Is the Forum infected?

To keep abreast of site changes, or to post a question, idea or suggestion for the website.

Moderators: carlson1, Keith B, Charles L. Cotton

User avatar

Topic author
AEA
Senior Member
Posts in topic: 9
Posts: 5110
Joined: Sat May 12, 2007 12:00 pm
Location: North Texas

Is the Forum infected?

#1

Post by AEA » Mon Jun 04, 2012 12:10 pm

For the last few days while viewing the Forum, when I go back from a post I get a Malwarebytes alert that it has blocked the following IP:

69.162.102.178 (Type: outgoing, Port: 53714, Process: firefox.exe

This happens on several days and a look at my logs show that it always tries the same IP but changes ports it attempts. Lucky for me Malwarebytes is catching it and stopping it.

I have had this happen before on another site that repeatedly said it was secure and there was no problems. Shortly after informing them of the problem, the site was down for several days while they got rid of whatever it was.

Just wanted to let the Admins here know that it looks like there may be a bug or two infecting the Site.

Anyone else that runs Malwarebytes protection notice anything like this?
Last edited by AEA on Mon Jun 04, 2012 10:11 pm, edited 1 time in total.
Alan - ANYTHING I write is MY OPINION only.
Certified Curmudgeon - But, my German Shepherd loves me!
NRA-Life, USN '65-'69 & '73-'79: RM1
1911's RULE!

User avatar

DocV
Senior Member
Posts in topic: 4
Posts: 1098
Joined: Fri Nov 25, 2011 4:29 pm

Re: Is the Forum infected?

#2

Post by DocV » Mon Jun 04, 2012 12:48 pm

The forum is hosted on a system with numerous virtual hosts. The IP for the forum, 216.35.196.23 , showed as having an infection in 2011. However, the data that I have does not show that infection being associated with texaschlforum. Your source port will vary but the destination port to the web-based forum should always be port 80.
NRA Lifetime Member
I was addicted to the hokey-pokey, but I turned myself around.


The Marshal
Senior Member
Posts in topic: 1
Posts: 832
Joined: Sat Jun 03, 2006 10:16 am
Location: Rockwall TX

Re: Is the Forum infected?

#3

Post by The Marshal » Mon Jun 04, 2012 1:25 pm

First thing I would do is run MBAM full scan to check your machine.


n5wd
Senior Member
Posts in topic: 1
Posts: 1597
Joined: Sat Aug 06, 2011 1:16 am
Location: Ponder, TX

Re: Is the Forum infected?

#4

Post by n5wd » Mon Jun 04, 2012 1:59 pm

The IP address: 69.162.102.178 resolves to Limestone Networks in Dallas http://www.limestonenetworks.com/. It shows to have 5 web sites using that IP address. If you'll go to http://whois.domaintools.com/69.162.102.178 you'll see the whole information dump for that IP address. That should help narrow your search.
NRA-Life member, NRA Instructor, NRA RSO, TSRA member,
Vietnam (AF) Veteran -- Amateur Extra class amateur radio operator: N5WD

Email: CHL@centurylink.net

User avatar

Topic author
AEA
Senior Member
Posts in topic: 9
Posts: 5110
Joined: Sat May 12, 2007 12:00 pm
Location: North Texas

Re: Is the Forum infected?

#5

Post by AEA » Mon Jun 04, 2012 2:02 pm

Already did the whois......
Posted here for the Admins to investigate. I have no need to research it further. Up to the Admins to decide if any action is needed.
Alan - ANYTHING I write is MY OPINION only.
Certified Curmudgeon - But, my German Shepherd loves me!
NRA-Life, USN '65-'69 & '73-'79: RM1
1911's RULE!

User avatar

DocV
Senior Member
Posts in topic: 4
Posts: 1098
Joined: Fri Nov 25, 2011 4:29 pm

Re: Is the Forum infected?

#6

Post by DocV » Mon Jun 04, 2012 4:58 pm

:oops:
Should have checked that other IP. I am on Limestones Networks' board of advisors. Will send out a flare.

On additional thunking on your report: that IP maps to cdn.memegenerator.net. There may be some posts leading to that site that the admins may want to look into.
NRA Lifetime Member
I was addicted to the hokey-pokey, but I turned myself around.

User avatar

Topic author
AEA
Senior Member
Posts in topic: 9
Posts: 5110
Joined: Sat May 12, 2007 12:00 pm
Location: North Texas

Re: Is the Forum infected?

