Google blocking access to TUG

Makai Guy · Jan 9, 2013

I suspect that having our host blacklist that IP merely prevents anybody from that IP to connect HERE. But that's not what's happening. Whatever exploit we have here is sending people's computers TO that IP. The affected users would have to have that IP blocked on THEIR systems to do any good.

Makai Guy · Jan 9, 2013

.. and as we've seen from earlier reports, the URL to which people are getting redirected is always a moving target at a URL-forwarding service, not directly to that IP or that webcakex.longmusic(dot)com address.

TUGBrian · Jan 9, 2013

he mentioned he had set it so that noone who traveled to tugbbs.com would be redirected to that url/ip listed in the virus notifications.

ill have to try to get "reinfected" on my junk laptop and see.

Makai Guy · Jan 9, 2013

TUGBrian said:
he mentioned he had set it so that noone who traveled to tugbbs.com would be redirected to that url/ip listed in the virus notifications.

ill have to try to get "reinfected" on my junk laptop and see.

We've had a couple of reports pointing to a couple of different subdomains at changeip.name (i.e. XXXXX.changeip.name). I think they get redirected to the evil site (sites?) from there. changeip.name's IP is 204.16.173.30 -- possibly that's what should be blocked ...

WinniWoman · Jan 10, 2013

I get the warning when I click on Log In-not when I go to the site initially.

TUGBrian · Jan 10, 2013

Makai Guy said:
We've had a couple of reports pointing to a couple of different subdomains at changeip.name (i.e. XXXXX.changeip.name). I think they get redirected to the evil site (sites?) from there. changeip.name's IP is 204.16.173.30 -- possibly that's what should be blocked ...

had the tech block all outgoing requests to that IP as well.

bobpark56 · Jan 10, 2013

sptung said:
.... I get the malware warning everyday on my laptop when I visit TUGbbs . No warning on the IPAD or my Droid phone. Wonder if they are now infected!

I also get no warning on my iPad...nor on my new MacBook Air. I do get it consistently on my older iMac quad 4. Using Safari or FireFox makes no difference.
--bp

TUGBrian · Jan 10, 2013

can any of the people that were infected, or recieve the actualy LOCAL virus scanner intrustion warning...confirm they were running any operating system other than windows 7?

(note I refer to a local virus scanner warning on your machine, not the generic "attack site warning" that firefox/chrome/etc show.)

lcml11 · Jan 10, 2013

TUGBrian said:
can any of the people that were infected, or recieve the actualy LOCAL virus scanner intrustion warning...confirm they were running any operating system other than windows 7?

(note I refer to a local virus scanner warning on your machine, not the generic "attack site warning" that firefox/chrome/etc show.)

Microsoft Vista

TUGBrian · Jan 10, 2013

are you still getting the local virus warning every time you visit here now on vista?

lcml11 · Jan 10, 2013

TUGBrian said:
are you still getting the local virus warning every time you visit here now on vista?

Have not tried since being at Old Town Alexandria. We only use it while out and about. Do not want to use system for awile until you get it figured out. Where I left it at Old Town was lost ability to use Internet Explorer, but everything else worked itself out by using firefox and downloading all of the Microsoft updates. Could not successfuly get all of the updates to run correctly. Will resume the attempt at the next timeshare visit later this month.

KauaiMark · Jan 10, 2013

Upgraded from Firefox V17 to V18
I no longer get the warning messages

FireFox glitch?

...Mark

TUGBrian · Jan 10, 2013

eh, there is likely some wonkyness impacting firefox and chrome just from that "stopbadware" site...

I think we definately have narrowed this down to the ACTUAL virus only impacting windows 7 (and maybe vista).

and we are still unable to locate the source...but we did get a new report today from someone impacted...and we are using that data to try to help us find the source.

Passepartout · Jan 10, 2013

In the last 30 minutes, my AVG running constantly in the background caught a trojan threat in Windows, quarantined, cleaned and suggested I do a restart. Windows defender simultaneously detected an (unknown) threat, and said it had cleaned it and no further action on my part was required. The MS defender pops up the same notification about every 3-4 minutes. My computer just updated to Firefox 19 (beta) in the course of the restart.

I have no indication that TUG is implicated in any way- other than that happened to be the website I was viewing at the moment the threat was detected.

If it comes up again, I'll try to capture a file name.

Update I closed TUG, and the MS Security Essentials pop-ups continued. This probably indicates TUG isn't implicated.

Jim

Makai Guy · Jan 10, 2013

KauaiMark said:
Upgraded from Firefox V17 to V18
I no longer get the warning messages

FireFox glitch?

