SEARCH seems to be having issues - RESOLVED

Dream about your 240's turbo power in this forum.
Post Reply
adamky
SuperMod
Posts: 3511
Joined: Wed May 31, 2006 6:40 am
Location: Louisville, KY

SEARCH seems to be having issues - RESOLVED

Post by adamky »

I just tried to use the Search function using Firefox and as soon as I type something in the box and click Search, it takes me to a warning page that says:

Reported Attack Page!

This web page at statrow.in has been reported as an attack page and has been blocked based on your security preferences.

Attack pages try to install programs that steal private information, use your computer to attack others, or damage your system.Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.

If click on "Why was this page blocked?", it tells me that it's basically a warning from Google safe browsing to prevent the site from harming my PC.

Is anyone else who is using Firefox getting this message?
Wiseco/Eagle, JWT S1 cams, BC valve springs, PT5857, ID1700 injectors, SR20DET ECU w/ Nismotronic, COP conversion with LS ignition coils, etc, etc...
--> YouTube channel --> my build thread
Image
User avatar
R34SR
Belongs To The TOP CONTRIBUTING MEMBERS!
Posts: 1961
Joined: Thu Sep 25, 2008 6:09 pm
Location: Florida

Post by R34SR »

youre not the only one, my girlfriends pc showed a warning that this site has malware and asked me if i wanted to proceed.... :shock: ....i guess i dont see the warning on my own pc cause of all the porn sites....
MEGASQUIRT 2 PNP
AEM IGN1A COILS
EAGLE-ARP-SUPERTECH 9:1 KA24DE
BW S257 SX-E .78AR
ID1050x Injectors
Full Race twin scroll manifold
ISIS FMIC
Mazworx z32 tranny swap
CTS V CALIPERS
STANCE LX+ Coilovers
J30 LSD
AME FS01 WHEELS 18X9 +25



TinyT wrote:for the love of god, post your setup, do you really think you can get an answer after saying HI ME CAR HAS TURBO NOW BUT I CANT BWAAA PSHH WITH IT WHATS WRONG
body80
240sx Wannabe
Posts: 137
Joined: Mon Apr 02, 2007 8:20 pm
Location: Tavares, FL

Post by body80 »

I'm getting the same thing.
Jeff
User avatar
shift_down
SuperMod
Posts: 1833
Joined: Mon Nov 28, 2011 11:00 am
Location: tulsa oklahoma

Post by shift_down »

Same here
Come at me bro

Fast
Reliable
Cheap;
You can only pick two, so choose wisely!

My build thread: viewtopic.php?t=57539
User avatar
supakat
SuperMod
Posts: 8018
Joined: Sun Oct 08, 2006 12:13 pm
Location: FL

Post by supakat »

If I don't log into my account, I can search. The minute I log on, I get redirects and malware warnings. I went to ka24der.com and sent a message. Hopefully Rick or Ryan get the message and get the site free of malware. It seems that a hacker injected a code into logged in accounts or something then redirects them to so bogus page. The way I was able to get back on was open inprivate browsing window, went to this thread, right click post in a new window and signed it. Then I was able to post here.
12.96 @ 116.36 - 2.1 60ft - 11/2011
13.1 @ 114 - 2.3 60ft - 8/2012
KA24DE-T
Image
Build thread/Blog
YouTube Channel
User avatar
supakat
SuperMod
Posts: 8018
Joined: Sun Oct 08, 2006 12:13 pm
Location: FL

Post by supakat »

To get back on, open ka-t.org in a private session or incognito window and log on. It seems when you log on regularily, a tracking cookie is used then redirects you to another site.
12.96 @ 116.36 - 2.1 60ft - 11/2011
13.1 @ 114 - 2.3 60ft - 8/2012
KA24DE-T
Image
Build thread/Blog
YouTube Channel
adamky
SuperMod
Posts: 3511
Joined: Wed May 31, 2006 6:40 am
Location: Louisville, KY

Post by adamky »

Using IE8 and not logged in, it just takes me to this URL: (Don't click this) --> http://userimg.in/main.php?page=56121227efa16f9a

which is just a page that says: Please wait page is loading...
--------------------------------------------------------------------------------
Wiseco/Eagle, JWT S1 cams, BC valve springs, PT5857, ID1700 injectors, SR20DET ECU w/ Nismotronic, COP conversion with LS ignition coils, etc, etc...
--> YouTube channel --> my build thread
Image
User avatar
ppctx
Belongs To The TOP CONTRIBUTING MEMBERS!
Posts: 1667
Joined: Mon Apr 16, 2007 1:23 pm
Location: Panther City, TX

Post by ppctx »

supakat, can you please post up with a new thread title with something to the effect of ISSUE RESOLVED, when it is resolved. I'm going to stay away for a bit, hate getting my computer zapped.
Original owner of a 93' champagne colored, corn eating fastback. Growl and bite is a bit meaner, but she's still my little girl.


