/google.html

The latter part seemed to stay constant. That might be related to the issue seen here where the base address only exists for a short time. I don't know enough about Google to know if the last part of the URL has any significance in the Google world of analytics.  

No record of the e-mails sent remains on my computer or my Google mail account. I only found out after a few of the addresses bounced, and then some friends mentioned getting something suspicious from me. As far as I can tell, nothing has happened again after I recovered my Google account following their instructions. I had also cleared all my history, caches, and cookies. 

The two Macs that could have done something like this were asleep, but on. It happened around 1:30 am when I myself was asleep. I supposed one of my iPads or iPhone could have also done something, since the browsers are set up to access my Google mail.

Was anything specific found and cleaned up by the TUG administrators? Have they done anything beyond contacting Google and McAfee to get off their blacklist? I would like to know if there was some virus that has been fixed, and if so, what it was, so I can try to chase the issue down on my end. If I got infected, I want to make sure I find a way to disinfect my machine.


----------



## cotraveller

Here is the Norton warning I received a few minutes ago.  A similar one came up on December 24. The ip address shown in the report is within a range of addresses I have blocked on the site I run.


----------



## TUGBrian

according to our host security people, google, every "scanner" we can find....the site is clean.

we have been scouring the server since this was reported...and can find nothing.


----------



## artringwald

I had been getting the Google warning every time I went to this site, but the problem disappeared within the past couple days.


----------



## Makai Guy

> An intrusion attempt by cicero.changeip.name was blocked


A check at changeip.name shows that the cicero.changeip.name subdomain name is available, meaning the bad guys have already abandoned this intermediate forwarding address and moved on to something else.

[Edited to add:]  Some of the descriptions I've read on this exploit say it only injects the code for people who come to the site via a search engine link, and not for people who are logged into the site.  (I'm talking about the actual injection of the harmful code which results in a warning of something being blocked by the antivirus program on your computer, NOT the generic warnings that the site has been reported).  Do you recall how you came to TUGBBS when you received that warning?


----------



## Henry M.

I always visit from bookmarks in my browser linked to the Starwood and Hawaii forums.


----------



## Tia

http://www.stopbadware.org/firefox?hl=en-US&url=http://tugbbs.com/forums/ 

Been ignoring the warnings by clicking ignore, but got a new page open today when came here, above.


----------



## T_R_Oglodyte

Makai Guy said:


> A check at changeip.name shows that the cicero.changeip.name subdomain name is available, meaning the bad guys have already abandoned this intermediate forwarding address and moved on to something else.
> 
> [Edited to add:]  Some of the descriptions I've read on this exploit say it only injects the code for people who come to the site via a search engine link, and not for people who are logged into the site.  (I'm talking about the actual injection of the harmful code which results in a warning of something being blocked by the antivirus program on your computer, NOT the generic warnings that the site has been reported).  Do you recall how you came to TUGBBS when you received that warning?



I have the "New Posts" bookmarked, and that is always how I come to the site.

I'm on the road now and accessing the site via my laptop instead of my desktop since Friday.  I have not gotten any warnings using my laptop.


----------



## simpsontruckdriver

I cleared out the cache and history, STILL getting the message.

TS


----------



## pacodemountainside

*Virus Alert*

After logging on to site got following  blocked  virus warning:

222.186.57.166   Port 137

I have McAfee!!


----------



## Makai Guy

pacodemountainside said:


> After logging on to site got following  blocked  virus warning:
> 
> 222.186.57.166   Port 137
> 
> I have McAfee!!


That gives us the IP (in China, surprise, surprise) from which the malware was being downloaded, but unfortunately it doesn't give any indication of what on OUR site is causing the download in the first place.


----------



## Henry M.

Paco,

Any additional information on which virus it is (does it have a name I can google) and what all it does? My system scans are clean, but I want to make sure there's nothing hiding somewhere in my machine?

Henry


----------



## TUGBrian

the only people ive seen report getting any sort of infection seem to describe the same "xp defender" fake antivirus download type.

although again, we cant find any source for it...no malicious code anywhere...and all the security scans (even 3rd party ones) show the site as clean.

Believe me its as frustrating on our end as it is yours.

Ill avoid putting more forum links in this weeks newsletter as well just in case.


----------



## Makai Guy

Not sure how I missed this and failed to respond ..


emuyshondt said:


> Was anything specific found and cleaned up by the TUG administrators? Have they done anything beyond contacting Google and McAfee to get off their blacklist? I would like to know if there was some virus that has been fixed, and if so, what it was, so I can try to chase the issue down on my end. If I got infected, I want to make sure I find a way to disinfect my machine.


