Malicious attack blocked when trying to access this forum?

[BittBurger]

When I try any web browser on my computer, I get a dead page for this forum, and Malbytes anti-malware gives me a pop up saying that it blocked a malicious attack from IP 109.201.133.195

No such problems on iPhone or iPad.

This has been happening since yesterday morning. I went into the Bitcoin chat room and several others are having the same problem. Yet I see nobody mentioning, or talking about it.

[roadsterreplica]

Could be many things.

I suspect it may be more on your end than on this end - some software on your end is trying to keylog your bitcoin forum password.

[Grix]

This happened to me too. But not just Malwarebytes. I bypassed malwarebytes' block, and after browsing this forum for around a minute, Avast also notified me that a virus had just been blocked. It came from a different domain. I think this might be the real deal, bitcointalk may be injected with malicious code.

Here's a little report: http://www.avast.com/lp-fr-virus-alert?p_ext=&utm_campaign=Virus_alert&utm_source=prg_fav_80_0&utm_medium=prg_systray&utm_content=.%2Ffa%2Fno-no%2Fvirus-alert-default&p_vir=URL:Mal&p_prc=C:\Program%20Files%20%28x86%29\Aurora\firefox.exe&p_obj=http://imageupload.co.uk/files/za1z84jpkvd9uo18uoed.jpg&p_var=.%2Ffa%2Fno-no%2Fvirus-alert-default&p_elm=7&p_lex=302&p_lid=no-no&p_lng=nb&p_lqa=0&p_lqe=0&p_lst=0&p_lsu=24&p_pro=0&p_bld=empty&p_vep=8&p_ves=0&p_vbd=1497&p_hid=7001976d-9a1d-4dcb-a912-99d939f654b0

[BittBurger]

Yeah, it's definitely not just me…

[BitcoinBarrel]

Not surprising. Bitcoin is huge target for hackers at the moment now that the price is up.

[BittBurger]

Just to clarify, I haven't clicked anything, downloaded anything, or run anything from any emails. I'm very aware of that kind of stuff. The website just went dead yesterday. I'm not thinking this is on my end, but I guess it's possible. If that's the case, it's already on many people's computers.

[BittBurger]

Grix

That link doesn't work.

At least not on my iPhone.

[BitcoinFX]

I've just scanned bitcointalk.org

http://sitecheck.sucuri.net/scanner/ - Clean

https://www.virustotal.com/en/url/7354af8427d7b8d4236356d0bca680ad3186fce415cb51971f3793cee59e4291/analysis/1385144339/ - Clean

However, I found that hpHosts is currently listing bitcointalk.org - i.e. 'Malwarebytes'.

See: http://hosts-file.net/?s=bitcointalk.org this is probably an error and the admin. should contact 'Request removal' for more info.

Not 100% sure how ads are being served here, but it might be to do with temporarily hijacked 3rd party content and/or in relation to linked content.

This report, I suspect is actually a 'false positive'.

[BittBurger]

Solution?  I was about to wipe my computer.

[BitcoinFX]

Solution?  I was about to wipe my computer.

I don't see a reason to do a re-install at present.

Malwarebytes is just being over sensitive, when you pay for an anti-malware solution, they have a legal obligation to 'protect' you.

Sometimes these companies get things wrong, because they must protect their customers. Lets also say that they can sometimes have other interests as well.

There might be a genuine problem, but at present I can't find anything or it might of been removed already, but I'm not an admin. wth server access either.

Looks like a 'false alarm' to me though.

[Raoul Duke]

Not 100% sure how ads are being served here, but it might be to do with temporarily hijacked 3rd party content and/or in relation to linked content.

AFAIK ads are only html styled with css. No images or scripts.

[Grix]

Grix

That link doesn't work.

At least not on my iPhone.

Well, here's what it says basically:

Code:

Infection Blocked
URL:	http://imageupload.co.uk/files/za1z84jpkvd9uo18uoed....
Infection:	URL:Mal

Solution?  I was about to wipe my computer.

I don't see a reason to do a re-install at present.

Malwarebytes is just being over sensitive, when you pay for a anti-malware solution, they have a legal obligation to 'protect' you.

Sometimes these companies get things wrong, because they must protect their customers. Lets also say that they can sometimes have other interests as well.

There might be a genuine problem, but at present I can't find anything or it might of been removed already, but I'm not an admin. wth server access either.

Looks like a 'false alarm' to me though.

Pretty far fetched that two independent antimalware programs simultaneously gives a false positive, isn't it?

[BitcoinFX]

Grix

That link doesn't work.

At least not on my iPhone.

Well, here's what it says basically:

Code:

Infection Blocked
URL:	http://imageupload.co.uk/files/za1z84jpkvd9uo18uoed....
Infection:	URL:Mal

Solution?  I was about to wipe my computer.

I don't see a reason to do a re-install at present.

Malwarebytes is just being over sensitive, when you pay for a anti-malware solution, they have a legal obligation to 'protect' you.

Sometimes these companies get things wrong, because they must protect their customers. Lets also say that they can sometimes have other interests as well.

There might be a genuine problem, but at present I can't find anything or it might of been removed already, but I'm not an admin. wth server access either.

Looks like a 'false alarm' to me though.

Pretty far fetched that two independent antimalware programs simultaneously gives a false positive, isn't it?

Nope. Not really. The link (URL) you have reported from your software indicates a 3rd party upload site probably used by someome for a link on the forum that was / is in just one thread as a download etc.

That's enough to get bitcointalk.org temporarily and incorrectly listed.

[BittBurger]

Why does it repeatedly say it's currently blocking a malicious attack from an IP address? The IP address is located in the Netherlands. Seems like if it just put a site on a blacklist, it would say "this site is blocked". It wouldn't say it just blocked a malicious attack from a website. 

[theymos]

See: http://hosts-file.net/?s=bitcointalk.org this is probably an error and the admin. should contact 'Request removal' for more info.

They've listed the forum for a long time AFAIK. See here. Maybe they only just updated the IP address.

[BittBurger]

Is the above IP address the IP address of this website?

It looks like a couple of people reported this on their support forums. And they've reported that they are looking into it right now.

[dexX7]

*Jacob Colagrossi, Nov 21 01:21 pm (PST):*

Hello dexx and welcome to the Malwarebytes product support. Thank you
for choosing Malwarebytes Anti-Malware as your anti-malware security
solution, my name is Jacob Colagrossi and I'll be assisting you today.

I will contact our research team to see about the block of this IP
address. I will follow up with you once I hear word back from them.

Thank you.

dexx, Nov 21 08:29 pm (PST):

Hi Jacob,

thanks for the fast response. Looking forward for more.

Jacob Colagrossi, Nov 26 03:55 pm (PST):

Hi dexx,

I have been informed that this IP address has been unblocked in the recent database updates.

Please let me know if you have any questions.

dexx, Nov 26 03:58 pm (PST):

Hi Jacob,

thanks for the notice! Did you get any information what was causing the
block in the first place?

Jacob Colagrossi, Nov 26 04:05 pm (PST):

Hi Dexx,

I have no solid information but from what I read in forum posts this site is under frequent attack from outside sources. It may have been added to the block list during an instance of attack.