Warning: Malware Seems to Be Attacking Crib Chatter
I’ve been informed by several diligent chatterers that when they attempt to go to Crib Chatter from a google search- a malware program attempts to install itself onto their computers.
Apparently- links in the RSS feed are also trying to do the same.
I apologize for the attack.
Apparently- coming directly to the site through the URL is working properly.
I’ll be working to repair these problems as soon as possible. Thanks for your patience.
Sabrina
I thought I was the only one! Don’t install anything that pops up!
Zekas, you scamp! 😉
This is a fairly deep invasion on the CribChatter servers (BlueHost.com).
When a CribChatter page is requested with a referer of Google, the BlueHost server responds with a 302 (system moved) code that redirects to a (usually Russian) spam server. It behaves normally without the Google referer.
For example:
302 Found
Found
The document has moved here.
Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8g DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at http://www.cribchatter.com Port 80
Connection closed by foreign host.
%
–>
This is a fairly deep invasion on the CribChatter host server (BlueHost.com).
BlueHost is responding to any request with a referrer of google.com with a 302 error (document moved) and redirecting you to a (probably Russian) spam and virus site.
Sabrina — let the admins know ASAP.
For example (all ”
#html>#head>
#title>302 Found#/title>
#/head>#body>
#h1>Found#/h1>
#p>The document has moved #a href=”http://87.248.180.90/in.html?s=sg”>here#/a>.#/p>
#hr>
#address>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8g DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at http://www.cribchatter.com Port 80#/address>
#/body>#/html>
Connection closed by foreign host.
%
This is a fairly deep invasion on the CribChatter host server (BlueHost.com).
BlueHost is responding to requests with referrer of google.com with a 302 (page moved) error and redirecting traffic to a (probably Russian) spam and virus server.
Sabrina — please let their admins know ASAP.
Test case (results removed because I can’t get them to post):
###
telnet http://www.cribchatter.com 80
GET / HTTP/1.1
Host:www.cribchatter.com
Referer:www.google.com
###
Kevin
Thank you Kevin!
This is VERY helpful. Bluehost didn’t believe me about what it was doing until they saw your message. (ha! ha!)
In the meantime:
Everyone please don’t click on links within the Feedblitz feed.
Access Crib Chatter only by coming directly to the site- actually typing in the name in your browser. If you get here that way- the links are fine.
I’m working to get it fixed as soon as possible!
Ok, we got you fixed up and updated some other vulnerabilities that caused the initial issue, it was only an .htaccess attack this time. Remember, register_globals On = bad !!
Anyone know what that site does? I didn’t click on anything, but the page started to load a couple of times.
Thanks. I had cancelled the feeblitz because of it.