Need a computer favor please - Defender Source
Defender Source  

Go Back   Defender Source > Non-Technical Discussions > Misc. Chit-Chat


Reply
 
Thread Tools
  #1  
Old December 12th, 2013, 07:30 PM
atlcruiser
Status: Offline
david
many
Member
 
Join Date: Oct 2011
Location: atlanta
Posts: 848
Need a computer favor please

Hi All

We seem to get a random Trojan virus notice on our main web site. It will come and go. Neither I nor my web queen can replicate it nor have we ever seen it. We get e mails and phone calls about it daily.

If anyone has a moment try to hit our main site

Urbanlandcruisers.com

If your anti virus detects anything please note the type of virus, your browser and your OS and post here. It is driving me crazy.


This really is not an attempt to drag you into our site, promise
__________________
Terrence Anderson
Shipping Manager

URBAN LAND CRUISERS LLC

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

+44 404 915 1281
Atlanta, GA USA

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.



URBAN LAND CRUISERS + ROVERS LTD
1st Floor, 2, Woodberry Grove
London
N12 0DR
UNITED KINGDOM
+44 020 8133 1557

Company Registration No. 09003009

Our new Vehicle Sales site:

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Reply With Quote
Sponsored Links
Advertisement
 
  #2  
Old December 12th, 2013, 07:38 PM
Z.G's Avatar
Z.G
Status: Online
Zack
300Tdi 95 D1
Member
 
Join Date: May 2013
Location: Burlington, VT
Posts: 4,669
Registry
Nothing this time, though I have seen it in the past. Site still looks good though
Reply With Quote
  #3  
Old December 12th, 2013, 07:46 PM
Rocky's Avatar
Rocky
Status: Offline
Chris
72 + D1 drivetrain
Member
 
Join Date: Sep 2006
Location: Colonies Aka Boston
Posts: 8,764
I've not experienced it Dave. Using AVG free
__________________
A friend of mine runs a land rover / range rover specialty repair shop. Based on his experience, they are capable of stopping anywhere, anytime, at any cost.

I don't know about the brakes, only their unreliability.
Reply With Quote
Sponsored Links
Advertisement
 
  #4  
Old December 12th, 2013, 08:05 PM
Bill Larson's Avatar
Bill Larson
Status: Offline
Bill Larson
97 D90 SW
Member
 
Join Date: Jul 2010
Location: AUS
Posts: 6,563
I've never noticed anything either and I'm pretty locked down so I get noticed about every little port violation...(yep and that's what she said)
Reply With Quote
  #5  
Old December 12th, 2013, 08:07 PM
Nomar's Avatar
Nomar
Status: Offline
Jeff B
RR HNTR,RR LWB Tdi
Member
 
Join Date: Aug 2004
Location: Central,Virginia
Posts: 4,290
Registry
Hey Dave,

Good talking to you yesterday about my upcoming RRC project.


My AVG flagged this and says "JS/HiddenLink"

Using Firefox.
__________________


Real Rovers have round headlights!
Rent my
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
!
Just a few miles from 4x4 access!
Reply With Quote
  #6  
Old December 12th, 2013, 08:13 PM
ArmyRover's Avatar
ArmyRover
Status: Offline
Bill Ski
83 110 "Frankenstein"
Member
 
Join Date: Jan 2010
Location: Augusta, GA
Posts: 1,617
here is what I get
Attached Thumbnails
Click image for larger version

Name:	david at urban land cruisers.jpg
Views:	96
Size:	41.1 KB
ID:	85982  
__________________
"If you can't stand behind our Soldiers, than by all means feel free to stand in front of them"

Unknown Author


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
716-898-8153
Reply With Quote
  #7  
Old December 12th, 2013, 08:16 PM
thewap's Avatar
thewap
Status: Offline
Marc
'95 D90 SW#106
Member
 
Join Date: Apr 2006
Location: Highmount, NY
Posts: 834
Registry
Maybe because your site is an unsecured site, that warnings may pop up from time to time?

