Myself Posted July 5, 2006 Report Share Posted July 5, 2006 For some bizzare reason, when I load this page every once in a while I get a message from Norton Internet Worm Protection that it has detected and blocked an intrusion attempt. The Intrusion is: HTTP MSIE CreateTextRange Code Exec. and the Intruder is: 196.regvista.com(85.255.115.196)(http(80)). I've only noticed this happening on OO.net - do you have any idea why I'm getting this message? Quote Link to comment Share on other sites More sharing options...
Lathanar Posted July 5, 2006 Report Share Posted July 5, 2006 (edited) I'm also seeing strange requests for apjuydguldid92pp5upp5c77p.affrontgl.com along with the 196.regvista.com from this site. Edited July 5, 2006 by Lathanar Quote Link to comment Share on other sites More sharing options...
RI1138 Posted July 5, 2006 Report Share Posted July 5, 2006 what brower are you using? (anyone who has gotten this message) I use firefox, and have not gotten the message yet. Quote Link to comment Share on other sites More sharing options...
Myself Posted July 5, 2006 Author Report Share Posted July 5, 2006 what brower are you using? (anyone who has gotten this message) I use firefox, and have not gotten the message yet. Internet Explorer Quote Link to comment Share on other sites More sharing options...
Dismuke Posted July 5, 2006 Report Share Posted July 5, 2006 I'm also seeing strange requests for apjuydguldid92pp5upp5c77p.affrontgl.com along with the 196.regvista.com from this site. I have attempted to check OO several times today on both of my computers using the Firefox browser in each instance and the page caused the entire bloody browser to freeze up. When it froze up, at the bottom of the window it indicated it was attempting to transfer data from 196.regvista.com On every occasion this happened, my memory usage began climbing and basically doubled before leveling off. The browser never became unstuck - I basically had to go in and "end process" to crash the thing. This last time that I did manage to get through without a problem I got a message that it was transferring from some subdomain with mostly numerical characters at onlinehome.us - which I recognized as coming from the 1&1 Internet as they are one of the hosting services that I use. But I think I have figured out what's to blame for it: George Bush and Karl Rove. You see, what's causing it is this diabolical, super-secret classified program that George Bush and his greedy oil buddies have put together. The alleged purpose of this program is to catch "terrorists" - but the real reason is so George Bush can read the contents of the American people's hard drives every time they go online. It is nothing more than just another domestic spying program. And GreedyCapitalist is in on it too - what would you expect from someone who proudly admits to being greedy and a capitalist and lives in Texas? Greedy people, capitalists and people from Texas thrive on walking over corpses in order to get what they want. How arrogant. Don't they realize that is the government's job? No truly sophisticated and compassionate society can just let a bunch of stupid, unwashed bumpkins from flyover country red states assume the task of important decisions like who becomes corpses and gets walked on. We need people like Hillary Clinton and John McCain to oversee the process on our behalf in the name of noblesse oblige. And 1&1 Internet? People don't realize that 1&1 is, in reality, a global company based in Germany, a country once ruled by Adolf Hitler of the Nazi party. See: http://www.1und1.com/ Do you really think this is a coincidence? George Bush wants to read people's hard drives when there are thousands of inner city children who cannot read because of cuts in the school lunch program and because parents who can afford to do so have moved to the suburbs or send their kids to private schools. George Bush wants to snoop on the surfing habits of Americans when there are Arab and Palestinian freedom fighters who cannot even go online because they are too busy dodging American and Israeli bullets. And Karl Rove has deliberately convinced GreedyCapitalist to botch up the way the classified super secret government spy machine interacts with the Objectivism Online website because he knows that people here will ask questions as to why their memory usage climbs out of the roof and that eventually the media will get wind of it and the New York Times will publish a story about it - which Karl Rove will claim is classified and vilify so that he can steal another election. It all makes sense, now. I think we need to send Cindy Sheehan to GreedyCapitalist's house so she can remove her bra and burn it in the name of Mother Earth and Workers and oppressed minorities around the world! Comrades Unite!! viva la revolucion!! Quote Link to comment Share on other sites More sharing options...
