Bitcoin Forum
November 23, 2017, 05:05:03 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Malicious attack blocked when trying to access this forum?  (Read 1031 times)
BittBurger
Hero Member
*****
Offline Offline

Activity: 840


View Profile
November 22, 2013, 04:05:00 PM
 #1

When I try any web browser on my computer, I get a dead page for this forum, and Malbytes anti-malware gives me a pop up saying that it blocked a malicious attack from IP 109.201.133.195

No such problems on iPhone or iPad.

This has been happening since yesterday morning. I went into the Bitcoin chat room and several others are having the same problem. Yet I see nobody mentioning, or talking about it.

Bitcoin's true purpose defined in Satoshi's message on the Genesis Block:
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks"
View it on the Blockchain | Genesis Block Newspaper Copies
1511456703
Hero Member
*
Offline Offline

Posts: 1511456703

View Profile Personal Message (Offline)

Ignore
1511456703
Reply with quote  #2

1511456703
Report to moderator
1511456703
Hero Member
*
Offline Offline

Posts: 1511456703

View Profile Personal Message (Offline)

Ignore
1511456703
Reply with quote  #2

1511456703
Report to moderator
1511456703
Hero Member
*
Offline Offline

Posts: 1511456703

View Profile Personal Message (Offline)

Ignore
1511456703
Reply with quote  #2

1511456703
Report to moderator
Join ICO Now A blockchain platform for effective freelancing
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511456703
Hero Member
*
Offline Offline

Posts: 1511456703

View Profile Personal Message (Offline)

Ignore
1511456703
Reply with quote  #2

1511456703
Report to moderator
1511456703
Hero Member
*
Offline Offline

Posts: 1511456703

View Profile Personal Message (Offline)

Ignore
1511456703
Reply with quote  #2

1511456703
Report to moderator
roadsterreplica
Jr. Member
*
Offline Offline

Activity: 44


View Profile WWW
November 22, 2013, 04:07:37 PM
 #2

Could be many things.

I suspect it may be more on your end than on this end - some software on your end is trying to keylog your bitcoin forum password.

Donations always welcome: 1FsvFWk1YHhGWeP3fMSeWSoY63ZrLmH2Gt
Grix
Hero Member
*****
Offline Offline

Activity: 537



View Profile WWW
November 22, 2013, 04:13:33 PM
 #3

This happened to me too. But not just Malwarebytes. I bypassed malwarebytes' block, and after browsing this forum for around a minute, Avast also notified me that a virus had just been blocked. It came from a different domain. I think this might be the real deal, bitcointalk may be injected with malicious code.

Here's a little report: http://www.avast.com/lp-fr-virus-alert?p_ext=&utm_campaign=Virus_alert&utm_source=prg_fav_80_0&utm_medium=prg_systray&utm_content=.%2Ffa%2Fno-no%2Fvirus-alert-default&p_vir=URL:Mal&p_prc=C:\Program%20Files%20%28x86%29\Aurora\firefox.exe&p_obj=http://imageupload.co.uk/files/za1z84jpkvd9uo18uoed.jpg&p_var=.%2Ffa%2Fno-no%2Fvirus-alert-default&p_elm=7&p_lex=302&p_lid=no-no&p_lng=nb&p_lqa=0&p_lqe=0&p_lst=0&p_lsu=24&p_pro=0&p_bld=empty&p_vep=8&p_ves=0&p_vbd=1497&p_hid=7001976d-9a1d-4dcb-a912-99d939f654b0

Buy High Powered Lasers from BitLasers.com
BTC: 1Fahk2aa4NS4Qds4VDAL4mpNArDEdV2K5K
BittBurger
Hero Member
*****
Offline Offline

Activity: 840


View Profile
November 22, 2013, 04:19:55 PM
 #4

Yeah, it's definitely not just me…

Bitcoin's true purpose defined in Satoshi's message on the Genesis Block:
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks"
View it on the Blockchain | Genesis Block Newspaper Copies
BitcoinBarrel
Legendary
*
Offline Offline

Activity: 1232


Twitter.com/BitcoinBarrel


View Profile WWW
November 22, 2013, 04:21:13 PM
 #5

Not surprising. Bitcoin is huge target for hackers at the moment now that the price is up.



        ▄▄▄▄▄▄▄▄▄▄
     ▄██████████████▄
   ▄█████████████████▌
  ▐███████████████████▌
 ▄█████████████████████▄
 ███████████████████████
▐███████████████████████
▐███████████████████████
▐███████████████████████
▐███████████████████████
 ██████████████████████▀
 ▀████████████████████▀
  ▀██████████████████
    ▀▀████████████▀▀
.
.....
.....
.....
.....
.....
.....





