Malicious attack blocked when trying to access this forum?

dexX7

legendary

Activity: 1106

Merit: 1026

Quote

*Jacob Colagrossi, Nov 21 01:21 pm (PST):*

Hello dexx and welcome to the Malwarebytes product support. Thank you
for choosing Malwarebytes Anti-Malware as your anti-malware security
solution, my name is Jacob Colagrossi and I'll be assisting you today.

I will contact our research team to see about the block of this IP
address. I will follow up with you once I hear word back from them.

Thank you.

Quote

dexx, Nov 21 08:29 pm (PST):

Hi Jacob,

thanks for the fast response. Looking forward for more.

Quote

Jacob Colagrossi, Nov 26 03:55 pm (PST):

Hi dexx,

I have been informed that this IP address has been unblocked in the recent database updates.

Please let me know if you have any questions.

Quote

dexx, Nov 26 03:58 pm (PST):

Hi Jacob,

thanks for the notice! Did you get any information what was causing the
block in the first place?

Quote

Jacob Colagrossi, Nov 26 04:05 pm (PST):

Hi Dexx,

I have no solid information but from what I read in forum posts this site is under frequent attack from outside sources. It may have been added to the block list during an instance of attack.

BittBurger

hero member

Activity: 924

Merit: 1001

Is the above IP address the IP address of this website?

It looks like a couple of people reported this on their support forums. And they've reported that they are looking into it right now.

theymos

administrator

Activity: 5222

Merit: 13032

Quote from: BitcoinFX on November 22, 2013, 01:39:16 PM

See: http://hosts-file.net/?s=bitcointalk.org this is probably an error and the admin. should contact 'Request removal' for more info.

They've listed the forum for a long time AFAIK. See here. Maybe they only just updated the IP address.

BittBurger

hero member

Activity: 924

Merit: 1001

Why does it repeatedly say it's currently blocking a malicious attack from an IP address? The IP address is located in the Netherlands. Seems like if it just put a site on a blacklist, it would say "this site is blocked". It wouldn't say it just blocked a malicious attack from a website.

BitcoinFX

legendary

Activity: 2646

Merit: 1722

https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF

Quote from: Grix on November 22, 2013, 02:11:55 PM

Quote from: BittBurger on November 22, 2013, 11:39:03 AM

Grix

That link doesn't work.

At least not on my iPhone.

Well, here's what it says basically:

Code:

Infection Blocked
URL: http://imageupload.co.uk/files/za1z84jpkvd9uo18uoed....
Infection: URL:Mal

Quote from: BitcoinFX on November 22, 2013, 02:03:03 PM

Quote from: BittBurger on November 22, 2013, 01:53:56 PM

Solution? I was about to wipe my computer.

I don't see a reason to do a re-install at present.

Malwarebytes is just being over sensitive, when you pay for a anti-malware solution, they have a legal obligation to 'protect' you.

Sometimes these companies get things wrong, because they must protect their customers. Lets also say that they can sometimes have other interests as well.

There might be a genuine problem, but at present I can't find anything or it might of been removed already, but I'm not an admin. wth server access either.

Looks like a 'false alarm' to me though.

Pretty far fetched that two independent antimalware programs simultaneously gives a false positive, isn't it?

Nope. Not really. The link (URL) you have reported from your software indicates a 3rd party upload site probably used by someome for a link on the forum that was / is in just one thread as a download etc.

That's enough to get bitcointalk.org temporarily and incorrectly listed.

Grix

hero member

Activity: 536

Merit: 500

Quote from: BittBurger on November 22, 2013, 11:39:03 AM

Grix

That link doesn't work.

At least not on my iPhone.

Well, here's what it says basically:

Code:

Infection Blocked
URL: http://imageupload.co.uk/files/za1z84jpkvd9uo18uoed....
Infection: URL:Mal

Quote from: BitcoinFX on November 22, 2013, 02:03:03 PM

Quote from: BittBurger on November 22, 2013, 01:53:56 PM

Solution? I was about to wipe my computer.

I don't see a reason to do a re-install at present.

Malwarebytes is just being over sensitive, when you pay for a anti-malware solution, they have a legal obligation to 'protect' you.

Sometimes these companies get things wrong, because they must protect their customers. Lets also say that they can sometimes have other interests as well.

There might be a genuine problem, but at present I can't find anything or it might of been removed already, but I'm not an admin. wth server access either.

Looks like a 'false alarm' to me though.

