Catholic Online Forum

Good morning - Happy Thanksgiving, everyone.

I've been having a new problem the last two days with the site. Every time I open a new page, an alert pops up from my Norton antivirus: "Norton blocked an attack by Web Attack: Exploit Toolkit Website 4"

The more detailed screen from Norton says:



This started on the 21st - and only happened here on the Forum and at Father Z's blog. It's happening today on the Forum, but not at the blog.

Sorry if this isn't actually a problem, but I wanted to make sure, as this has never happened before. I didn't want to make a whole new post of this. I thought there was an "alert a mod" link somewhere, but I must've missed it when I went looking for it.

_________________
Rob

You are the 1st to report something like this.

I have not seen it and I use Firefox as well.

_________________
Bob C

FWIW, whenever I google Catholic Online Forum (I've never bothered to bookmark the page), I get a "This site may be compromised" warning.

From the Google site: "When we believe a site may be hacked or compromised but have not detected malware, we display "This site may be compromised" as an alert."

_________________
squirt
------------------------------------------------------------------------------------------------------------
Jamais le mal n’aura le dernier mot. La foi et l’amour déplacent les montagnes de la haine.
- Marguerite (Maggy) Barankitse

It's a little strange that I'm getting it on these two websites only and not any others I regularly visit. If it were some virus or something I had picked up, I would think it would pop up wherever I went. My Norton definitions, etc... are up-to-date. I'm not conscious of changing any settings or running any updates that would have had an effect.

_________________
Rob

I have been getting the same message and requested that I not be notified of this action.

_________________
Pax et Bonum


Schultzz

I want to make some time to look into this. But I've been distracted today for obvious reasons. Thanks for the tech info Rob.

_________________
Jeff Stevens

Yesterday and today, also for me, same as Rob...

More persistent today than yesterday.


Mary

_________________
"Those who encounter the Risen Jesus
and entrust themselves docilely to him have nothing to fear.
This is the message that Christians are called to spread
to the very ends of the earth." Benedict XVI

You're welcome.

_________________
Rob

McAfee Site Adviser finds no significant problems...

_________________
Kent Wendler

I had a SQL/MySQL error all morning for the COF Forum, the main COL site was OK but could not access the forum. Finally cleared about Noon, MST. I did not receive any notices about COL being a compromised site or any other warnings from Norton.

_________________
BobA

At least we are back in business! Shop is re-opened.

_________________
Ian DC
Blessed Ever Virgin Mary -- Sanctuary and resting-place of the Blessed Trinity where God dwells in greater and more divine splendour than anywhere else in the universe

Alright

_________________
Bob C

I am guessing they took down the site to fix this issue.

_________________
Jeff Stevens

I also had a SQL/MySQL error this morning.

However, I haven't got the slightest idea of what it means.

So if possible, I'd appreciate very much if someone would tell me in 20 words or less.


Mary

_________________
"Those who encounter the Risen Jesus
and entrust themselves docilely to him have nothing to fear.
This is the message that Christians are called to spread
to the very ends of the earth." Benedict XVI

I'm glad we're back up, I was jonesing.

_________________
Valerie Garcia
vals1990@yahoo.com

"Listen, O my son, to the precepts of thy master, and incline the ear of thy heart, and cheerfully receive and faithfully execute the admonitions of thy loving Father, that by the toil of obedience thou mayest return to Him ....." St. Benedict

As I mentioned on the Facebook page, it is like the waiter is working but the cook is not. You have a way to get food to you, but no food to be delivered.

Slightly more technical is that the part that stores all messages and pictures and the like (database) was down and unavailable, while the web part that serves it up (web server) was working fine.

_________________
Jeff Stevens

Thanks, Jeff that makes it clear.

Do you think is was just that or was COL really being attacked?


Mary

_________________
"Those who encounter the Risen Jesus
and entrust themselves docilely to him have nothing to fear.
This is the message that Christians are called to spread
to the very ends of the earth." Benedict XVI

My guess is that the version of forum or web software that COL is/was running has a known vulnerability in it. They are discovered very frequently (I'd say monthly, maybe weekly) and if the servers are not updated with more recent software, they are vulnerable. What usually happens is that "script kiddies", who are non-professional hackers, become aware of the vulnerability and try to exploit it using automatic software. It doesn't require any deep technical knowledge to exploit it. This automatic software can just scan a million IP addresses for the vulnerability.

What do they do when they find a server that is vulnerable? Usually it automatically hacks the server and installs software on the server that tries to infects PC's that connect to it. Why? Because ultimately most of these hackers just want to send spam or use systems to take down other web sites. When you hear about groups like Anonymous "attacking" web sites, usually what it means is that Anonymous has hacked thousands of PC's via means like above, and used those PC's to attack web sites. In some cases, organized criminals will sell use of these networks of PC's to take down other web sites for all kinds of nefarious purposes. Likewise, the spam which comprises 72% of all email sent on the Internet is frequently generated from these compromised PC's.

So ultimately they're trying to spam people and take down other web sites most of the time. The attack is not likely targeted at COL, we just happened to be a target of opportunity.

_________________
Jeff Stevens

Jeff,

You are scaring me. I prefer to bury my head in the sand about these things.

_________________
Valerie Garcia
vals1990@yahoo.com

"Listen, O my son, to the precepts of thy master, and incline the ear of thy heart, and cheerfully receive and faithfully execute the admonitions of thy loving Father, that by the toil of obedience thou mayest return to Him ....." St. Benedict

You're fine. Keep your anti-virus up to date and install the patches when Windows tells you to, don't use Internet Explorer any version older than 9 and you'll be fine. Oh, and either don't use Adobe Reader or keep it up to date. And keep our Adobe Flash up to date. Do those and you're fine.

_________________
Jeff Stevens

The forum sure seems slow to me.... I hope it is going to stay up.

_________________
Grace

As to the past, let us entrust it to God's mercy, the future to Divine Providence. Our task is to live holy the present moment. - Saint Gianna Molla

Ah, well, and of course, as soon as I said that, it started going faster.

_________________
Grace

As to the past, let us entrust it to God's mercy, the future to Divine Providence. Our task is to live holy the present moment. - Saint Gianna Molla

It seems sporadic. I just had a major slowdown. Took 2 minutes to load the previous thread and this one.

_________________
Jeff Stevens

Ok, I do all those things though last time Adobe offered an update, I was in too big a rush to do it...will have to download today from their website.

_________________
Valerie Garcia
vals1990@yahoo.com

"Listen, O my son, to the precepts of thy master, and incline the ear of thy heart, and cheerfully receive and faithfully execute the admonitions of thy loving Father, that by the toil of obedience thou mayest return to Him ....." St. Benedict

I'm thankful that the technical people have gotten the forum back up and running.

I notice however that googling this site (i've never bookmarked it), it is again labelled as 'this site might be compromised'. This message was visible for some time before the recent crash, although right after the repairs it did no appear.

So is the site once more infected, and it's only a matter of time?

chris kirk

In Google, the forum is once more marked as 'this site may be compromised'.

chris kirk