Announcement

Collapse
No announcement yet.

Warning about deceptive/dangerous site ahead {Merged}

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #61
    I agree with you TimeWarpWife. I believe it is intentional because it is a conservative christian site.
    sigpic

    Comment


    • #62
      Originally posted by Jannette View Post
      Sometimes a site gets flagged because there is hidden malware/spam on it. You wouldn't see this on regular pages, but the hackers essentially use the hidden malware as a way to use that hosting's resources for sending out spam emails or phishing pages.

      The other reasons are more false positives; maybe their scanner picked up a few weird keywords on some pages and they assumed the whole site was compromised or dangerous based on that. This is common on blog sites where comments are allowed. Some spammer adds comments about 'low price prescription drugs!' and before the blog owner deletes it they get flagged.

      I was curious about why they flagged rr-bb myself after you said that (I assumed it was a false positive because I didn't see anything on the real forum pages), but I actually found it has some malicious web-search redirects in it... (that's what I get for assuming! )

      A free malware scanner shows the most important results:

      https://sitecheck.sucuri.net/results/rr-bb.com

      Some main pages are affected:

      http://rr-bb.com/faq.php
      http://rr-bb.com/activity.php
      http://rr-bb.com/calendar.php
      http://rr-bb.com/showgroups.php

      If you visit them directly, no issue, but the malware is smarter than that. Most site owners visit their pages internally (clicking those links in the topbar or anywhere inside the site in the navigation), but the hackers don't want to be found out by the owner, so they have the malicious redirect only take place when a visitor is clicking the link from another source, like a Google search.

      I searched for the rr-bb.com/faq.php page in Google (https://www.google.com/search?q=site...+rr-bb.com+faq) and then clicked the result link, and it triggered the malware to redirect me to some less-than-savory site.

      This is smarter than most I've come across. If you close the weird site it redirects you to and click the result link for the rr-bb.com/faq.php page again, it doesn't redirect you a second time, probably because they already loaded the browser up with tracking cookies. If I clear the browser cache, the cookies they added no longer exist so the malicious redirect does trigger again. Darn thing.

      I don't know if any of the mods know about this yet or have a handle on it, but I'm available if I could be of any help. The web hosting company I work for usually recommends Sucuri for malware removal, but I know they charge a pretty penny... sometimes it's not that bad and just requires updating the version of the application the site uses (vBulletin here) and checking some other common files like .htaccess they like to hide stuff in.
      Jannette,

      This is very interesting. Thank you for posting this clear explanation.

      I have had this computer for at least 6 months now, and have never cleared my cache in Firefox. I figured it would be a good test to see if I had any problems, both before I cleared my cache/cookies, then after. So at first, I searched for rr-bb.com and faq, then followed the link it found, and the rr-bb.com/faq page came up just fine. Next, I cleared my cache and cookies. Then I tried the same search and when I followed the link to rr-bb.com/faq that time, it gave me the Deceptive site warning page that some other folks are seeing.

      I have been using rr-bb in Microsoft Edge lately, I think I bypassed the errors by going to the main Rapture Ready website and following the links from there to get it to work.
      "Therefore my beloved brothers, be steadfast, immovable,
      always abounding in the work of the Lord;
      knowing that in the Lord your labor is not in vain."

      1 Corinthians 15:58 (ESV)

      Comment


      • #63
        I apologize if this has been mentioned already. My anti-virus keeps blocking attacks called "JSCoinminer Download 8" from "fileden(dot)com" right now as I'm browsing the forum. It lists the severity as high. I thought admin might want to know.
        Matt 16:27 | Rom 3:23 | Rom 10:9 | 1 Thes 5:9-10 | Ps 34:8

        Comment


        • #64
          Originally posted by Haeddre View Post
          I apologize if this has been mentioned already. My anti-virus keeps blocking attacks called "JSCoinminer Download 8" from "fileden(dot)com" right now as I'm browsing the forum. It lists the severity as high. I thought admin might want to know.
          Haeddre, What OS release are you using? I'm glad your antivirus is doing its job. the JSCoinminer is definitely a high threat.

          I believe the site owner is planning a software upgrade that will hopefully bring an end to the issues being shared/discussed in this thread. Hopefully a site upgrade will come soon.
          Tall Timbers, Imperfect but forgiven

          Comment


          • #65
            Originally posted by Tall Timbers View Post
            Haeddre, What OS release are you using? I'm glad your antivirus is doing its job. the JSCoinminer is definitely a high threat.

            I believe the site owner is planning a software upgrade that will hopefully bring an end to the issues being shared/discussed in this thread. Hopefully a site upgrade will come soon.
            TT, sorry I took so long to reply. I stayed away for a bit to avoid getting a virus. I use Windows 7, and I'm still getting attacked, unfortunately. It seems to only happen when I click on the Reply button and go in to type a reply.

            Thanks
            Matt 16:27 | Rom 3:23 | Rom 10:9 | 1 Thes 5:9-10 | Ps 34:8

            Comment


            • #66
              Originally posted by Haeddre View Post
              TT, sorry I took so long to reply. I stayed away for a bit to avoid getting a virus. I use Windows 7, and I'm still getting attacked, unfortunately. It seems to only happen when I click on the Reply button and go in to type a reply.

              Thanks
              Thanks for the reply. So probably everybody with Windows 7 is vulnerable... and hopefully have an uptodate antivirus like you. Hopefully the site fix will be in soon...
              Tall Timbers, Imperfect but forgiven

              Comment


              • #67
                For some time I've been visiting this site using my Android Tablet. Last week I tried using my Windows PC and saw the red Deceptive Site Ahead.

                Also, using MS Internet Evplorer to open RR-BB.COM, the site is not correct, but appears to be a retail group that has hijacked this URL.

                Marvin

                Comment


                • #68
                  My laptop was down for about a week so I used a chrome book to see what was happening at RR and everything was good until I tried to make a posting, then up popped the dreaded red warning, at least I could keep up with reading.
                  John 10:27-30 My sheep listen to my voice; I know them, and they follow me. I give them eternal life, and they shall never perish; no one will snatch them out of my hand. My Father, who has given them to me, is greater than all; no one can snatch them out of my Fatherís hand. I and the Father are one.

                  Comment


                  • #69
                    Todd requested a vbulletin upgrade quite a while ago. The folks that will be doing that seem to be dragging their feet a bit. The upgrade should eliminate the vulnerabilities we're currently experiencing.

                    Hopefully that upgrade will come soon.
                    Tall Timbers, Imperfect but forgiven

                    Comment


                    • #70
                      I have never had any problems getting onto RR.
                      sigpic

                      Comment


                      • #71
                        As this is the new vBullitin edition, it hasn't solved my Google access. I still get the dangerous site warning, I have learned to bypass it, but I expect it to stop me from posting this message..

                        I just thought site managers should know.

                        Marvin

                        Comment


                        • #72
                          Safari (MacOS browser) slammed me yesterday with the phishing site warning, every click or page load was interrupted. I t
                          urned off the warning for fraudulent sites in preferences, then was able to move about the site normally.

                          Also so used the button to report to them it is not that kind of site. Everyone else affected should do that as well, if they get enough of them we may get white listed??!

                          Comment


                          • #73
                            Yay, the warning is gone now from Chrome!

                            Comment


                            • #74
                              There may be some residual warnings that'll happen, but for now anyway, I think that problem is mostly behind us.
                              Tall Timbers, Imperfect but forgiven

                              Comment

                              Working...
                              X