Quote:
Originally Posted by Mike Switzer
Thanks for letting me know, I'll look into it. Are you still having warnings today?
Printable View
Quote:
Originally Posted by Mike Switzer
Thanks for letting me know, I'll look into it. Are you still having warnings today?
Yes, same thingQuote:
Originally Posted by Glory Aulik
Still getting the same virus warnings.
Quote:
Originally Posted by Mike Switzer
Our hosting provider performed a scan and everything came up clean. Their thoughts are that this may be a virus on your personal PC.
They are wrong. It is still happening, and ONLY on this forum, on multiple machines in my office that I have tried. All machines received a full scan over the weekend. The source is still the URL I reported last week.Quote:
Originally Posted by Glory Aulik
Just to be clear - my FIREWALL is indicating the source of the infected files is http://st.dynamicwords.us/
It is coming from outside of my firewall & being blocked.
Thanks for the update, Mike. I will keep looking into this and get it resolved ASAP.Quote:
Originally Posted by Mike Switzer
Can you run a Fiddler (HTTP) trace on your end, Mike? From my location, I'm seeing no traffic to the above-mentioned URL. And nothing in my Sophos logs.
The only traffic I can see coming from here is www.eaaforums.org and www.google-analytics.com.
I'm not planning on troubleshooting this any further, but just letting you know what I'm seeing outside of your office. :cool:
Mike - please let me know if you are still getting warnings. Our provider replaced a file - hopefully that fixes things.
I am still getting the warning. And Chris, I don't know what Fiddler is, that is a new one for me.
Is it possible the intermittent warnings that some people see & others don't have something to do with the Facebook links on this forum? After I have been here I frequently get aviation related advertising on my Facebook news feed.
Traffic is tracked on these forums with Google Analytics. It's quite possible that those ads are being targeted from that service based on your visits here.
I am now no longer getting the warning.
Glad to hear it!Quote:
Originally Posted by Mike Switzer
I hadn't seen it for awhile but it just happened again when I tried to access "new posts":
URL: http://eaaforums.org/clientscript/vbulletin-core.js?v=422|{gzip}
Infection: JS:Iframe-EON [Trj]
FWIW, I had just upgraded Avast.
Oddly, "new posts" showed only one post, that wasn't new (I had made the last post, so there were no new posts).
Hi Dana -Quote:
Originally Posted by Dana
Thanks for the heads up. I'm having our hosting provider look into this issue now.
Our provider performed a scan which came back clean, they did however replace a few files just in case. Please let me know if you are still receiving virus warnings!
Got the same warning again, just a few minutes ago. Seems to happen only the first time I load the website in a session. My bookmark is to "new posts", http://eaaforums.org/search.php?do=getnew&contenttype=vBForum_PostQuote:
Originally Posted by Glory Aulik
Got the Web Attack Toolkit 16 virus warning just now. There were a half dozen active topics when I pulled up the "new posts", and that's when the virus warning occurred. I'm running IE7 and Norton.
Thanks for letting me know, Kyle! I'll have our hosting provider look into this.Quote:
Originally Posted by Kyle Boatright
Quote:
Originally Posted by Glory Aulik
Kyle & Dana - Can you please let me know if you are still getting the virus warnings after clearing your browser cache?Quote:
Originally Posted by Dana
No warnings tonight.Quote:
Originally Posted by Glory Aulik
I didn't get the warning this evening, did not clear the cache, and the forum is much faster loading. So whatever you did, thanks.
Great to hear! :)Quote:
Originally Posted by Dana
Virus warning is back... as is super s-l-o-o-o-o-o-o-w forum response....
Tonight I started getting a virus warning again immediately upon opening the forum.
File name: vbulletin-core.js?v=422
Virus name: Trojan.JS.Agent.ctu
Path: http://eaaforums.org/clientscript/vb...-core.js?v=422
Quote:
Originally Posted by Mike Switzer
Thanks for letting me know - I'll contact our provider.Quote:
Originally Posted by Dana
Please let me know if you are still getting virus warnings! The corrupted files have been replaced.
Seems OK now, thanks!
OK here also
Great to hear!
Got it at work today...the whole EAA forum section was classified as a malicious site, and the corporate firewall wouldn't let me access at all. Company uses MacAfee. Warning notice:
URL: http://www.eaaforums.org/
Categories: Malicious Sites
Proxy: wp-ewa-02
Ron Wanttaja
Getting virus warning right now, first time for me.
I am not getting this anymore. This must be a headache for the IS department. I have never had this on any other website but this one. Someone does not like the EAA. That someone is a jerk. JMO.Quote:
Originally Posted by martymayes
Taking a look into it know!
Our provider is still looking into this issue, but suggested clearing out your browser cache first and then seeing if you are still receiving the virus warning.
Checking back here - is anyone still receiving the virus warning?
Not today.Quote:
Originally Posted by Glory Aulik
Glory, what's the story on this? This board is the only one which has ever caused my anti-virus protection to alarm, and it has happened a dozen times or more.
None of the other 10 or so boards I participate in has ever been flagged by my antivirus in the 20 years I've been active on the internet.
My company's still blocking it...get a red warning banner every time I click the bookmark. Suspect it they need proof to take a site OFF the list.Quote:
Originally Posted by Glory Aulik
Too bad, really. My co-workers are missing the hoots of derisive laughter coming from my cubicle during lunch break.....
Ron Wanttaja
Quote:
Originally Posted by rwanttaja
In a past life, I managed a large SAAS site. Everyone once in awhile, one of customers would do something stupid causing us to get blacklisted. It was a nightmare, because then my staff would have to contact each blacklisting service to get our domain and IPS removed from their list. It's a PITA and a real resource drain, but unfortunately, it's a fact of life today.
where I work now, my company uses Websense and is the process of moving to Intel Security. Websense has always blocked the EAA Forums. If my memory serves me correct, there are five scripts that they didn't like. At the moment, the forums aren't blocked by Intel Security.
if you are really bored, you can check out CSI.websense.com to see what they think about your favorite web site.
the point is that most of us in corporate America have no control over these settings. Flushing our browser cache will have no effect either. The EAA has to work with the major black/white providers to ensure their sites don't get black listed. Yes, coporate IT can over ride these settings. Must will require business justification for the over ride. I don't think many of us can convince IT that there is business justification for forum access at work.
so Ron, I, and many others are sitting in the same boat. Some waiting more patiently than others........
Thanks for the info everyone! I will continue to work with out provider to figure this out. Sorry for the inconvenience. Stay tuned for an update!