Author Topic: Noticing Malware coming from www.orthodoxchristianity.net... (Read 4950 times)

ignatius · « **on:** January 06, 2010, 02:03:55 PM »

Grace and Peace,

I'm noticing Malware getting blocked by Malwarebytes' Anti-Malware from an IP Address 95.169.190.73. I just thought you should know.

Anastasios · « **Reply #1 on:** January 06, 2010, 02:17:54 PM »

Thanks for letting me know. That is not the IP address of our server at all. It is coming from the Russian Federation. Could you be more descriptive as to what the alert says?

Anastasios · « **Reply #2 on:** January 06, 2010, 02:30:53 PM »

Google has listed our site as clean for all recent history:
http://google.com/safebrowsing/diagnostic?site=orthodoxchristianity.net

Did you only now start seeing this warning?

ignatius · « **Reply #3 on:** January 06, 2010, 05:56:57 PM »

Quote from: Fr. Anastasios on January 06, 2010, 02:30:53 PM

Google has listed our site as clean for all recent history:
http://google.com/safebrowsing/diagnostic?site=orthodoxchristianity.net

Did you only now start seeing this warning?

Grace and Peace Father,

Yes I noticed it today. My virus software is blocking it but it comes up every time I refresh a page. It doesn't necessary have to be a virus, it may well be Malware or Adware. But I thought you guys and gals should know since it's your site.

If you check out that IP Address with tools like DNStuff it's coming out of Russia.

It just states that Malwarebytes' has blocked activity from that IP address.

Anastasios · « **Reply #4 on:** January 06, 2010, 07:18:46 PM »

I am happy you have alerted me. I am just not sure where there could be spyware or adware or malware. I checked our server (which is not at that IP address) and there have been no unauthorized intrusions in to the server or files changed in the sources directory...so not sure. Could you send me a private message with the error message/log info from this program you have, because otherwise I will never be able to figure out what to look for.

Thanks!

Fr Anastasios

Entscheidungsproblem · « **Reply #5 on:** January 06, 2010, 10:07:04 PM »

I've tried to replicate the error with Anti-Malware, but didn't find anything wrong with it.

I find it fairly odd, since the IP it is linking to seems to come up clean through Google clean browsing and through Anti-Malware itself. The best bet would be to check the logs to see what exactly it says is happening. A couple questions: a) when you load and refresh, in the status bar, do you notice it mentioning any site besides orthodoxchristianity.net?, b) are you having this problem with any other websites now or is it still just orthodoxchristinaity.net?

It sounds like it is likely more of a local problem, rather than something on the server. I'm not sure why that IP would even be mentioned in loading this site (and can't get it to do so on my own machine), unless something locally on your machine is trying to force it. It might also be a false positive.

ignatius · « **Reply #6 on:** January 07, 2010, 01:00:02 AM »

Grace and Peace,

I'm only noticing it on this thread...

http://www.orthodoxchristianity.net/forum/index.php/topic,25198.45.html

every time I enter or post on this thread I see the notice come up....

14:55:46 chris IP-BLOCK 81.169.145.86
14:56:56 chris IP-BLOCK 95.169.190.73

It's diffidently coming up only when I've visiting this forum.

Fr. George · « **Reply #7 on:** January 07, 2010, 01:06:52 AM »

Maybe someone is targeting people who are watching/on this site...

Entscheidungsproblem · « **Reply #8 on:** January 07, 2010, 01:43:06 AM »

Thanks for the info, ignatius.

It is the following picture that is causing the problem:

http://en.academic.ru/pictures/enwiki/66/Byzantium1204.png

from this post.

ignatius · « **Reply #9 on:** January 07, 2010, 09:57:11 AM »

Quote from: Nebelpfade on January 07, 2010, 01:43:06 AM

Thanks for the info, ignatius.

It is the following picture that is causing the problem:

http://en.academic.ru/pictures/enwiki/66/Byzantium1204.png

from this post.

You are more than welcome. So was it a virus or just Malware/Adware?

Entscheidungsproblem · « **Reply #10 on:** January 07, 2010, 10:56:43 AM »

Quote from: ignatius on January 07, 2010, 09:57:11 AM

Quote from: Nebelpfade on January 07, 2010, 01:43:06 AM
Thanks for the info, ignatius.

It is the following picture that is causing the problem:

http://en.academic.ru/pictures/enwiki/66/Byzantium1204.png

from this post.

You are more than welcome. So was it a virus or just Malware/Adware?

Neither. For some reason, anti-malware has blacklisted the IP that the image was hosted on. The image is clean, the website doesn't seem to actively possess any threats, so it is likely that either the site had issues in the past or malicious sites are hosted on the same server or on the same server farm.

ignatius · « **Reply #11 on:** January 08, 2010, 12:44:41 PM »

Quote from: Nebelpfade on January 07, 2010, 10:56:43 AM

Quote from: ignatius on January 07, 2010, 09:57:11 AM
Quote from: Nebelpfade on January 07, 2010, 01:43:06 AM
Thanks for the info, ignatius.

It is the following picture that is causing the problem:

http://en.academic.ru/pictures/enwiki/66/Byzantium1204.png

from this post.

You are more than welcome. So was it a virus or just Malware/Adware?
Neither. For some reason, anti-malware has blacklisted the IP that the image was hosted on. The image is clean, the website doesn't seem to actively possess any threats, so it is likely that either the site had issues in the past or malicious sites are hosted on the same server or on the same server farm.

Hi Guys. I'm noticing the same warning in the thread on Protestants and Icons... just so you know.

Anastasios · « **Reply #12 on:** January 08, 2010, 01:10:47 PM »

Is your program telling you it is because of one of the linked images?

ignatius · « **Reply #13 on:** January 08, 2010, 01:20:47 PM »

Quote from: Fr. Anastasios on January 08, 2010, 01:10:47 PM

Is your program telling you it is because of one of the linked images?

Sorry Father it doesn't give me that much info but it appears to be the same issue as before. My guess it's one of the linked images as before. I'm not trying to get anyone worried or anything I just thought someone should know.

Entscheidungsproblem · « **Reply #14 on:** January 08, 2010, 02:30:44 PM »

Yup, it is another linked image.

http://mariedenazareth.com/typo3temp/pics/576c12baa6.jpg from this post.

Anastasios · « **Reply #15 on:** January 08, 2010, 02:42:27 PM »

Basically if it is a linked image, there will be nothing we can do about it. We could theoretically ban hotlinking to images outside our forum, but then people would attach the images here and use up all our bandwidth. So if you see such warnings again, know that they are not coming from this site. If you see a warning not related to an image, let us know.

Velsigne · « **Reply #16 on:** April 08, 2013, 11:39:26 PM »

Hi,

You are getting malware attacks on this thread: an ex-catechumen comparing the Episcopalian Lent

93.125.99.4

dcommini · « **Reply #17 on:** April 09, 2013, 08:02:19 PM »

I just did my own scan and it came back negative for malware. Perhaps it is one of the photos again.

Velsigne · « **Reply #18 on:** April 10, 2013, 02:34:23 AM »

Quote from: dcommini on April 09, 2013, 08:02:19 PM

I just did my own scan and it came back negative for malware. Perhaps it is one of the photos again.

Okay, thanks for checking on that.

News:

Author Topic: Noticing Malware coming from www.orthodoxchristianity.net... (Read 4950 times)