I just logged into the members area at Sky and my Norton Antivirus software went crazy saying it found the Bloodhound Virus and two different Trojan Horse Files.

I will IMMEDIATELY cancel my subscription and never return to this or any site affiliated with you if you don't have a DAMNED good explanation or a fix for this problem.

I don't know why your anti-virus program would indicate anything amiss in any parts of my website. I've taken a good look and can't find any kind of virus, trojan, or anything wrong. It's a dedicated server - no shared server stuff or stuff put there by any hosting company, and I never use anything strange or bad like that. Most likely you visted another (somebody else's) website earlier, which gave you a delayed console containing a cookie or some other item that got activated later, when by chance you happened to have my page open.

SM

That is most certainly not what happened.

I just returned to the members area to test your theory...I got the same series of antivirus warnings and quarrantines in the same sequence...exactly the same file names...

It is DEFINITELY something with your site specifically because I don't get these warnings anywhere else I go.

Sky-- it's not just him-- I got the same warnings, too, and norton said it can't fix them. I hope to hell I don't have to take my computer in to get rid of this. The stuff that's on this computer isn't exactly something I would want someone else to see.

I've tested again, and there still seems to be nothing wrong with my pages. It sounds as if a trojan that must have been picked up on someone else's site activated itself at the same time you visited my page. I just don't have anything on my pages that can cause that kind of problem, and there doesn't seem to be any indication of my site having been hacked at all. I will continue to do more tests, but so far there seems nothing there amiss.

I may have to move this topic to the off-topic section, because it gives the impression that there is a problem on my site specifically, which so far as I can tell seems to be not the case, and I'm not currently in the kind of position where I can actually afford to scare off potential members.

SM

Bloodhound Virus

There is no such virus as a "bloodhound virus". This apparently is the name Norton gives to a feature of the anti-virus system whereby it gives a warning when it sees a file that it considers suspect, but for which there is no known virus in its virus definition file. It apparently uses heuristics for this purpose. False positives seems to be a known consequence of this "feature". Please let me know the EXACT page where you are seeing the bloodhound warning, so I can see eliminate the possibility some aspect of the wording on that page might be triggering Norton's bloodhound warning (maybe it detected my page is unwanted "porn", or some such ridiculous thing).

SM

Seems that this feature of Norton Anti Virus causes "falses positives" in various kinds of situations. Here's a discussion on the web wehere they mention another example:

http://lists.sans.org/pipermail/list/2004-April/047715.html

There's quite a lot of discussion on the Norton's Bloodhound feature and false alarms that it produces.

E.g.

http://forums.pcper.com/printthread.php?t=358695

http://www.dessci.com/de/support/TSN/TSN62.stm

http://www.bearshare.net/showthread.php?t=31454&page=2

SM

I just logged into the members area at Sky and my Norton Antivirus software went crazy saying it found the Bloodhound Virus and two different Trojan Horse Files.

I will IMMEDIATELY cancel my subscription and never return to this or any site affiliated with you if you don't have a DAMNED good explanation or a fix for this problem.

good riddance, pompous boy!

Hey, Ape - quietpr was obviously just very concerned. Much as I disagree with programs that use misleading or ill-explained features that alarm users unncessarily, I still have sympathy for the users.

If you bought a brand new security device for your car which claimed to detect patches of oil or potholes in the road, and while you're driving along it suddenly flashed up a huge red light telling you that there was a "bloodhound" hazard coming up and there was no way to remedy it, you'd stop the car and feel pretty angry about the state of the road. You wouldn't necessarily realise that there was nothing wrong with the road but that your super security device had merely seen something in the road that was visually similar to part of a hole, flagged a warning, and then failed to "repair" it because no hazard had actually been found.

SM

http://www.wettingherpanties.com/index.html

Sky, I don't know what's going on, but I just had 6 different warnings come up on this page. I don't know whether or not it's your site or not, but this is the second time I've gone to that page, and the second time this has happened. Only one of these was called a bloodhound virus. I tried to copy and paste the virus warnings so you could see for yourself, but it wouldn't let me do anything other than acknowledge the warnings.

