cross script attack

Discussion in 'Support Tickets' started by pgm554, Apr 25, 2018.

  1. pgm554

    pgm554 Member

    Messages:
    22
    Likes Received:
    3
    Joined:
    Sep 1, 2014
    What's up with the XSS attacks (again)?
    Unless I have a script blocker in place ,this site runs a java script attack.
    This has been going on for a very long time.

    A very good reason I don't visit this site anymore.

    Also one of folks on another site says you are having captcha issues to join this forum.
     
  2. zenstat

    zenstat Senior Cymbal Nerd

    Messages:
    3,806
    Likes Received:
    462
    Joined:
    Feb 5, 2012
    Location:
    Auckland New Zealand
    Link to the thread on VDF claiming captcha isn't working for them:

    http://www.vintagedrumforum.com/showthread.php?t=62302

    which also contains various dire warnings about malware on DFO, and links in turn to a thread on DrummerWorld

    http://www.drummerworld.com/forums/showthread.php?t=139431

    which also contains various dire warnings about malware on DFO.

    I'm one of the people who has never had any problems at all so I can't help with the diagnosis of these issues. But I recognize the potential for reputational damage when I see it.
     
  3. equipmentdork

    equipmentdork DFO Veteran

    Messages:
    1,508
    Likes Received:
    180
    Joined:
    Sep 20, 2011
    Location:
    NJ
    I got whacked by one of the red scareware screens recently(I chronicled my delight in a thread on here) and had to task manage it away. After retreating to Sandboxie for a while, I tweaked my No Script settings and I think that took care of it. It seems like it was triggered when I hit a button like "post" or "quote" or something.



    Dan
     
  4. drawtheline55

    drawtheline55 Owner/admin Administrator Moderator

    Messages:
    3,573
    Likes Received:
    97
    Joined:
    Jan 31, 2011
    Location:
    Boston
    I have forwarded these issues to our tech guys, thanks, Ben
     
  5. Billster

    Billster Very well Known Member

    Messages:
    818
    Likes Received:
    3
    Joined:
    Mar 24, 2007
    Location:
    Richmond, Michigan
    Ben, Thanks for responding. I have had to stop accessing DFO from my Android device because of malware issues.
    It will be really great once I can spend more time on DFO again without getting whacked. Billster
     
  6. drawtheline55

    drawtheline55 Owner/admin Administrator Moderator

    Messages:
    3,573
    Likes Received:
    97
    Joined:
    Jan 31, 2011
    Location:
    Boston
    Thanks Bill, the Captcha issue is resolved. Any other possible issues are being looked at.

    Ben
     
  7. forumtech

    forumtech Administrator Staff Member Administrator Moderator

    Messages:
    9
    Likes Received:
    0
    Joined:
    Apr 18, 2017
    Could you please post a screenshot or send me more details?

    Detection tests say the forum is clean. Are you sure your computer doesn't have malware?

    The site is clean, there are no doubts:
    https://www.virustotal.com/#/url/0dc7725470bc5c4de31bebc81757cf744093eef808da2e8d850fc82996b66a17/detection
    http://scanner.pcrisk.com/detailed_report/www.drumforum.org#details
    https://rescan.pro/result.php?ac0146f07eb3619a3d6e901b4a8bdf6c
    https://app.webinspector.com/public/reports/81895558
    https://sitecheck.sucuri.net/results/www.drumforum.org
    https://quttera.com/detailed_report/www.drumforum.org
     
  8. pgm554

    pgm554 Member

    Messages:
    22
    Likes Received:
    3
    Joined:
    Sep 1, 2014
    You are on a number of current black lists,so at some very recent point in time you got reported.

    Whether this was a drive by hack or some other issues with your hosting service has yet to be determined.

    I can only go by my own experience on this site and it has not been good in terms of security.

    Try MX Toolbox
     
  9. forumtech

    forumtech Administrator Staff Member Administrator Moderator

    Messages:
    9
    Likes Received:
    0
    Joined:
    Apr 18, 2017
    Please, if you aren't going to provide any facts I'll kindly ask you to stop saying Drumforum isn't secure.

    [​IMG]
    [​IMG]
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.