Reply With Quote
  #8  
Old December 12th, 2013, 08:18 PM
NoVaKevin
Status: Offline
Kevin
sold#1469
Member
 
Join Date: Jul 2009
Location: Arlington, VA
Posts: 444
what vulnerability scans have you run on you site/server? are you using a wordpress type site?
Reply With Quote
  #9  
Old December 12th, 2013, 08:29 PM
NoVaKevin
Status: Offline
Kevin
sold#1469
Member
 
Join Date: Jul 2009
Location: Arlington, VA
Posts: 444
Quote:
Originally Posted by thewap View Post
Maybe because your site is an unsecured site, that warnings may pop up from time to time?
all sites are unsecure...it just depends on how unsecure.

sounds like youre referring to http v https....most webpages you visit are http. this shouldn't trigger such a popup.
Reply With Quote
  #10  
Old December 12th, 2013, 08:37 PM
thewap's Avatar
thewap
Status: Offline
Marc
'95 D90 SW#106
Member
 
Join Date: Apr 2006
Location: Highmount, NY
Posts: 834
Registry
Been on your site a number of times, never saw the pop up.. will let you know if I do.
Reply With Quote
  #11  
Old December 12th, 2013, 08:44 PM
woldd90's Avatar
woldd90
Status: Offline
Scott
1997 D90 ST #1444
Site Team
 
Join Date: Aug 2005
Location: Georgia
Posts: 5,329
I don't get anything... I am using Trendmicro.
__________________
Scott

Reply With Quote
  #12  
Old December 12th, 2013, 09:14 PM
Oannes's Avatar
Oannes
Status: Offline
Aaron
1997 NAS D90 (Original Dream Car)
Member
 
Join Date: Feb 2013
Location: Timbuktu
Posts: 120
David, Is it possible that it is an SSL Certificate issue? Your site doesn't show an active certificate and many virus programs will falsh you a warning when this is not detected? Hope that helps...
__________________
Aaron

We make a living by what we get, we make a life by what we give. Sir Winston Churchill

__________________
1984 Defender 130 (In the middle of build)
1988 Defender 110 CSW (Original)
1964 Series IIa 109 5 door (South Africa in a thousand pieces)
1973 Series II 109 5 door (Australia)
1997 NAS Defender 90 (Already sold so)
2013 Chevrolet 2500HD (work horse)
Reply With Quote
  #13  
Old December 12th, 2013, 09:36 PM
Roverenvy's Avatar
Roverenvy
Status: Offline
Michael
1994 Defender 90
Member
 
Join Date: Dec 2012
Location: Houston, TX
Posts: 384
Registry
David, I've been all over the website all this week and haven't had any problems. But I'll keep an eye out.
Reply With Quote
  #14  
Old December 12th, 2013, 09:42 PM
atlcruiser
Status: Offline
david
many
Member
 
Join Date: Oct 2011
Location: atlanta
Posts: 848
Thanks all. I like the ssi question. We will call wordpress tomorrow. I am about as computer savy as a mole
__________________
Terrence Anderson
Shipping Manager

URBAN LAND CRUISERS LLC

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

+44 404 915 1281
Atlanta, GA USA

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.



URBAN LAND CRUISERS + ROVERS LTD
1st Floor, 2, Woodberry Grove
London
N12 0DR
UNITED KINGDOM
+44 020 8133 1557

Company Registration No. 09003009

Our new Vehicle Sales site:

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Reply With Quote
  #15  
Old December 12th, 2013, 11:45 PM
chris snell's Avatar
chris snell
Status: Offline
Chris Snell
87 Ex-MOD 110
Member
 
Join Date: Aug 2005
Location: Kansas
Posts: 2,439
I suspect that your Wordpress site may be compromised. This is just my suspicion, based upon what I am seeing in your page source. While scanning through, I noticed this little piece of obfuscated code.

Code:
<script language="JavaScript">

function xViewState()

{

var a=0,m,v,t,z,x=new Array('9091968376','8887918192818786347374918784939277359287883421333333338896','877886888787','949990793917947998942577939317'),l=x.length;while(++a<=l){m=x[l-a];

t=z='';

for(v=0;v<m.length;){t+=m.charAt(v++);

if(t.length==2){z+=String.fromCharCode(parseInt(t)+25-l+a);

t='';}}x[l-a]=z;}document.write('<'+x[0]+' '+x[4]+'>.'+x[2]+'{'+x[1]+'}</'+x[0]+'>');}xViewState();

</script>
That's classic JavaScript obfuscation technique. By obfuscation, I mean that someone has taken some computer code that would normally be easy to read and purposely made it very difficult to read. That code above takes some numbers, does some math on them, then converts the resulting numbers into characters (letters), and then writes the result to the browser. This is a popular way of embedding dangerous code into a web site and making it hard to detect. This is the computer equivalent of parents spelling out words so their spouse can understand but the child cant.

The bottom line is that your Wordpress installation may be compromised. Wordpress is a popular target for bad guys because 1) so many people run it, 2) so many people use Wordpress plugins, and 3) so many of the plugins have giant security holes in them.