Let me correct myself-- 3 viruses-- 2 trojans, and one bloodhound. Each one came up with two windows which is why I thought I had six separate viruses, one window saying Unable to repair, and the other, saying access to file denied (I wrote it down this time). Here are the three:

Bloodhound.Exploit.6
C:\documentsand....\index2[1].htm

trojan horse
c:\documentsand....\exploit[1].htm

trojan horse
c:\documentsandsett...\fuck[1].htm

Hi, I got a virus message after logging into skymouse's site, also, but Norton said it deleted the file. Mine seemed to be in the arena of a java app. (not javascript). I don't know if skymouse uses java for any of his pages, but if so, it might be something hard to trace down.

And for Justme and quietpr- I can understand your frustration. I as well can't stand these types of things, but I think we can all agree if it is something with skymouse's site, he most certainly didn't do anything on purpose. He's not out to get all of us with viruses.

I'm going to look into this further. If I find any information, I will let everyone know. This is pretty serious, and hopefully will be solved, soon.

-Bill

Sky,

I'm afraid I've been getting similar warnings with Trend Micro - I've just tried it again and got two, detected as either virus or spyware, immediately on going into your site, http://www.wettingherpanties.com/index.html

The first one came in on a file called exploit[1].htm and was called HTML_REDIR.A

The second one came in on a JAVA applet called GetAccess.class-3f2606b3-42f7d752.class and was called JAVA_BYTEVER.A

I can't tell whether these are real viruses, or just the virus protection system gone ultra-sensitive. Personally, I don't mind it being ultra-sensitive if it's gonna stop my systems getting viruses, but it is a little annoying, one way or the other.

Can you verify that these are legitimate files on your site? Every time I get these warnings, the files concerned are quaranteened so they are inactive and yet they don't seem to cause any problems not being there...

Lloyd.

Justme, as I understand it, "bloodhound" isn't the name of a virus -- it's the name of a feature in Norton Antivirus. The way this feature works, from what I've been reading, is that if it sees a page or a file with a sequence of characters the same as a sequence of characters that has also been known to exist in a virus, it gives you a bloodhound warning. My guess now (having been reading up on similar situations) is that the other warnings you got at the same time was a list of viruses that contain the same group of characters. Perhaps the characters are coincidentally part of one of my image names, or by chance the same string of characters occurs (in binary) in one of my thumbnails on that page, or maybe my links to AC Prime link to a page that reminded Norton of spyware.

It'd be useful if I had the full message you were getting, because then I could send my file to Norton and ask them to check to see what is causing the false warning, and maybe even get them to correct their anti-virus code to stop it happening in future.

Until then, I can also confirm that I have checked my page a further time, and it doesn't contain any kind of javascript or other executable stuff that could cause a trojan in any way. To get a trojan or virus, you actually have to run program code of some kind. In the case of web pages, this would have to be either a link to a program, or else some kind of script that ran automatically and exploited a weakness in Windows or your browser in some way. We don't have either kind of thing - our index.html is in fact just plain HTML, and it doesn't have the capability to carry a virus - that capability doesn't exist in HTML.

The other possibility, other than the false positive that seems commonplace with Norton's "bloodhound" feature, is my initial theory, that something which you picked up from another site operates in such a way as to make it appear to originate at my site. There are certain things, often called browser "Toolbars" (although sometimes they don't look like toolbars, and cvan be invisible). These are trojans that get embeded in your browser, and which activate themselves under certain conditions. This might be when your browser views a page containing key text of some kind. The toolbar might then try to send information about your browsing habits back to base in order to give an advertiser a competitive advantage in knowing what kind of spam to send you later. Sometimes, they also "hijack" your clicks and try to send you to their own pages, for example to make you see advertising popups or pages, or to make you receive a tracking cookie that you wouldn't otherwise receive, etc. Some of these uninvited events might conceivably trigger an antivirus program - and this would happen on a quite innocent page.

Potentially, a "toolbar" could be deliberately programmed just to appear to come from a certain web page, maybe for malicious reasons (e.g. to discredit that web page). Although this is possible - and no doubt there are people who might want to do this to us - there's no reason to assume that this is what has happened, and I would think the first two possibilities are more likely explanations.

I would strongly recomend using a spyware detector such as Spy Sweeper. You can download this from http://www.webroot.com . You may
be surprised at what it finds.

SM
SM

Hi Lloyd,

I've had a look again, and there is no java of any kind on that page either.

SM

You're correct...having done some background checking, I find that bloodhound is not a virus...but thew system warning me it has found a virus.

