Jump to content

cacherstats.com


Recommended Posts

I have been using cacherstats.com/florida2.html for a couple years. Today I got a error flag from Google and from McAfee SiteAdvisor that this site is now listed as a "Reported Attack Site". While I have firewalls, and Norton SystemWorks with added safety programs, I am fanatical about protecting my computer. Many times, such warning are over cautious tho, and do not truly represent a real treat.

 

Has anyone had experience with this site. Would appreciate heads up!

 

KOC,

 

Bob

rwsherlock

Link to comment

I thought someone in the last thread said they were going to contact the site owner, but looking back now I can't find that. Am I on drugs and dont' know it?

 

I don't understand a lot of this, and my computer isn't even giving me the warning.

Perhaps someone a little better versed in what is going on can contact the site owner.

 

(If I figured out how to contact them I'd say something like, "you're site is broke". someone else might have better information than I)

Link to comment

I thought someone in the last thread said they were going to contact the site owner, but looking back now I can't find that. Am I on drugs and dont' know it?

 

I don't understand a lot of this, and my computer isn't even giving me the warning.

Perhaps someone a little better versed in what is going on can contact the site owner.

 

(If I figured out how to contact them I'd say something like, "you're site is broke". someone else might have better information than I)

Post #42

 

If problem continues next week I'll send e-mail. I find it hard to believe no one contacted him already. He's probably away for the weekend or something.

 

I'm seeing this with Firefox. I'm not sure if IE or other browsers would report this as an attack site.

Link to comment

Sounds like the same type of thing that hit my own website a few weeks ago... an iframe injection attack.

 

If a site uses the iframe command (which mine obviously did, and cachestats may well too, since it's a ridiculously common command), the page can be compromised. What happened with mine was that some added code was added to the site so that it auto-attempted to install malware, and attempted to redirect the visitor to some other malware site.

 

I basically just removed all iframes for a few weeks (they're not integral to most of the site), re-uploaded the affected .html files from my home computer (thus overwriting the compromised files with normal code), and asked google to re-evaluate the site (there's a convenient button you just click). A few hours later, and the site was back up to normal, and no longer had a warning. After the aformentioned few weeks, I put the iframes back in, and haven't had a recurring problem. I'm hoping whatever botnet decided to attack my site (in the past, it's been botnets hitting a pile of sites at once) has wandered off, and I'll be good for another 7 years without a problem :laughing:

 

But long story short, botnet probably hit the site with an iframe injection attack (or otherwise, sql injection perhaps, whatever), and once the owner fixes it, it hopefully won't be affected again. With things like this, there's nothing a website owner can do other than repair the damage, and cross their fingers for the future.

 

On the plus side, since I use Linux, there's virtually zero chance that anything the site tries to install in the computer will do anything whatsoever.

 

So, looking at some of the source code, I couldn't find anything unusual. So it could be that the owner is waiting for Google to re-evaluate the site, or there's some small, out-of-the-way page, rarely looked at page that is still compromised, at which point Google will tell them there's still a problem, until it's completely cleaned. Only time will tell for this.

Edited by Kabuthunk
Link to comment

It's a problem with the web hosting service. There's something being appended to the original files being sent by the owner that keeps setting the "red flags". Owner thought he had this licked by automatically resending the requisite files via FTP if he found the variance in the files, hoping to do so before the problem was logged again at Google. Guess his workaround is not working. I'll let him know.

 

In any case, the problem of the stuff after the /HTML is benign, but extremely annoying.

 

Edit: I just checked the source for the page, and his workaround worked (nothing appended) but evidently there must have been for a brief, and Google caught it while it was wrong again. The site is (as of the moment) pristine again. The owner will have to (again) force a rescan by Google. What a PITA.

Edited by ecanderson
Link to comment

It is now the 20th of August and I appreciate the many replies from concerned cachers.

 

Today, Google Red Flags the site as a "Reported Attack Site". Enough to scare the hinder parts off most people. McAfee SiteAdviser gives it a green check mark "We tested this site and didn't find any significant problems" but does give a caution on one of Cacherstats links (Information.com)"When we browsed this site we received several pop-ups". When reading down on Information.com using McAfee SiteAdviser, "User Review Summary for information.com", there are many black marks listed by subscribers.

 

Not knowing if, when using Cacherstats, information.com is automatically called up as a subroutine, I am hesitant in accessing Cacherstats at all. Sure would like to get back using this fine tool.

 

Again, thanks to all.

 

Bob

rwsherlock

Link to comment

I can confirm that I had problems with cacherstats.com yesterday. After accessing the site my McAfee software reported blocking two trojans then notified me that csrss.exe was attempting to access the internet. I denied the acceess but ended up with a modified hosts file in \windows\system32\drivers\etc that redirected nearly all search engines (google, yahoo, aol, bing, etc) to an invalid IP Address resulting in the page-not-found message. I recreated the problem today. I wouldn't recommend accessing the site.

 

A&A

Edited by artemis&apollo
Link to comment
I can confirm that I had problems with cacherstats.com yesterday. After accessing the site my McAfee software reported blocking two trojans then notified me that csrss.exe was attempting to access the internet. I denied the acceess but ended up with a modified hosts file in \windows\system32\drivers\etc that redirected nearly all search engines (google, yahoo, aol, bing, etc) to an invalid IP Address resulting in the page-not-found message. I recreated the problem today. I wouldn't recommend accessing the site.

I strongly suspect that you got infected from another location. It is highly improbable that visiting a website could do things like modify your hosts file, unless you explicitly downloaded and ran something from that site. Not to say a vulnerability like that could not exist, but if it does, it would have been patched in a hurry and there'll be a fantastic hue and cry.

Link to comment

I had a pop up screen that told me that my adobe needed updating last night when I went to the site.

 

What set me off that it was bad was that as i scrolled the web page, it adjusted to where I was on the screen to cover most of the screen.

 

Needless to say the site was immediately closed, and a nice virus un was initiated.

 

whee!

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...