# firefox is red flaging this site



## GOOFY063 (Oct 12, 2010)

when i try to open any page here i get red page that says reported attack site whats up ?


----------



## Cedge (Oct 12, 2010)

Goofy
I just logged in on firefox and got nothing out of the ordinary. The site loaded fine here. Not sure why yours gave the warning, but I'll bet Kevin does a bit of looking around when he gets home.

Steve


----------



## spuddevans (Oct 12, 2010)

I'm using Firefox and have no problems with the site either.


Tim


----------



## Noitoen (Oct 12, 2010)

The same here. Had to use IE to write this.


----------



## lugnut (Oct 12, 2010)

firefox wouldn't let me on here either, had to use IE to get here. whats up??
I just happened over night. 
Mel


----------



## rudydubya (Oct 12, 2010)

Same here, Firefox is blocking the site, but no problem with IE.


----------



## raggle (Oct 12, 2010)

I'm trying out Google Chrome on Linux (Ubuntu) and it gave a red warning of malware. Seems ok now


----------



## spuddevans (Oct 12, 2010)

spuddevans  said:
			
		

> I'm using Firefox and have no problems with the site either.
> 
> 
> Tim



I spoke too soon, it is now blocking it. I had to go into Tools/Options/ security tab and then uncheck the box labelled "Block reported attack sites", then it allows me to load the page.

I did get referred to a warning site, I have attached a screencapture if helps the mods.

I guess that it has come from the recent hack of the forum.


Tim 

View attachment Google Safe Browsing diagnostic page for homemodelenginemachinist.com_1286909127106.png


----------



## Blogwitch (Oct 12, 2010)

I got the same fault, wouldn't allow access and had to do the same as Tim above.

Bogs


----------



## arnoldb (Oct 12, 2010)

Hi guys

Yes; it seems HMEM has been listed as an attack site on Google Safe Browsing, and newer versions of FireFox pick this up.

I'm pretty sure Kevin's on the job investigating Thm: - Thanks Kevin!

Just a note to those of you who (like myself) turned off the blocking in FireFox- don't forget to switch it on again! If you are unsure of the implications of switching off the checking, rather switch it on immediately again, and check once in a while to see when things return to normal

Kind regards, Arnold


----------



## dsquire (Oct 12, 2010)

Hi gang

I have had the same problem so have switched back to IE8 btowser. This happened to me shortly after 12:01pm today. Did anyone else happen to notice what the time was when it happened to them? It may help to track it down.

In times like this I find it handy to have another browser that you can switch to so that you can still get access to the board to try and help sort out or notify about the problem.

Cheers 

Don


----------



## Cedge (Oct 12, 2010)

Also getting the warning here now. Looks like the atatck is originating from Bosnia.

Steve


----------



## Lakc (Oct 12, 2010)

If you follow the safe site links it looks like attacks from everywhere. They also stated the last time they found malware was today, so the site is probably not clean.


----------



## cidrontmg (Oct 12, 2010)

Using WinXP + Chrome. Chrome redflags HMEM, this is what the info says:

"Malicious software is hosted on 2 domain(s), including 77.78.245.0/, 77.78.246.0/.

1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including 77.78.245.0/.

This site was hosted on 1 network(s) including AS3595 (GNAXNET)."

Here is the Spamhaus page for 77.78.245.0
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL97008
Hope it helps.


----------



## ozzie46 (Oct 12, 2010)

I'm getting the red flag on firefox also. Hacd to turn off the Block site tab same as Tim.

 Ron


----------



## DOC123 (Oct 12, 2010)

Likewise here with Firefox. The backgound has changed to white as well. I'm posting this with IE which seems happy.


----------



## Foozer (Oct 12, 2010)

Same here with Firefox, unchecked the block site box. Running Ubuntu so not to worried about it.

Robert


----------



## walnotr (Oct 12, 2010)

I'm having a problem with Safari. Rebooted to Windows and IE and the problem seems to have gone away. Safari even blocked me from making a post on the forum.

Steve C.


----------



## ksouers (Oct 12, 2010)

Sorry to take so long, guys. I'm on the road.

Found some hacker code and removed it. It wasn't the same guy as last week. I'll know more when I get back home to analyze the logs.

We seem to be attracting some attention...

I'll be looking at ways to lock down the site a little more. Hopefully not break anything in the process.


----------



## Owd Bob (Oct 13, 2010)

Hi
Google flagged malicious content at 0915hrs today. It advised 4 harmful pages. Checked over last 90 days..I could not access via "Favourites" . I had to type full address.


----------



## GOOFY063 (Oct 13, 2010)

my firefox still flagged the site at 3:20 pm central time, i've turned off site blocker.  just seen that my post showed up from yesterday


----------



## Twmaster (Oct 14, 2010)

Kevin, you do realize you cannot trust the OS install this runs on or the forum software now that it's been rooted.

I hope an OS/forum reinstall are in order....


----------



## cidrontmg (Oct 14, 2010)

Google Chrome diagnostic says the page contains two elements that are malicious:
www.homemodelenginemachinist.com/Themes/Default/style.css? fin 11
www.homemodelenginemachinist.com/Themes/Default/print.css? fin 11

If that helps.