But what it then tells me is that it's rejecting the permission from this site to view a file that's apparently located in my documents and settings folder and it then lists two different Trojan Horse programs it's blocking...so it's not just some random false positive I don't think...I doubt it would see a trojan that's not there...trojans are relatively complicated bits of software...

Ok, I think the problem should be solved now.

Please all try visiting the index page again www.wettingherpanties.com and let me know if the problem is gone.

Please let me know if it still happens, and if so on which other page, so I can fix those too.

It turned out to be something very simple. :oops:

SM

Sky-- What I typed in my last post is exactly, charactor for charactor what showed up on the warnings, each virus getting one window saying access denied, and another saying unable to fix.

Billlyy-- I never even considered the possibility that Sky would do this deliberately. My only concern is to get this taken care of before he DOES lose subscriptions.

Sky-- On the bright side, whatever it is that my computer picked up, it hasn't seemed to have any effect.......so far. :)

The message should be gone now - I found the cause. Please try viewing the page again. (Please clear your browser cache (delete temporary files) first if you still see the problem, as you could be seeing a cached version).

SM

One other thing I find rather curious. I have both IE 5.0 (the browser I usually use) and netscape 7.0 on my computer, and just for the hell of it, I just tried going to your opening page on my netscape browser, and got nothing-- no warnings, nothing out of the ordinary. Hopefully, this is a bug in IE.

Justme, it in fact does make sense that the Netscape browser didn't throw up the warnings. Once I have a verification that the warnings are no longer appearing for anyone, I will explain the simple (but embarassing) thing that had caused it.

SM

The problem has been removed

It turned out to be harmless (not a virus) and was caused by something fairly simple. For security reasons, I prefer to wait until I have confirmation from a number of you that you are no longer seeing warning messages before I describe what was causing it.

You may also need to clear your browser cache (in Internet Explorer, go to Tools | Internet Options | Delete Files) in order to make sure you stop seeing the warnings. This is because although the problem is fixed, your browser might not see the repaired version until you do the above step.

Please could you all let me know whether the warning are gone now (having first deleted temporary files, if necessary

SM[/b]

OK, Sky, explain away! :) The warnings are gone, so whatever link was on your site doing the damage has been fixed.

Congrats on acting so swiftly by the way. I'm sure it wasn't anything intentional and that you had no idea what was causing it, but the fact that you worked at getting the problem fixed in only a matter of an hour or so since I posted is good response in my book!

Cheers,
Lloyd.

Sorry about that, Sky, you and I must have been typing over each other. :)

One way or the other, whatever it was is gone. I'm impressed all to hell. :D You're a helluva webmaster, mister!!

Before I even saw your suggestions, I not only cleaned out the temp files, including all cookies, I also have a program on here called clean up-- I ran that, deleted all history, cleared out my trash bin-- I mean I CLEANED HOUSE HERE!! Unbelieveable how much faster this damn thing is running!! LMAO About the only thing left is to take out the hard drive and hit it with a steel wool pad!! :D :D :D

Lloyd, all will be revealed soon - I just want to see two or three more people confirm that it is fixed first :) I learnt this hesistation from being a programmer for years :)

However, it is now nearly 6 a.m. here, and unfortunately I have to be up and about in just an hour or two as the airconditioning engineers are coming this morning and will be working in my bedroom (which means I need to grab an hour or so of sleep quickly now before they come). So my technical explanation may have to wait until a bit later today :)

SM

I'm sure this is all very worthwhile, but why such reliance on Norton products? I will never use any of their software ever again, since it went wrong on my computer and completely filled my hard disk full of crap so that there was no alternative but to reformat, thus losing everything. It would not even let me save stuff to cd.
Norton software to me is a virus, in that it takes over your system software and therefore can conflict with the manufacturers stuff that is already there.
Take my advice, throw your computer away before installing anything from Norton, and if you've already paid for it, sell it on Ebay, there are plenty of sheep-like suckers out there who are ready to believe adverts from well disguised con merchants.

Yep, it's gone for me, also. I tried going to the site exactly as I did before- even without clearing cache (to try to MAKE the message appear again), and I can't make it come back. It's as gone as dry panties on Lynx :P

BTW- I use Firefox 1.0 with Sun's Java Runtime Environment installed.

Thanks, Sky for such a quick response, and giving up sleep to expedite the fix!!

Crazyhorse, I agree that the whole Norton Systemworks package is one of the worst things you can put on your computer, but if you ONLY install the anti-virus part, it isn't too bad. At least for me.