Myself Posted July 5, 2006 Author Report Share Posted July 5, 2006 Uh Dismuke - you have fun with that. Anyway - still getting the same message as before. Can an admin give us a heads up about what's going on? Has this website been hacked? Is our computer's security compromised by visiting? Quote Link to comment Share on other sites More sharing options...
DavidV Posted July 5, 2006 Report Share Posted July 5, 2006 (edited) I think someone posted an exploit in an iFrame that attempts to hack users via the FMW exploit. I have removed the exploit (just now) and will try to determine how to prevent it. Your computer should be safe if you installed the Microsoft FMW exploit fix released a few months ago. (Edit: or just use Firefox) http://www.symantec.com/avcenter/venc/data...exploit.56.html Edited July 5, 2006 by GreedyCapitalist Quote Link to comment Share on other sites More sharing options...
Proverb Posted July 5, 2006 Report Share Posted July 5, 2006 ...will try to determine how to prevent it. One Word: Firefox! lol Thanks David! Quote Link to comment Share on other sites More sharing options...
Myself Posted July 6, 2006 Author Report Share Posted July 6, 2006 The intrusion attack is back again from regvista. I experienced the attempt for the 1st time today at 4:25 PM. Quote Link to comment Share on other sites More sharing options...
DavidV Posted July 7, 2006 Report Share Posted July 7, 2006 OK, I fixed it and applied a security patch, so hopefully things are good. Quote Link to comment Share on other sites More sharing options...
scottkursk Posted July 7, 2006 Report Share Posted July 7, 2006 See: http://www.1und1.com/ Do you really think this is a coincidence? I agree with you about Bush. It's ALL a plot. Toothpast tubes running low, the ozone layer, problems with the internet, the fact I can't find 7th gear on my new Shimano shifter no matter how many times I work on it. It's all Bush's fault. Though, I did go to 1und1 and and that Pocket Web looks pretty cool. Darned Bush and his National Socialist friends. Quote Link to comment Share on other sites More sharing options...
Myself Posted July 7, 2006 Author Report Share Posted July 7, 2006 Sorry David, but it's still there. Intrusion: HTTP MSIE CreateTextRange Code Exec. Intruder: 196.regvista.com(85.255.115.196)(http(80)). Whoever is doing this is rather persistent. Quote Link to comment Share on other sites More sharing options...
Chumley Posted July 9, 2006 Report Share Posted July 9, 2006 Sorry David, but it's still there. Intrusion: HTTP MSIE CreateTextRange Code Exec. Intruder: 196.regvista.com(85.255.115.196)(http(80)). Whoever is doing this is rather persistent. This is affecting me while using Firefox to browse the site. Quote Link to comment Share on other sites More sharing options...
Myself Posted July 9, 2006 Author Report Share Posted July 9, 2006 This is affecting me while using Firefox to browse the site. So far it seems to be gone for me today (with IE) Quote Link to comment Share on other sites More sharing options...
DavidV Posted July 9, 2006 Report Share Posted July 9, 2006 It's fixed (again). Let me know if it happens again. Quote Link to comment Share on other sites More sharing options...
Sherry Posted July 9, 2006 Report Share Posted July 9, 2006 (edited) ..... But I think I have figured out what's to blame for it: George Bush and Karl Rove. You see, what's causing it is this diabolical, super-secret classified program that George Bush and his greedy oil buddies have put together. The alleged purpose of this program is to catch "terrorists" - but the real reason is so George Bush can read the contents of the American people's hard drives every time they go online. It is nothing more than just another domestic spying program. And GreedyCapitalist is in on it too - what would you expect from someone who proudly admits to being greedy and a capitalist and lives in Texas? Greedy people, capitalists and people from Texas thrive on walking over corpses in order to get what they want. How arrogant. Don't they realize that is the government's job? No truly sophisticated and compassionate society can just let a bunch of stupid, unwashed bumpkins from flyover country red states assume the task of important decisions like who becomes corpses and gets walked on. We need people like Hillary Clinton and John McCain to oversee the process on our behalf in the name of noblesse oblige. And 1&1 Internet? People don't realize that 1&1 is, in reality, a global company based in Germany, a country once ruled by Adolf Hitler of the Nazi party. See: http://www.1und1.com/ Do you really think this is a coincidence? George Bush wants to read people's hard drives when there are thousands of inner city children who cannot read because of cuts in the school lunch program and because parents who can afford to do so have moved to the suburbs or send their kids to private schools. George Bush wants to snoop on the surfing habits of Americans when there are Arab and Palestinian freedom fighters who cannot even go online because they are too busy dodging American and Israeli bullets. And Karl Rove has deliberately convinced GreedyCapitalist to botch up the way the classified super secret government spy machine interacts with the Objectivism Online website because he knows that people here will ask questions as to why their memory usage climbs out of the roof and that eventually the media will get wind of it and the New York Times will publish a story about it - which Karl Rove will claim is classified and vilify so that he can steal another election. It all makes sense, now. I think we need to send Cindy Sheehan to GreedyCapitalist's house so she can remove her bra and burn it in the name of Mother Earth and Workers and oppressed minorities around the world! Comrades Unite!! viva la revolucion!! The most absurd thing about this is that Dismuke claims George Bush can read. Shame on you Dismuke...shame...SHAME!!!!! Edited July 9, 2006 by Sherry Quote Link to comment Share on other sites More sharing options...