On 12/23 I found an image file that had some extraneous binary code added to it.   This was an image file that is only viewed when a user is viewing a particular message in the BBS Help area, so it's not one that would have been visited much.  I immediately replaced it with a clean copy of the image file.  I don't know the nature of the injected code, just that it shouldn't have been there.


----------



## pacodemountainside

emuyshondt said:


> Paco,
> 
> Any additional information on which virus it is (does it have a name I can google) and what all it does? My system scans are clean, but I want to make sure there's nothing hiding somewhere in my machine?
> 
> Henry



No, unfortunately this was  all the info I have.

Interestingly, today I got same from 118.219.232.216. Just got another  one  with  121 that  disappeared  before I could  copy while using  spell checker!

Kinda like olde days when one had  electrical problem with car.  Lots of diagnosing and some luck finding!

Managers are giving best shot and fortunately  no one  with  good  virus programs  reporting being infested just inconvenienced!


----------



## Timeshare Von

My sign on tonight (just now) was the first in days (weeks?) that I didn't get the notice via Firefox.  Maybe it has been fixed :whoopie:


----------



## Makai Guy

*FWIW, for Firefox users*:

Firefox 17 apparently is not updating its internal cache of the Reported Site list properly when a site drops off the Google list. (See Mozilla bug 820283.)   This is reported to be fixed in Firefox 18, due to be released the week of Jan 6.

Meanwhile, users of Firefox 17 can force Firefox to check the current list at Google every time, instead of relying on cached data, as follows:

Enter _about:config_ in the Address/URL bar.
Press the big button to bypass the warning (if you haven't turned this off already).
Enter _*confirm*_ in the Filter bar to limit display to just options containing 'confirm'.
Double-click on _*urlclassifier.confirm-age*_ and change the value to 0.


----------



## memereDoris

Makai Guy said:


> *FWIW, for Firefox users*:
> 
> Firefox 17 apparently is not updating its internal cache of the Reported Site list properly when a site drops off the Google list. (See Mozilla bug 820283.)   This is reported to be fixed in Firefox 18, due to be released the week of Jan 6.
> 
> Meanwhile, users of Firefox 17 can force Firefox to check the current list at Google every time, instead of relying on cached data, as follows:
> 
> Enter _about:config_ in the Address/URL bar.
> Press the big button to bypass the warning (if you haven't turned this off already).
> Enter _*confirm*_ in the Filter bar to limit display to just options containing 'confirm'.
> Double-click on _*urlclassifier.confirm-age*_ and change the value to 0.



This fix worked and was actually very easy.
Thanks.


----------



## Beaglemom3

I have not received any warning of any kind, ever on Tug.

Not at all tech savvy here, but I have Windows 7  Premium Home and Webroot.

I stand in awe of all who know this stuff.







-


----------



## Timeshare Von

Timeshare Von said:


> My sign on tonight (just now) was the first in days (weeks?) that I didn't get the notice via Firefox.  Maybe it has been fixed :whoopie:



Oops - I spoke too soon (or jinxed it).  This morning, the red bar warning returned


----------



## judyjht

I followed those instructions posted by Makai Guy and it looks good so far - what a pain in the butt this has been!  Thanks (I hope)!


----------



## Blues

Hadn't gotten it for a few days, but got the Firefox warning again this AM (Jan 5, 2013).  Firefox 17.0.1.  Haven't tried Makai's fix yet.

-Bob


----------



## TUGBrian

We are still experiencing what appears to be some sort of malware or exploit impacting the TUGBBS FORUMS. It seems to only impact a small number of visitors, but still to be sure, we would suggest not browsing the TUGBBS FORUMS unless you have a current/updated active virus scanner/protection software loaded on your computer. note this does NOT impact the member only section of the site, tug2.com is unaffected by this issue.

I myself have been able to get an unprotected laptop I own infected with this virus from surfing the forum...sadly it simply appears the forum is "redirecting" random users to some other location and the virus is not actually loaded on the TUGBBS...just the exploit that redirects people.

Hopefully we can come up with a solution with our host here soon.

I sincerely apologize for any of you that have had to deal with this.  I will point out that I was able to restore my laptop using the native system restore tool to the previous days restore point and suffered no ill effects from the virus.  I would urge all of you to make sure that you have system restore enabled on your windows machines...its way easier than trying to clean these viruses in other ways for sure!