Quietpr,

I would just like to comment on the tone of your original post. I remember many years ago our firm released some software which triggered a spurious virus alert - and indeed on one occasion we did actually release a few disks with a real virus on them.

Although people do their best, both real and spurious incidents are going to happen from time to time. Unfortunately, because of the analogy with VD, people have got into the habit of reacting like you did - as though Sky had had digital sex with someone and you were his partner!!

Your anger should be directed to the virus makers, and even more towards Microsoft, who did not take security remotely seriously until recently.

David

I've just read this whole thread, having not been affected by the problem myself. I think it just goes to show what an exceptional webmaster Skymouse is. I understand that you were scared by what happened, quietpr, (as I would have been) but I think you might have given an old friend the benefit of the doubt until proved guilty. By all means alert Sky and other users to the problem, but I think your threat to unsubscribe was a little premature.

Estelle

I have had no problems with the site over the last 48 hours
then again I don't use Norton as my AV I depend on trend.
I have had a look in the logs and my last virus detected was on the 1/10/2004 from a file I downloaded from a reputable site.

I also am no longer getting virus alerts on any of your pages, Sky, in either Netscape or IE. This whole episode illustrates why I use Netscape. I was totally unaware there was a problem until I started reading this thread. Just on a hunch, I tried opening Sky's home page in IE and immediately got a storm of virus alerts. That was last night. The problem is definitely gone in both browsers this morning.

In defense of Norton Anti-Virus, I've been using it for years and have found it effective and trouble-free. My former employer used it on over 200 PCs with no problems. Norton System Works is another story. It almost destroyed a new PC I bought a few years ago. It was then that I learned Symantec tech support is useless, in fact nearly non-existent! I finally repaired all the damage System Works caused, removed it, then demanded and got a full refund.

—Bloom

Ok, I'm happy to say that the problem is gone now. Here is what happened.

The affected page was http://www.wettingherpanties.com/index.html . That appears to be the only page that was affected.

The page had been modified, with an IFRAME tag being added. The IFRAME tag opened a competitor's page in a 1-pixel high iframe. This in itself wouldn't have caused any problems - perhaps the intent was to direct traffic to my competitor's page in order for them to rack up clicks to their sponsor, or something similar to that. However, their web page in turn also had calls to one or more other web pages, apparently including some of their sponsors, and one of these pages contained a java program that attempted to exploit an old bug in Internet Explorer. This bug, which I understand was fixed by Microsoft some time ago in one of their Windows Updates, enables a java program to cause the surfer's browser to download a file to their computer without permission. In this case, the culprit's sponsor seemed to use this method to try to place a file called fuck.html in the visitor's c:\documents and settings folder. I haven't seen what this file contains, but as it is an HTML file that is intended to be loaded locally, it probably would contain an advertisement for the sponsor's porn site.

Although apparently not a virus or trojan and not able to carry out anything damaging to the surfer's computer, storing an advertisement without the surfer's permission or knowledge is, in my opinion, a very bad practice, and a form of spam. My policy is to avoid linking to any site that is known to use adware of this type. On this occasion, unfortunately, the index page was modified by an unauthorised person and the link added to a porn site, which in turn contained sponsor links, one of which led to a page that used this adware technique.

I have removed the link from my page and changed my FTP login details for that domain. Since there is no Telnet access to my server, and the FTP service has good security, it seems probably that whoever added the link must have obtained my login details - according to my ISP, a brute force attack is unlikely, and they have good up-to-date security systems on their network protecting all the managed servers. The problem should therefore not recurr. The person who changed the page was probably another webmaster who I gave the login details to a long time ago in order to do some work on the page for me, who then probably sat on the login details for a time before making use of them to change my page in order to direct clicks to his sponsors.

Fortunately, the code being detected was just adware (spam), and in most cases would not have succeeded because Microsoft's windows updates had already plugged the security hole in Internet Explorer that the adware was trying to exploit. (Visitors would still have seen the warning messages even if their Internet Explorer didn't have the vulnerability.) However, it does illustrate that it is important run the Windows Update regularly. For my part, I had already toughened up my policy on letting other technical people carry out work on any of my sites - this would have been someone who had my details before then - and I have now made further changes to toughen my policy still further.

