High risk website blocked

Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

administrator replied

5 March 2014, 08:53
Originally posted by kingcook View Post

Hi,

I got your PM - I no longer saw the warnings from Sophos' virus checker after that.

All looks ok

Cheers for the PM, saw it last night. Weird that Sophos is complaining about that JavaScript file, unless AddThis have been nobbled

Will have a look at contacting them / Sophos today if I get a chance. Thanks again for your help!
Leave a comment:
kingcook replied

4 March 2014, 18:35
Originally posted by administrator View Post

This is showing it as being clean:
https://www.virustotal.com/

Have checked the ad server and nothing there in the places where I have seen it hacked before - and when we had a spate of OpenX vulnerabilities a year or two ago I locked it down but that doesn't mean there aren't fresh exploits that could bypass the security measures put in place.

KC - I have removed the AddThis code for the moment - could you let me know if Sophos is still complaining at your end please as that would help narrow it down for me.

Hi,

I got your PM - I no longer saw the warnings from Sophos' virus checker after that.

All looks ok
Leave a comment:
northernladuk replied

4 March 2014, 15:51
Originally posted by kingcook View Post

Just bringing it to their attention. No need to be an arse about it.

(And no, I obviously didn't search for an existing post first!)

You know me, that is not me being an arse
Leave a comment:
administrator replied

4 March 2014, 15:34
This is showing it as being clean:
https://www.virustotal.com/

Have checked the ad server and nothing there in the places where I have seen it hacked before - and when we had a spate of OpenX vulnerabilities a year or two ago I locked it down but that doesn't mean there aren't fresh exploits that could bypass the security measures put in place.

KC - I have removed the AddThis code for the moment - could you let me know if Sophos is still complaining at your end please as that would help narrow it down for me.
Leave a comment:
xoggoth replied

4 March 2014, 15:03
Didn't note the details but I did get an IE message the other day about blocking a malicious item on CUK. However, IE11 is always stopping working for some reason or other, not sure I believe it.
Leave a comment:
administrator replied

4 March 2014, 14:58
Originally posted by kingcook View Post

Just bringing it to their attention. No need to be an arse about it.

(And no, I obviously didn't search for an existing post first!)

Really appreciate the shout kc, am still looking as always worth checking out. No modified files on the site in the last 3 days bar re-rolled css files from what I can see. Sometimes if it is a nasty they can be buggers to track down though so no giving up yet.
Leave a comment:
kingcook replied

4 March 2014, 14:39
Originally posted by northernladuk View Post

Exactly what do you expect the mods to do about it? Ban it?

Just bringing it to their attention. No need to be an arse about it.

(And no, I obviously didn't search for an existing post first!)
Leave a comment:
administrator replied

4 March 2014, 14:39
Cheers for the shout. Having a look now but on first glance sounds like a false positive. The Follow us links at the top of the side nav pulls some JavaScript from AddThis.com which just provides us with some stats about what clicks and follows we have had. So unless they have been hacked and some code injected into that file...
Leave a comment:
cojak replied

4 March 2014, 14:20
I've passed it on to Admin.
Leave a comment:
northernladuk replied

4 March 2014, 14:19
Originally posted by kingcook View Post

Everytime i'm on CUK forums at client co, Sophos Anti-virus keeps popping up with this message:

Access has been blocked to "ct1.addthis.com/static/r07/core124.js" as 'Mal/Badsrc-C' has been found at this website.

@mods: are you aware of this?

Exactly what do you expect the mods to do about it? Ban it?
Leave a comment:
SimonMac replied

4 March 2014, 14:14
http://forums.contractoruk.com/gener...-re-virus.html
Leave a comment:
kingcook started a topic High risk website blocked

4 March 2014, 14:10
High risk website blocked

Everytime i'm on CUK forums at client co, Sophos Anti-virus keeps popping up with this message:

Access has been blocked to "ct1.addthis.com/static/r07/core124.js" as 'Mal/Badsrc-C' has been found at this website.

@mods: are you aware of this?
Tags: None