----------



## Htoo0

Although I get the warning each time I come to the site this is only the second time my antivirus actually 'caught' something. Probably won't help but here it is. 

Infection Details
URL:	http://qahihahur.longmusic.com/lrf2x7zxw...
Process:	C:\Program Files (x86)\Mozilla Firefox\f...
Infection:	URL:Mal


----------



## VacationForever

The only way to clean the server is to build the server os from scratch and reload data onto the server.  Alot of these malware just cannot be gotten rid of. I get the malware warning everyday on my laptop when I visit TUGbbs .  No warning on the IPAD or my Droid phone.  Wonder if they are now infected!


----------



## Tia

Crossing fingers as this is the first time I have come to TUG  in days and not gotten the warning page!

It's back  spoke too soon


----------



## Henry M.

TUGBrian said:


> I myself have been able to get an unprotected laptop I own infected with this virus from surfing the forum...



Which virus is it? What does it do to your system? I am asking about the virus that infected my machine, not the redirecting code you had on TUG that caused my machine to catch the bug.


----------



## WinniWoman

I am still getting the warning but chanced going on the site today. What is going on?


----------



## csxjohn

I went to the other side of tug this morning on my daughter's computer and avast told me a harmful url was blocked.  I don't have any details but did not come directly to the forums.


----------



## TUGBrian

it was the one listed earlier that masks itself as the "security scan" downloaded to your computer.

we are going to try to reimage the server this week in the hopes that it will clear this issue, as all of our attempts to find it have failed.


----------



## lcml11

TUGBrian said:


> it was the one listed earlier that masks itself as the "security scan" downloaded to your computer.
> 
> we are going to try to reimage the server this week in the hopes that it will clear this issue, as all of our attempts to find it have failed.



Wish you luck.  Hope it works.


----------



## KauaiMark

*Still with the Google warnings...*

Still getting warnings when accessing the BBS but not the TUG2.com main pages

..Mark (risking getting here by ignoring the warning, and Kasperski's not squawking about it)
...Mark 


-----------------------------------------------------------------------
Safe Browsing
Diagnostic page for tugbbs.com/forums

What is the current listing status for tugbbs.com/forums?

    This site is not currently listed as suspicious.

    Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

    Of the 129 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-01-07, and the last time suspicious content was found on this site was on 2012-12-23.

    Malicious software includes 1 exploit(s). Successful infection resulted in an average of 7 new process(es) on the target machine.

    Malicious software is hosted on 1 domain(s), including hivanopi.longmusic.com/.

    This site was hosted on 1 network(s) including AS32244 (LIQUID).

Has this site acted as an intermediary resulting in further distribution of malware?

    Over the past 90 days, tugbbs.com/forums did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

    No, this site has not hosted malicious software over the past 90 days.

Next steps:

    Return to the previous page.
    If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
-------------------------------------------------------------------------


----------



## HatTrick

*Alert Received This Morning*


----------



## TUGBrian

as a stopgap I have had our host block that URL that is being reported as the malware redirect...at least until we get this sorted out I hope at least this will be an effective stopgap measure.

although what baffles me is that if tug can get "flagged" for malware just for redirecting a small %of people to a virus site, why cant they blacklist the virus site?


----------



## lcml11

TUGBrian said:


> as a stopgap I have had our host block that URL that is being reported as the malware redirect...at least until we get this sorted out I hope at least this will be an effective stopgap measure.
> 
> although what baffles me is that if tug can get "flagged" for malware just for redirecting a small %of people to a virus site, why cant they blacklist the virus site?



I would have thought since their staff verified it that would have been done within seconds of there finding it.


----------



## TUGBrian

clearly not if people are still being redirected there and getting infected.


----------



## Makai Guy

I suspect that having our host blacklist that IP merely prevents anybody from that IP to connect HERE.  But that's not what's happening.  Whatever exploit we have here is sending people's computers TO that IP.   The affected users would have to have that IP blocked on THEIR systems to do any good.


----------



## Makai Guy

.. and as we've seen from earlier reports, the URL to which people are getting redirected is always a moving target at a URL-forwarding service, not directly to that IP or that webcakex.longmusic(dot)com address.


----------



## TUGBrian

he mentioned he had set it so that noone who traveled to tugbbs.com would be redirected to that url/ip listed in the virus notifications.

ill have to try to get "reinfected" on my junk laptop and see.


