Announcement

Collapse
No announcement yet.

Attn. Dan: Malicious site warning for this forum...

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Attn. Dan: Malicious site warning for this forum...

    Dan, FYI: I just upgraded my MalwareBytes program, and this warning comes up with each new page that I visit on this site/forum...I haven't run into it on many other sites over the last couple days (though there've been a few), so it's definitely something a bit unusual in the waters here at CD:



    Apparently coin-have.com is a "JavaScript crypto currency miner for websites"-- which appears to be some sort of malware...I think.

    Anyway, thought you should know, in case it's not something you've installed. If it's no big deal, my apologies for suggesting it might be.
    Twitter: https://twitter.com/ron_clinton

    #2
    Originally posted by RonClinton View Post
    Dan, FYI: I just upgraded my MalwareBytes program, and this warning comes up with each new page that I visit on this site/forum...I haven't run into it on many other sites over the last couple days (though there've been a few), so it's definitely something a bit unusual in the waters here at CD:



    Apparently coin-have.com is a "JavaScript crypto currency miner for websites"-- which appears to be some sort of malware...I think.

    Anyway, thought you should know, in case it's not something you've installed. If it's no big deal, my apologies for suggesting it might be.
    You're not the only one. Unfortunately I don't seem to be able to replicate this on my end. We're going to try upgrading the forum software today, so maybe that'll fix it.
    CD Email: danhocker@cemeterydance.com

    Non-Work related social media and what not:
    Instagram

    Buy my stuff! - https://www.etsy.com/shop/HockersWoodWorks

    Comment


      #3
      Ok I got this software installed and got the message to pop up, but now it's gone away and I can't get it to appear anywhere. Is anyone else still getting this?
      CD Email: danhocker@cemeterydance.com

      Non-Work related social media and what not:
      Instagram

      Buy my stuff! - https://www.etsy.com/shop/HockersWoodWorks

      Comment


        #4
        Originally posted by Dan Hocker View Post
        Ok I got this software installed and got the message to pop up, but now it's gone away and I can't get it to appear anywhere. Is anyone else still getting this?
        Still received it on entry on the main page, but the subpages don't seem to be prompting it any longer.
        Twitter: https://twitter.com/ron_clinton

        Comment


          #5
          I can't get it to pop up at all anymore. If it's still popping up for you, can you scroll down to the bottom of the page and switch your "style" to the default style from the "red" style and see if it pops up while using that one? We're hoping to upgrade the forum software to a newer version, but are waiting on the web people to update some of the software on the back end before we can do that.
          CD Email: danhocker@cemeterydance.com

          Non-Work related social media and what not:
          Instagram

          Buy my stuff! - https://www.etsy.com/shop/HockersWoodWorks

          Comment


            #6
            Originally posted by Dan Hocker View Post
            I can't get it to pop up at all anymore.
            Getting old sucks.

            Comment


              #7
              Originally posted by jeffingoff View Post
              Getting old sucks.

              Comment


                #8
                Originally posted by Dan Hocker View Post
                I can't get it to pop up at all anymore. If it's still popping up for you, can you scroll down to the bottom of the page and switch your "style" to the default style from the "red" style and see if it pops up while using that one? We're hoping to upgrade the forum software to a newer version, but are waiting on the web people to update some of the software on the back end before we can do that.
                Received it when it was in "Red" style, changed it to Default, but found it didn't pop up again either in the Red or Default beyond that first initial/main-page visit to the site...maybe a cookie issue that suddenly made it redundant (though that wasn't the case before when it had repeated pop-ups)? Came back today with it in the Default style and had no pop-up upon initial/main-page visit. I'm not clear on how changing the visual style would impact that and/or whether a cookie is still present that's perhaps hiding it...but whatever the issue was, it seems to have been solved or hidden.
                Twitter: https://twitter.com/ron_clinton

                Comment


                  #9
                  Originally posted by RonClinton View Post
                  Received it when it was in "Red" style, changed it to Default, but found it didn't pop up again either in the Red or Default beyond that first initial/main-page visit to the site...maybe a cookie issue that suddenly made it redundant (though that wasn't the case before when it had repeated pop-ups)? Came back today with it in the Default style and had no pop-up upon initial/main-page visit. I'm not clear on how changing the visual style would impact that and/or whether a cookie is still present that's perhaps hiding it...but whatever the issue was, it seems to have been solved or hidden.
                  I'm thinking it was probably just cached data clearing itself out. I'm pretty sure I deleted the offending lines of code. So for anyone who is interested, some how someone injected a java script into the site, we don't know how as to our knowledge to do that they would've needed access to an administrator account, of which there are only two and neither of them where used. That java script is a "coin miner" script which basically just uses anyone's web browser that has a specific page open as a crypto currency miner for whoever wrote the script. It's not really malicious, just annoying. Like I said though I think we've removed it, and we are in the process of (hopefully) updating the forum software to help prevent this in the future. This is a thing that is happening a lot across the internet recently because of how high the value of bitcoin has gotten in the past year.

                  Obviously if anyone gets any messages like this again let me know and I will look into it asap. I'm hoping I'll be able to implement the software upgrade next week, but we are waiting on out hosting company to upgrade some stuff in the back end first.
                  CD Email: danhocker@cemeterydance.com

                  Non-Work related social media and what not:
                  Instagram

                  Buy my stuff! - https://www.etsy.com/shop/HockersWoodWorks

                  Comment


                    #10
                    Just to put a fine point on it, Dan, came back again to the site and no pop-up, so I believe you did indeed get rid of it.
                    Twitter: https://twitter.com/ron_clinton

                    Comment

                    Working...
                    X