# Off Topic > Suggestions for Improvement >  >  Malicious URL warning

## shg

I'm getting this warning from Kaspersky on opening most any thread:

_Downloading object http://news.sentvideos.net:8509/do.php which contains a malicious URL. Blocked._

What's up with that?

----------


## jeffreybrown

Hi shg,

Haven't seen that particular error today and I'm using Kaspersky, but I've experienced other errors with the forum this afternoon so could be related.

----------


## shg

Strange ...

----------


## HaHoBe

Hi, shg,

not strange - I guess it`s the TT  :Frown:  




> Warning: Cannot modify header information - headers already sent by (output started at [path]/showthread.php:115) in [path]/includes/functions.php on line 4099



for nearly every post I want to look at, unresponsiveness of the server, problems with reporting, posting, viewing. Breakdown of services today at noon local time. The TT is doing the full pack of services here.

Only thing I can´t complain about (apart from not being informed in advance about any changes): I get only one notification for each thread - they drop in late but it´s only one. If that´s the good news of the day I´ll take only the better ones from now on.

Related thread maybe: http://www.excelforum.com/suggestion...ed-e-mail.html.

Ciao,
Holger

----------


## shg

Also, threads I've read still appear in bold.

----------


## Kyle123

It's this particularly nasty individual - has the site been hacked?:



```

```

----------


## JosephP

noscript is blocking mexstat270.pw-is that related?

----------


## john55

> Also, threads I've read still appear in bold.



Hi,
this is on my side too...

----------


## TMS

> Also, threads I've read still appear in bold.



I tend to see this on my iPad rather than my laptop ... experiencing it now.  I'm guessing it may be cookie related?

Regards, TMS

----------


## XOR LX

Not sure if this is related but Alignment/Headers/Icons all noticeably disrupted in thread posts for me.

----------


## TMS

Tech Team tinkering ... ?

----------


## vlady

me too. 
Even opening excel threads from my mail.

----------


## XOR LX

I am also experiencing no automatic re-direction after e.g. posting a thread.

And this default right-alignment is becoming a pain!

Is anyone looking into this?

----------


## Kyle123

> noscript is blocking mexstat270.pw-is that related?



Yes, the site's been compromised. Someone nasty's inserted an Iframe into the top of the page

Is suspect that that's also throwing all the html out - so that's why things are displaying randomly

----------


## JosephP

you seem to know what you're talking about-wanna take over from the tt? ;-)

----------


## arlu1201

I thought i replied to this thread yesterday itself.  I just checked and my reply isnt here.

We had a malware attack yesterday and for a brief moment today but this has all been fixed so we shouldnt see these issues again.

----------


## TMS

> so we shouldnt see these issues again.



These issues including, maybe:





> header('HTTP/1.1 503 Service Temporarily Unavailable'); header('Status: 503 Service Temporarily Unavailable'); header('Retry-After: 17200'); // in seconds print "TEST123";



and 





> Parse error: syntax error, unexpected ')' in /home/eforum/public_html/includes/functions_cforum.php on line 1715




Regards, TMS

----------


## arlu1201

TMS,

Those errors are different from the malicious attack errors we have seen.  The above errors are because of forum server slowness.

----------


## TMS

Web issues aren't really a strength of mine.

As I said in my PM to you and JB, I think it would be worth your while providing an explanation of the issues that have been and/or are being encountered, what has caused them, what has been done or is being done to remedy them and when we can expect to have a stable environment.

I think then that people would have a better understanding of the problems and may be a little more supportive.  If the site has been hacked, few people are going to blame you but it would be good to know.  If, as it seems, the new hosting is causing some issues then that is understandable if still frustrating.

It would, in my opinion, be useful to be able to categorise the problems so we have a better idea what is going on and why.  As I say, my opinion.

We're not mushrooms so please don't treat us as such.

Regards, TMS

----------


## snb

I assume the accounts have been infected of one or more administrators who have the rights to alter the htmlpages of the forum.
As soon as they log in into the webserver the malicious software puts malicious code in all the hmtl pages the administrator has access to.
So the site wasn't been hacked, but some administrators did that unknowingly.

----------


## Simon Lloyd

@snb, this forum allows html in the posts i.e  being able to supply table like grids to show your data, allowing users to post html in a public forum is a great security risk (and is cited as such in the forum manual and the admin options), those with a good understanding can exploit this if not properly protected...etc, it seems that this was the case as the malicious url originally appeared to point to a thread.

----------


## vlady

I remember few weeks ago a hacker that informs us that there is a hole in the wall or something like that. And proved that there is such since he became an "Administrator" in his/her ranking just hacking in... Just don't know if there is a connection with that person to what is happening to the forum. ( If that is the person involved maybe he is proving something)..

----------


## shg

I thought bbcode was specifically designed to avoid the security risks in allowing HTML.

----------


## snb

@simon

I don't think your analysis in this case is correct.
I really think the forum has been infected by (one of) the administrators.
The malicious software is still being shown in the privacy report in my IE.

----------


## Simon Lloyd

> I thought bbcode was specifically designed to avoid the security risks in allowing HTML.



I think you've just got a little mixed up, there is bbcode for HTML tags, this allows you to post html code and it will format it..etc (depending on the forum set up) just as [CODE] tags do, the TABLE html...etc isn't native vbulletin per sé, it's allowing html code to be posted in a public post where the html gets parsed and outputs an html table.





> @simon
> 
> I don't think your analysis in this case is correct.
> I really think the forum has been infected by (one of) the administrators.
> The malicious software is still being shown in the privacy report in my IE.



It's entirely possible but normally when its confined to posts it's not a code injection, I've helped many, many forum owners recover from hacking, code and sql injection and they all have their tell tale signs - but they're not limited to them and I agree that they don't always portray them.

----------


## john55

Hi,

I can not open the forum with google chrom, the warning it's scaring me "....the web contains malware software", do you still encounter this?

----------


## arlu1201

This issue has been resolved since morning.  You should be able to access now.  If you see any anomalies, feel free to bring them up so we can clear them up soon.

----------


## john55

it's ok now. thx!

----------


## :) Sixthsense :)

Please refer Post #11 of this thread, in which OP got the code in email with some asterisk added automatically.  Not sure it's happening now to all posts or for this OP alone...  :Confused: 

http://www.excelforum.com/excel-form...54#post3421254

----------

