Jump to content


Photo

Security warnings concerning LSP


  • Please log in to reply
95 replies to this topic

#1 LSP_Kevin

LSP_Kevin

    Senior Member

  • Administrator
  • 39,468 posts
  • Gender:Male
  • Location:Melbourne, Australia

Posted 28 April 2010 - 10:35 AM

There's a mini-discussion going on over at HyperScale at the moment concerning the so-called security warnings some people are getting when they try to visit LSP. I just wanted to clear up some misconceptions about what's going on here.

Firstly, most of these warnings are a year or more out-of-date, and concern an issue we had with a version of Frank Crenshaw's Scale Calculator software we were hosting. The offending file was removed over a year ago, but some of the sites that track such things have not been updated to reflect that fact. Many A/V software packages appear to rely on information provided by these sites to determine if a website you visit might be dangerous. It seems that McAfee is one of them, at the very least.

We do have a legitimate security issue at the moment, but it's a redirect attack that is only triggered if you arrive at the LSP forums via a Google search. The redirect appears harmless, but I'm working to eradicate it as quickly as possible. It doesn't affect the main website at all.

Ultimately we need to upgrade the forums to a more secure version of the software, so I'll post an announcement about that once the details are sorted.

Kev

#2 Firecaptain

Firecaptain

    Hooked For Life

  • LSP_Members
  • PipPipPipPipPip
  • 494 posts

Posted 28 April 2010 - 12:45 PM

I just started getting the warning about a month or less ago......if it takes McAfee THAT long to update that kind of info
into their system, I am wondering how quick they are to react to the really bad stuff out there......
Joe

#3 Kaeone57

Kaeone57

    Hooked For Life

  • LSP_Members
  • PipPipPipPipPip
  • 363 posts
  • Gender:Male
  • Location:Miami, Fla. U.S.A.

Posted 28 April 2010 - 02:17 PM

LSPers, BEWARE!!!!


It's a conspiracy by exclusive 72nd, and 48th, scale builders who still anger at the amount of plastic needed for 32nd, and larger scaled aircraft kits. This in their eyes is detrimental, and has led them to mind altering tactics to get their point across, hence the warning being given. This warning is backed by an instant burst and static discharge of electrostyrosmallscaleamust, with an immediate effect, in effect, to the effect ,of the brain thats in effect. Now that's effective.

Don't believe the hype,
Peace,

Alfonso

BTW-Obviously I had nothing better to do at the moment I typed this, just taking a break from the cartoon B(S)-17G, and feeling a bit LOONIE TOONISH... :lol:

#4 JamesHatch

JamesHatch

    Senior Member

  • LSP_Members
  • PipPipPipPipPipPip
  • 2,334 posts
  • Gender:Male
  • Location:LSM HQ, Northern UK Division.

Posted 28 April 2010 - 04:20 PM

I do think there IS a problem with LSP at the moment. Sorry to mention this. For the last couple of weeks, I've been receiving a strange redirected URL when I've clicked on either direct LSP links from Google, or from within LSP itself. Below is a screenshot of what I get, taken about 10 minutes ago.

Posted Image

I get no problems with other sites and I wonder whether someone has placed a script in your root.


sig.jpg


#5 LSP_Kevin

LSP_Kevin

    Senior Member

  • Administrator
  • 39,468 posts
  • Gender:Male
  • Location:Melbourne, Australia

Posted 28 April 2010 - 08:22 PM

I get no problems with other sites and I wonder whether someone has placed a script in your root.


That's exactly the redirect I mention in my opening post Jim. It's harmless, but annoying - although AFAICT is requires the referrer to be Google in order to trigger, and shouldn't do so from within LSP. I'll have to check that out.

It's an RFI attack that I've traced to an unset variable in the IPB admin code, but I still can't figure out how they're executing. There's no script at the root; I've been all over the LSP files and directories many times now looking for it, and nada so far. The trouble is, the LSP website now consists of many thousands of files, and any one of them could be carrying the trigger code. I'm beginning to suspect, however, that the trigger has been stored in the database somewhere.

I'd much rather be building a model...

Kev

#6 SJPONeill

SJPONeill

    LSP Junkie

  • LSP_Members
  • PipPipPipPip
  • 64 posts
  • Gender:Male
  • Location:Near the Spiral, NZ

Posted 30 April 2010 - 06:01 AM

It's not just McAfee - I use TrendMicro and it blocked me from entering either LSP pages or the forum until I manually added them to my approved sites list...until I did so, there were all sorts of dire warnings about proceeding to the site...

