Main Area and Open Discussion > Living Room
Malware blocked at DC !?!
KynloStephen66515:
It means there is no attack or malware hosted on or coming from DonationCoder.
It could mean that you just happened to see these alerts while you happened to be browsing the DonatinCoder forum.
--
Another thing to check is if this alert pops up when you view certain posts on the forum -- it's always possible that someone has a photo in their signature or in a post that is linking to another site and that that site is pinging your machine when you load it.
-mouser (October 24, 2014, 01:07 PM)
--- End quote ---
'I'm not clear what you are saying...' you're not hosting if it's a photo or link here?
I will keep track of where i see it and what tabs are open.
-crabby3 (October 24, 2014, 01:26 PM)
--- End quote ---
Some user avatars are hosted on external servers for which DC has no control over (Like mine...it is hosted on Imgur.com and NOT DC). Linking & Hotlinking are NOT the same as Hosting.
After checking the IP addresses above, I came up with the following:
80.82.78.166 - Takes to a website which just has the text "Oh hi there" - The IP is hosted by the ISP: Ecatel LTD
89.248.168.46 - Resolves to offshore20.tronichost.com - Also hosted by the ISP: Ecatel LTD - However, when checking the website for content, the resolution link takes to a "This website may be for sale" and the IP takes you to an Apache2 Test Page.
Neither of these IPs are connected or affiliated with DonationCoder.com AT ALL.
KynloStephen66515:
Further to the above, consider these 2 images:
They are both exactly the same image, but have 1 vital difference between the 2.
The top one is Hotlinked from Imgur.com where the second one has been uploaded to, and now hosted directly by DonationCoder.com
I did this by doing the following:
[img]http://i.imgur.com/1Rupeem.png[/img]
[ attach=1 ]
Things within the [img][/img] tags are Hotlinked - Meaning that the forum simply pulls the image from the website where it is hosted, and shown here.
Things that are linked with the [attach=#] tag are hosted by DonationCoder.com itself - This is shown by having to use the "Attach" file option when making a post, which uploads the file directly to the DonationCoder.com server in order to show the file here.
crabby3:
'I'm not clear what you are saying...' you're not hosting if it's a photo or link here?
-crabby3 (October 24, 2014, 01:26 PM)
--- End quote ---
It's up to the individual user where items are hosted. The IPs from you screen shots are from Amsterdam...DC is hosted in (I believe) Seattle, WA.
-Stoic Joker (October 24, 2014, 03:07 PM)
--- End quote ---
I'm still learning computer terms and what they stand for. :-\ The terms are often different from one *geek* site to the next.
Like bad driving directions, ...follow this road and take your first left..., but the road ends in a cul-de-sac. It's confusing.
Amsterdam is more precise... thank you. My link just said Netherlands.
-------
FWIW If i was surfing, found DC, opened a topic and malware was blocked... I wouldn't return or recommend. Which would be bad.
I've learned a lot here and also picked up some really cool freebies. 8)
SeraphimLabs:
Note- the screenshots show that the attacks were directed at port 1900, which is in fact the port used by UPnP.
It is completely possible that this is in fact unrelated to having been browsing DC, and is just a coincidence that the messages popped up with DC open.
That's why I had asked for screenshots of the message first thing. It just makes it so much easier to figure out where it came from when you have the exact message in hand.
What I would suggest is checking your router settings and making sure upnp is disabled. A lot of routers have it enabled by default because it was supposed to offer a convenient new feature to let your firewall adjust itself on the fly, but in practice it proved positively dangerous to use. Malwarebytes would know this, and block inbound upnp requests- but it begs the question of how did those requests get to your computer in the first place.
mouser:
FWIW If i was surfing, found DC, opened a topic and malware was blocked... I wouldn't return or recommend. Which would be bad.
--- End quote ---
Agreed -- if you find any sign that there was a remotely linked image in a post or signature on the forum that was in any way connected with a remote non-dc server trying to connect with your computer, we would take swift action to fix that.
But what Seraphim points out is that it may have just been a coincidence that you got the alert while browsing the forum.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version