----------



## Makai Guy

TUGBrian said:


> he mentioned he had set it so that noone who traveled to tugbbs.com would be redirected to that url/ip listed in the virus notifications.
> 
> ill have to try to get "reinfected" on my junk laptop and see.



We've had a couple of reports pointing to a couple of different subdomains at changeip.name (i.e. XXXXX.changeip.name).  I think they get redirected to the evil site (sites?) from there.  changeip.name's IP is 204.16.173.30 -- possibly that's what should be blocked ...


----------



## WinniWoman

I get the warning when I click on Log In-not when I go to the site initially.


----------



## TUGBrian

Makai Guy said:


> We've had a couple of reports pointing to a couple of different subdomains at changeip.name (i.e. XXXXX.changeip.name).  I think they get redirected to the evil site (sites?) from there.  changeip.name's IP is 204.16.173.30 -- possibly that's what should be blocked ...



had the tech block all outgoing requests to that IP as well.


----------



## bobpark56

sptung said:


> .... I get the malware warning everyday on my laptop when I visit TUGbbs .  No warning on the IPAD or my Droid phone.  Wonder if they are now infected!



I also get no warning on my iPad...nor on my new MacBook Air. I do get it consistently on my older iMac quad 4. Using Safari or FireFox makes no difference.
  --bp


----------



## TUGBrian

can any of the people that were infected, or recieve the actualy LOCAL virus scanner intrustion warning...confirm they were running any operating system other than windows 7?

(note I refer to a local virus scanner warning on your machine, not the generic "attack site warning" that firefox/chrome/etc show.)


----------



## lcml11

TUGBrian said:


> can any of the people that were infected, or recieve the actualy LOCAL virus scanner intrustion warning...confirm they were running any operating system other than windows 7?
> 
> (note I refer to a local virus scanner warning on your machine, not the generic "attack site warning" that firefox/chrome/etc show.)



Microsoft Vista


----------



## TUGBrian

are you still getting the local virus warning every time you visit here now on vista?


----------



## lcml11

TUGBrian said:


> are you still getting the local virus warning every time you visit here now on vista?



Have not tried since being at Old Town Alexandria.  We only use it while out and about.  Do not want to use system for awile until you get it figured out.  Where I left it at Old Town was lost ability to use Internet Explorer, but everything else worked itself out by using firefox and downloading all of the Microsoft updates.  Could not successfuly get all of the updates to run correctly.  Will resume the attempt at the next timeshare visit later this month.


----------



## KauaiMark

Upgraded from Firefox V17 to V18 
I no longer get the warning messages

FireFox glitch?

...Mark


----------



## TUGBrian

eh, there is likely some wonkyness impacting firefox and chrome just from that "stopbadware" site...

I think we definately have narrowed this down to the ACTUAL virus only impacting windows 7 (and maybe vista).

and we are still unable to locate the source...but we did get a new report today from someone impacted...and we are using that data to try to help us find the source.


----------



## Passepartout

In the last 30 minutes, my AVG running constantly in the background caught a trojan threat in Windows, quarantined, cleaned and suggested I do a restart. Windows defender simultaneously detected an (unknown) threat, and said it had cleaned it and no further action on my part was required. The MS defender pops up the same notification about every 3-4 minutes. My computer just updated to Firefox 19 (beta) in the course of the restart.

I have no indication that TUG is implicated in any way- other than that happened to be the website I was viewing at the moment the threat was detected.

If it comes up again, I'll try to capture a file name.

*Update* I closed TUG, and the MS Security Essentials pop-ups continued. This probably indicates TUG isn't implicated.

Jim


----------



## Makai Guy

KauaiMark said:


> Upgraded from Firefox V17 to V18
> I no longer get the warning messages
> 
> FireFox glitch?
> 
> ...Mark



See this post, earlier in this thread:
http://www.tugbbs.com/forums/showpost.php?p=1404474&postcount=156


----------



## TUGBrian

Passepartout said:


> In the last 30 minutes, my AVG running constantly in the background caught a trojan threat in Windows, quarantined, cleaned and suggested I do a restart. Windows defender simultaneously detected an (unknown) threat, and said it had cleaned it and no further action on my part was required. The MS defender pops up the same notification about every 3-4 minutes. My computer just updated to Firefox 19 (beta) in the course of the restart.
> 
> I have no indication that TUG is implicated in any way- other than that happened to be the website I was viewing at the moment the threat was detected.
> 
> If it comes up again, I'll try to capture a file name.
> 
> *Update* I closed TUG, and the MS Security Essentials pop-ups continued. This probably indicates TUG isn't implicated.
> 
> Jim



what operating system?