SM

Imagine picking up a virus from a sex site. There's something ironic about that! I suppose next you'll be telling me that Spurs will be beaten by Fulham. Shocking.

I take the security of this computer VERY seriously...I am glad the problem has been solved and wasn't anything serious...and I apologize for being short with Sky, but the one thing I will not tolerate is the risk that my computer might be compromised...I have a lot of very important work on this computer...I've made backups but nevertheless...I can't risk losing years of research that could be worth thousands of dollars some day soon over net porn. :)

Thanks Sky for finding the problem...it's gone for me as well.

To Sky...I should also clarify that my threat to unsubscribe was not meant as an insult to you...it's simple a cold hard fact...any site that might contaminate my computer is a site I cannot return to.

I'm glad you found the problem so quickly though...I'd have hated to lose this site.

CH-- For whatever it's worth, I've used Norton, McAffee, and PC Cillin, and of the three, Notron has caught more gabage-- spyware and adware included, than the other two combined. Between the Nortons, my ISP security features, and the new updates from MS, it's not too often that something gets through. AS a matter of fact, I've had this laptop for almost a year now, and that's the first time I've gotten a message saying that I'd picked something up, and there wasn't anything I could do about it.


Sky-- I know what it's like having to work late into the night to keep a customer satisfied, and then get up early the next day, and I don't wish that on anyone. I can't thank you enough for the dedication you showed to your customers. I really do appreciate the extra effort.

To Sky...I should also clarify that my threat to unsubscribe was not meant as an insult to you...it's simple a cold hard fact...any site that might contaminate my computer is a site I cannot return to.

I'm glad you found the problem so quickly though...I'd have hated to lose this site.

Do get off your high horse! If your computer is so valuable to you that it forces you to adopt such a pompous tone, why are you using it to surf porn sites?!?

Quietpr,

If you connect your computer to the internet you expose it to some risk - wherever you go. The Blaster worm attacked any unprotected machine - all it did was to invent possible IP addresses and try them! Hard disks also FAIL from time to time.

The answer is to back up well - use a cycle of tapes or DVD disks or whatever so that you don't end up overwriting a good backup with a bad one! If your data is so valuable you may also want to consider what would happen in the event of a house fire. Do you store a backup off-site?

If viruses make you lose your cool like that, it is probably because you are not adequately backed up!

David

yeah i got the warning as well. it seems as though you have it fixed, wich is good cause i love this site but if you want some more info. here is my virus logs about the attack.


Time:10/29/2004 21:05:20 PM Module: IMON object: file Name: h\ttp://5sec.biz/acc46/new/GetAccess.class Virus: Java/Exploit.Bytverify.F trojan action: connection terminated


Time: 10/29/2004 21:05:18 PM Module: IMON Object:file Name: h\ttp://5sec.biz/acc46/new/GetAccess.class Virus:Java/Exploit.Bytverify.F trojan Action: connection terminated

Time: 10/29/2004 21:05:06 PM Module: IMON Object: file Name: h\ttp://5sec.biz/acc46/exploit.htm Virus: Action: connection terminated

i broke the links so noone would click on it by accident, but i hope this is helpful.

BTW I use NOD32 antivirus, and i would recommned it to everyone, its a little more diffuclt to use than nortan, but it finds more virus, with less false positives. i do PC repair, and i always cary a copy of NOD32 with me, i;ve found as manyas 27 virii(i know thats not a real word but i like it damnit) on PCs running udated versions of other AVs. it uses waay less system resouces as well, i can play games while running a scan and get barley any lag. (not trying to sell anything here-reread it and it kinda seemd like it lol, just giving my professional advice)

congrats to sky on getting the site fixed so fast.

Do get off your high horse! If your computer is so valuable to you that it forces you to adopt such a pompous tone, why are you using it to surf porn sites?!?

Ape...I can only afford one computer...it's not my fault that I have limited funds to work with.

I have back-ups, but I've seen virii jump from main frames to back-ups before the virus itself is even noticed.

Norton quarrantined the 23K of data automatically downloaded to my machine and called that a bad sector on my last disk-scan...I'm fortunate that data didn't write to an area that could corrupt any files, becasue once it's been dubbed a bad sector, you can never get it back.

Ape...I can only afford one computer...it's not my fault that I have limited funds to work with.


