Jump to content


Photo

Why Do These Security Messages Keep Coming Up


  • Please log in to reply
38 replies to this topic

#31 1984mini25

1984mini25

    Crazy About Mini's

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 8,781 posts
  • Location: -

Posted 15 May 2016 - 08:43 PM

If it was website related we would have hundreds of users complaining of this. We have done server side checks and nothing showing the forum is causing issue.

To my knowledge you are the only one effected as 1984mini25 is also getting the messages on other sites.

Are you able to use a completely different pc or laptop to try? See if you get the messages on that pc/laptop?

 

So far I've only been getting these messages on TMF, with the last one being the one I posted.

 

With eBay randomly being as slow as anything and google with the stupid capuche boxes.



#32 surfblue63

surfblue63

    TMF fantasy F1 winner 2012

  • Members
  • PipPipPipPipPipPipPipPipPip
  • 2,539 posts
  • Location: North East
  • Local Club: MCR Newcastle & Durham

Posted 15 May 2016 - 10:16 PM


Are you able to use a completely different pc or laptop to try? See if you get the messages on that pc/laptop?

 

I could, but better still I will no longer use the forum as I believe it has been compromised.

 

Just to repeat myself again, this is the only site that I get this problem, it does not happen on any other site.

 

It's been fun reading and posting on here, but I just do not want to risk my lap top being infected by this site.

 

Bye Bye



#33 WPD

WPD

    Stage One Kit Fitted

  • Noobies
  • PipPipPip
  • 85 posts
  • Location: Hampshire

Posted 16 May 2016 - 01:23 AM

 

Are you able to use a completely different pc or laptop to try? See if you get the messages on that pc/laptop?

 

I could, but better still I will no longer use the forum as I believe it has been compromised.

 

Just to repeat myself again, this is the only site that I get this problem, it does not happen on any other site.

 

It's been fun reading and posting on here, but I just do not want to risk my lap top being infected by this site.

 

Bye Bye

 

 

It is not the forum???

There is no way malicious code can be uploaded to the forum without having someone log into the server and upload it themselves, the admins can confirm whether or not that has happened by checking ftp logs.

Your computer has already been infected and malware is injecting malicious javascript into the browser when you try to access the forum hence why security essentials blocks it.

You never tried the several malware removal tools I suggested as obviously security essentials isn't doing a very good job. In actual fact microsoft has said people should be using something else now rather than MSE as it is sub-par to third party solutions.

Why the malware singles out TMF I don't know, malwarebytes identified PuP's which you say is not significant in actual fact it is, those potentially unwanted programs could likely be the source of your problems.

 

Why don't you go and re-install windows or restore to an earlier date which will solve all of these problems. 

The only other thing i can think of is your routers default DNS server has been compromised as your screenshots say its blocked x website hosted by TMF, potential redirect? Change ipv4 dns server to 8.8.8.8 and 8.8.4.4 (googles dns)



#34 Jordie

Jordie

    Traders Area Specialist Mod, North and Scotland Area Manager

  • TMF+ Member
  • PipPipPipPipPipPipPipPipPipPipPip
  • 13,564 posts
  • Name: Jordan
  • Location: North East

Posted 16 May 2016 - 05:50 AM

Are you able to use a completely different pc or laptop to try? See if you get the messages on that pc/laptop?

 
I could, but better still I will no longer use the forum as I believe it has been compromised.
 
Just to repeat myself again, this is the only site that I get this problem, it does not happen on any other site.
 
It's been fun reading and posting on here, but I just do not want to risk my lap top being infected by this site.
 
Bye Bye

Thats a shame but it is your choice.

I can assure you we have checked out our end in much detail and nothing found.

When working as a web developer i fixed an online shop which was infected by some coding loophole and that effected every single person trying to access the page. If this forum was infected there would be at least triple figures reporting issues.

I would try another pc or laptop to see if the problem still existsd but thats your choice if you dont want to.

Sad to loose a forum member

#35 Deathrow

Deathrow

    Have you tried turning it off and on again?

  • TMF IT Specialist
  • PipPipPipPipPipPipPipPipPipPip
  • 5,734 posts
  • Name: Adam
  • Location: Manchester, UK

Posted 16 May 2016 - 11:06 AM

Right, I've dug in to this again.