...Mark

See this post, earlier in this thread:
http://www.tugbbs.com/forums/showpost.php?p=1404474&postcount=156

TUGBrian · Jan 10, 2013

Passepartout said:
In the last 30 minutes, my AVG running constantly in the background caught a trojan threat in Windows, quarantined, cleaned and suggested I do a restart. Windows defender simultaneously detected an (unknown) threat, and said it had cleaned it and no further action on my part was required. The MS defender pops up the same notification about every 3-4 minutes. My computer just updated to Firefox 19 (beta) in the course of the restart.

I have no indication that TUG is implicated in any way- other than that happened to be the website I was viewing at the moment the threat was detected.

If it comes up again, I'll try to capture a file name.

Update I closed TUG, and the MS Security Essentials pop-ups continued. This probably indicates TUG isn't implicated.

Jim

what operating system?

Passepartout · Jan 10, 2013

TUGBrian said:
what operating system?

Sorry. Win 7. I am shutting down Firefox and starting Chrome too.

Updated: Still getting the MS Security Essentials pop-up using Chrome. I don't have any reason to think TUG has anything to do with it in my case anyway.

TUGBrian · Jan 10, 2013

certainly at risk browsing here at the moment for sure....every instance we have seen points to win7 being the only OS that triggers this malware (one report of vista too).

also most users find that they dont get the notification until 2 or 3 clicks into TUG....i cant explain this either.

lcml11 · Jan 10, 2013

TUGBrian said:
certainly at risk browsing here at the moment for sure....every instance we have seen points to win7 being the only OS that triggers this malware (one report of vista too).

also most users find that they dont get the notification until 2 or 3 clicks into TUG....i cant explain this either.

For what it is worth, same pattern on the 1st problem through Vista.

simpsontruckdriver · Jan 11, 2013

I use Ubuntu Linux 12.04 with Firefox version 18. Yesterday was the first time since this began that I was able to access without the Google page. So, it's most likely a Google thing, not a personal settings thing - except maybe Cookies/Cache.

TS

Passepartout · Jan 11, 2013

Not to be stretching this out, but after yesterday's fiasco (see 192) of about 30 attacks deflected either by my (paid) AVG or by MicroSoft Security Essentials, I shut down customarily open websites, and lo-and behold, after shutting down iGoogle, the attacks stopped. TUG had nothing to do with it.

I tried to copy the screen shot showing the offending viruses, but obviously I am not smart enough to get one and have since erased all evidence.

I have since done a 'full scan' of my computer, it took over 7 hours and 2 million files. It uncovered 2 files, one- to write viruses, and the other, a trojan. I cleared both of those and so far, so good. I have even re-opened iGoogle, and so far no attacks.

It seems to have ended as quickly as it began.

Jim

Scott W · Jan 12, 2013

I attempted quite a few times in the past to access the forums but my antivirus (Prevx) wouldn't allow me. I unwisely disabled the protection and was immediately under attack. I use Windows Vista. My web browser is IE9.

Fortunately, Windows Defender protected my system. It named the trojan virus Rogue:Win32/Winwebsec. I ran Malwarebytes (free version) and it picked up 6 trojan viruses.

Funny thing is that I downloaded Google Chrome and I can visit the forums with no problem. Prevx will restrict me if I use IE9.

lcml11 · Jan 12, 2013

Scott W said:
I attempted quite a few times in the past to access the forums but my antivirus (Prevx) wouldn't allow me. I unwisely disabled the protection and was immediately under attack. I use Windows Vista. My web browser is IE9.

Fortunately, Windows Defender protected my system. It named the trojan virus Rogue:Win32/Winwebsec. I ran Malwarebytes (free version) and it picked up 6 trojan viruses.

Funny thing is that I downloaded Google Chrome and I can visit the forums with no problem. Prevx will restrict me if I use IE9.

Interesting enough, my affected system was also a combination of Vista and Internet Explorer. I used Firefox to get access and control of my system back.

Luckybee · Jan 13, 2013

Morning all

I just came on a few minutes ago....Security essentials quarantined 2x for a "trojan", first when i came on to the site then when i clicked on the BB's...windows 7 and I.E only. Suffice to say I've removed (I hope

).

Htoo0 · Jan 13, 2013

I haven't changed anything and I'm using FF and Win7. Haven't had any sort of problems the last 4 days however. FWIW.

Google blocking access to TUG

Makai Guy

Makai Guy

TUGBrian

Makai Guy

WinniWoman

TUG Review Crew: Veteran

TUGBrian

bobpark56

TUG Review Crew: Expert

TUGBrian

lcml11

TUGBrian

lcml11

KauaiMark

TUGBrian

Passepartout

TUG Review Crew: Veteran

Makai Guy

TUGBrian

Passepartout

TUG Review Crew: Veteran

TUGBrian

lcml11

simpsontruckdriver

Passepartout

TUG Review Crew: Veteran

Scott W

lcml11

Luckybee

Htoo0