#7

Post by AEA » Mon Jun 04, 2012 6:16 pm

Now we're gettin somewhere........ :tiphat:

As I said, another site I used to visit was hit the same way. Started slowly, got worse as Admins continued to claim nothing was wrong and finally it brought the site to it's knees.

They were down for over 4 days trying to clean up the mess.
I stopped going there because they could never get it right again and the site continued to have problems.
Alan - ANYTHING I write is MY OPINION only.
Certified Curmudgeon - But, my German Shepherd loves me!
NRA-Life, USN '65-'69 & '73-'79: RM1
1911's RULE!

User avatar

Charles L. Cotton
Site Admin
Posts in topic: 2
Posts: 17609
Joined: Wed Dec 22, 2004 9:31 pm
Location: Friendswood, TX
Contact:

Re: Is the Forum infected?

#8

Post by Charles L. Cotton » Mon Jun 04, 2012 9:07 pm

Has anyone else received any warnings?

Chas.


speedsix
Senior Member
Posts in topic: 1
Posts: 5608
Joined: Tue Jan 18, 2011 8:39 am

Re: Is the Forum infected?

#9

Post by speedsix » Mon Jun 04, 2012 9:16 pm

...I've had a few from the Moderators...

User avatar

DocV
Senior Member
Posts in topic: 4
Posts: 1098
Joined: Fri Nov 25, 2011 4:29 pm

Re: Is the Forum infected?

#10

Post by DocV » Mon Jun 04, 2012 9:28 pm

AEA,

What antivirus are you running?
NRA Lifetime Member
I was addicted to the hokey-pokey, but I turned myself around.

User avatar

Topic author
AEA
Senior Member
Posts in topic: 9
Posts: 5110
Joined: Sat May 12, 2007 12:00 pm
Location: North Texas

Re: Is the Forum infected?

#11

Post by AEA » Mon Jun 04, 2012 9:43 pm

Malwarebytes 1.61.0.1400
Alan - ANYTHING I write is MY OPINION only.
Certified Curmudgeon - But, my German Shepherd loves me!
NRA-Life, USN '65-'69 & '73-'79: RM1
1911's RULE!

User avatar

Charles L. Cotton
Site Admin
Posts in topic: 2
Posts: 17609
Joined: Wed Dec 22, 2004 9:31 pm
Location: Friendswood, TX
Contact:

Re: Is the Forum infected?

#12

Post by Charles L. Cotton » Mon Jun 04, 2012 9:45 pm

I'm running Norton Internet Security and haven't received any malware warnings. I downloaded Malwarebytes to try to duplicate what AEA is seeing, but no warnings yet.

Chas.

User avatar

Keith B
Moderator
Posts in topic: 3
Posts: 18296
Joined: Sat Aug 18, 2007 3:29 pm

Re: Is the Forum infected?

#13

Post by Keith B » Mon Jun 04, 2012 9:49 pm

You running the full version AEA?
Keith
Texas LTC Instructor, Missouri CCW Instructor, NRA Certified Pistol, Rifle, Shotgun Instructor and RSO, NRA Life Member

Psalm 82:3-4

User avatar

Topic author
AEA
Senior Member
Posts in topic: 9
Posts: 5110
Joined: Sat May 12, 2007 12:00 pm
Location: North Texas

Re: Is the Forum infected?

#14

Post by AEA » Mon Jun 04, 2012 9:52 pm

Just to be clear. I have not seen it as something continuous. Only a few times and in all instances, I failed to remember the thread I was reading......

If it happens again I will remember what thread and will try to duplicate it myself.

I don't mean to create a stir with this. I only wanted to bring the possibility of a bug. I asked in my original post if anyone else has seen this.
Alan - ANYTHING I write is MY OPINION only.
Certified Curmudgeon - But, my German Shepherd loves me!
NRA-Life, USN '65-'69 & '73-'79: RM1
1911's RULE!

User avatar

Topic author
AEA
Senior Member
Posts in topic: 9
Posts: 5110
Joined: Sat May 12, 2007 12:00 pm
Location: North Texas

Re: Is the Forum infected?

#15

Post by AEA » Mon Jun 04, 2012 9:53 pm

Keith B wrote:You running the full version AEA?
YES, Full Version.
Alan - ANYTHING I write is MY OPINION only.
Certified Curmudgeon - But, my German Shepherd loves me!
NRA-Life, USN '65-'69 & '73-'79: RM1
1911's RULE!

Post Reply

Return to “Site Announcements, Questions & Suggestions”