 

I've checked all FTP logs, no one has access the server via FTP except myself.

 

I've downloaded the the forum file system and searched for indications of tampering and I've come up with nothing.

 

I've also run the website through a number of online scanners which check websites for compromises and come up with nothing.

 

Finally I've reviewed the Safe Browsing Site Status of TMF which is provided by Google which has TMF marked as 'Not Dangerous'.

I can't really do any more.



#36 Carlos W

Carlos W

    Mine is purple, but I have been told that's normal

  • TMF+ Member
  • PipPipPipPipPipPipPipPipPipPipPip
  • 10,110 posts
  • Location: Sittingbourne, Kent

Posted 16 May 2016 - 11:13 AM

Right, I've dug in to this again.

 

I've checked all FTP logs, no one has access the server via FTP except myself.

 

I've downloaded the the forum file system and searched for indications of tampering and I've come up with nothing.

 

I've also run the website through a number of online scanners which check websites for compromises and come up with nothing.

 

Finally I've reviewed the Safe Browsing Site Status of TMF which is provided by Google which has TMF marked as 'Not Dangerous'.

I can't really do any more.

Have you tried turning it off and on again?



#37 surfblue63

surfblue63

    TMF fantasy F1 winner 2012

  • Members
  • PipPipPipPipPipPipPipPipPip
  • 2,539 posts
  • Location: North East
  • Local Club: MCR Newcastle & Durham

Posted 25 May 2016 - 04:08 PM



I would try another pc or laptop to see if the problem still existsd but thats your choice if you dont want to.

 

 

 

I have just clicked onto the site on a new lap top running a fully up to date windows 10 and IE 11. This machine uses Widows Defender and guess what, the warning message came up when I first clicked on the site and Window Defender Quarantined Exploit:JS/Axpergle.BW and Exploit:HTML/Axpergle.AK

 

The machine that I am on now has only been on YouTube, my Orange Email and Ebay, it has not been on any other websites.

 

This will be the last time I log on to the forum as the site is obviously compromised.

 

I would suggest that you contact Microsoft to try and resolve this issue as I am sure there are others who have clicked onto the site, received the warning and then closed without going any further.



#38 ukcooper

ukcooper

    Camshaft & Stage Two Head

  • Members
  • PipPipPipPipPipPipPipPip
  • 1,625 posts
  • Location: Stoke on Trent

Posted 25 May 2016 - 04:42 PM

 

I would try another pc or laptop to see if the problem still existsd but thats your choice if you dont want to.

 
 
I have just clicked onto the site on a new lap top running a fully up to date windows 10 and IE 11. This machine uses Widows Defender and guess what, the warning message came up when I first clicked on the site and Window Defender Quarantined Exploit:JS/Axpergle.BW and Exploit:HTML/Axpergle.AK
 
The machine that I am on now has only been on YouTube, my Orange Email and Ebay, it has not been on any other websites.
 
This will be the last time I log on to the forum as the site is obviously compromised.
 
I would suggest that you contact Microsoft to try and resolve this issue as I am sure there are others who have clicked onto the site, received the warning and then closed without going any further.

 

 

Exploit:JS/Axpergle.BO
Alert level: Severe

Windows Defender detects and removes this threat. Must be on the pc as it can not remove a threat of a server

This threat uses vulnerabilities in recent versions of Internet Explorer, Microsoft Silverlight, Adobe Flash Player, and Java to install malware on your PC.

It can be installed when you visit a malicious or hacked website, or click a malicious link in an email.


Edited by ukcooper, 25 May 2016 - 04:45 PM.


#39 Jordie

Jordie

    Traders Area Specialist Mod, North and Scotland Area Manager

  • TMF+ Member
  • PipPipPipPipPipPipPipPipPipPipPip
  • 13,564 posts
  • Name: Jordan
  • Location: North East

Posted 25 May 2016 - 07:56 PM

Right, Ive just tried a brand new out of the box laptop (family companies new one). Running windows 10 and Edge browser. Viewed the forum and several threads without issue.

 

I think we've done all we can do at our end, unfortunately I still believe the issue lies with the single user.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users