----------



## Passepartout

TUGBrian said:


> what operating system?



Sorry. Win 7. I am shutting down Firefox and starting Chrome too.

*Updated:* Still getting the MS Security Essentials pop-up using Chrome. I don't have any reason to think TUG has anything to do with it in my case anyway.


----------



## TUGBrian

certainly at risk browsing here at the moment for sure....every instance we have seen points to win7 being the only OS that triggers this malware (one report of vista too).

also most users find that they dont get the notification until 2 or 3 clicks into TUG....i cant explain this either.


----------



## lcml11

TUGBrian said:


> certainly at risk browsing here at the moment for sure....every instance we have seen points to win7 being the only OS that triggers this malware (one report of vista too).
> 
> also most users find that they dont get the notification until 2 or 3 clicks into TUG....i cant explain this either.



For what it is worth, same pattern on the 1st problem through Vista.


----------



## simpsontruckdriver

I use Ubuntu Linux 12.04 with Firefox version 18. Yesterday was the first time since this began that I was able to access without the Google page. So, it's most likely a Google thing, not a personal settings thing - except maybe Cookies/Cache.


TS


----------



## Passepartout

Not to be stretching this out, but after yesterday's fiasco (see 192) of about 30 attacks deflected either by my (paid) AVG or by MicroSoft Security Essentials, I shut down customarily open websites, and lo-and behold, after shutting down iGoogle, the attacks stopped. TUG had nothing to do with it.

I tried to copy the screen shot showing the offending viruses, but obviously I am not smart enough to get one and have since erased all evidence.

I have since done a 'full scan' of my computer, it took over 7 hours and 2 million files. It uncovered 2 files, one- to write viruses, and the other, a trojan. I cleared both of those and so far, so good. I have even re-opened iGoogle, and so far no attacks. 

It seems to have ended as quickly as it began.

Jim


----------



## Scott W

I attempted quite a few times in the past to access the forums but my antivirus (Prevx) wouldn't allow me.  I unwisely disabled the protection and was immediately under attack.  I use Windows Vista.  My web browser is IE9.

Fortunately, Windows Defender protected my system.  It named the trojan virus Rogue:Win32/Winwebsec.  I ran Malwarebytes (free version) and it picked up 6 trojan viruses.

Funny thing is that I downloaded Google Chrome and I can visit the forums with no problem.  Prevx will restrict me if I use IE9.


----------



## lcml11

Scott W said:


> I attempted quite a few times in the past to access the forums but my antivirus (Prevx) wouldn't allow me.  I unwisely disabled the protection and was immediately under attack.  I use Windows Vista.  My web browser is IE9.
> 
> Fortunately, Windows Defender protected my system.  It named the trojan virus Rogue:Win32/Winwebsec.  I ran Malwarebytes (free version) and it picked up 6 trojan viruses.
> 
> Funny thing is that I downloaded Google Chrome and I can visit the forums with no problem.  Prevx will restrict me if I use IE9.



Interesting enough, my affected system was also a combination of Vista and Internet Explorer.  I used Firefox to get access and control of my system back.


----------



## Luckybee

Morning all

I just came on a few minutes ago....Security essentials quarantined 2x for a "trojan", first when i came on to the site then when i clicked on the BB's...windows 7 and I.E only. Suffice to say I've removed (I hope  ).


----------



## Htoo0

I haven't changed anything and I'm using FF and Win7. Haven't had any sort of problems the last 4 days however. FWIW.


----------



## Makai Guy

Luckybee said:


> Security essentials quarantined 2x for a "trojan", first when i came on to the site then when i clicked on the BB's...windows 7 and I.E only. Suffice to say I've removed (I hope  ).


Please clarify what you mean by "first when I came on to the site".   When you arrived at the bbs, or somewhere else on the TUG site, such as the TUG Home Page?


----------



## lcml11

http://en.wikipedia.org/wiki/JavaScript

http://www.cbsnews.com/8301-205_162-57563671/new-malware-exploiting-java-7-in-windows-unix-systems/


----------



## jschmidt

I’ve been getting the red flag for the last week or so when trying to log on.  Today was no problem!


----------



## WinniWoman

No problem today when log on. (I have Vista). My husband uninstalled Java since there were warnings yesterday about it. Don't know if that has anything to do with it.


