TrailManor Owner's Forum  

Go Back   TrailManor Owner's Forum > TrailManor Owners Community > Forum Admin | Account Help | Suggestion Box
Register FAQ Members List Calendar Mark Forums Read

Reply
 
Thread Tools Display Modes
Old 04-04-2012, 09:13 AM   #1
Solitary Refinement
Member
 
Join Date: May 2011
Location: Indiana
Posts: 18
Default Malware?

I usually check TMO forums when I get a free moment at work. I work on a military/government network, which has allowed me to view TMO up until today.

It's not a big deal if I can't view from work, but the reasoning it was blocked was interesting, and perhaps worthwhile to let the Admins know.

--------------------------------------------------------------
This Page Cannot Be Displayed

Based on your corporate access policies, this web site (http://www.trailmanorowners.com/forum/index.php) has been blocked because it has been determined by Web Reputation Filters to be a security threat to your computer or the corporate network. This web site has been associated with malware/spyware.

Threat Type: othermalware
Threat Reason: Domain reported and verified as serving malware. , BLOCK-MALWARE 0x003d925e. 1333551597 . 302, QAAAAQAAAAAAAAAAKKv8ACP8AAAD/AAAAAAAAAAAAAAE=.

-------------------------------------------------------------------

So it seems to be nonspecific from what I can tell, but maybe you guys can run some scans or something to make sure TMO is a clean safe site.

Cheers!

Lucas
__________________
2006 2720SL
2005 Mercury Mountaineer AWD V6
Tekonsha P3 Brake Controller
750lb Weight Distribution Hitch
Solitary Refinement is offline   Reply With Quote
Old 04-04-2012, 09:26 AM   #2
scrubjaysnest
TrailManor Master
 
scrubjaysnest's Avatar
 
Join Date: Oct 2010
Location: Big Bend area, Florida
Posts: 2,120
Default

Bill and Chris,
might this be due to some of the links we might post?
__________________
Axis 24.1 E 450 chassis, 6 spd tranny. GVWR 14500# GVCWR 22000 # GW(scales) 12400 #
[SIGPIC][/SIGPIC]

mods: 2- 100 watt solar panels, on roof, 300 watts portable



“They who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.” Benjamin Franklin
scrubjaysnest is offline   Reply With Quote
Old 04-04-2012, 10:21 AM   #3
Bill
Site Team
 
Bill's Avatar
 
Join Date: Feb 2003
Location: The mountains of Scottsdale, AZ, and the beaches of Maine
Posts: 9,497
Default

Interesting. I'll pass this to Chris, just because he is the Admin and knows a lot more about I.T. than I do.

There are hundreds of sites out there that generate "blacklists". Some are thorough, reputable, and well-maintained. Others, not so much - they are cobbled together simply so the owners can sell the list. The reason that a site is put on a blacklist is never clear, and once on a list, it is a hassle to get off. Many ISPs, especially the major ones, regularly check a set of well-maintained and reputable blacklist organizations, and that is right and proper. After all, it is in their interest to keep their subscribers happy, and spam and malware make for unhappy customers.

One of the best and most commonly used blacklist sites is Spamhaus.org. TMO is not on their list. And if you go to blacklistalert.org, you will see a list of about 55 of the top blacklists. TMO is not on any of them.

What you are seeing, I think, is that way down in the dregs of the blacklist community somewhere, TMO got a mention. I have no idea how, but my guess is that it is not because of anything we, the members, post. I should point out that whenever a member posts a link, I check it immediately for safety. It is one of the many parts of being a moderator that users don't see.

You may remember that a year or two ago, the board went through an intense period of spammer signups, mostly from Russia and China. Chris and I went through agonies, and finally pulled out some big guns and stopped it. My guess is that before we got the fence set up, one of the spammer links lit up an alert somewhere, and TMO was placed on a list. Which one? Don't know.

I will also mention that whenever anyone posts spam on TMO, he is not only banned from the board, but his information is automatically reported to various anti-spammer organizations, and eventually ends up on a blacklist. That is a real good threat for casual spammers - they go away in a hurry when they find this out.

