Warning: Malware Seems to Be Attacking Crib Chatter

I’ve been informed by several diligent chatterers that when they attempt to go to Crib  Chatter from a google search- a malware program attempts to install itself onto their computers.

Apparently- links in the RSS feed are also trying to do the same.

I apologize for the attack.

Apparently- coming directly to the site through the URL is working properly.

I’ll be working to repair these problems as soon as possible.  Thanks for your patience.

Sabrina

9 Responses to “Warning: Malware Seems to Be Attacking Crib Chatter”

  1. I thought I was the only one! Don’t install anything that pops up!

    0
    0
  2. Zekas, you scamp! 😉

    0
    0
  3. This is a fairly deep invasion on the CribChatter servers (BlueHost.com).

    When a CribChatter page is requested with a referer of Google, the BlueHost server responds with a 302 (system moved) code that redirects to a (usually Russian) spam server. It behaves normally without the Google referer.

    For example:

    302 Found

    Found
    The document has moved here.

    Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8g DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at http://www.cribchatter.com Port 80

    Connection closed by foreign host.
    %
    –>

    0
    0
  4. This is a fairly deep invasion on the CribChatter host server (BlueHost.com).

    BlueHost is responding to any request with a referrer of google.com with a 302 error (document moved) and redirecting you to a (probably Russian) spam and virus site.

    Sabrina — let the admins know ASAP.

    For example (all ”
    #html>#head>
    #title>302 Found#/title>
    #/head>#body>
    #h1>Found#/h1>
    #p>The document has moved #a href=”http://87.248.180.90/in.html?s=sg”>here#/a>.#/p>
    #hr>
    #address>Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8g DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at http://www.cribchatter.com Port 80#/address>
    #/body>#/html>
    Connection closed by foreign host.
    %

    0
    0
  5. This is a fairly deep invasion on the CribChatter host server (BlueHost.com).

    BlueHost is responding to requests with referrer of google.com with a 302 (page moved) error and redirecting traffic to a (probably Russian) spam and virus server.

    Sabrina — please let their admins know ASAP.

    Test case (results removed because I can’t get them to post):
    ###
    telnet http://www.cribchatter.com 80
    GET / HTTP/1.1
    Host:www.cribchatter.com
    Referer:www.google.com

    ###

    Kevin

    0
    0
  6. Thank you Kevin!

    This is VERY helpful. Bluehost didn’t believe me about what it was doing until they saw your message. (ha! ha!)

    In the meantime:

    Everyone please don’t click on links within the Feedblitz feed.

    Access Crib Chatter only by coming directly to the site- actually typing in the name in your browser. If you get here that way- the links are fine.

    I’m working to get it fixed as soon as possible!

    0
    0
  7. Ok, we got you fixed up and updated some other vulnerabilities that caused the initial issue, it was only an .htaccess attack this time. Remember, register_globals On = bad !!

    0
    0
  8. Anyone know what that site does? I didn’t click on anything, but the page started to load a couple of times.

    0
    0
  9. Thanks. I had cancelled the feeblitz because of it.

    0
    0

Leave a Reply