PDA

View Full Version : Unsafe site warning



Flashback55
02-01-2018, 10:30 PM
Guys how come everytime I come to this site I get an unsafe site warning & my antivirus kicks in? No other site I go to does this any ideas? I use Opera & Nod32 Antivirus.

beneharris
02-01-2018, 10:35 PM
Can you get me a screenshot?

Flashback55
02-01-2018, 10:52 PM
Had to take a photo of screen as it won't let me take a screenshot of that for some reason!
https://i.imgur.com/Fuf0tfb.png
https://i.imgur.com/A816ngS.png

beneharris
02-01-2018, 10:54 PM
Hmm, it seems to be loading from another site from what that is saying.

Anybody else having this issue? I'm running through all the google diagnostics, and not seeing any issues.

Flashback55
02-01-2018, 11:39 PM
Hmm, it seems to be loading from another site from what that is saying.

Anybody else having this issue? I'm running through all the google diagnostics, and not seeing any issues.

I just tried using Comodo Dragon browser & don't have the same issue it seems to be when I use Opera browser.

beneharris
02-01-2018, 11:43 PM
Stupid quesiton, but has it been a while since you've visited using Opera?

A while back we did have an issue with some malicious code being inserted, but I can't find anything recent. I have the host company doing a virus/code scan tomorrow, so check back in.

Flashback55
02-02-2018, 12:12 AM
Stupid quesiton, but has it been a while since you've visited using Opera?

A while back we did have an issue with some malicious code being inserted, but I can't find anything recent. I have the host company doing a virus/code scan tomorrow, so check back in.

Mostly use Opera when visiting this site, I just looked up reasons for the warning & maybe no https on this site bringing up the warning with Opera?

Jesse
02-02-2018, 02:16 AM
No issues here on Firefox, chrome and safari

manini
02-02-2018, 03:13 AM
No issues here on Firefox, chrome and safari

Same + I also use NOD32, and have never had any problems. Also just downloaded Opera and tried it as well. Again no issues. Maybe your computer is infected Flashback55?

metalchurch
02-02-2018, 06:01 AM
I cant remember if it was here or the Seymour Duncan Forum, but every once in a great while Ill get a "502-bad gateway" when logging off. It hasnt happened in a while, but when it does happen it does it almost everytime I visit and log off.

Aside from that this forum is one of the better ones as far as how smooth it runs because Ben and Jesse are usually on top of things as they arise.

SteveH
02-02-2018, 07:49 AM
As of today I'm getting a warning popup that the site is trying to use my browser to mine cryptocurrency, it lets me disallow the operation. I'm using Chrome.

leftrb
02-02-2018, 09:21 AM
As of today I'm getting a warning popup that the site is trying to use my browser to mine cryptocurrency, it lets me disallow the operation. I'm using Chrome.

Can you post a pic please? I wonder if one of the embedded images somewhere is malicious.

Jesse
02-02-2018, 09:30 AM
I assure you I am not mining cryptocurrency!

beneharris
02-02-2018, 10:43 AM
So guys,

I've done all the google tests, found nothing. I've used 2 computers at work, with 2 different browsers, and found nothing. Used both my home computers, nothing.

When you scan a website on sites to see if it is infected, they just want to sell you product. All I can figure is wordpress, or vbulletin is outdated by an update or two.

I'm not saying there isn't something going on, but it isn't likely on our end. We use a shared server, so I have the host company doing a test for me. If there is anything going on its on their end. Plus, if there are any ads that google puts up for us, and it can somehow be linked to a website who does have an issue, your browser or virus scan can see that, and attribute it to us.

I checked every single file and folder I have access to last night, and nothing has been modified. There was nothing in the log saying anybody was trying to log in and failed multiple times. Usually when you get hacked you have a couple thousand tries of uncompleted logins.

Thanks for helping us figure this out. I have no idea why some people are getting notices and some are not.

Jesse
02-02-2018, 11:03 AM
Just for housekeeping: I checked the site on my home computer (firefox, chrome), work computer (chrome), phone (chrome), ipad (Safari) so far and have not come across any warnings.

SteveH
02-02-2018, 01:27 PM
Can you post a pic please? I wonder if one of the embedded images somewhere is malicious.

I'm confident you guys are not mining bitcoin through us. I didn't even realize that was a thing until I started seeing the popup, so I added a blocker for it. Since then, it saw one, but it identified the site as coinhive.com:
9001

beneharris
02-02-2018, 01:48 PM
I'm confident you guys are not mining bitcoin through us. I didn't even realize that was a thing until I started seeing the popup, so I added a blocker for it. Since then, it saw one, but it identified the site as coinhive.com:
9001

Man, that is so weird. I've crawled every page we have, and cannot find anything. Its either on the server side, or I'm not smart enough to locate it. And I had my wheaties today.

SteveH
02-02-2018, 01:54 PM
Yeah, I don't know how it works at all, and I work in the computer security sector. When I refreshed the page, I saw the original popup, so I can show you what that looks like:9002

beneharris
02-02-2018, 02:15 PM
Can you do me a favor? Can you take me a screenshot of what ad is on the very bottom of the page when that is happening?

SteveH
02-02-2018, 02:31 PM
Will do next time it pops up.

Flashback55
02-03-2018, 11:19 PM
Same + I also use NOD32, and have never had any problems. Also just downloaded Opera and tried it as well. Again no issues. Maybe your computer is infected Flashback55?

I've done a couple of complete computer virus scans with Nod32 manini no virus also complete scan with Malwarebytes no issues. Nod32 is pretty good been using for over ten years had no problems. And if I use Comodo browser I don't get the warning only with Opera... If you get a chance go to Sucuri.net check see what results you get its a free check.

manini
03-31-2018, 11:24 PM
All,

I've been getting this lately every time I come to the site, on multiple machines, using different virus scanners- they all point to a coinminer running through some javascript. I know it's this site because I don't have any other tabs open. I've also checked for viruses and malware and have none.

Happens on all broswers I've used.

It's been caught on NOD32, on Avast, and even on crappy old Symantec at work...

https://i.imgur.com/4IYBj10.png.

When looking at the page source for LGT, I do see that allfonts link in there...

It makes my laptop fans spin up like crazy using a ridiculous amount of CPU. On my desktop, I do notice some increased resource utilization. I've also seen this at work. Can someone look into it?

leftrb
03-31-2018, 11:35 PM
I see where that is in the page source; not sure if it's malicious or not. It's a polish font script? Jesse, is the template for this site including that font script or did you add it manually?

Jesse
04-01-2018, 12:16 AM
I have no idea. No. idea.

beneharris
04-01-2018, 12:23 AM
I'll look into it!

beneharris
04-01-2018, 12:29 AM
Pretty sure I found it. Will you guys try again, and comment? Manini, maybe you could text me, that way if I'm not at my computer I'll know.


Thanks for posting up about this, by the way. This kind of shit is never ending.

manini
04-01-2018, 01:28 AM
Pretty sure I found it. Will you guys try again, and comment? Manini, maybe you could text me, that way if I'm not at my computer I'll know.


Thanks for posting up about this, by the way. This kind of shit is never ending.

Problem looks like it's been solved. Thanks for taking care of that Ben! Laptop isn't blowing up anymore :D