Lucas, I will presume that you work for the Navy in Indianapolis. I worked for a similar organization for almost 30 years (and spent quite a bit of time at the Indianapolis facility as part of it). About half of our computers were on an internal network that had no physical connection to the outside world. In other words, it was not possible to go to the Internet, or send email outside the organization. The other half did have a connection method to the world, but because of all the sensitive information floating around, the checks and cross-checks and controls and blockades were exhaustive to the point of paranoia. That makes sense - you can't take exception to that. In your case, I'm guessing that you have run into one of these, as referenced by the fact that "YOUR corporate access policies" are mentioned. In other words, your organization is dipping deeper into the blacklist bucket than the big ISPs, such as Cox, Roadrunner, gmail, and so forth, do. Nothing wrong with that - a good corporate policy is crucial, and overkill is better than vulnerability. If you can identify the particular blacklist that is raising the alarm (ask your sys admin), we can go through the hoops to get off the list. Without knowing that, though, I'm not sure how to proceed. Perhaps Chris does.

Hope this helps - and reassures you that TMO is a safe site.

Bill
__________________
2020 2720QS (aka 2720SL)
2014 Ford F-150 4WD 5.0L
Bill's Tech Stuff album
Bill is offline   Reply With Quote
Old 04-04-2012, 12:03 PM   #4
ottfour
Guest
 
Posts: n/a
Default

Bill,

Just ran http://sitecheck.sucuri.net/scanner/ to check TMO and the only thing to pop up was out dated software but everything else checked clean.

Also ran Google Safe Browsing Diagnostic Page and all came back clean.

Safe Browsing
Diagnostic page for http//www.trailmanorowners.com

What is the current listing status for http//www.trailmanorowners.com?

This site is not currently listed as suspicious.

What happened when Google visited this site?

Google has not visited this site within the past 90 days.

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, http//www.trailmanorowners.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.
  Reply With Quote
Old 04-04-2012, 01:23 PM   #5
mcgyver210
TrailManor Master
 
mcgyver210's Avatar
 
Join Date: Jun 2008
Location: TN
Posts: 674
Default

You can also be blacklisted due to other sites hosted on shared server that are bad. This is kinda like guilt by association with bad neighbors.

I did a quick search for neighbors & host company but nothing jumped out as a BIG Red Flag although I didn't have time to go check any sites hosted on the IP TMO is on
__________________
Billy

2008 3023
2016 Ford F150 Platinum FX4
2003 Land Rover Discovery
EAZLift 1000lb WDH & Sway Control
Tekonsha P-3 Trailer Brake Controller - Proportional

http://www.hickscarpetcare.com/forum...mpSite2008.jpg
mcgyver210 is offline   Reply With Quote
Old 04-04-2012, 02:51 PM   #6
Solitary Refinement
Member
 
Join Date: May 2011
Location: Indiana
Posts: 18
Default

Thanks for the responses guys. I was pretty doubtful that there would be anything malicious on TrailManorOwners domain.

Bill,

You were close, but I'm not Navy. I'm just a bit south and west of the Naval Center in Indianapolis. I am a network systems admin at Joint Forces Headquarters for the Indiana Army & Air National Guard. Turns out I was still using our alternate proxy after downloading some large driver packages (as not to bog down the main proxy). I guess our reserve proxy is using some lousy filtering software, and I'll be sure to snub my nose at our IA and NOC folks next time I'm in their building!

The site works just fine on our main proxy, which routes to a National Guard Bureau regional hub in Iowa.
__________________
2006 2720SL
2005 Mercury Mountaineer AWD V6
Tekonsha P3 Brake Controller
750lb Weight Distribution Hitch
Solitary Refinement is offline   Reply With Quote
Old 04-05-2012, 12:23 PM   #7
Bill & Lisa
Guest
 
Posts: n/a
Default

I jest read this thread on NMCI military network with no issues.
  Reply With Quote
Old 04-10-2012, 08:40 PM   #8
Chris
Site Team
 
Chris's Avatar
 
Join Date: Sep 2002
Location: Rio Rancho, NM
Posts: 99,999,930
Default

We are on a shared server, and so it's possible although unlikely that one of the other sites on the server may be blacklisted. If that's the case, I can escalate to the host and have that cleared. The domain name is crossed to an IP Address - of which there is usually only one. Since there are multiple domains to an IP addy, if one bad apple pops up, it can ruin the entire tree. Let me know if it continues to be a problem and I'll send it up to the host.
Thanks
Ct..
__________________
Chris Tretta
Webmaster
www.trailmanorowners.com
www.granddesignowners.com
Chris is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 01:07 AM.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2022, vBulletin Solutions Inc.
Copyright 2021 Trailmanor Owners Page.