----------



## Scott W

For what it's worth, I ran the Microsoft Safety Scanner and it detected on my system Trojan:JS/Medfos.B  Neither Prevx or Malwarebytes detected this.  I am still able to access the forums using Google Chrome.


----------



## Henry M.

TUGBrian said:


> I think we definately have narrowed this down to the ACTUAL virus only impacting windows 7 (and maybe vista).



When the unwanted e-mails were sent to my contact list, I was running Mac OSX on two different machines. I had also used an iPad and iPhone with iOS 6 to access the site. I had only accessed the forums by direct links to them. All were using Safari as the browser. The problem occurred when I foolishly tried to get to the forums to warn about the warnings I was getting from the browser about the site being compromised. 

I have since run several antivirus packages (Avast, BitDefender, Avira) on both machines and none found anything. I went back and cleaned all browse caches and increased the Java security. So far I haven't had a relapse. It might be Java that runs some rouge software and not something that gets installed in the OS.


----------



## TUGBrian

we are currently planning to replace the server with a new one (image) and hopefully get rid of this nonsense once and for all...it will require a few hours of downtime however.

ill let you know when I have a more firm time slot penciled in.


----------



## TUGBrian

ok were back online with a brand new server....any of you still getting the LOCAL virus warning....ill deal with the web browser/google/firefox blocking thing later.


----------



## durango5000

When I attempt to access tugbbs.com from my employer's network tugbbs.com is blocked with the claim that there is malware here. Luckily I work from home and can use another computer that bypasses my employer's network. 

Still very annoying and unfair as I have had nothing but a safe experience my short time here.


----------



## TUGBrian

the "block" via the web browser is something we can clear up separately.

I am merely needing to verify that those who are getting the LOCAL antivirus warning of an intrusion or virus, are no longer getting it after we replaced the server.


----------



## Beaglemom3

I am receiving the malware warning from my home laptop (Webroot) each time I try to log , but not from my work PC.

Just an FYI.


----------



## TUGBrian

Is it a local antivirus warning, or the google/chrome page that pops up and warns you the site you are about to go to might be bad?


----------



## Beaglemom3

TUGBrian said:


> Is it a local antivirus warning, or the google/chrome page that pops up and warns you the site you are about to go to might be bad?



  Brian,

  Just back on. I can get here usually late at night or early a.m. without the warning.
  It's a local warning. Webroot posts this warning :

"This website contains a known threat and has been blocked." with options to "Close" or "Allow". Just to be on the safe side, I've been going with "Close".

  Thanks !


----------



## TUGBrian

is there a log file or other details on the warning you get I can provide to our host?

file name, timestamp, url, etc etc?  perhaps some sort of "history" section of your av client?


----------



## Makai Guy

Beaglemom3 said:


> "This website contains a known threat and has been blocked."


... could well mean it's going by a reported site list.  If an actual detected threat I'd normally expect it to give more details.


----------



## Beaglemom3

TUGBrian said:


> is there a log file or other details on the warning you get I can provide to our host?
> 
> file name, timestamp, url, etc etc?  perhaps some sort of "history" section of your av client?



  Brian,
  No, just a warning sign of sorts. I am trying to find a picture of this, but it won't let me copy it.
  No numbers or other. Just a generic "Allow" or "Close" from Webroot.
  Thanks,
  Jeanne


----------



## TUGBrian

im thinking perhaps the webroot software goes off a list like doug said...about potential malware sites (we were on such lists back before we replaced the server)

i would like to be sure though, if you dont mind to keep looking Jeanne!


----------



## T_R_Oglodyte

Beaglemom3 said:


> Brian,
> No, just a warning sign of sorts. I am trying to find a picture of this, but it won't let me copy it.
> No numbers or other. Just a generic "Allow" or "Close" from Webroot.
> Thanks,
> Jeanne



If you're running Windows there is a "Snipping Tool" program available under Accessories that you can use to make screen grabs.  You just click and drag to highlight any area of your screen, and the snipping tool saves it as a graphic in the clipboard.


----------



## TUGBrian

if it sits up on your screen...just hit the alt key and the print screen key at the same time.

then open up mspaint (start > run > mspaint)  and click edit > paste

this will paste the contents of your screen print into mspaint that you can save as an image.


----------



## Beaglemom3

T_R_Oglodyte said:


> If you're running Windows there is a "Snipping Tool" program available under Accessories that you can use to make screen grabs.  You just click and drag to highlight any area of your screen, and the snipping tool saves it as a graphic in the clipboard.