#7 LSP_Kevin

LSP_Kevin

    Senior Member

  • Administrator
  • 39,468 posts
  • Gender:Male
  • Location:Melbourne, Australia

Posted 30 April 2010 - 07:20 AM

It's not just McAfee - I use TrendMicro and it blocked me from entering either LSP pages or the forum until I manually added them to my approved sites list...until I did so, there were all sorts of dire warnings about proceeding to the site...


Yep, from what I understand the two A/V programs that issue these warnings are McAfee and Trend Micro. I haven't heard about any others so far.

Kev

#8 MarkS

MarkS

    Hooked For Life

  • LSP_Members
  • PipPipPipPipPip
  • 416 posts
  • Gender:Male
  • Location:Milwaukee, WI

Posted 08 May 2010 - 04:37 PM

Avast is now reporting a Trojan when accessing this site:

5/8/2010 11:24:52 AM http: //www4.suitcase52td.net/?p=p52dcWpkbG...WhtZZycmA%3D%3D[/url] [L] JS:ScriptIP-inf [Trj] (0)

suitcase52d appears to be a known malware site (at least it is being report as such (http://www.freepcsec...us-sites-may-8/)

Once Avast blocked access to the site, I was able to come back and access the site without problems.

#9 JohnB

JohnB

    Senior Member

  • LSP_Members
  • PipPipPipPipPipPip
  • 6,505 posts
  • Gender:Male
  • Location:USA

Posted 08 May 2010 - 05:10 PM

I had a problem accessing LSP this morning. I was getting a security warning from, supposedly, Windows saying my computer was potentially infected with malware. As soon as I clicked on the LSP link in my Bookmarks the site would come up for about a second and then disappear and the warning message would show up. This was ONLY on LSP. I had received a warning earlier this week from Lifelock about a similar thing with instructions to hit "ctrl", "alt", "delete" if this happened and NOT to use the mouse to eliminate or scan for viruses, and do not use the mouse to close the window. Just be sure and use "ctrl", "alt", "delete" and then close the program. THEN scan your computer. I use Zonealarm and, sure enough, it found a problem and eliminated it. Now all seems okay. I hope this helps in finding and eliminated whatever is going on with the LSP site.

John

Be careful of the toes that you step on today for they may be connected to the ass you have to kiss tomorrow.


#10 jmathewstn

jmathewstn

    Newbie

  • LSP_Members
  • Pip
  • 7 posts
  • Gender:Male
  • Location:Nashville, TN

Posted 08 May 2010 - 08:34 PM

I use AVG.. no problems on any part of the site.

#11 JamesHatch

JamesHatch

    Senior Member

  • LSP_Members
  • PipPipPipPipPipPip
  • 2,334 posts
  • Gender:Male
  • Location:LSM HQ, Northern UK Division.

Posted 08 May 2010 - 08:39 PM

I use Avast Internet Security and no issues shown here.


sig.jpg


#12 ValiantWagon

ValiantWagon

    Hooked For Life

  • LSP_Members
  • PipPipPipPipPip
  • 255 posts
  • Location:Melbourne - Australia

Posted 08 May 2010 - 08:51 PM

I use Avira and the security warning as reappeared today. Which is interesting because I have LSP whitelisted. :frantic:

Chris

#13 LSP_Kevin

LSP_Kevin

    Senior Member

  • Administrator
  • 39,468 posts
  • Gender:Male
  • Location:Melbourne, Australia

Posted 08 May 2010 - 09:22 PM

I had a problem accessing LSP this morning.


Hi John,

Was that the main LSP website, or the forums?

Kev

#14 JohnB

JohnB

    Senior Member

  • LSP_Members
  • PipPipPipPipPipPip
  • 6,505 posts
  • Gender:Male
  • Location:USA

Posted 08 May 2010 - 09:33 PM

Hi John,

Was that the main LSP website, or the forums?

Kev


It was the website home page. And darned if it hasn't started doing it again. However, I find if I'm quick on clicking on Forums it doesn't happen. Whattaya figure?

John

Be careful of the toes that you step on today for they may be connected to the ass you have to kiss tomorrow.


#15 JamesHatch

JamesHatch

    Senior Member

  • LSP_Members
  • PipPipPipPipPipPip
  • 2,334 posts
  • Gender:Male
  • Location:LSM HQ, Northern UK Division.

Posted 08 May 2010 - 09:41 PM

I too get a 'threat detected' on the LSP home page using Avast Internet Security.


sig.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users