Jump to content


What Is Going On With Srmz


  • Please log in to reply
28 replies to this topic

#16 gliebzeit

gliebzeit

    Targa Fan

  • Supporter
  • PipPipPipPipPipPipPipPipPipPip
  • 1,907 posts
  • Gender:Male
  • Location:Florida - USA
  • Interests:Old guy stuff...
  • Sim interest:GPL

Posted Dec 20 2012 - 05:50 PM

I use Google Chrome web browser.

I am, for the past two days, continually getting the malware warning when trying to navigate to gplr.srmz.net  

Is it really not safe to go to this site???

Edited by gliebzeit, Dec 20 2012 - 05:50 PM.


#17 Lee200

Lee200

    Denny Hulme

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 1,452 posts
  • Gender:Male
  • Sim interest:GPL

Posted Dec 20 2012 - 08:38 PM

Same here Greg.  I've notified Keith.

It may be a coincidence, but beginning yesterday my antivirus program has been flagging a worm (Stration) trying to open on my computer.  Research shows this worm is normally distributed via eMail, but it's strange that I should be having this problem coincidentally with the problem at gplr.srmz.

#18 dangermouse

dangermouse

    The mobile chicane

  • Administrators
  • PipPipPipPipPipPipPipPipPipPip
  • 5,955 posts
  • Gender:Male
  • Location:SRMZ/GPLR London, UK
  • Interests:Errrrrr, GPL? :-)
    Music , computing, hi-fi, motor racing
  • Sim interest:GPL and P&G

Posted Dec 21 2012 - 01:23 PM

View PostRobert Fleurke, on Dec 20 2012 - 05:24 PM, said:


Finally I checked my gmail account on the webmail, and I found a mail in the spam folder, could log in with my initial account and happily was able to download stuff.

Prolly a known "issue", as I found out more ppl having these problems through googling. The problem is that validation mails, or resending pw etc. will get in the spam folder, or not even that concerning my own provider.

Especially for ppl who don't use webmail joining here might prove difficult...just saying, again, prolly a known "issue". ;)

Cheers :)
yes it is well known issue with google and other email providers and not just SRMZ but also an uncertain gaggle of sites including well known ones. You have to set your email provider to allow those emails through.

#19 dangermouse

dangermouse

    The mobile chicane

  • Administrators
  • PipPipPipPipPipPipPipPipPipPip
  • 5,955 posts
  • Gender:Male
  • Location:SRMZ/GPLR London, UK
  • Interests:Errrrrr, GPL? :-)
    Music , computing, hi-fi, motor racing
  • Sim interest:GPL and P&G

Posted Dec 21 2012 - 01:32 PM

View PostLee200, on Dec 20 2012 - 08:38 PM, said:

Same here Greg.  I've notified Keith.

It may be a coincidence, but beginning yesterday my antivirus program has been flagging a worm (Stration) trying to open on my computer.  Research shows this worm is normally distributed via eMail, but it's strange that I should be having this problem coincidentally with the problem at gplr.srmz.

"Problem" is that it's on the same server as speedgeezers

#20 Lee200

Lee200

    Denny Hulme

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 1,452 posts
  • Gender:Male
  • Sim interest:GPL

Posted Dec 21 2012 - 03:40 PM

Thanks Keith.  I'm now afraid to visit the forums as I apparently got the worm from it.  The exact warning that Google is distributing about the Repository is:

What is the current listing status for gplr.srmz.net?


Site is listed as suspicious - visiting this web site may harm your computer.
Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 1 pages we tested on the site over the past 90 days, 1 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-12-19, and the last time suspicious content was found on this site was on 2012-12-19.
Malicious software includes 1 trojan(s).
Malicious software is hosted on 2 domain(s), including fgplvwf.freewww.info/, ytuwvsuvm.qhigh.com/.
1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including ytuwvsuvm.qhigh.com/.
This site was hosted on 1 network(s) including AS174 (COGENT).

Has this site acted as an intermediary resulting in further distribution of malware?


Over the past 90 days, gplr.srmz.net did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?


No, this site has not hosted malicious software over the past 90 days.

How did this happen?


In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

Edited by Lee200, Dec 21 2012 - 03:40 PM.


#21 dangermouse

dangermouse

    The mobile chicane

  • Administrators
  • PipPipPipPipPipPipPipPipPipPip
  • 5,955 posts
  • Gender:Male
  • Location:SRMZ/GPLR London, UK
  • Interests:Errrrrr, GPL? :-)
    Music , computing, hi-fi, motor racing
  • Sim interest:GPL and P&G

Posted Dec 21 2012 - 06:19 PM

The "problem" has been people putting links to malware sites. Read the Google notice you've just posted and you'll see that the site hasn't hosted the actual malware. Make sure you don't click on the links from new users.