Quietpr,

I can sure understand the situation - but the reality is that the web is
getting insane with this stuff. Sooner or later you're going to get
trashed by stuff like this if you go to porn sites (Sky's site is a porn
site - even though it doesn't seem so to us). The spyware folks are
getting more clever all the time - Sky's site takeover this morning
(evening for him) are a good example. So is the takeover of
Maculatus's great site. Clever folks, those spyware creators.

The reality is you're going to be far safer if you simply give up
online porn to protect your only machine. If you use XP, turn on
the firewall. Download Adaware (www.lavasoft.com), and keep
your virus software up to date.

But the folks in Romania want YOU and anyone else who goes to
a porn site, and no matter how we all try, EVERYONE will get crap
in their machines sooner or later, some irritating, some downright
evil and destructive.

So I'd suggest just bagging online porn until you can come up
with an older machine (very cheap these days) and put it behind
a HARDWARE firewall (most routers have that function - turn it on!),
and don't keep important stuff on that computer.

It's just going to get worse - this time next year we'll look back
to this time as 'the good old days'!

Good luck - your wet geek friend,

Dave
WPNW

I think part of my outcry was shock...I've NEVER had problems with Sky's server...and Sky's is the ONLY porn site I visit anymore...(and some of his affiliates like female desperation)...the rest are too much of a crapshoot. I don't believe the malicious programming thing is inevitibly going to wind up on every single machine...I this the problem will always have boundaries...but you're certainly right that this is a dangerous hobby (being a member of a porn site)...as I've said...I may have sounded furious with Sky, but I was more furious with the situation...the threat to pull my subscription was just a necessity...not a personal attack on Sky...because if his server is compromised and he can't fix it...I can't stay.

Another way to protect your computer is to install VMWare. You can have a virtual machine running that you use only for surfing porn sites. If you set it up just right, you can have viruses and spyware wreak all the havoc they want, and just re-boot the VM, and you are back to a clean machine, all the time your regular installation of windows remains completely untouched. I use this technique when setting up publicly used computers for an event, and it works quite well.

...I hadn't heard of such a concept...sounds insteresting...

I'll have to look into VMWare...thanks for pointing it out to me.

I use a laptop as well so I can well understand quietpr's worries. You really should back up your work though. I 've got my course work backed up on CD, and on the servers of the College and my firm.

By the way I have a question! I've run Spybot. I found WT lurking :wink: (only kidding!!) but seriously I've found something called DSO exploit and can't get rid of it. Should I worry and does anyone know what it is? I've only visited Skymouse, Female Desperation and Wetset that you could possibly call naughty sites although I'm not the only user. And apart from the obvious windows tools are there any programmes that cover up that I've been here?!

Holly x :)

Holly, DSO explot is not a specific virus or trojan - instead, it is the name of a security flaw that used to be in Internet Explorer. Spybot is telling you that it thinks your Internet Explorer has this flaw. It was in fact fixed by Microsoft some time ago in the Windows Updates. However, Spybot still sometimes mistakenly thinks the flaw still exists in your Internet Explorer. Here is an article I found on the net that describes how to get rid of these warnings:

http://www.pchell.com/support/dsoexploit.shtml

Needless to say, you must also make sure you have run the Windows Updates, to make sure your Internet Explorer is really free of this flaw and others.

SM

While on the subject of security, it is probably better to use another browser such as Mozilla, and another email client (rather than outlook express) such as thunderbird. It is partly that these (free!) products are less loaded with useless gizmos that can contain flaws, but also because the virus writers obviously target Microsoft stuff on the whole.

David

Sky,

Thank you for your very prompt advice. What wonderful service we get here!

I've had a look but I don't trust myself with changing registry settings, so I'll just put up with it. It's good to know there's nothing to worry about though.

Holly x :D

Ps. I'll get back to my homework now!! :cry:

It's good to know there's nothing to worry about though.

True - but it does show how important it is to do the windows updates and to keep your anti-virus software up to date :)

SM

I seem to neglect doing windows updates. Can someone give me a brief guide in how to do this?

Grant. :?:

Grant, one way is to do the Windows Update online, by visiting the following address on Microsoft's site:

http://v4.windowsupdate.microsoft.com

SM

I missed all the fun! :cry:

I can confirm that I get no virus warning with McAfee VirusScan on the index page referred to.

