*

Author Topic: WARNING! Your computer is engaged in malicious online behavior.  (Read 7183 times)

Crash

  • Guest
Every time our router overflows its IP stack, it has to be restarted. When it restarts, it is allocated a new IP address from our internet provider.
Today, I tried to log on to PlanetDescent, only to be presented with a page that itself appeared highly suspect.
Its design was unprofessional and it appeared to me as though the site itself had been hacked. I only entered the data that the page required out of sheer curiosity and because I knew that our firewall and antivirus would handle anything that the site threw at us.

I disapprove of the PHP script (warning.php), which presumably originates from Project Honeypot. I feel that due to the above, it fails in purpose and makes too many assumptions. On our network, we have 2 dozen PCs and devices connected to the network.
Therefore the script's wording ie ("check the details for your IP: 86.130.224.89 to see exactly what it has been doing wrong") is insulting and wholly presumptive.

I also had a look at the Project Honeypot and its report on our new IP address was so vague and unclear that it supported no conclusions anyway.

I figure that the script is part of the CMS system but I figured I'd let you know, in case no-one has seen it.
I think it would help if the page had used the site's own formatting so that you were able to identify it as genuinely belonging to PlanetDescent.

Offline -<WillyP>-

  • Lt. Commander
  • Purple Heart
  • ****
  • Posts: 2375
  • I can haz personal text?
    • My photo gallery
Re: WARNING! Your computer is engaged in malicious online behavior.
« Reply #1 on: April 21, 2011, 10:34:31 AM »
I'll look into it. What is the url?

Edit: I looked at your ip on project honeypot, and there is nothing vague about that report. Your ip was used, a couple months ago, by spammers. Nothing presumptive there, your ip has a rating of 25 which indicates over 100 spam messages to a trap. Without blocking of spammers, we would be over run by them.

The page you hit is a trap. It is designed to look like a page full of e-mail addys only to a spam bot.

The plugin looks at a number of factors before blocking an ip. One of which is a bad report from project honeypot.  Unfortunately, there are bound to be false positives, I am sorry you became one.  You might want to bring this to the attention of you ip provider. You could also restart your router again and hope to get a clean ip this time.




« Last Edit: April 21, 2011, 10:47:40 AM by ...WillyP... »
Smart people look like crazy people to stupid people.

Offline Foil

  • Gold
  • ***
  • Posts: 642
  • "I've never seen its equal."
Re: WARNING! Your computer is engaged in malicious online behavior.
« Reply #2 on: April 21, 2011, 10:42:12 AM »
I'm guessing that the previous user of that IP was the one running the malicious stuff (could have been anything from a spam server to pirate torrents to DoS attacks, who knows).

Your ISP probably had that IP marked as malicious, and they fed you that page.  It was probably the first one you visited after resetting the router, correct?
« Last Edit: April 21, 2011, 10:45:18 AM by Foil »

Offline -<WillyP>-

  • Lt. Commander
  • Purple Heart
  • ****
  • Posts: 2375
  • I can haz personal text?
    • My photo gallery
Re: WARNING! Your computer is engaged in malicious online behavior.
« Reply #3 on: April 21, 2011, 10:50:48 AM »
Sorry, edited my post while you were replying, Foil. I believe the page he got was served by a plugin i installed here, designed to block spammers and crackers.  His ip is reported as having been used by spammers and dictionary attackers.
Smart people look like crazy people to stupid people.

Crash

  • Guest
Re: WARNING! Your computer is engaged in malicious online behavior.
« Reply #4 on: April 21, 2011, 11:42:52 AM »
The page I hit was a warning page with a red header and two columns of instructions; one in English and the other in Spanish. The address was just planetdescent.net/warning.php.
The way I accessed the site was to input two antispam calculations into the page's forms. It wasn't a list of spam-baiting addresses.

What I thought was problematic about the honeypot report was how it was saying that 40+ emails had been sent over 3 months. So someone whose PC had been zombified and then rescued/cleaned long before my birthday in February would still have been blocked now and for ... who-knows how long into the future (which is ridiculous). Because most cheap routers jam every so often (the old router I shared in East-Germany seized several times/day on occasions), I would think it uncommon for someone to keep the same IP address for 3 months.

At least the page wasn't blaming the user personally because obviously a spammer's best tool is a zombie network; far better than tying up their own machine and connection doing their dirty work. So in that sense it was well-informed.
But telling them to scan their PC to work out what "it" had been doing was narrow.