Pretty far fetched that two independent antimalware programs simultaneously gives a false positive, isn't it?

Raoul Duke

legendary

Activity: 1358

Merit: 1002

Quote from: BitcoinFX on November 22, 2013, 01:39:16 PM

Not 100% sure how ads are being served here, but it might be to do with temporarily hijacked 3rd party content and/or in relation to linked content.

AFAIK ads are only html styled with css. No images or scripts.

BitcoinFX

legendary

Activity: 2646

Merit: 1722

https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF

Quote from: BittBurger on November 22, 2013, 01:53:56 PM

Solution? I was about to wipe my computer.

I don't see a reason to do a re-install at present.

Malwarebytes is just being over sensitive, when you pay for an anti-malware solution, they have a legal obligation to 'protect' you.

Sometimes these companies get things wrong, because they must protect their customers. Lets also say that they can sometimes have other interests as well.

There might be a genuine problem, but at present I can't find anything or it might of been removed already, but I'm not an admin. wth server access either.

Looks like a 'false alarm' to me though.

BittBurger

hero member

Activity: 924

Merit: 1001

Solution? I was about to wipe my computer.

BitcoinFX

legendary

Activity: 2646

Merit: 1722

https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF

I've just scanned bitcointalk.org

http://sitecheck.sucuri.net/scanner/ - Clean

https://www.virustotal.com/en/url/7354af8427d7b8d4236356d0bca680ad3186fce415cb51971f3793cee59e4291/analysis/1385144339/ - Clean

However, I found that hpHosts is currently listing bitcointalk.org - i.e. 'Malwarebytes'.

See: http://hosts-file.net/?s=bitcointalk.org this is probably an error and the admin. should contact 'Request removal' for more info.

Not 100% sure how ads are being served here, but it might be to do with temporarily hijacked 3rd party content and/or in relation to linked content.

This report, I suspect is actually a 'false positive'.

BittBurger

hero member

Activity: 924

Merit: 1001

Grix

That link doesn't work.

At least not on my iPhone.

BittBurger

hero member

Activity: 924

Merit: 1001

Just to clarify, I haven't clicked anything, downloaded anything, or run anything from any emails. I'm very aware of that kind of stuff. The website just went dead yesterday. I'm not thinking this is on my end, but I guess it's possible. If that's the case, it's already on many people's computers.

BitcoinBarrel

legendary

Activity: 2026

Merit: 1034

Fill Your Barrel with Bitcoins!

Not surprising. Bitcoin is huge target for hackers at the moment now that the price is up.

BittBurger

hero member

Activity: 924

Merit: 1001

Yeah, it's definitely not just me…

Grix

hero member

Activity: 536

Merit: 500

This happened to me too. But not just Malwarebytes. I bypassed malwarebytes' block, and after browsing this forum for around a minute, Avast also notified me that a virus had just been blocked. It came from a different domain. I think this might be the real deal, bitcointalk may be injected with malicious code.

Here's a little report: http://www.avast.com/lp-fr-virus-alert?p_ext=&utm_campaign=Virus_alert&utm_source=prg_fav_80_0&utm_medium=prg_systray&utm_content=.%2Ffa%2Fno-no%2Fvirus-alert-default&p_vir=URL:Mal&p_prc=C:\Program%20Files%20%28x86%29\Aurora\firefox.exe&p_obj=http://imageupload.co.uk/files/za1z84jpkvd9uo18uoed.jpg&p_var=.%2Ffa%2Fno-no%2Fvirus-alert-default&p_elm=7&p_lex=302&p_lid=no-no&p_lng=nb&p_lqa=0&p_lqe=0&p_lst=0&p_lsu=24&p_pro=0&p_bld=empty&p_vep=8&p_ves=0&p_vbd=1497&p_hid=7001976d-9a1d-4dcb-a912-99d939f654b0

roadsterreplica

newbie

Activity: 44

Merit: 0

Could be many things.

I suspect it may be more on your end than on this end - some software on your end is trying to keylog your bitcoin forum password.

BittBurger

hero member

Activity: 924

Merit: 1001

When I try any web browser on my computer, I get a dead page for this forum, and Malbytes anti-malware gives me a pop up saying that it blocked a malicious attack from IP 109.201.133.195

No such problems on iPhone or iPad.

This has been happening since yesterday morning. I went into the Bitcoin chat room and several others are having the same problem. Yet I see nobody mentioning, or talking about it.

Topic: Malicious attack blocked when trying to access this forum? (Read 1149 times)