  Thank you !!! I'll try that next time it happens. The warning comes & goes, mostly in the early a.m. and late p.m. Very odd. Just from my home laptop. I can get through at work, though.


----------



## Beaglemom3

TUGBrian said:


> if it sits up on your screen...just hit the alt key and the print screen key at the same time.
> 
> then open up mspaint (start > run > mspaint)  and click edit > paste
> 
> this will paste the contents of your screen print into mspaint that you can save as an image.



  Thank you !!! Will try this, save it, post to Photobucket and transfer it here.


----------



## T_R_Oglodyte

Beaglemom3 said:


> Thank you !!! I'll try that next time it happens. The warning comes & goes, mostly in the early a.m. and late p.m. Very odd. Just from my home laptop. I can get through at work, though.



I use the snipping tool so often I've pinned it to the man menu on the "Start" button.  It's a lot niftier than Brian's MSPaint suggestion.


----------



## Beaglemom3

As I'm hopelessly techno-challenged, having both will be useful.


----------



## lvhmbh

*Anybody Else Having Trouble With Google?*

I keep getting a message that their "certificate is not yet valid".  Huh???


----------



## csxjohn

*No issues*



lvhmbh said:


> I keep getting a message that their "certificate is not yet valid".  Huh???



Just to check I went to the main google page and searched for "timeshare."

No issues or messages.


----------



## lvhmbh

No - it was when I was trying to use google!!!  I have google chrome but I'm now getting the certificate is not valid message for GOOGLE!!!


----------



## lvhmbh

Fixed it - Never Mind


----------



## LLW

In the past (before the TUG server replacement), I had gotten warnings that stopped my computer from operating. It seemed the danger was higher when I posted (vs just browsing), especially when I edited what I had posted.

After the server replacement, I am still getting, from Microsoft Security Essentials, warnings of the existence of a "trojan," after I have been on TUG.

I know very little about computers, so I don't know if any of the above makes any sense to experts.


----------



## TUGBrian

can you forward the details of what your computer is saying to me?


----------



## Passepartout

LLW said:


> In the past (before the TUG server replacement), I had gotten warnings that stopped my computer from operating. It seemed the danger was higher when I posted (vs just browsing), especially when I edited what I had posted.
> 
> After the server replacement, I am still getting, from Microsoft Security Essentials, warnings of the existence of a "trojan," after I have been on TUG.
> 
> I know very little about computers, so I don't know if any of the above makes any sense to experts.



Mine did what you say yours is doing (pre server change) You can have MS Security Essentials can do a 'complete (or maybe it's a 'full') scan. It takes some time- mine took about 5 hours. You can continue to use your machine while it scans. The 'quick scan' won't do it. Then it will ask you if you want the infected files it finds eliminated. Click yes and don't look back.

That took care of it on my Win7 PC.

Doesn't require great computer knowledge or expertise.

Good Luck!


----------



## tonyg

I was blocked from access yesterday by my Webroot AV, but no problem this afternoon.


----------



## TUGBrian

again can someone (anyone) please forward me the details/screenshots of what you are seeing?

sofar ive gotten no response so there isnt anything for us to go on to investigate further!


----------



## LLW

We ran a full scan on Security Essentials and this time got a "no threat," and so have no screen to print. We are on weekly update on Security Essentials now, so maybe that has done the job, Or the trojan last time was from the scan of transactions from before the server replacement and the server replacement has done the job?

It was something that could not be removed, but was able to be quarantined.


----------



## Makai Guy

LLW said:


> It was something that could not be removed, but was able to be quarantined.


Is it still listed in your Securities Essentials quarantine area?


----------



## TUGBrian

Im only referring to those who are getting antivirus warnings AFTER the server was replaced...(ie within the last week or so)


----------



## LLW

Makai Guy said:


> Is it still listed in your Securities Essentials quarantine area?



There are two kinds of warnings in my quarantine area, but I think they were from before TUG replacement of server, and from the first one after the replacement (thus may contain viruses from transactions before):

“Category: Trojan Monitoring Software
Description: This program is dangerous and records user activity”

“Category: Trojan
Description: This program is dangerous and executes commands from an attacker”
********************************************************

As I said, the most recent scan (the first one of all post-replacement transactions ) said "no threat."


----------



## TUGBrian

what i need is the details when the attack happens...usually if a screen pops up with a warning it will have a details section that has a time/date stamp...the exact url and file path of what it thinks is the malware etc etc.


