MALWARE WARNING

[ark_ader]

I have been getting malware from your site recently.  Some Norton Pop up. Maybe it is time to perform a backup and update?

[saint]

There's an attachment that Norton's repeatedly flags as infected that doesn't show as infected in any scans I've been able to run. One of HowardC's utilities.

What page are you getting the warning on?

[slickam]

I've had it on random threads (assuming it's the same issue). It looks like there's an ad redirecting to cpafireboost.com which displays a fake Norton warning screen. Unfortunately I don't know what ad it is because it's always on a background tab.

[saint]

Huh. My Google ads are down right now, the only ad I have running is a static GameonGrafix ad... Is it possibly in someone profile/signature? If anyone tracks it down please let me know.

[saint]

Huh. Searched website URL, signature, and personal text on all users and didn't find it.... Hmmm...

[Malenko]

Huh. Searched website URL, signature, and personal text on all users and didn't find it.... Hmmm...

could be a redirect or URL shortener. The easiest way to find it would be for Ark/slick to check their histories on threads visited and see which one is triggering it.

[slickam]

I've had it on these threads, but not in the last 2 days:
http://forum.arcadecontrols.com/index.php/topic,159328
http://forum.arcadecontrols.com/index.php/topic,159339
http://forum.arcadecontrols.com/index.php/topic,159344
http://forum.arcadecontrols.com/index.php/topic,159252

I've seen ads other than the GameonGrafix one as well. Up until yesterday Google ads showed on every page, but now they're hit and miss. I attached a screenshot of one from today.

I've run a virus scan on my PC and came up clean, so I don't think that's it.

[saint]

Interesting. Google gave me the middle finger a while back because they didn't like that the Google ad was on the forum registration landing page (i.e. a page with no "content" value) and I haven't fixed it yet, so it was my impression there were no Google ads firing on the forum. I'm not seeing any at all. Now I need to go play with different browsers and look at script block settings (I don't run an ad blocker but I don't know what's built in anymore).

[saint]

Huh. Now I'm getting intermittent Google ads. Boggle.

[behrmr]

If it matters, google Ads always show up in tapatalk

[saint]

Thanks!

[ark_ader]

Got it again now in Main.  I wiped my PC and reinstalled (someone had my old password and sent me one of those pr0n threats and I think it has to do with the Experian hack a while ago) and I just logged into my scrubbed PC and Volia! Norton warning and I have Mcafee.

You are behind by 3 upgrades.

https://download.simplemachines.org/

Also are you locking new posts to new members still? 

Do you have another instance on a home server to apply the updates?

SMF 2.0.15                                                    November 19, 2017
===============================================================================

September 2017
 ! Fixed a minor $smcFunc bug in Search-Fulltext.php
 ! Fixed a saving Settings.php bools being reset bug
 ! Fixed a security issue (Reported by Daniel Le Gall from SCRT SA)

June 2017
-------------------------------------------------------------------------------
 ! Cache the admin search results in the session and avoid IE's 2083 character limit
 ! Fixed a Mark Board Read bug

May 2017
-------------------------------------------------------------------------------
 ! Fixed Proxy URLs not handling redirects properly due to case sensitivity
 ! Fixed SendTopic using incorrect Post data
 ! Fixed SSI.php having a bad login panel
 ! Fixed Maintenance Page having a double login button
 ! Fixed a minor unsigned int typo in MySQL DB
 ! Fixed Deprecated installer message for ftp_connection.
 ! Fixed a loop bug in custom search
 ! Fixed SM Stat collection
 ! Added SM Stat collection registration to the Admin Control Panel

SMF 2.0.14                                                         May 14, 2017
===============================================================================
 ! Updating session handlers
 ! Adding HTTPS
 ! fetch_web_data now uses cURL, falling back to sockets
 ! Ported image proxy support from SMF 2.1
 ! Also added HTTPS for avatars
 ! Added a simple exception handler
 ! Check session while logging in
 ! Sanitize some fields to help guard against XSS
 ! Validate email addresses with PHP’s filter method
 ! Fix search highlighting to not mangle/expose some HTML
 ! Fix password acceptance when special characters were used in UTF-8;
 ! Correct some random logic errors in the profile area
 ! Use ampersands instead of semi-colons for PayPal’s return link
 ! Fix sending multiple MIME-Version headers in notification mail
 ! Fix sending multipel Content-Type headers in all requests

SMF 2.0.13                                                      January 4, 2017
===============================================================================
 ! Some file versions didn't get modified in the 2.0.12 patch
 ! Added check and sanitization for $_REQUEST['u'] in LogInOut.php and Reminder.php
 ! Added check and sanitization for $_REQUEST['uid'] in Reminder.php
 ! Properly sanitize author's website for packages
 ! Added session check when uploading packages
 ! Added session check when copying template files from one theme to another
 ! The code to remove empty BBCode was sometimes breaking things (reported by @rjen; fix provided by Sesquipedalian)
 ! Remove hardcoded limits for safe_unserialize as it was causing cache problems
 ! Update the cal_max_year setting to 2030

SMF 2.0.12                                                         July 7, 2016
===============================================================================
 ! Fixed word censor injection by disallowing an empty 'proper word'
 ! Fixed vulnerable unserialize() code by converting all instances to safe_unserialize()
 ! Added a more thorough safe_unserialize() function to prevent object injection
 ! Fixed a bug where leaving a custom profile field blank on registration that has an email mask would throw an error
 ! Fixed PayPal integration to comply with the new forced SSL
 ! Fixed a bug where notifications were sent for messages in inaccessible boards
 ! Fixed editor to make the editor work with Microsoft Edge
 ! Fixed issue where smiley popup is blank on iOS 9 devices
 ! Fixed WYSIWYG editor in mobile devices
 ! Fixed an undefined $_POST['icon'] in Sources/Post.php
 ! Fixed a minor bug in Login2()
 ! Fixed an issue where SMF doesn't recognize new domain names and considers these as invalid
 ! Fixed an issue where SMF would allow empty BBC
 ! Fixed an issue where theme variants could not be selected
 ! Fixed an issue where the file version of Subs-Post.php could have been 2.0.8 or 2.0.11. It will be updated to 2.0.12 in either case.
 ! Updated copyright year to 2016

[ark_ader]

Huh. Searched website URL, signature, and personal text on all users and didn't find it.... Hmmm...

could be a redirect or URL shortener. The easiest way to find it would be for Ark/slick to check their histories on threads visited and see which one is triggering it.

Main forum in our wonderful 1UpArcade thread.

[Malenko]

do you know which page of that thread? Im assuming one of the last few