TexasCHLforum.com

For the last few days while viewing the Forum, when I go back from a post I get a Malwarebytes alert that it has blocked the following IP:

69.162.102.178 (Type: outgoing, Port: 53714, Process: firefox.exe

This happens on several days and a look at my logs show that it always tries the same IP but changes ports it attempts. Lucky for me Malwarebytes is catching it and stopping it.

I have had this happen before on another site that repeatedly said it was secure and there was no problems. Shortly after informing them of the problem, the site was down for several days while they got rid of whatever it was.

Just wanted to let the Admins here know that it looks like there may be a bug or two infecting the Site.

Anyone else that runs Malwarebytes protection notice anything like this?

The forum is hosted on a system with numerous virtual hosts. The IP for the forum, 216.35.196.23 , showed as having an infection in 2011. However, the data that I have does not show that infection being associated with texaschlforum. Your source port will vary but the destination port to the web-based forum should always be port 80.

First thing I would do is run MBAM full scan to check your machine.

The IP address: 69.162.102.178 resolves to Limestone Networks in Dallas http://www.limestonenetworks.com/. It shows to have 5 web sites using that IP address. If you'll go to http://whois.domaintools.com/69.162.102.178 you'll see the whole information dump for that IP address. That should help narrow your search.

Already did the whois......
Posted here for the Admins to investigate. I have no need to research it further. Up to the Admins to decide if any action is needed.

Should have checked that other IP. I am on Limestones Networks' board of advisors. Will send out a flare.

On additional thunking on your report: that IP maps to cdn.memegenerator.net. There may be some posts leading to that site that the admins may want to look into.

Now we're gettin somewhere........

As I said, another site I used to visit was hit the same way. Started slowly, got worse as Admins continued to claim nothing was wrong and finally it brought the site to it's knees.

They were down for over 4 days trying to clean up the mess.
I stopped going there because they could never get it right again and the site continued to have problems.

Has anyone else received any warnings?

Chas.

...I've had a few from the Moderators...

AEA,

What antivirus are you running?

Malwarebytes 1.61.0.1400

I'm running Norton Internet Security and haven't received any malware warnings. I downloaded Malwarebytes to try to duplicate what AEA is seeing, but no warnings yet.

Chas.

You running the full version AEA?

Just to be clear. I have not seen it as something continuous. Only a few times and in all instances, I failed to remember the thread I was reading......

If it happens again I will remember what thread and will try to duplicate it myself.

I don't mean to create a stir with this. I only wanted to bring the possibility of a bug. I asked in my original post if anyone else has seen this.

Keith B wrote:You running the full version AEA?

YES, Full Version.