Sp PLEASE will you put us out of our misery and tell us what caused it?! :shock: Since the page has changed, I can't look at the offending code to try and work it out myself... :roll:

Mind you, if forced to guess in the absence of any remaining evidence, I note that this is the one page that links to other web sites via their banners. If one of them had been black-listed as the target site for trojan reports or the data string passed to it contained an identity like a class id that was used by a trojan, all hell would break loose on trying to load your page. Let's see how near to the mark I am tomorrow... err, later today! :?: :D

Scroll up - he did

Dave
WPNW

I've been away for a few days so I've only just seen this thread.

I've just got 2 things to say:

1) I agree with Estelle 100% - this goes to show how comitted Sky is to this community. Webmasters of most other fetish sites I can think of would have either deleted the original message to prevent bad-publicity, or would have looked into it, found nothing at first and concluded that it must be a problem at the user's end. From what I've read, Sky spent a heck of a lot of time on this problem, while calmly posting his progress here, until it was fixed! WOOT!!

2) DavidEngland99 also makes a great point - why is it so hard to convince people to use Mozilla Firefox over IE?? 99% of viruses and spyware and adware are written to work with IE, so if you use Firefox you are much safer!! Also, considering that Firefox doesn't replace IE, once you have it you can simply choose between the two, why not give it a go?

(before people jump on me, I'm not a Mozilla fanatic - there's things about Firefox I hate - but purely from a spyware/adware prevention POV, why the fuck not at least have the program?

Meh... :)

There are a LOT of websites that are optimized for IE and don't work in Mozilla or Firefox. I don't use those browsers for that reason.

Quietpr,

All this is rapidly going 'off topic', but can you give me an example of one or two of these sites - I have not encountered any problems, and indeed some sites are much nicer to view with Mozilla because it blocks all the pop-ups.

Also, Mozilla just feels less glitchy!

David

I apologize for taking this thread even farther off-topic. Maybe Sky can move it for us. I use Netscape, which appears to be identical to Mozilla, 90 per cent of the time. I switch to IE only for those sites which won't display properly in Netscape. All Wetting Her Panties pages and the web cams display perfectly in Netscape. However, for the past six months or so, I've had to use IE to access this message board. Attempting to access it in either Netscape or Mozilla on my PC yields the following message:

Forbidden

You don't have permission to access /phpBB2/wetting.html on this server.
Apache/2.0.46 (Unix) mod_perl/1.99_09 Perl/v5.8.0 mod_ssl/2.0.46 OpenSSL/0.9.6g DAV/2 FrontPage/5.0.2.2634 PHP/4.3.3 mod_gzip/2.0.26.1a Server at www.knicker-wetting.com Port 80

—Bloom

2) DavidEngland99 also makes a great point - why is it so hard to convince people to use Mozilla Firefox over IE??
Simple. 'Cos IE is there, already, and also works for 99+% of the time.

Most folks are more than happy with 'good enough' if it means they won't have to go off and actually do something.

Me included. I'm more than happy with my Wintel machine and don't find myself motivated to try anyrthing else. This includes Linux/Unix, Macintoshes, or any other Operating Systems. Back in the days of CP/M I could 'command-line' along with you all, but these days I just want to turn it on and make it go.

I've developed the same kind of attitude with my car - I want to drive it, not fix it!

Back on topic: On this machine, which didn't quite have all the latest updates from M$, Sophos had a hissy fit as well. On my home machine, with the auto-update system on, no problem at all.

Boris.

Sorry for appearing to skip back a whole ton of posts in my reply above. Last night, Sky's reply was not visible when I read the page! Today, it and the subsequent posts are there!! I have appropriate browser cache settings and it was the first time that I had viewed the page, so the issue is not at my end. It clearly isn't at Sky's, as the posts we visible to thers. So, one of the ISPs between Sky and me must be having to cache his pages because they are so popular and had an out-of-date copy accidentally! Isn't it nice to be popular...

My diagnosis, about a link to another page, was also reasonably close, although I hadn't guessed that Sky had been hacked. You state above, Sky, that you have tightened up on procedures for allowing people update access to your site. You probably realise this now, but it is also very important to change passwords with that level of access regularly (say, every month) and also every time someone who knows it stops working on the site for any reason.

On your question about wiping out browsing tracks, Holly, there are a number of things that you can do, but Microsoft (possibly as a result of some deal where they got off the US anti-trust action against them lightly) keeps a record of every Internet site that you visit that you cannot normally see or delete. I recall writing quite a long post about that, but I don't remember if it was here at Skymouse. If you want more information, drop me an e-mail. There are some packages advertised that claim to remove tracks, but I fear many of the cheap or free ones may themselves be trojans! I have written software to do the job myself but anyone not into operating system programming can probably buy similar packages from major suppliers like McAfee and Norton.

