What is going on over at music-electronics forum?

Loudthud · January 14, 2013, 08:23:27 PM

I tried to get on MEF today and Microsoft Security Essentials popped up a window telling me that it found something it didn't understand and ask me to send it to them. Perhaps some kind of malicious code. There was also something called Exploit:JS/Blacole.KV that was quarantined.

Is it that hard to prevent this crap on the website end, or just expensive? I don't really want to start using a different browser. Last time I tried going on the Sunn forum (a child of MEF on the same server) the key click on my computer started going off like I had pressed on a dozen links.

DrGonz78 · January 15, 2013, 05:21:35 AM

It seems more and more that something really bad has infected the Adsense and google analytics scripts on MEF. I for one have not stopped going on the site and Tboy is definitely working on a fix. I mean let's face it MEF is a priceless site!! SSguitar is priceless too! The main problem is that the infected scripts could be coming from outside sites that connect to the main site. So scanning all the pages in the site is difficult to do... However, Sophos has cleared MEF and now it only looks like badware/google are really showing the site to have infections.

I found that some of the crap at one point is originating from Russian servers... Which is not too uncommon with attacks on websites in the same regard. Many times it is from a Ukraine server somewhere or etc etc etc... However, even then the originating servers that are sending this crap are proxy to the originators of the codes. Then the only last one to blame is really the host servers which one of them is always Google back bone. I saw on VBseo.com website a post about "Has Google been hacked?" there is a post to that original thread. There is an updated posted on 01-11-20013 by Hodsdiash regarding this topic on the forum. When you click the link nothing is there now...? Scroll down and look under "Off-Topic & Chit Chat" section... You will only see the four posts from 2012 regarding the Has google been hacked topic...

http://www.vbseo.com/forums/

At one point I could see the MEF had been hosted on AS48172 OVERSUN....
Russian connection point... Now I don't see that connection at all and only saw it on there for brief period while researching. Kinda strange.
There are even links for this host network that have direct link to microsoft home page...
http://www.microsoft.com/web/hosting/hostingprovider/details/364

Most of the time I see a additional host links on AS29933 OFF-CAMPUS-TELECOMMUNICATIONS - Off Campus Telecommunications... But at one point for a about a day AS29933 was not on this list and AS48172 was... look below to the webpage I am referring to below>>>

Look at this link for info regarding this fact.
http://www.google.com/safebrowsing/diagnostic?site=http://music-electronics-forum.com

J M Fahey · January 15, 2013, 07:01:47 AM

Cool, nice investigation.
Specially because it looks like we get different google results depending on where we live.
Clicking the exact same links you post give me Spanish Language results, although *everything* in my PC, from Windows version to Firefox to AntiVirus and everything in between is set up in English, so they are *clearly* watching me and among other stuff, they check my IP address.
So I get no Russian results at all, unless I specifically browse a Russian site.
Big Brother + the Matrix are alive and kicking.

FWIW your Google link shows:

QuoteNavegación segura
Página de diagnóstico de music-electronics-forum.com

¿Cuál es el estado actual de music-electronics-forum.com?

El sitio aparece como sospechoso. Visitar este sitio web puede dañar su computadora.

En los últimos 90 días, se indicó 260 veces que parte de este sitio realizaba actividades sospechosas.

¿Qué ocurrió cuando Google visitó este sitio?

De las 712 páginas que probamos en el sitio durante los últimos 90 días, 298 páginas tuvieron como resultado la descarga e instalación de software malicioso sin el consentimiento del usuario. Google visitó el sitio por última vez el 2013-01-14. La última vez que se encontró contenido sospechoso en este sitio fue el 2013-01-14.

El software malicioso está alojado en 6 dominios, incluidos samplesstimulate.info/, fepawctes.myfw.us/, roamerpeertopeer.info/.

Este sitio se alojó en 2 redes, incluidas AS29933 (OFF), AS15169 (Google Internet Backbone).

¿Este sitio ha actuado como intermediario en la distribución de software malicioso?

En los últimos 90 días, music-electronics-forum.com no pareció funcionar como intermediario para la infección de sitios.

¿Este sitio ha alojado software malicioso?

No, este sitio no ha alojado software malicioso en los últimos 90 días.

¿Cómo ocurrió esto?

En algunos casos, terceros pueden agregar un código malicioso a sitios legítimos, lo que podría ocasionar que mostrásemos el mensaje de advertencia.

So, what must be explained is this: why MEF does NOT host malware but YES 50% of its pages "lead to unaprovved downloads"?
Obviously some embedded code or script leads you from a clean site to an infected one.
Can't some code snippet be written which blocks that?
I mean, I'm avoiding problems by using NoScript and AdBlock as add ons, but maybe something similar can be applied to the MEF server itself.

Note: even if Spanish, the words I highlighted are close enough to equivalent English ones to make comparison easy.

Note 2: although not often aknowledged, English is incredibly "Latin", or to be more precise: "Italian"

Some examples of "very English" words and their Italian origin:
Cook > cuocco
Ink > inchiostro
City > cittá
Avenue > avenida
Parliament > parlamento
and so on and on and on

Roly · January 16, 2013, 08:14:17 AM

Quote from: J M Faheyalthough not often acknowledged, English is incredibly "Latin"

Quite so. :dbtu:

I managed to be a straight "Z" language student at school, French, a bit of Latin, but I've always been interested in English etymology, so when I see "malicioso" the context says "mal" = bad and I can often get a sense of the meaning from the conjunctions and a few scattered words in Italian, Spanish, and somewhat in French.

