• Responding to email notices you receive.
    **************************************************
    In short, DON'T! Email notices are to ONLY alert you of a reply to your private message or your ad on this site. Replying to the email just wastes your time as it goes NOWHERE, and probably pisses off the person you thought you replied to when they think you just ignored them. So instead of complaining to me about your messages not being replied to from this site via email, please READ that email notice that plainly states what you need to do in order to reply to who you are trying to converse with.

  • IMPORTANT! PLEASE READ!! About the Google Adsense ads being displayed

    =====================
    Posted 08/15/2025
    =====================


    Yeah, I know. They are a pain in the butt. But they pay the bills to keep my server running. Just a fact of life, I am afraid.

    Want to get rid of them? Simple. Just become a Contributor level member or above and they will be gone. -> Please click HERE."

    Is that too much for me to ask of you to keep this site running? Well, sorry about that. I too wish I could get everything for free. But alas.....

    =====================
    Addendum: 01/10/2026
    =====================


    Google Adsense ad revenue for December, 2025 was just $30 over the cost of the lease for the server running this site. So, in effect, the money providing the incentive for me to continue running this site is coming SOLELY from the paid memberships and sponsorships here. Which honestly ain't much....

Exploit Toolkit Website 33 Attack

TheFragginDragon

TheFragginDragon

New member
Joined
Aug 15, 2005
Messages
3,976
Reaction score
347
Points
0
Age
63
Location
Casco, MI
For the second time in a week, I've gotten a popup from my Norton Internet Security when I've accessed the site. The details are in the attachments.

It doesn't happen every time I access it, but this specific threat has only happened when I accessed it. One possibility I was thinking about, perhaps the redirect is coded in one of the banner ads that rotate on the main page? Since the redirect occurs as soon as I had accessed the page, I didn't have the chance to even see what banner ads(s) were up at the time.

I'll post if/when it happens again.

Anyways, if anyone else has had this happen, chime in.
 

Attachments

  • NIS pic 1.jpg
    NIS pic 1.jpg
    97.1 KB · Views: 589
Nothing here. :shrug01: But looking at that error screen of yours, it appears to be saying that the attack is coming from your own PC. Or am I just reading that wrong?
 
I know this might sound dumb, but did you scan your own computer using another virus checking program?
 
Doesn't sound dumb at all. The only anti-virus software I use is NIS, but I also use Spybot S&D as well, neither have come up with anything.
 
I'm Getting Them Too!

Rich I've gotten 3 attacks in 2 days. My Norton says it's Blackhole Toolkit Website 36, Blackhole Toolkit Website 31 and Exploit Toolkit Website 33. What I've read via google my Norton IS 2013 is saying that there is malware loaded in an add somehere on Fauna and every time I visit Fauna's website Norton is blocking an attack from this malware which is trying to expolit vulnerabilities on my pc.

Google is saying the malware has to be wiped at the website hosting servers end. According to Norton this malware is very high risk. The malware tries to load a trojan which steals login password info. So if you pay your bills online BEWARE! I've done scans on my pc and Norton says it's not infected. Since yesterday Norton has blocked 3 high risk attacks and I only get them when I go to Fauna.
 
For the 3rd time today, my AVG blocked a threat. Not 4 minutes ago, I clicked on an ad for Bufo alvarius adults posted by a "Bruce Banner" and got the latest threat blocked. I, too, only got the threats here.

Unfortunately, I didn't look closely at the threat, so can't ID ... but I use AVG, Spybot S&D, Malwarebytes and CCleaner, and use all regularly. (Can you call me paranoid? lol)
 
Beats me. I haven't seen anything of that nature myself. I took a look around on the server for both the FaunaClassifieds.com and FaunaAds.com files, and nothing looks out of place there. If it is a particular Google ad that is causing the problem, I can block it if I know the source URL for it, and alert Google about that problem.

But Google ads aren't really as content focused as they used to be, and are more weighted towards YOU and other places you have visited and what keyword searches you might have used in their search engine. So it's quite possible that I will NEVER see the same Google ads that someone else is seeing here.

So if it happens again, all I can ask is that you try to determine the actual source of the problem and I'll do what I can about it. Not much else I can do at this point with the information provided.
 
I just went back to see if I could ID the blocked threats on my AVG program ... naturally, the info was not archived. I will pay much better attention if it should happen again.

The scan I ran was clean.
 
I got another attacked as soon as I clicked on the e-mail link to this thread. Once again it was Exploit Toolkit Website 33. What I've read up on it says that the website is loaded with an infected Iframe. Every time that the infected website is visited, a malware program tries to run and exploit your computer for vulnerabilities in Java, Adobe Reader and Adobe Flash Player. Make sure those programs are up to date. If your anti virus is up to date it should block the program from running. If not a password stealing trojan will be launched onto your computer.
 
Got the Blackhole AVG pop up for the first time today myself
I run Firefox and have yet to load the 24.0 update due to some screwy acting things the last week or so.

:shrug01:

LauraB said:
For the 3rd time today, my AVG blocked a threat. Not 4 minutes ago, I clicked on an ad for Bufo alvarius adults posted by a "Bruce Banner" and got the latest threat blocked. I, too, only got the threats here.

Unfortunately, I didn't look closely at the threat, so can't ID ... but I use AVG, Spybot S&D, Malwarebytes and CCleaner, and use all regularly. (Can you call me paranoid? lol)
Click to expand...
 
Everything I've read on the net says that someone, a hacker, has loaded a malware program on Fauna through an infected IFrame that looks to load a password stealing trojan thorough computer programs like Java, Adobe Reader, Adobe Flash Player, etc. For the past 3 days Norton has blocked attacks on my computer every time I login into the main page at Fauna. I also get attacked when I login to respond to this thread. I feel sorry for those who anti virus-software is not up to date as they will get infected.
 
The distribution is wide spread and pretty much random


http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0422

Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue.
 
I keep getting flashplayer encountered an error and if I dont hit dismiss quickly it locks up the browser for 1 to 3 min. Only on this site does it happen. Been going on for about a week. None today yet though.
 
Snakepliscan said:
Everything I've read on the net says that someone, a hacker, has loaded a malware program on Fauna through an infected IFrame that looks to load a password stealing trojan thorough computer programs like Java, Adobe Reader, Adobe Flash Player, etc. For the past 3 days Norton has blocked attacks on my computer every time I login into the main page at Fauna. I also get attacked when I login to respond to this thread. I feel sorry for those who anti virus-software is not up to date as they will get infected.
Click to expand...

Well, I just had the server people run a scan on my server looking for signs of a hacker or some other form of being compromised and there were no problems found at all. So as best I can tell, my server is clean.

Sorry, but I can't fix something if it's not broken on my end.
 
Just for the record, here's the log file results of the scan the server techs did:

Hi Rich,

We can confirm that there are no infected files under the server. Please find below the output of server scan.

----------- SCAN SUMMARY -----------
Known viruses: 2676123
Engine version: 0.97.6
Scanned directories: 19219
Scanned files: 868458
Infected files: 0
Data scanned: 48360.62 MB
Data read: 67229.73 MB (ratio 0.72:1)
Time: 11433.293 sec (190 m 33 s)
Click to expand...
 
Back
Top