BittBurger
Hero Member
*****
Offline Offline

Activity: 840


View Profile
November 22, 2013, 04:37:14 PM
 #6

Just to clarify, I haven't clicked anything, downloaded anything, or run anything from any emails. I'm very aware of that kind of stuff. The website just went dead yesterday. I'm not thinking this is on my end, but I guess it's possible. If that's the case, it's already on many people's computers.

Bitcoin's true purpose defined in Satoshi's message on the Genesis Block:
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks"
View it on the Blockchain | Genesis Block Newspaper Copies
BittBurger
Hero Member
*****
Offline Offline

Activity: 840


View Profile
November 22, 2013, 04:39:03 PM
 #7

Grix

That link doesn't work.

At least not on my iPhone.

Bitcoin's true purpose defined in Satoshi's message on the Genesis Block:
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks"
View it on the Blockchain | Genesis Block Newspaper Copies
BitcoinFX
Legendary
*
Offline Offline

Activity: 1512


youtu.be/3kqLVeP7iHA


View Profile WWW
November 22, 2013, 06:39:16 PM
 #8

I've just scanned bitcointalk.org

http://sitecheck.sucuri.net/scanner/ - Clean

https://www.virustotal.com/en/url/7354af8427d7b8d4236356d0bca680ad3186fce415cb51971f3793cee59e4291/analysis/1385144339/ - Clean

However, I found that hpHosts is currently listing bitcointalk.org - i.e. 'Malwarebytes'.

See: http://hosts-file.net/?s=bitcointalk.org this is probably an error and the admin. should contact 'Request removal' for more info.

Not 100% sure how ads are being served here, but it might be to do with temporarily hijacked 3rd party content and/or in relation to linked content.

This report, I suspect is actually a 'false positive'.

"The industry of the integrated spectacle and immaterial command owes me (us all) money." - We do not Forgive. We do not Forget. Expect Revolution! for we are all Satoshi now? - youtu.be/G7Z8MMk45U0 - "the multiple and the multiplex!" - Mostly AWOL Hunting SNARKS ... youtu.be/Yc18hhM6gUc?t=4m27s - "Beware of Boojum's"!
BittBurger
Hero Member
*****
Offline Offline

Activity: 840


View Profile
November 22, 2013, 06:53:56 PM
 #9

Solution?  I was about to wipe my computer.

Bitcoin's true purpose defined in Satoshi's message on the Genesis Block:
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks"
View it on the Blockchain | Genesis Block Newspaper Copies
BitcoinFX
Legendary
*
Offline Offline

Activity: 1512


youtu.be/3kqLVeP7iHA


View Profile WWW
November 22, 2013, 07:03:03 PM
 #10

Solution?  I was about to wipe my computer.

I don't see a reason to do a re-install at present.

Malwarebytes is just being over sensitive, when you pay for an anti-malware solution, they have a legal obligation to 'protect' you.

Sometimes these companies get things wrong, because they must protect their customers. Lets also say that they can sometimes have other interests as well.

There might be a genuine problem, but at present I can't find anything or it might of been removed already, but I'm not an admin. wth server access either.

Looks like a 'false alarm' to me though.

"The industry of the integrated spectacle and immaterial command owes me (us all) money." - We do not Forgive. We do not Forget. Expect Revolution! for we are all Satoshi now? - youtu.be/G7Z8MMk45U0 - "the multiple and the multiplex!" - Mostly AWOL Hunting SNARKS ... youtu.be/Yc18hhM6gUc?t=4m27s - "Beware of Boojum's"!
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456



View Profile
November 22, 2013, 07:06:20 PM
 #11


Not 100% sure how ads are being served here, but it might be to do with temporarily hijacked 3rd party content and/or in relation to linked content.

AFAIK ads are only html styled with css. No images or scripts.

Grix
Hero Member
*****
Offline Offline

Activity: 537



View Profile WWW
November 22, 2013, 07:11:55 PM
 #12

Grix

That link doesn't work.

At least not on my iPhone.

Well, here's what it says basically:

Code:
Infection Blocked
URL: http://imageupload.co.uk/files/za1z84jpkvd9uo18uoed....
Infection: URL:Mal

Solution?  I was about to wipe my computer.

I don't see a reason to do a re-install at present.

Malwarebytes is just being over sensitive, when you pay for a anti-malware solution, they have a legal obligation to 'protect' you.

Sometimes these companies get things wrong, because they must protect their customers. Lets also say that they can sometimes have other interests as well.