Offline Pumo

  • Lord PuMo, King of Torbernite
  • Gold
  • ***
  • Posts: 356
  • Fear the Hosakos!
    • Pumo Software
Re: WARNING! Your computer is engaged in malicious online behavior.
« Reply #5 on: April 21, 2011, 11:57:05 AM »
I've got that very same page from time to time when entering Planet Descent (i. e. after restarting my router) and it's really a nuisance. :P

I'm not sure why it also happens on my side.
Pumo Software main Website
- Pumo Mines current release: v1.1 (12 Levels)
R.a.M. Land official Website

Offline VANGUARD

  • Platinum
  • ****
  • Posts: 1543
Re: WARNING! Your computer is engaged in malicious online behavior.
« Reply #6 on: April 21, 2011, 12:58:50 PM »
reminds me of this, not saying they're related. just what Pumo said as well about getting that from time to time:

http://www.pclinuxos.com/forum/index.php/topic,89891.0.html

as far as your case is concerned, I don't really have any ideas. sorry.

Crash

  • Guest
Re: WARNING! Your computer is engaged in malicious online behavior.
« Reply #7 on: April 21, 2011, 01:15:16 PM »
Thing is - if the list shows that the PC *might* be sending spam emails ... then why try and restrict the user from accessing the site?
All it should do is say "Oh by the way, you might want to run a check for malware because there's been funny stuff coming from this IP address".
Why it would frustrate you in accessing the site? I don't know, unless it's to try and punish intentional spammers, but all that will do is proliferate zombie botnets.

Offline Scyphi

  • Purple Heart
  • *****
  • Posts: 2385
  • TechPro Jr.
Re: WARNING! Your computer is engaged in malicious online behavior.
« Reply #8 on: April 22, 2011, 05:37:08 AM »
Hmm, I've never seen anything like this before on my end, and we reset our server almost daily...
"I thought I had a great idea, but it never really took off. In fact, it didn't even get on the runway. I guess you could say it exploded in the hanger." -Calvin and Hobbes
Check out my deviantART

Offline Alieo

  • Formerly "Texace12"
  • Platinum
  • ****
  • Posts: 799
  • Former undertaker; current overtaker.
Re: WARNING! Your computer is engaged in malicious online behavior.
« Reply #9 on: April 22, 2011, 10:21:40 AM »
I haven't seen the suspicious activity screen you've seen before, but I have recently gotten my first spam email. That could be related to this issue or it may very well be my own separate issue, this virus I've been fighting.
I like to think I have a Descent taste of music.

Offline -<WillyP>-

  • Lt. Commander
  • Purple Heart
  • ****
  • Posts: 2375
  • I can haz personal text?
    • My photo gallery
Re: WARNING! Your computer is engaged in malicious online behavior.
« Reply #10 on: April 22, 2011, 01:12:41 PM »
Thing is - if the list shows that the PC *might* be sending spam emails ... then why try and restrict the user from accessing the site?

Because I have to delete dozens of spam registrations every day.  And that is not including however man TechPro and Commander In Chief delete. Would be hundreds if they were not blocked. Do you want this site overrun with spam?
Smart people look like crazy people to stupid people.

Offline Matthew

  • Platinum
  • ****
  • Posts: 1275
    • Globalgamers.de
Re: WARNING! Your computer is engaged in malicious online behavior.
« Reply #11 on: April 22, 2011, 08:01:39 PM »
Do you want this site overrun with spam?
Yes please!

;)

Offline -<WillyP>-

  • Lt. Commander
  • Purple Heart
  • ****
  • Posts: 2375
  • I can haz personal text?
    • My photo gallery
Re: WARNING! Your computer is engaged in malicious online behavior.
« Reply #12 on: April 23, 2011, 05:32:06 PM »
Smart people look like crazy people to stupid people.

Crash

  • Guest
Re: WARNING! Your computer is engaged in malicious online behavior.
« Reply #13 on: April 24, 2011, 10:34:34 AM »
Thing is - if the list shows that the PC *might* be sending spam emails ... then why try and restrict the user from accessing the site?

Because I have to delete dozens of spam registrations every day.  And that is not including however man TechPro and Commander In Chief delete. Would be hundreds if they were not blocked. Do you want this site overrun with spam?

I take that as an acceptable answer.  ;D

Offline Matthew

  • Platinum
  • ****
  • Posts: 1275
    • Globalgamers.de

 

An Error Has Occurred!

Cannot create references to/from string offsets