HTF Reported Attack Site (1 Viewer)

I've been browsing the site for the past hour or so, but upon going back to the forum index I've now got an attack site alert from my Firefox:



This is using the latest version of Firefox (32.0) on Windows 8.1, and my system is scanned and has never had any malware. All other websites load up just fine. The details for the attack vector are:



I've tried force refreshing the page in case it's just a temporary problem with certain ads, but now the entire website format has gone funny, as though all scripts have been disabled:

I see the same thing on Firefox. Not with IE, though.

Same here on Firefox. Not with Chrome.

Same thing for me....using my I phone now to be safe

Interesting. I'm now logged in via Internet Explorer 11 with no phishing alert. It's not surprising, since IE uses a Smartscreen Filter which is powered by a different anti-phishing system than the Google Safe Browsing system used by Firefox. What's odd though is that it's not occurring on Chrome, since you'd assume Chrome uses the same Google Safe Browsing service.

Either way, having cleared my browser cache and cookies in Firefox, I still get the attack site warning for HTF, and only for HTF. So unfortunately it looks like the HTF owners will need to resolve this before Google them as a malware site (probably something embedded in a new ad script).

EDIT:

More bad news. Being flagged by Google Safe Browsing means the google search result for Hometheaterforum is also tagged with a 'This site may harm your computer' sentence under the first result:



and clicking on that result, even in IE (and I assume any browser), gives this warning:

I got a malware warning in Chrome and Firefox and now accessing things through the app.

Shortly after posting that Chrome was letting me in, it did start blocking the site. At first I thought it was one particular thread, but no go. I'm on now via Tapatalk on Android.

Google sent us links to a few pages earlier this week that they flagged as containing malware. We looked them over and then involved our support and were unable to find anything amiss on them. Here is an example: http://www.hometheaterforum.com/topic/293906-rear-speakers-wont-play-sound-samsung-surround-system/page-0 (note I was just on this page, its safe). We are not sure why Google is flagging random pages this week and are working with our hosting provider to get to the bottom of it.

This is also happening using Safari.Currently using the App on my IPhone

Just a few minutes ago. I hit proceed asnyway.

I was reading posts when I got an e-mail to do a survey and I did this and went back to HTF using my Mozilla Firefox browser and got that page and read the next but saw no way out of it. I had a screen pop-up saying that a harmful virus had been stopped but nothing in the Virus Vault. This is the latest Firefox. I went to Version 24 of Opera which I am using little and using to write this post. It had been a very long time since this kind of page has come up for me. I don't use Explorer because on various machines it has never held for more than a couple of minutes and then disappeared off the screen. Odd. Google Chrome I have given up on which includes Gmail because it started playing up after they changed so much, got rid of their daily news snippets and so on. I have never used Safari. So how do we get this fixed? I can't cut the line out of the "most used" dropdown and copy/paste the url from Opera gets the same page Warning Page on Firefox. Prefer to use Firefox because Opera 24, like Opera 17 had the tendency to reset the machine and this happened first using those two versions after 2 weeks use on upgrade. I had used 12 for a long, long time as a result and resisted upgrading but as 12 got more and more troublesome in other ways I answered the pop-ups to upgrade and had also started using Firefox again which seems to have ironed out a few previous problems like Saving webpages etc. Computers. Good when they work right!!!!!

Where to now?

To top it off Nitrateville has been unavailable for a day and I get a one-line message that the site was not configured at that site etc. I went to their Facebook page and there was one message from someone, unknown to me, who left a message that they got that was different to what I got but meant the same. No other messages from anyone else there but I did a brief one. The Facebook page, like others attached to forums I use, seems to be little used by anyone.

Same problem here. Decided to use the Android app until this is resolved.

We can't do anything to fix this, this is entirely an issue with code on the HTF site, which only the HTF owners can address. What's probably occurred is that certain ad providers on this site are trying to overzealously track your site behavior, and thus have been flagged as malware. Those ads/scripts need to be removed before this malware flagging is revoked.

In reality the risk is minimal. There are several layers of protection in modern operating systems like Windows 7 and 8, which when combined with sandboxed browsers like Internet Explorer and Chrome (sadly Firefox is yet to be properly sandboxed), means that nothing can be installed on your system without your explicit permission (i.e. a UAC prompt appearing and asking you whether you wish to install X program), nor can malware lodge itself into critical areas of system memory or alter core system code (the kernel) due to built-in protection including DEP, SEHOP and ASLR, especially on 64-bit systems.

Worst case scenario is that malicious javascript is allowing a third party to access the data you enter into this site, and possibly other sites, on your browser. I'm logged in via IE right now as aside from being a sandboxed browser, I don't use IE to browse any other sites, so my other data is safe. Once this is all over, I will, as a precaution, flush my browser cache and cookies, change my HTF forum account's password, and that'll be that.

Bottom line: No malicious software is being installed on your system. It's most likely just some dubious javascript in your browser cache, put there by an ad provider, which may compromise your browser's data. So either use the HTF app on your tablet or smartphone, or use a different browser to the one you normally use just to view HTF, then reset everything in the browser and change your password once we're given the all-clear.

I hope Ron can sort this out fast!
My Firefox is impossible to navigate even if I say 'proceed despite warnings'.
And I hate having to go into IE and get past all the junk that infests their home-page.

AnthonyClarke said:

I hope Ron can sort this out fast!
My Firefox is impossible to navigate even if I say 'proceed despite warnings'.
And I hate having to go into IE and get past all the junk that infests their home-page.

Click to expand...

You're probably seeing what I saw as posted in the third image of my first post - Firefox seems to strip certain scripts/code out of the site even if you say you want to proceed past the attack site warning page, which results in a formatting jumble.

Anyone else receiving security warnings when accessing the site using Chrome or Safari?

Yes, many people are experiencing it. I'm on my iPhone app now, but saw it earlier. There is another thread about it.

Same here with FIRFOX If my spelling is messed is due to no word spell showing up.
So mod, who did you BAN or SUSPEND in the last 7 days then? As someone is really pissed off. That is what this is about.

I've installed Spyware Terminator and is Crwaler that got the page back up.
Someone has used a feature to flag the site as harmful and we all know the site is legit and been up and running since late 90's.

Need to find the flagging that (but this pardon me fu&ker is reading this, topic/page right now and laughing his ass off)

The site is responding slow now due to the other plug-in Crawler.

This is due to bluray 4K bullshit and someone has gotten really ticked off in same flame-war so what flame war was brewing this week and who was banned/suspended? Was it that White Elephant 4K thread a few days ago that was locked? Maybe that OP flagged the site.

I checked the site for condition it states "safe" yet still the message appears below the site as unsafe, Unsafe my foot up the persons ass who did this!

I've had a couple of flags from Microsoft Security Essentials this past week when accessing HTF.