Remember that a Firefox addon called NoScript  
http://noscript.net

exists and that will block scripts from running on unknown sites. (or you can get it from going to the addons in the tools menu of firefox and typing noscript in get addons)

#22 Lee200

Lee200

    Denny Hulme

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 1,452 posts
  • Gender:Male
  • Sim interest:GPL

Posted Dec 21 2012 - 08:21 PM

Thanks Keith for the info.  I think there may more than just links to malware sites though.  When you visit the forum start page, there is now a small overlapping window in the upper middle which has a red dot with an X through it.  This window is new in the last couple of days and I believe I made the mistake of clicking on the X the first time I saw it.  Soon after that my antivirus discovered the worm/trojan.

No virus alerts today so hopefully they are are gone.  Fingers crossed.

#23 jgf

jgf

    Denny Hulme

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 775 posts
  • Gender:Male
  • Location:Columbus, OH
  • Sim interest:GPL and P&G

Posted Dec 21 2012 - 09:15 PM

I second the NoScript recommendation;  I've used it a couple of years and it does the job ...with a couple of caveats.  Nearly all websties today use java to some degree, when you first visit any site NoScript blocks all java;  this could result in anything from a few things not working to you getting a blank page with a notice that you need to enable java.  But easily taken care of with NoScript options.  More irritating is its blocking of "XSS" (Cross-Site Scripting), while this is a common source of malware it is also as frequently used legitimately;  NoScript provides no easy way to selectively allow this ("requires a knowledge of working with expressions" ...I don't think this refers to a mime).

Another useful Firefox extension is DoNotTrackMe, which "enables users to opt out of tracking by websites they do not visit, including analytics services, advertising networks, and social platforms".  I've been using this maybe six months and it's already blocked over 5000 such attempts ...including two shown from srmz as I type this (farcebook and google).  I believe there is a version of this for Chrome also.

Edited by jgf, Dec 21 2012 - 09:16 PM.


#24 Bernd Nowak

Bernd Nowak

    Denny Hulme

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 1,716 posts
  • Gender:Male
  • Sim interest:GPL

Posted Dec 22 2012 - 05:02 AM

No script is in an option but with forums it's possible to create a new user and place some advanced stuff in it like what I have seen on a customer PC. No Java installed but flash version one or 2 versions behind the now actual adobe flash. It slipped through the adobe stuff and since then a process was intercepting webpages and placing add links in it.
What I want to say is that at the moment I stay away from GPLR because there's a lot of advanced stuff in the wild which can't be easily detected :(
By the way, JRE 1.7u10 and 1.6u38 are out.

And DoNotTrackMe is a good idea. The little Facebook, Google + and other stuff indeed also uses java and other ways to track you as well as to announce it to the social networks. Nothing bad, Bill and Keith.

#25 Bill

Bill

    BRM Freak

  • Administrators
  • PipPipPipPipPipPipPipPipPipPip
  • 963 posts
  • Gender:Male
  • Location:U.S. Wise Va.

Posted Dec 22 2012 - 02:44 PM

Hey guys
Repository is ok again.
Some details about this hack that is going on.
the virus is not on our server so thats a good thing, what it does is place links to the bad software and if clicked then you will get the infection what ever it may be.
Using firefox with noscript is about bulletproof and very recommended  this is what I use to go to infected sites and either repair the site or to find out how the hack works.
IE really needs to be banned from the internet, this browser alone has caused more problems then any other browser know to man :)
If you must use it then make absolutely sure you understand how to secure it. It can be done but it does take some work to do it.

#26 SteveC43

SteveC43

    Denny Hulme

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 249 posts
  • Gender:Male

Posted Dec 22 2012 - 03:00 PM

Just curious. Is GPL Addicts pretty much gone forever or will it be restored at some point?

I don't forsee adding much to it anymore, but it's a fun record of my past that amuses me to look at every now and then, :)

Thanks for the hard work.

#27 Bill

Bill

    BRM Freak

  • Administrators
  • PipPipPipPipPipPipPipPipPipPip
  • 963 posts
  • Gender:Male
  • Location:U.S. Wise Va.

Posted Dec 22 2012 - 03:14 PM

Hey Steve
Its back up :)

#28 SteveC43

SteveC43

    Denny Hulme

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 249 posts
  • Gender:Male

Posted Dec 24 2012 - 01:45 PM

Thanks man! I appreciate it. :)

#29 John Woods

John Woods

    Be Somebody

  • GPLLinks Team
  • PipPipPipPipPipPipPipPipPipPip
  • 2,338 posts
  • Gender:Male
  • Interests:Too Much Fun
  • Sim interest:GPL

Posted Dec 25 2012 - 07:13 AM

View PostSteveC43, on Dec 24 2012 - 01:45 PM, said:

Thanks man! I appreciate it. :)

Second that. GPLLinks link still works. (cool).

Thanks Bill.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Sim Racing Links