Fixed. Sorry about that folks!
Redirection of forum.nanfa.org url POSSIBLE MALWARE PROBLEM. PLEASE READ THREAD AND PROTECT YOURSELF!
Started by
Guest_Erica Lyons_*
, Dec 31 2013 01:47 PM
72 replies to this topic
#28
Guest_Ken_*
Guest_Ken_*
-
- Guests
Posted 30 May 2014 - 01:05 PM
Nevermind..... I think I may have taken care of it on my end. Had some program called Webget downloaded on my computer inadvertantly. The strange thing though is the pop ups didn't happen on any other website that I had gone to...... Oh well it looks like it has stopped here also.
#29
Guest_Stickbow_*
Guest_Stickbow_*
-
- Guests
Posted 16 July 2014 - 10:37 PM
This has been happening to me, and since I am an IT nerd, and have access to some people who are much better hackers than I am, I had our security guy look at this, because when I do a Google search for a species or anything that NANFA might have a link for, the first time I click the link I get the http://url4short(dot)info(slash)53c2d5c5 link(or a "blocked due to malware" link from our web monitoring software.
This happens on my work machine, home machines, tablet...all of which are clean and scanned regularly. FWIW, reproducing it can be difficult, because it only redirects the first time you click the link that's embedded - either in the Google search or wherever (other site links do it too, including those embedded in email messages). It may require that you be caching your login; we're not sure - we were able to get it to do it when not logged in.
We got a truly "clean" machine and image that he uses to test with. Does it for him. We know it is NOT client side (i.e., our machines). He isn't familiar with the IP Board software NANFA uses, so we surfed. We found a pretty good number of hacker board references explaining how to inject malicious code for URL redirect scripts, and one blog that explains how to fix it.
The latter is the only link we found that I'm willing to post: http://peter.upfold....url4short-mess/ This explains the problem fully, the research done to discover it, and how to fix it.
Hope this will help you solve the problem before I set off any more alarms at work
Edited to add -- the comments also point out other places the code is sometimes injected. Worth reading those as well.
This happens on my work machine, home machines, tablet...all of which are clean and scanned regularly. FWIW, reproducing it can be difficult, because it only redirects the first time you click the link that's embedded - either in the Google search or wherever (other site links do it too, including those embedded in email messages). It may require that you be caching your login; we're not sure - we were able to get it to do it when not logged in.
We got a truly "clean" machine and image that he uses to test with. Does it for him. We know it is NOT client side (i.e., our machines). He isn't familiar with the IP Board software NANFA uses, so we surfed. We found a pretty good number of hacker board references explaining how to inject malicious code for URL redirect scripts, and one blog that explains how to fix it.
The latter is the only link we found that I'm willing to post: http://peter.upfold....url4short-mess/ This explains the problem fully, the research done to discover it, and how to fix it.
Hope this will help you solve the problem before I set off any more alarms at work
Edited to add -- the comments also point out other places the code is sometimes injected. Worth reading those as well.
Edited by Stickbow, 16 July 2014 - 10:40 PM.
#32
Guest_FirstChAoS_*
Guest_FirstChAoS_*
-
- Guests
Posted 18 October 2014 - 06:03 PM
Is the problem not fixed yet? I have never encountered any of this kind of skronk here.
Yes, my main computer I enter the page through bookmarks so do not see it, but on work computers and my tablet where I enter through a browser I do see it.
#33
Isaac Szabo
-
- NANFA Member
- Marble Falls, AR
Posted 18 October 2014 - 11:34 PM
Yes, I encounter it from time to time when google searches lead me to NANFA content. The first click leads to the malware site, but I know to just go back and click it again to get to the real content. However, it concerns me that we are likely losing some potential new members who do google searches for native fish information but never make it all the way to NANFA content because of the website redirection. I know that if I clicked on an unfamiliar website which then led to a malware webpage, I probably wouldn't risk trying to go to that website again. I wonder if the fix that Wynne linked to would be worth trying?
#35
Sean Phillips
-
- NANFA Member
- Allegheny River Drainage, Southwest PA
Posted 21 October 2014 - 06:23 PM
Yeah this has been happening to me for months now, since I joined actually. I figured it was just my computer otherwise I would've reported it but I guess not.
Sean Phillips - Pine Creek Watershed - Allegheny River Drainage
#36
Guest_Skipjack_*
Guest_Skipjack_*
-
- Guests
Posted 23 October 2014 - 03:00 PM
This is an issue, and we need to address it. Unfortunately since we are all volunteers, at the moment I am not sure that we have someone tech savvy enough to take this on. We sure do not want to implement a fix that causes a nightmare. If anyone out there has some experience with this type of issue, please send a PM to me or one of the other forum staff. It will be rectified, hopefully sooner than later. Your staff here are doing the best that they can. When the forum was constructed we had a particularly gifted individual that handled all of these problems. Since he moved out of the drivers seat, we have all tried to learn more and manage as well as possible. I think we have all done a decent job of holding it together, and we learn more all the time. So please volunteer and give us a hand, or please be patient, and know we are doing our best. Better yet, someone start a motion to give us a menial pay raise. I will second it. Wait. 10% of zero is still zero isn't it? Dang it!
#38
Guest_Skipjack_*
Guest_Skipjack_*
-
- Guests
Posted 23 October 2014 - 04:56 PM
Thanks for the vote of confidence Uland. I hope that the problem just vanishes with the upgrade. There are fixes/patches for this problem, but when you are playing with many thousands of posts, some with great information, it makes one rather hesitant.I would bet the update will fix this. Fingers crossed.
#39
Isaac Szabo
-
- NANFA Member
- Marble Falls, AR
Posted 23 October 2014 - 06:26 PM
I wasn't intending to be critical. Just trying to provide some helpful information. I am very appreciative of all the work NANFA volunteers do, and I totally understand if nobody knows how to fix the issue (I don't). It would be nice if the upgrade fixes it.
Reply to this topic
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
NANFA Youtube Channel 
