Data Realms Fan Forums
http://45.55.195.193/

DataRealms Website Malware Warning
http://45.55.195.193/viewtopic.php?f=48&t=31195
Page 1 of 3

Author:  NikolaiLev [ Fri Jun 08, 2012 11:59 pm ]
Post subject:  DataRealms Website Malware Warning

Hello. Every now and then (it occasionally goes away) the Data Realms site is apparently being reported for distributing malware. Either someone's being silly, or there's a problem I haven't noticed yet.

Image

I'm using Opera, this is just the built-in malware warning thingy. This has been going on for a few months now. I've bypassed this warning and unless Avast fails me, I haven't been infected with anything.

Author:  Gotcha! [ Sat Jun 09, 2012 12:22 am ]
Post subject:  Re: DataRealms Website Malware Warning

Interesting that you say this.

I am having great issues reaching this site for almost a week now and at one point I contacted my ISP about it.
They mentioned their system checked this site out to be a... non-trustable website, to put it kindly.

Although I believe it to be nonsense ofcourse, it's strange that it came from the number one ISP in my country. :S

Author:  NikolaiLev [ Sat Jun 09, 2012 3:18 am ]
Post subject:  Re: DataRealms Website Malware Warning

The first time I saw it, I went to the AVG site and sent a "False Positive" report. I'd do it again, but frankly, now that it's up again I'm kind of wary of doing that.

Investigation is warranted, methinks. It could just be an angry person/group trying to mess with the site by sending bogus reports, but it's better to be safe.

By the way, the forums are being fairly slow for me. Anyone else getting that?

Author:  TorrentHKU [ Sat Jun 09, 2012 4:17 am ]
Post subject:  Re: DataRealms Website Malware Warning

Honestly I'm starting to think someone is doing all they can to ♥♥♥♥ up the forums. I've never seen it this slow except when DRL was being DDoS'd way back when. And considering we've never gone over 130 or so users on at any one time and not had problems, I'm inclined to think that the recent "heavy" traffic from B27 isn't the problem.

Author:  Daman [ Sat Jun 09, 2012 7:12 am ]
Post subject:  Re: DataRealms Website Malware Warning

it's definitely the mysqldb being unmaintained. the forums as well as the wiki will error out every now and then because the mysql config is not configured correctly atm.

reports of malicious site is from the security groups downloading any binaries automatically(this includes the CC installer from the front page), and getting that false-positive that some people are apparently getting.

Author:  Bad Boy [ Sat Jun 09, 2012 8:09 am ]
Post subject:  Re: DataRealms Website Malware Warning

Not entirely related but in case it helps anyone with the relevant know-how, I'm unable to upload attachments and get the following error message. I haven't yet confirmed if this is the same problem Gotcha's suffering from (he's also unable to upload attachments) but either way I hope it helps:
Code:
Could not upload attachment to ./files/12692_5483e7446c4f1991bc6dcd37f13ffced.

Author:  NikolaiLev [ Sat Jun 09, 2012 11:31 pm ]
Post subject:  Re: DataRealms Website Malware Warning

By the way, I'd like to encourage everyone to file an Incorrect Page Rating Report, as this does harm the website and it's certainly not legitimate.

If this is from automatically downloading binaries, how come it's taken so long for this warning to pop up? I still think some nonsense is afoot.

Author:  Gotcha! [ Sat Jun 09, 2012 11:59 pm ]
Post subject:  Re: DataRealms Website Malware Warning

My problem is definitely different, due to the fact that I can't reach the forum -at all-, except through proxy websites. ;_;

Author:  Daman [ Sun Jun 10, 2012 2:24 am ]
Post subject:  Re: DataRealms Website Malware Warning

NikolaiLev wrote:
By the way, I'd like to encourage everyone to file an Incorrect Page Rating Report, as this does harm the website and it's certainly not legitimate.

If this is from automatically downloading binaries, how come it's taken so long for this warning to pop up? I still think some nonsense is afoot.


Previous releases didn't trigger the false-positive b27 has.

Author:  NikolaiLev [ Sun Jun 10, 2012 11:11 am ]
Post subject:  Re: DataRealms Website Malware Warning

Daman wrote:

Previous releases didn't trigger the false-positive b27 has.


This warning came up before B27 was out. Since a little before the "Finishing the tech implementations" video, in fact.

Author:  Natti [ Sun Jun 10, 2012 12:51 pm ]
Post subject:  Re: DataRealms Website Malware Warning

Image

Author:  NikolaiLev [ Sun Jun 10, 2012 3:55 pm ]
Post subject:  Re: DataRealms Website Malware Warning

Natti wrote:
Image


I just got this email. Now I'm a little worried about what this actually does, and whether or not I need to worry about my machine. Can anyone tell what it does?

Further, is anyone forwarding this to the relevant people? I don't know who the website people are for DR, and I certainly want this fixed as much as anyone.

Author:  Lizardheim [ Sun Jun 10, 2012 4:00 pm ]
Post subject:  Re: DataRealms Website Malware Warning

Yeah, we know about it.

Forwarded the response to data, btw.

Author:  findude [ Mon Jun 11, 2012 12:36 am ]
Post subject:  Re: DataRealms Website Malware Warning

I've seen some shady third-party sites in the noscript list of the main page now and then; just now I saw "http://prostofoto.eu" there, now it's gone though.
They seem to be "It works!" leaseweb sites. Suspicious.

Author:  Daman [ Mon Jun 11, 2012 8:53 am ]
Post subject:  Re: DataRealms Website Malware Warning

Hahahaha, lol, haHAAHAHAhaha. That's great. Hope the server is properly secured, I.E. apache is run on a separate user that only has access to what it needs to have access to. Is payment information stored in a database whose credentials are readable by the same user running apache that serves the infected page? That's pretty probable.

I don't think datarealms runs any ads, does it? That'd mean there's an actual security hole. That's a shame. Anyone get the full javascript? It apparently only appears once per IP.

e: betting the vulnerability they used is the devlog's wordpress timthumb file.

here, data: http://markmaunder.com/2012/04/23/intro ... ty-plugin/

findude wrote:
I've seen some shady third-party sites in the noscript list of the main page now and then; just now I saw "http://prostofoto.eu" there, now it's gone though.
They seem to be "It works!" leaseweb sites. Suspicious.


If you get the full URL that is accessed you'll see that the result is a blackhole kit that runs checking for any vulnerable plugins you're using, and exploiting any found holes to add you to a botnet.

Page 1 of 3 All times are UTC [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/