There might be a genuine problem, but at present I can't find anything or it might of been removed already, but I'm not an admin. wth server access either.

Looks like a 'false alarm' to me though.

Pretty far fetched that two independent antimalware programs simultaneously gives a false positive, isn't it?

Buy High Powered Lasers from BitLasers.com
BTC: 1Fahk2aa4NS4Qds4VDAL4mpNArDEdV2K5K
BitcoinFX
Legendary
*
Offline Offline

Activity: 1512


youtu.be/3kqLVeP7iHA


View Profile WWW
November 22, 2013, 07:22:13 PM
 #13

Grix

That link doesn't work.

At least not on my iPhone.

Well, here's what it says basically:

Code:
Infection Blocked
URL: http://imageupload.co.uk/files/za1z84jpkvd9uo18uoed....
Infection: URL:Mal

Solution?  I was about to wipe my computer.

I don't see a reason to do a re-install at present.

Malwarebytes is just being over sensitive, when you pay for a anti-malware solution, they have a legal obligation to 'protect' you.

Sometimes these companies get things wrong, because they must protect their customers. Lets also say that they can sometimes have other interests as well.

There might be a genuine problem, but at present I can't find anything or it might of been removed already, but I'm not an admin. wth server access either.

Looks like a 'false alarm' to me though.

Pretty far fetched that two independent antimalware programs simultaneously gives a false positive, isn't it?

Nope. Not really. The link (URL) you have reported from your software indicates a 3rd party upload site probably used by someome for a link on the forum that was / is in just one thread as a download etc.

That's enough to get bitcointalk.org temporarily and incorrectly listed.

"The industry of the integrated spectacle and immaterial command owes me (us all) money." - We do not Forgive. We do not Forget. Expect Revolution! for we are all Satoshi now? - youtu.be/G7Z8MMk45U0 - "the multiple and the multiplex!" - Mostly AWOL Hunting SNARKS ... youtu.be/Yc18hhM6gUc?t=4m27s - "Beware of Boojum's"!
BittBurger
Hero Member
*****
Offline Offline

Activity: 840


View Profile
November 22, 2013, 08:47:46 PM
 #14

Why does it repeatedly say it's currently blocking a malicious attack from an IP address? The IP address is located in the Netherlands. Seems like if it just put a site on a blacklist, it would say "this site is blocked". It wouldn't say it just blocked a malicious attack from a website. 

Bitcoin's true purpose defined in Satoshi's message on the Genesis Block:
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks"
View it on the Blockchain | Genesis Block Newspaper Copies
theymos
Administrator
Legendary
*
Offline Offline

Activity: 2856


View Profile
November 22, 2013, 09:24:08 PM
 #15

See: http://hosts-file.net/?s=bitcointalk.org this is probably an error and the admin. should contact 'Request removal' for more info.

They've listed the forum for a long time AFAIK. See here. Maybe they only just updated the IP address.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
BittBurger
Hero Member
*****
Offline Offline

Activity: 840


View Profile
November 22, 2013, 11:17:26 PM
 #16

Is the above IP address the IP address of this website?

It looks like a couple of people reported this on their support forums. And they've reported that they are looking into it right now.

Bitcoin's true purpose defined in Satoshi's message on the Genesis Block:
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks"
View it on the Blockchain | Genesis Block Newspaper Copies
dexX7
Legendary
*
Offline Offline

Activity: 1050



View Profile WWW
November 27, 2013, 12:51:23 AM
 #17

Quote
*Jacob Colagrossi, Nov 21 01:21 pm (PST):*

Hello dexx and welcome to the Malwarebytes product support. Thank you
for choosing Malwarebytes Anti-Malware as your anti-malware security
solution, my name is Jacob Colagrossi and I'll be assisting you today.

I will contact our research team to see about the block of this IP
address. I will follow up with you once I hear word back from them.

Thank you.


Quote
dexx, Nov 21 08:29 pm (PST):

Hi Jacob,

thanks for the fast response. Looking forward for more.


Quote
Jacob Colagrossi, Nov 26 03:55 pm (PST):

Hi dexx,

I have been informed that this IP address has been unblocked in the recent database updates.

Please let me know if you have any questions.


Quote
dexx, Nov 26 03:58 pm (PST):

Hi Jacob,

thanks for the notice! Did you get any information what was causing the
block in the first place?


Quote
Jacob Colagrossi, Nov 26 04:05 pm (PST):

Hi Dexx,

I have no solid information but from what I read in forum posts this site is under frequent attack from outside sources. It may have been added to the block list during an instance of attack.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!