+rwsherlock Posted August 1, 2009 Share Posted August 1, 2009 I have been using cacherstats.com/florida2.html for a couple years. Today I got a error flag from Google and from McAfee SiteAdvisor that this site is now listed as a "Reported Attack Site". While I have firewalls, and Norton SystemWorks with added safety programs, I am fanatical about protecting my computer. Many times, such warning are over cautious tho, and do not truly represent a real treat. Has anyone had experience with this site. Would appreciate heads up! KOC, Bob rwsherlock Quote Link to comment
Keystone Posted August 1, 2009 Share Posted August 1, 2009 The issue is also being discussed in this active thread that's about the leaderboard generally. I'm going to leave this topic open, however, because it's focused specifically on the security question. Quote Link to comment
+Chrysalides Posted August 1, 2009 Share Posted August 1, 2009 Mentioned it in my post #37. On first glance it seems to fit what is described as statcounter script injection user session hijack. Quote Link to comment
+Sol seaker Posted August 1, 2009 Share Posted August 1, 2009 I thought someone in the last thread said they were going to contact the site owner, but looking back now I can't find that. Am I on drugs and dont' know it? I don't understand a lot of this, and my computer isn't even giving me the warning. Perhaps someone a little better versed in what is going on can contact the site owner. (If I figured out how to contact them I'd say something like, "you're site is broke". someone else might have better information than I) Quote Link to comment
+Chrysalides Posted August 2, 2009 Share Posted August 2, 2009 I thought someone in the last thread said they were going to contact the site owner, but looking back now I can't find that. Am I on drugs and dont' know it? I don't understand a lot of this, and my computer isn't even giving me the warning. Perhaps someone a little better versed in what is going on can contact the site owner. (If I figured out how to contact them I'd say something like, "you're site is broke". someone else might have better information than I) Post #42 If problem continues next week I'll send e-mail. I find it hard to believe no one contacted him already. He's probably away for the weekend or something. I'm seeing this with Firefox. I'm not sure if IE or other browsers would report this as an attack site. Quote Link to comment
+ecanderson Posted August 2, 2009 Share Posted August 2, 2009 If problem continues next week I'll send e-mail. I find it hard to believe no one contacted him already. He's probably away for the weekend or something. I left him a voicemail late Friday afternoon. It's unusual that he didn't pick up, so my best guess is that he is traveling. Quote Link to comment
+rwsherlock Posted August 5, 2009 Author Share Posted August 5, 2009 Just checked the cachestats program and all seems to be fine. Both McAfee and Google report a clean site. Thanks to all for your replies and any help. KOC rwsherlock Quote Link to comment
+rwsherlock Posted August 15, 2009 Author Share Posted August 15, 2009 Just checked CacheStats Florida again and again there is a Google warning. It may or may not be a problem but my hyper-sensitive nature urges caution in using this site. Thanks in advance for any follow up. Bob Quote Link to comment
+Kabuthunk Posted August 15, 2009 Share Posted August 15, 2009 (edited) Sounds like the same type of thing that hit my own website a few weeks ago... an iframe injection attack. If a site uses the iframe command (which mine obviously did, and cachestats may well too, since it's a ridiculously common command), the page can be compromised. What happened with mine was that some added code was added to the site so that it auto-attempted to install malware, and attempted to redirect the visitor to some other malware site. I basically just removed all iframes for a few weeks (they're not integral to most of the site), re-uploaded the affected .html files from my home computer (thus overwriting the compromised files with normal code), and asked google to re-evaluate the site (there's a convenient button you just click). A few hours later, and the site was back up to normal, and no longer had a warning. After the aformentioned few weeks, I put the iframes back in, and haven't had a recurring problem. I'm hoping whatever botnet decided to attack my site (in the past, it's been botnets hitting a pile of sites at once) has wandered off, and I'll be good for another 7 years without a problem But long story short, botnet probably hit the site with an iframe injection attack (or otherwise, sql injection perhaps, whatever), and once the owner fixes it, it hopefully won't be affected again. With things like this, there's nothing a website owner can do other than repair the damage, and cross their fingers for the future. On the plus side, since I use Linux, there's virtually zero chance that anything the site tries to install in the computer will do anything whatsoever. So, looking at some of the source code, I couldn't find anything unusual. So it could be that the owner is waiting for Google to re-evaluate the site, or there's some small, out-of-the-way page, rarely looked at page that is still compromised, at which point Google will tell them there's still a problem, until it's completely cleaned. Only time will tell for this. Edited August 15, 2009 by Kabuthunk Quote Link to comment