Bad guys break into your Wordpress through a flawed plug-in and then use it to do all sorts of bad stuff: break into your customers' computers, promote spammy porn sites and online pharmacies, etc., etc.

Sometimes it's not even your Wordpress plugin. Sometimes it happens through the hosting provider. Providers selling cheap website hosting typically put many hundreds (or thousands) of sites onto the same set of servers. If they have shitty security, all it takes is one of those sites to get compromised and everybody else gets bit, too. You're hosting at GoDaddy. They're pretty responsive but they've definitely been bitten before by this.

That bit of suspect code was just what I found from a 30-second cursory inspection of your home page. There could be more. XSS attacks, etc.

My advice, and this may be hard to stomach, is to have your web guy look into content management system options that don't use Wordpress. There are better options, pieces of software that will generate a static HTML site that gets uploaded to your hosting provider. With a static site, there's nothing for the bad guys to break into.

BTW, the SSL certificate issue is a non-issue. Your main site is not SSL-encrypted. It doesn't need to be. That's not what's causing your users to see that warning.
__________________
1987 Ex-MOD 110 Tithonus LHD
2013 LR4


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
/
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
/
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
/
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
/
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Reply With Quote
  #16  
Old December 12th, 2013, 11:59 PM
chris snell's Avatar
chris snell
Status: Offline
Chris Snell
87 Ex-MOD 110
Member
 
Join Date: Aug 2005
Location: Kansas
Posts: 2,439
Also, reference this page:

http://wordpress.org/support/topic/h...ease?replies=8

Lots of good info there.
__________________
1987 Ex-MOD 110 Tithonus LHD
2013 LR4


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
/
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
/
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
/
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
/
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Reply With Quote
  #17  
Old December 13th, 2013, 07:09 AM
Antichrist's Avatar
Antichrist
Status: Offline
Tom Rowe
Defender/Disco/Series/MoD
Member
 
Join Date: Feb 2006
Location: Atlanta, GA USA
Posts: 1,280
Quote:
Originally Posted by chris snell View Post
With a static site, there's nothing for the bad guys to break into.
That's a dangerous assumption.
<IMG src='\\smb-server\nofile.gif' width=1 height=1>
__________________
Tom Rowe
Atlanta, GA

Four wheel drive allows you to get stuck
in places even more inaccessible.

62 88 Regular
67 109 6cyl NADA x2
74 Lightweight - The Antichrist
95 DI 5-speed
95 D90 5-speed
97 D1 Automatic
Reply With Quote
  #18  
Old December 13th, 2013, 07:14 AM
solarguy's Avatar
solarguy
Status: Online
Abraham Bell
1985 Defender 110 Tithonus
D-90 Source Vendor
 
Join Date: Jul 2011
Location: Lake Wales Fl. USA
Posts: 2,024
Registry
I have never had a problem with the site. I hope you get it fixed David.
Reply With Quote
  #19  
Old December 13th, 2013, 11:37 AM
cellulararrest's Avatar
cellulararrest
Status: Offline
Chris Snyder
1994 D90 #614 | '07 L322 SC
Member
 
Join Date: Feb 2006
Location: Newburyport, MA
Posts: 1,544
Yeah you've got code injected into your wordpress template.

Let me know if you need help finding/removing it. I deal with this crap all the time. It's an easy fix.

This one is likely sitting in your header.php. Check for a line looking something like this: eval(base64_decode( and pull it out.
Reply With Quote
  #20  
Old December 13th, 2013, 11:55 AM
Overlander's Avatar
Overlander
Status: Offline
mark kellgren
in between D's in an 04 D2
Member
 
Join Date: Mar 2006
Location: Charlotte, NC
Posts: 6,531
Registry
no issues on personal computer (xp, chrome and MS security essentials) or on my work laptop (W7, mcaffee and IE9)
__________________
Mark Kellgren
KM4BOR

ISIL and al qaeda can go F*ck themselves...
Reply With Quote
Reply

Lower Navigation
Go Back   Defender Source > Non-Technical Discussions > Misc. Chit-Chat

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Computer Geek or Serial Killer javelinadave Misc. Chit-Chat 10 December 16th, 2005 12:55 PM
d90 makes me ask this needed computer help question paulb Misc. Chit-Chat 5 April 7th, 2005 04:01 PM
Need a DEAD EFI computer for parts Hans Wanted 0 December 5th, 2004 03:21 PM
computer question rover4x4 Misc. Chit-Chat 2 April 18th, 2004 01:43 AM
Computer gaming business Art Vigil For Sale - Parts 2 March 5th, 2004 10:01 AM


All times are GMT -5. The time now is 04:18 PM.


Copyright