----------



## rake60 (Oct 16, 2010)

Please understand that the Google flagging of HMEM as an attack site was the result of a hacker.

The notification of HMEM being an Attack Site is on only the Firefox browser based on Google reports.
Google isn't out to shut us down, they are doing their job in protecting you.

If you are using Internet Explorer or Netscape Navigator, there is no such warnings.

I apologize for the inconvenience this has caused to our Firefox user members.

Rick


----------



## Noitoen (Oct 16, 2010)

There are warnings about malaware that simulate these warning screens to trick the users into lowering their browser's security.

I now use IE for HMEM and Firefox for everything else :big: :big:

Hope the problem goes away soon.


----------



## bob ward (Oct 17, 2010)

rake60  said:
			
		

> The notification of HMEM being an Attack Site is on only the Firefox browser based on Google reports.


I access HMEM from either of 2 Macs using Safari, interestingly I get different alert messages on the 2 machines, one says it is an Attack Site, the other says it is a Phishing Site.



			
				rake60  said:
			
		

> ....... they are doing their job in protecting you.


With respect, I don't think it has ever been Google's job to protect me or anybody, and we certainly shouldn't rely on them to perform that role.


----------



## Lakc (Oct 17, 2010)

bob ward  said:
			
		

> With respect, I don't think it has ever been Google's job to protect me or anybody, and we certainly shouldn't rely on them to perform that role.



Thats certainly microsofts stance, since their browser only checks their own database, which is no where near as expansive as Googles. 

In this case, however, Google was correct. This site *was* compromised, and *did* download malicious software onto users computers. So for the inconvienience of unchecking a box in the settings, you are at least informed you were about to infect yourself. 

Now that (hopefully) the offending script has been removed, and appropriate backdoors the attackers used to compromise the site have been closed, the process to get this site off the blacklist takes quite a bit longer then the automated way it gets on.


----------



## ksouers (Oct 17, 2010)

Yes, we did get hacked a couple weeks ago.

There were at least two, possibly three, sources for the hack. All simultaneously. No malware was downloaded to members from this site, however, one of the hacks had a redirect that did attempt to download some kind of script.

All these hacks have been removed and I've tightened up the security a notch. I've also put in place some monitoring tricks, I get reports every hour. While a couple of the hackers were pretty persistent I've been able to stay ahead of them. 

There have been no incidents of hacking in over a week. I appealed to Google to rescan the site several days ago but as Bob Ward stated I suspect they will not be in a hurry to do so.

Please be patient during this time, I have no idea when Google will get around to removing us from their blacklist.


----------



## arnoldb (Oct 17, 2010)

Thanks for the feedback and your effort Kevin Thm:
I loathe hackers! - I wear a white hat just like you do.


----------



## xo18thfa (Oct 17, 2010)

Firefox is still giving me the warnings too. Had to do this on IE.


----------



## itowbig (Oct 18, 2010)

same here had to unblock as of today 10/18/2010 9:40 am in not so sunny calif.


----------



## Corvus corax (Oct 24, 2010)

Seems to be unflagged today. Yesterday, when I tried to log on I was still getting the Attack Page messages.


----------



## Tin Falcon (Oct 24, 2010)

looks like google finaly cleared us from there bad boy list it is about time. 
Tin


----------



## firebird (Oct 24, 2010)

Hi

I just tried tried ( 19.17 uk time) but firefox is still blocking.

Rich


----------



## rake60 (Oct 24, 2010)

I'm not getting the block here at the moment.
Maybe Google is finally looking at it for us.

Rick


----------



## spuddevans (Oct 24, 2010)

I'm getting on ok, got the "block reported attack sites" option switched back on and it has been ok all day for me. (BTW I am using Firefox)


Tim


----------



## doubletop (Oct 25, 2010)

Google are now not reporting an problem any more so it looks like its sorted. Lots to catch up on and plenty to report. Not to forget the withdrawal symptoms while I was away.

I know from emails it was getting Rick down a bit but hopefully he's a happy chappy now. I am ;D ;D ;D ;D

Pete


----------



## GeorgeGreek (Oct 25, 2010)

Is Big Brother here???

George


----------



## mu38&Bg# (Oct 25, 2010)

Yup, I was let through today without issue. Much to read.


----------



## Noitoen (Oct 25, 2010)

Had to log again but it's working fine now.


----------



## firebird (Oct 25, 2010)

Hi

19.45 uk time, firefox still blocking.

Cheers

Rich


----------



## Lakc (Oct 25, 2010)

firebird  said:
			
		

> Hi
> 
> 19.45 uk time, firefox still blocking.
> 
> ...


You probably have the redirect stuck in your cache. Once I restarted firefox it was fine again.


----------



## GOOFY063 (Oct 25, 2010)

firefox is working fine now th_wav, I'm glad to be off IE 
good job everybody :bow: :bow: thanks
goof


----------



## firebird (Oct 26, 2010)

Hi

All working fine now

 th_wav

Cheers

Rich


----------



## itowbig (Oct 26, 2010)

YEEEEHAAAWWWWW i can get in here again  woohoo1 group hug *discussion* man i missed you guys :bow:


----------