Myself Posted July 14, 2006 Author Report Share Posted July 14, 2006 David, The intrusion is back from regvista. It occured the first time I visited the website today at 1:43 PM EST. Quote Link to comment Share on other sites More sharing options...
DavidV Posted July 14, 2006 Report Share Posted July 14, 2006 I just updated the forum to the latest version, which includes an anti-virus scanner. It found a virus, which I removed. We'll see. Quote Link to comment Share on other sites More sharing options...
DavidOdden Posted July 14, 2006 Report Share Posted July 14, 2006 I just updated the forum to the latest version, which includes an anti-virus scanner. It found a virus, which I removed. We'll see.Guess that wasn't all there was to it. Quote Link to comment Share on other sites More sharing options...
Qwertz Posted July 15, 2006 Report Share Posted July 15, 2006 Can we sue? <letigious grin> Quote Link to comment Share on other sites More sharing options...
Myself Posted July 19, 2006 Author Report Share Posted July 19, 2006 The Regvista intrusion is back. I experienced it during my first visit to the website today at 5:47 PM EST. The previous details on the intrusion still apply. Quote Link to comment Share on other sites More sharing options...
Chumley Posted July 20, 2006 Report Share Posted July 20, 2006 I saw it at 12:40 this morning. Same problems. Quote Link to comment Share on other sites More sharing options...
DavidOdden Posted July 20, 2006 Report Share Posted July 20, 2006 (edited) I've found that the problem exists for me skin-dependently, and it goes away using the IPB skin rather than arobase-en. (specifically, the IPB default skin) Edited July 20, 2006 by DavidOdden Quote Link to comment Share on other sites More sharing options...
DavidV Posted July 20, 2006 Report Share Posted July 20, 2006 (edited) Yes, they hack whatever skin is currently active, so if you switch to any skin other than arobase, it goes away. I'm running out of tricks trying to lock down the site, so I am going to do a server upgrade tonight now to see if that helps. Edited July 20, 2006 by GreedyCapitalist Quote Link to comment Share on other sites More sharing options...
Bold Standard Posted July 21, 2006 Report Share Posted July 21, 2006 I think someone posted an exploit in an iFrame that attempts to hack users via the FMW exploit. I have removed the exploit (just now) and will try to determine how to prevent it. Your computer should be safe if you installed the Microsoft FMW exploit fix released a few months ago. (Edit: or just use Firefox) http://www.symantec.com/avcenter/venc/data...exploit.56.html This thing has shown up on mine too, now. I followed the link you gave, but I didn't really understand the technical language in the description. Is this "exploit" a virus that can infect our computers? I didn't know you could get a computer virus from just opening a webpage, without downloading anything. How do we find out if our computer has been infected with this virus, and if it has, how do we get rid of it? What exacly does the virus do? I don't know much about computer viruses. My "sbc yahoo internet protection" software didn't detect any viruses, but if I've been infected, can it change my antivirus software so that it's indetectable? It wasn't that program that alerted me to the "exploit" intrusion-- it was one I didn't even know I had (maybe it was the virus itself, I really have no idea, but I can't get that screen to show up again). Hm, so what should I do? I'm running internet explorer. Quote Link to comment Share on other sites More sharing options...
Recommended Posts