+ecanderson Posted August 15, 2009 Share Posted August 15, 2009 (edited) It's a problem with the web hosting service. There's something being appended to the original files being sent by the owner that keeps setting the "red flags". Owner thought he had this licked by automatically resending the requisite files via FTP if he found the variance in the files, hoping to do so before the problem was logged again at Google. Guess his workaround is not working. I'll let him know. In any case, the problem of the stuff after the /HTML is benign, but extremely annoying. Edit: I just checked the source for the page, and his workaround worked (nothing appended) but evidently there must have been for a brief, and Google caught it while it was wrong again. The site is (as of the moment) pristine again. The owner will have to (again) force a rescan by Google. What a PITA. Edited August 15, 2009 by ecanderson Quote Link to comment
toczygroszek Posted August 15, 2009 Share Posted August 15, 2009 I was talking with him few weeks ago and he said me he will be busy with other things after 29.07 so that's probably reason it's not fixed yet. Quote Link to comment
+rwsherlock Posted August 20, 2009 Author Share Posted August 20, 2009 It is now the 20th of August and I appreciate the many replies from concerned cachers. Today, Google Red Flags the site as a "Reported Attack Site". Enough to scare the hinder parts off most people. McAfee SiteAdviser gives it a green check mark "We tested this site and didn't find any significant problems" but does give a caution on one of Cacherstats links (Information.com)"When we browsed this site we received several pop-ups". When reading down on Information.com using McAfee SiteAdviser, "User Review Summary for information.com", there are many black marks listed by subscribers. Not knowing if, when using Cacherstats, information.com is automatically called up as a subroutine, I am hesitant in accessing Cacherstats at all. Sure would like to get back using this fine tool. Again, thanks to all. Bob rwsherlock Quote Link to comment
+Artemis&Apollo Posted October 21, 2009 Share Posted October 21, 2009 (edited) I can confirm that I had problems with cacherstats.com yesterday. After accessing the site my McAfee software reported blocking two trojans then notified me that csrss.exe was attempting to access the internet. I denied the acceess but ended up with a modified hosts file in \windows\system32\drivers\etc that redirected nearly all search engines (google, yahoo, aol, bing, etc) to an invalid IP Address resulting in the page-not-found message. I recreated the problem today. I wouldn't recommend accessing the site. A&A Edited October 21, 2009 by artemis&apollo Quote Link to comment
+Chrysalides Posted October 22, 2009 Share Posted October 22, 2009 I can confirm that I had problems with cacherstats.com yesterday. After accessing the site my McAfee software reported blocking two trojans then notified me that csrss.exe was attempting to access the internet. I denied the acceess but ended up with a modified hosts file in \windows\system32\drivers\etc that redirected nearly all search engines (google, yahoo, aol, bing, etc) to an invalid IP Address resulting in the page-not-found message. I recreated the problem today. I wouldn't recommend accessing the site. I strongly suspect that you got infected from another location. It is highly improbable that visiting a website could do things like modify your hosts file, unless you explicitly downloaded and ran something from that site. Not to say a vulnerability like that could not exist, but if it does, it would have been patched in a hurry and there'll be a fantastic hue and cry. Quote Link to comment
+Artemis&Apollo Posted October 22, 2009 Share Posted October 22, 2009 Probability aside, I am sure it came from cacherstats.com. I'm not positive it was simply visiting the site or clicking on a current stat-bar. But I am sure it came from my visit to the cacherstats.com web site. Quote Link to comment
+Ashallond Posted October 23, 2009 Share Posted October 23, 2009 I had a pop up screen that told me that my adobe needed updating last night when I went to the site. What set me off that it was bad was that as i scrolled the web page, it adjusted to where I was on the screen to cover most of the screen. Needless to say the site was immediately closed, and a nice virus un was initiated. whee! Quote Link to comment
+Chrysalides Posted October 23, 2009 Share Posted October 23, 2009 Anyone else have problems with the site? I just visited it again and no issues. I'm running firefox with adblock. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.