Jump to content
Displayed prices are for multiple nights. Check the site for price per night. I see hostels starting at 200b/day and hotels from 500b/day on agoda.

Recommended Posts

A couple of days ago, a piece of javascript was inserted into the root file of www.pattayatalk.com. This was flagged by Google as being malware, and it probably was, though I am not sure what it was doing.

 

The problem has been detected and resolved, but Google will still report the site as an "attack site" for a short while until they can rescan it and give it a clean bill of health.

 

Until that time, you will see a message something like this

Capture.JPG

 

when you open the site or try to access the forum.

 

If you're feeling brave, go ahead and click the PROCEED ANYWAY link to continue.

 

As far as I can tell, the problem is resolved at this point.

 

Sorry for the disruption.

Link to post
Share on other sites

Oh, and if you have accessed Pattayatalk since the 1st of July, run a virus scan. I think a little bugger got thru, but it was found by my scanner and fixed.

 

Here is the virus scanning result from finding the javascript insertion (JS/agent).

 

Capture.JPG

Link to post
Share on other sites

EDIT: I posted about receiving a similar warning before reading MM's post that thesituation had been resolved. I'm leaving the detailed advisory from Google in case it can be of any help.

 

I get a similar warning when trying to log in via Chrome, but not with Firefox or IE.

 

PTSS.jpg

 

Evil

:devil

Edited by Evil Penevil
Link to post
Share on other sites

EDIT: I posted about receiving a similar warning before reading MM's post that thesituation had been resolved. I'm leaving the detailed advisory from Google in case it can be of any help.

 

I get a similar warning when trying to log in via Chrome, but not with Firefox or IE.

 

PTSS.jpg

 

Evil

:devil

I still get the same here

Link to post
Share on other sites

When I tried to log on this AM...Pattaya Talk was blocked and a red warning came up... it linked to a page containing this.

Do not click on links....

 

Safe Browsing

 

Diagnostic page for pattayatalk.com

 

What is the current listing status for pattayatalk.com?

Site is listed as suspicious - visiting this website may harm your computer.

Part of this site was listed for suspicious activity 2 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 8 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-07-04, and the last time suspicious content was found on this site was on 2012-07-04.

Malicious software is hosted on 1 domain(s), including
qtmyeslmsoxkjbku.xx
.

This site was hosted on 2 network(s) including
AS16805 (LAYER3)xx
,
AS22576 (LAYER3)xx
.

(I put the xx in to try and stop anyone going there...the first one was .ru, a usual suspect)

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, pattayatalk.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

Edited by jacko
Link to post
Share on other sites

On top of things as usual MM.... Scan running now!

 

Not really...the malware was inserted on July 1, according to the server admin logs, but wasn't detected until July 4, so it managed to upload to a few people, I'm sure.

 

For a discussion (very technical) of what the malware code does, you can look here http://blog.unmaskpa...mains/#more-883 (apparently the authors liked "Forrest Gump").

 

It's attempting to redirect you to bogus Russian sites with names like hxxp://xmexlajhysktwdqe .ru/runforestrun?sid=cx where the first part is a random string created by the script.

It turns out that, luckily, someone has been taking the target site down, so they point to a "sinkhole" (dead site), which cannot continue where the script left off. That's at least a piece of good news.

 

Let us know if you find the same virus/malware on your system.

Link to post
Share on other sites

Not really...the malware was inserted on July 1, according to the server admin logs, but wasn't detected until July 4, so it managed to upload to a few people, I'm sure.

 

For a discussion (very technical) of what the malware code does, you can look here http://blog.unmaskpa...mains/#more-883 (apparently the authors liked "Forrest Gump").

That link too is blocked with a warning for me!
Link to post
Share on other sites

That link too is blocked with a warning for me!

 

LOL. Maybe it's blocked because it has a description (though not an implementation) of the malware code.

Link to post
Share on other sites

LOL. Maybe it's blocked because it has a description (though not an implementation) of the malware code.

I am a bit nervous of late anyhow, as I got one of those emails in May from a 'friend' that I stupidly clicked on the link within and my email got hacked!
Link to post
Share on other sites
I am a bit nervous of late anyhow, as I got one of those emails in May from a 'friend' that I stupidly clicked on the link within and my email got hacked!

Yeah, I've been getting a lot of the emails with huge CC lists and a single URL in them.

But I never click them!

Link to post
Share on other sites

I've found the security hole that allowed this to happen, and it has been "plugged".

 

Now waiting for Google to rescan and give us a clean bill of health.

Link to post
Share on other sites

google must have done something. I got the message when I logged in this morning around 10am. Just logged in now at 3.45pm and no message came up. I am using google chrome.

Link to post
Share on other sites

google must have done something. I got the message when I logged in this morning around 10am. Just logged in now at 3.45pm and no message came up. I am using google chrome.

 

Great. I am not getting the message anymore either.

 

Google search results still show "This site may harm your computer", but hopefully those will go away in a day or so.

Link to post
Share on other sites

Damn...while I was fixing the problem and before I plugged the security hole, they hit "freelancerbar.com".

 

Busy day.

Link to post
Share on other sites

Btw, jacko, what did your scan find?

Scan came back clean.
Link to post
Share on other sites
did a clean up and found a trojan.

 

Not sure how long it's been there as I don't look under the bed all that often.

You should!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...