I'm not out, just doing a couple of other things for a bit.. brb
User avatar
supakat
SuperMod
Posts: 8018
Joined: Sun Oct 08, 2006 12:13 pm
Location: FL

Post by supakat »

If you want to go on, in IE8, go to internet options and click delete. Delete the first three boxes. Then get on.

i will let you know when it is resolved.
12.96 @ 116.36 - 2.1 60ft - 11/2011
13.1 @ 114 - 2.3 60ft - 8/2012
KA24DE-T
Image
Build thread/Blog
YouTube Channel
User avatar
Walperstyle
Belongs To The TOP CONTRIBUTING MEMBERS!
Posts: 2517
Joined: Sat Jun 21, 2008 2:32 pm
Location: Red Deer

Post by Walperstyle »

I added the .RU and userimg.in URL's in my router under the blocked sites. Hopefully that will stop it.

(still backing up wedding pictures, and trip to maui, and KA-T build pics)

PS: $20 says it was some noobie fanboy that was offended when we told him to use the search engine.
Image
blownhemi
Driving Mom's Station Wagon
Posts: 26
Joined: Sun Feb 08, 2009 9:00 am
Location: Hungary, Europe

Post by blownhemi »

It only does this for me, if I am coming in via a Google search result... got a virus into my computer yesterday beacuase of this, as the attack page wan't blacklisted yet by Firefox at that time. All this despite that I am running an up-to-date firewall...
User avatar
Walperstyle
Belongs To The TOP CONTRIBUTING MEMBERS!
Posts: 2517
Joined: Sat Jun 21, 2008 2:32 pm
Location: Red Deer

Post by Walperstyle »

^je ne cest pa

You got a virus yesterday from the same message? what did it do? what is it doing now?
Image
blownhemi
Driving Mom's Station Wagon
Posts: 26
Joined: Sun Feb 08, 2009 9:00 am
Location: Hungary, Europe

Post by blownhemi »

Walperstyle wrote:^je ne cest pa

You got a virus yesterday from the same message? what did it do? what is it doing now?
Not the same message. It didn't throw the warning at me yesterday, that rowstat.in is a blocked site. It was definitely not yet blacklisted in Firefox at that time, so when I clicked on a Google search result, that was pointing to a ka-t.org thread, it opened that rowstat.in site instead, and as soon as the site started loading, the virus immediately installed some kind of a fake Win 7 antivirus stuff on my PC. It didn't ask for anything, I didn't have to confirm anything, from one moment to the other, it was just there, running on my computer, and kept popping up a window "you're PC is infected", and a bunch of fake intrusion alerts. Immediately did a hard reset, and upon reboot started the ESET virus scan. Found it, killed it, did some damage control (it modified Windows so that opening .EXE files would open the fake Antivirus screen instead, put that back in order). I guess some half an hour later maybe, the site was added to Firefox's blacklist, hence why everyone is seeing the site blocked message now, instead of having their computers full of viruses (hopefully), as the unlucky first fews had it, I guess.

Never thought I'd have this, I'm quite paranoid otherwise, what I install,, and what I let in and out from and to the Net. UAC is on in Win7, ESET firewall and virus scan enabled. Nothing is safe anymore, it seems.
User avatar
Walperstyle
Belongs To The TOP CONTRIBUTING MEMBERS!
Posts: 2517
Joined: Sat Jun 21, 2008 2:32 pm
Location: Red Deer

Post by Walperstyle »

Thank you for clarifying. I use to work for Hewlett Packard a few years ago; Go to an un-infected computer and research this virus, there is probably links on how to remove the fake anti-virus off your system.