Quietpr,

but can you give me an example of one or two of these sites
David

Any site with Shockwave - there are LOTS of them out there.
You'll get a 'plug-in not available' from Mozilla.

Also, there are LOTS of sites that format weird on Mozilla.

Just spend an hour with it and you'll find PLENTY of examples
yourself. I wanted to 'go Mozilla' with every best intention, but
I get annoyed if I have to keep switching browsers to make it
work. Even my own company web site won't load - it uses a
Shockwave file on the entry page.

When they make it work with ALL sites, they'll have some ground
to stand on.

But do your own research - you'll see what we're talking about.

Dave
WPNW

You state above, Sky, that you have tightened up on procedures for allowing people update access to your site. You probably realise this now, but it is also very important to change passwords with that level of access regularly (say, every month) and also every time someone who knows it stops working on the site for any reason.

Yes - that is the main change I've made. As there is no Telnet access to that account, or other known points of vulnerability, it boils down to technical personnel who were given the login details at any one time in the past.

SM

Wet Pacific Northwest,

I run Mozilla 1.7.3 and shockwave stuff seems to work OK for me - not that I use that sort of site much, so there may be issues that I have not encountered - but it certainly does not say plugin not available. I expect it was a problem a few versions back.

Obviously people will vary in their views about such things, and I don't particularly wish to support Mozilla, although I do feel peeved that Microsoft with all its resources has left the world with such a flakey operating system/browser/email system. In general, I want less features, more robustness.

David

As for sites that don't display correctly on Mozilla, I've found that web pages created with Microsoft Frontpage many times won't display right.

Frontpage creates really dirty and messy code, and I'm sure that Frontpage testers used IE only before it was released. My co-worker likes Frontpage, but after he creates a page, I have to go back and clean it up, and then it displays correctly. He uses IE, I use Mozilla Firefox.

I used to use Netscape as a browser, but they did an upgrade, and I found I had problems with it. So I went over to using IE and (with the auto-update feature) have had no problems since.

I used to use Eudora as an email client, but they did an upgrade, and it just plain stopped working! So I went back to Outlook (NOT Outlook Express), and have had no problems since.

Draw your own conclusions. I just offer this as a data point in counterpoint to all the Microsoft-bashing.

Boris.

As for sites that don't display correctly on Mozilla, I've found that web pages created with Microsoft Frontpage many times won't display right.

Frontpage creates really dirty and messy code, and I'm sure that Frontpage testers used IE only before it was released. My co-worker likes Frontpage, but after he creates a page, I have to go back and clean it up, and then it displays correctly. He uses IE, I use Mozilla Firefox.
Do you submit your pages to W3C's validator? Frontpage is awful, as is Word's HTML creation, but frankly I'm not convinced of any of the commercial HTML-generation programs. I hand-craft mine using PFE (a fairly simple text editor) and then nowadays submit them to W3C for validation to XHTML1.0 Transitional standard.

Interestingly, I notice that Sky's front page appears to be HTML4.01, but the others have no DOCTYPE declaration. The galleries have:

<meta name="generator" content="Skymouse's gallery thingy, version 1.11">
in them, and are I might add some of the cleanest HTML code I've seen on a commercial site, although not fully HTML or XHTML compliant.

Boris.

I think the salient point of the modern version of 'browser wars'
is that IE is simply the only browser that reads EVERYTHING out
there. Whether crappy Frontpage code or crappy Notepad code,
and everything in between, the folks at Microsoft have spent the
time to make the browser (bloated as it is) read any mess that
might come along!

If you have good sypware software and anti-virus, it just works
fine, no matter WHAT software was used to produce the site.

I long ago gave up 'geeking' on computers - I just want them to
work, and have suitable protection against hacking and spyware.
People who think that IE is 'inherently prone' to hack attacks just
don't get it - hackers are in it for the attention, so they target
the OS and browser that MOST USERS HAVE. If Mozilla or
Macintosh were the MAJORITY, you can darn well bet that the
hackers would find the weaknesses in THOSE platforms as well!
They just don't bother cuz 97% of users run Wintel boxes and IE.