Possible Malware on this forum

[ct4me]

As a Precautionary Warning... Google Chrome is alerting that this forum MAY have malware...
What is the current listing status for sportpilottalk.com?
Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 2 time(s) over the past 90 days.

What happened when Google visited this site?
Of the 4 pages we tested on the site over the past 90 days, 1 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-07-11, and the last time suspicious content was found on this site was on 2013-07-11.
Malicious software includes 2 trojan(s), 2 exploit(s).

Malicious software is hosted on 4 domain(s), including nexusdentalalliance.com/, xenithpractices.org/, wafiat.ps/.

2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including wafiat.ps/, betterlife-downloads.com/.

This site was hosted on 1 network(s) including AS8560 (SCHLUND).

Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, sportpilottalk.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.

How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

[Jim Stewart]

I'm getting the same message through AT&T at home, no message at work through Sonic.net.

[FlyingForFun]

Delete

[admin]

This issue should be fixed. I requested Google to review it for a change in status. Unfortunately this website is powered by free "open source" software. That means the code is readily available for exploit. The site also runs on a shared server which means that if one website on the server gets infected, all other sites on the same server can get infected. The software is up to date but that did not stop the attack.

[Jack Tyler]

I too was warned off this site yesterday. Let's hope it's fixed. But attributing it the phpBB forum software is bogus. phpBB is one of the two most widely used forum systems in use today, yet other phpBB based forums are not in trouble. Hopefully, some serious antivirus software is being exercised on this forum's server to flesh out the problem.

Thanks for responding to this issue quickly.

[artp]

After being unable to access the site yesterday with either Google or IE (access denied), today IE is working properly with this site (first time in months).

[drseti]

Thanks to all who PM'd or emailed me yesterday about this problem. I forwarded your reports to Gerald, our domain owner, who was already on top of the situation. (thanks, Gerald!)

[N918KT]

I did remember getting a malware or virus of some sort on my computer a few months ago for going on this website. Luckily my antivirus software removed the virus/malware. The only thing that seems suspicious to me is the search function on this forum. Whenever I search something on this forum, it takes a long time to show the results (or it never shows the results actually).

I was clicking on another part of this website like returning to the main page. It never loaded that page and it was a minute or so before my computer was infected. Now I am suspicious of any page on this website that takes longer than a minute to load since I fear that I am installing a virus or malware.

[admin]

Unfortunately there will always be hackers and there will always be attacks. Every PC should be protected. I use the free and excellent Panda Cloud Antivirus software. There is only a tiny little bit of software that resides on your machine and all of the main computing is done "in the cloud." In other words, on a very fast computer somewhere on the internet. So your computer is never bogged down and slowed down like McAfee and Norton.

http://www.cloudantivirus.com/en/#!/fre ... s-download

By the way, I have never heard of anti-virus software running on a web server. This website is hosted on a 1and1 Internet shared server, probably one of the largest website hosts in the world. If there is a way to prevent these attacks I'm sure they would have already done it. This website has been attacked several times since 2003 and I'm sure it won't be the last.

[zaitcev]

Unfortunately this website is powered by free "open source" software. That means the code is readily available for exploit.

Oh, puuuleeeze. All it means is that it's easier to fix.

The site also runs on a shared server which means that if one website on the server gets infected, all other sites on the same server can get infected. The software is up to date but that did not stop the attack.

That's closer to the point.

[zaitcev]

But attributing it the phpBB forum software is bogus. phpBB is one of the two most widely used forum systems in use today, yet other phpBB based forums are not in trouble.

Well, Java is used even wider and it gets hit with expoits regularly. It's not important if the exploits are fixed in time. Gerald has already mentioned that he suspected a host breakout on a sibling client.

One way or the other, PHP is susceptible to injects. This is why WP was a hotspot of exploits for years. It's even worse when installation is done in such a way that server has to write somewhere. It's bad enough when attacks screw with the database.