Also, I'd backup your important files. I just did. I have no sign of a virus though, but then again, about 3 years ago I had the same problem as you did.

also, everyone should familiar themselves with 'msconfig'. Start, RUN, type in MSCONFIG. Go to start-up, and you should be able to uncheck everything in there... but look specific for files that make no sense. (this doesn't delete them, it just dissables them)
Image
User avatar
supakat
SuperMod
Posts: 8018
Joined: Sun Oct 08, 2006 12:13 pm
Location: FL

Post by supakat »

Go to google and search combofix. Click the link, guide to using combofix and follow. Takes care of root kits as well. I use this all the time when cleaning pc's. Get 90% of crap out of there.
12.96 @ 116.36 - 2.1 60ft - 11/2011
13.1 @ 114 - 2.3 60ft - 8/2012
KA24DE-T
Image
Build thread/Blog
YouTube Channel
User avatar
emo_tactical9
Belongs To The TOP CONTRIBUTING MEMBERS!
Posts: 3086
Joined: Tue Sep 18, 2007 3:21 am
Location: Bowling Green, KY

Post by emo_tactical9 »

I was confused when I clicked links and it tried to redirect me to "cursor hand.ru gamma index.php t 55050 highlight" What a mess.
Just call me Adam.
95 240: DIYPNP and T28.
08 Honda Fit
84 200sx: Sold after almost 10 years.
My file hosting:Calum,MegaSquirt,FSM
User avatar
Walperstyle
Belongs To The TOP CONTRIBUTING MEMBERS!
Posts: 2517
Joined: Sat Jun 21, 2008 2:32 pm
Location: Red Deer

Post by Walperstyle »

I would suggust not clicking on any links on that page, but clicking back instead.
Image
Bubba
Knows Some Stuff About 240's!
Posts: 360
Joined: Sun Oct 08, 2006 9:06 pm
Location: Biloxi, MS
Contact:

Post by Bubba »

I browse from my cell phone since the pc I use is at work. I have the "view new posts" link as my bookmark and it sends me to a bunch of different **** pages if I try to open threads on that page. Figured I would add that in there to the list of issues.
My car is dead stock.... ish

http://mobileimports.freeforums.org
body80
240sx Wannabe
Posts: 137
Joined: Mon Apr 02, 2007 8:20 pm
Location: Tavares, FL

Post by body80 »

Someone fix this please!!

Thank you!
Jeff
klattr1
Forum Moderator
Posts: 3724
Joined: Mon Feb 02, 2004 10:22 pm
Location: Charlotte, NC
Contact:

Post by klattr1 »

Fixed! There were 2 .htaccess files injected (one at domain level and one above the root domain folder on the server)...everything (including the search form) should be working fine now.
User avatar
ppctx
Belongs To The TOP CONTRIBUTING MEMBERS!
Posts: 1667
Joined: Mon Apr 16, 2007 1:23 pm
Location: Panther City, TX

Post by ppctx »

YEA! Do you know if it was it anything that could harm computers accessing ka-t.org or just something meant to screw with the site?
Original owner of a 93' champagne colored, corn eating fastback. Growl and bite is a bit meaner, but she's still my little girl.


I'm not out, just doing a couple of other things for a bit.. brb
adamky
SuperMod
Posts: 3511
Joined: Wed May 31, 2006 6:40 am
Location: Louisville, KY

Post by adamky »

Awesome.
Wiseco/Eagle, JWT S1 cams, BC valve springs, PT5857, ID1700 injectors, SR20DET ECU w/ Nismotronic, COP conversion with LS ignition coils, etc, etc...
--> YouTube channel --> my build thread
Image
User avatar
Walperstyle
Belongs To The TOP CONTRIBUTING MEMBERS!
Posts: 2517
Joined: Sat Jun 21, 2008 2:32 pm
Location: Red Deer

Post by Walperstyle »

Thanks ryan... now who are the 5 new moderators to get rid of spammers and merge important information threads?
Image
User avatar
Walperstyle
Belongs To The TOP CONTRIBUTING MEMBERS!
Posts: 2517
Joined: Sat Jun 21, 2008 2:32 pm
Location: Red Deer

Post by Walperstyle »

bump^


was serious question
Image
TryingToTurbo
Belongs To The TOP CONTRIBUTING MEMBERS!
Posts: 2369
Joined: Sun Aug 12, 2007 8:24 pm
Location: Raleigh, NC

Post by TryingToTurbo »

lol. Right!

supakat is the only one I know of.
Built KA24DE: Wiseco 9.0:1 | Eagle H Beams | ARP Head & Main Studs | BC 272s & Springs | Supertech Valves
Boost Source: Under Construction

Image

Thinking about E-Mance? Think twice and read this:
viewtopic.php?t=45057&postdays=0&postorder=asc&start=0
User avatar
supakat
SuperMod
Posts: 8018
Joined: Sun Oct 08, 2006 12:13 pm
Location: FL

Post by supakat »

8-bit as well but he is on like once every two weeks.
12.96 @ 116.36 - 2.1 60ft - 11/2011
13.1 @ 114 - 2.3 60ft - 8/2012
KA24DE-T
Image
Build thread/Blog
YouTube Channel
Post Reply