----------



## TUGBrian

anyone here use mcaffee site advisor?

do you still get any sort of warning when browsing the forums?


----------



## TUGBrian

tugbbs has been removed off the webroot antivirus block list...warnings from that av software should be gone.


----------



## dioxide45

TUGBrian said:


> anyone here use mcaffee site advisor?
> 
> do you still get any sort of warning when browsing the forums?



I still see a Red McAfee Site Advisor icon whenever I am on the TUG forums. I added TUG to my trusted sites in McAfee, so I don't get the warnings any more. But I think the red icon still means McAfee has it categorized as a problem site.

_Edited to add: As soon as I click a link that takes me to the regular TUG2.net site, that red icon turns green._


----------



## TUGBrian

I think that perhaps mcaffee site advisor uses the same "update" list that for whatever reason isnt updating that TUG is clean.

ill probably have to contact 8029834098230948 support people there like I did with webroot.


----------



## Beefnot

Whoa I just got this message for the first time at work:

This Web Site is Blocked
tugbbs.com
This site is being blocked due to the content of this site
McAfee Content Category: Malicious Sites
McAfee Security Rating: Green

What the.


----------



## TUGBrian

yea...some "av" programs are clearly sucking in terms of updating their lists of "bad sites"

im not sure what more I can do but keep contacting them and asking them to remove it.


an even more amusing tidbit...when you go to the site advisor page and do a report on the site, it shows clean

http://www.siteadvisor.com/sites/tugbbs.com


----------



## TUGBrian

got a note from "siteadvisor" saying they were looking into the issue...any change on your end?


----------



## Beefnot

TUGBrian said:


> got a note from "siteadvisor" saying they were looking into the issue...any change on your end?



Who are you talking to?


----------



## TUGBrian

the individuals still being blocked by mcaffee site advisor


----------



## chriskre

I am still being blocked on my laptop with both IE and Chrome where I am running PC Tools as my antivirus.

I can get on with my iMac though without a problem.


----------



## TUGBrian

what message do you get when browsing in chrome/ie?


----------



## dioxide45

My McAfee SiteAdvisor icon is now grey which seems to mean that they haven't scanned the site for vulnerabilities. So perhaps this is a good sign that they are resetting things?


----------



## chriskre

TUGBrian said:


> what message do you get when browsing in chrome/ie?



I get a red warning page asking me if I am sure I want to visit.  
I will check it out later for the exact wording.
sorry don't remember exactly the wording.


----------



## TUGBrian

i think there was a fix earlier back to refresh a setting within ie and chrome to update the warning database?

or am i just crazy.


----------



## ciscogizmo1

chriskre said:


> I am still being blocked on my laptop with both IE and Chrome where I am running PC Tools as my antivirus.
> 
> I can get on with my iMac though without a problem.


  i havent been ble to log in for days on my PC.  I'm not sure why.  i'll be sad if  cant visit this site.  to hard tovisit using my phone.  i can'tget on with my pc or ipads.


----------



## feckman

ciscogizmo1 said:


> i havent been ble to log in for days on my PC.  I'm not sure why.  i'll be sad if  cant visit this site.  to hard tovisit using my phone.  i can'tget on with my pc or ipads.



FWIW, I was having issues accessing the site last week.  Out of nowhere, the site would just time out out on every device using every browser on my network.  I traced it back to my Cisco Linksys router which, for some reason, seemed to interpret traffic with TUG as a denial of service attack which it blocked.  This seemed to be related to conducting searches on TUG.

The issue is outlined in-depth at http://community.linksys.com/t5/Wireless-Routers/Linksys-router-blocked-website/td-p/12917, but the solution in my case (and apparently for many others) was to have the router clone my PC's MAC address.

This may have nothing to do with the problems anyone else is having, but it knocked my access to TUG out cold for nearly a week until I found that thread.

HTH.


----------



## Makai Guy

TUGBrian said:


> i think there was a fix earlier back to refresh a setting within ie and chrome to update the warning database?
> 
> or am i just crazy.


That was specific to Firefox ver 17.  It was fixed in Firefox 18.
http://www.tugbbs.com/forums/showpost.php?p=1404474&postcount=156


----------



## ciscogizmo1

Yay... I'm back on and thank goodness.  Looks like Brian fix worked.  Hope everyone else can get into Tug now.


----------



## TUGBrian

im sorry you were being blocked Cisco!


----------