Recently I needed to read a cited research paper on wind turbine noise in French (gulp) yet I was surprised how little I had to resort to Google translate to get the general sense. (and it turned out to conclude exactly the opposite of what was being claimed; boy did I have fun with that :trouble )

Brings to mind a song lyric;

If you spoke a foreign language
you could move to a foreign land.
But people speak to you in English
and you still don't understand. :lmao:

Been wrassling with an XP reinstall and it seems to me that Mickysoft don't actually speak English either. So much text - so little information. :grr

sssteeve · January 17, 2013, 05:35:33 PM

In the past it was the banner ads that were blamed for the malicious site warnings at MEF. I'd suggest getting rid of the banner ads by having members pledge donations to replace that revenue if they wish (it would be strictly voluntary.) With PayPay subscriptions we could have a specific amount donated to MEF on whatever schedule works for us. One-time donations are nice but are not something that you can count on in a budget. I'm on a fixed income but I could cough up $5 every other month to help support the site.

I don't know if tboy is still running MEF on his own server but with enough revenue coming in he might want to migrate to something else to increase bandwidth and security.

If the malicious links are found within the posts of new members then I think that measures should be taken to prevent that. Here's one idea: why not prevent new members from posting links until they have been vetted by tboy or one of the mods, which would happen only after a waiting period of, say, 30 days.

One of the reason people join the forum is to ask questions about a specific problem in which case there really isn't a need to post a live link. They could still upload pictures to illustrate their problem, or if a link to a site was actually necessary they could spell it out with <dot> replacing the period in a web address.

Speaking of people who join to look for a solution to a specific problem many of them never log on again once they get their answer. If a new member doesn't log on again for something like 6 months perhaps they could be automatically sent an email asking them to reply if they wish to remain a member.

Just some thoughts going through my mind...

Steve Ahola

Loudthud · January 17, 2013, 08:14:27 PM

I got on there today without a problem using Window's InPrivate browser. I PM's tboy and he says he thinks he got all the bad code out. Google did a scan and didn't find anything.

On the diyAudio forum a moderator has to approve your first five posts. There are alot of members that have never posted. I found both the founders of Audio Precision on there and neither have ever posted. I PM's one of them and he replied within 24 hours.

macsledge · January 19, 2013, 11:53:33 PM

Well, I'm very happy to see MEF up again. It's definitely one of my favorite music electronics sites.

DrGonz78 · May 02, 2014, 01:48:28 AM

No sense making a new thread here... The question is relevant to the current situation. I am wondering what's going on over at MEF? Anyone? Seems that the domain name expired and hopefully the site will be back up soon.

Enzo · May 02, 2014, 01:57:35 AM

I know nothing of it, but hopefully he just needs to pay a bill.

I know if I don't send Blue Cross a check tomorrow, my medicare advantage account will go away.

J M Fahey · May 02, 2014, 02:17:49 AM

Think the same.
I *guess* TBoy isn't logging in every day , very probably because of Business/Family , so he might have missed some "You're late on your payment" warnings.
If somebody has some direct EMail or connection, please use it to relay news to him.

tonyharker · May 02, 2014, 04:28:51 AM

I see now that their domain name expired on 30/04/2014 and is pending renewal or deletion!!!

DrGonz78 · May 02, 2014, 06:32:03 AM

When I have donated to the site it goes to a related site called firebottle.com. So in an attempt to let Tboy know I sent the email to the support email that accompanies the donation page. Hopefully that works and hopefully he is already aware.

bluesky6 · May 02, 2014, 10:21:21 AM

Quote from: tonyharker on May 02, 2014, 04:28:51 AM
I see now that their domain name expired on 30/04/2014 and is pending renewal or deletion!!!

I saw that yesterday while trying to respond to a thread.

The site should have been on auto-renewal. That's what I do with my important domain names (actually singular nowadays).

The problem is that of email notifications. A lot of domain name owners don't pay attention to the email reminders to renew or the latter is dumped to gmail's overly excited spam folder.

Let's hope it gets back up soon.

g1 · May 02, 2014, 01:42:08 PM

Well, the only good news is I tried to buy the domain name through the godaddy link and it said the "domain is not available".
Dr.Gonz, thanks for the reminder about the paypal thing. In case it's a financial issue I sent a donation via paypal to paypal (at symbol) firebottle.com. Those donations are accompanied by an email to him titled "you've got money" so I think he will have it set up so those don't go into his spam folder

. Added a note about hoping to see the site back up, so if he was unaware of the issue he should be notified now.

bluesky6 · May 02, 2014, 01:47:39 PM

Quote from: g1 on May 02, 2014, 01:42:08 PM
Well, the only good news is I tried to buy the domain name through the godaddy link and it said the "domain is not available".

There's usually a grace period after which the domain name goes up on auction.

News:

User Controls

Recent Posts

What is going on over at music-electronics forum?

Loudthud

DrGonz78

J M Fahey

Roly

sssteeve

Loudthud

macsledge

DrGonz78

Enzo

J M Fahey

tonyharker

DrGonz78

bluesky6

g1

bluesky6