I just started getting a warning every time I go to a new page.

Anyone know how to fix this?

Which site?


If you're on a PC there's plenty of spyware catchers.

I just started getting a warning every time I go to a new page.

Anyone know how to fix this?

Same problem with me. Just started...

Yup...

me too, in Safari, but not in Firefox. Strange.

Warning ... visiting this site may harm your productivity levels. :)

Could it be industrial sabotage? Anyway, not getting it on Firefox.

Same here, fully updated OS X 10.6.

Here in Safari...

im getting it on chrome

Same here with safari! What's happening?

Same here at recently upgraded Safari Version 5.0.1 (6533.17.8)...

log in is funky for me too... in addition to the repeated warning.

Got it in Safari; Mac, 10.6.4. Went to Preferences, Security, turned off warn when visiting fraudulent sites.

Good shooting and best regards,

Leo

I'm getting it in Chrome. It seems to be because of some hosted images. Here's the Google diagnostic:


What happened when Google visited this site?
Of the 46 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-08-14, and the last time suspicious content was found on this site was on 2010-08-14.
Malicious software includes 2 trojan(s). Successful infection resulted in an average of 5 new process(es) on the target machine.

Malicious software is hosted on 1 domain(s), including imgeshacks.com/.

This site was hosted on 1 network(s) including AS23352 (SERVERCENTRAL).

edit. Seems bug was found...

spam?
scam?
vaporware?

I had a Trojan installed on my computer from a page here at RED. The Trojan tried to convince you to buy a virus checker, which, I'm sure was to capture your credit card info. Very nasty though, as it took over part of the registry.
Probably embedded in an image from what the Google Safe Browsing info says:

What happened when Google visited this site?

Of the 46 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-08-14, and the last time suspicious content was found on this site was on 2010-08-14.

Malicious software includes 2 trojan(s). Successful infection resulted in an average of 5 new process(es) on the target machine.

Malicious software is hosted on 1 domain(s), including imgeshacks.com/.

This site was hosted on 1 network(s) including AS23352 (SERVERCENTRAL).


Luckily, there was a vicious virus going around our studios last week, so they didn't block Reduser.com... yet.

One more reason to be using a Mac.

I'm on a mac so attack sites don't bother me at all.

Now I'm getting the warning on Firefox after visiting the spamware posting that I just posted in myself.

If it was PC Trojan, why was message displayed to Mac Safari users?

Went to Preferences, Security, turned off warn when visiting fraudulent sites.

That did the trick. Thanks!


It is probably from that a$$hole posting spam for DVD copy software:

http://www.reduser.net/forum/showthread.php?t=48565

Maybe if a mod bans "dasdad" and deletes the thread the warning will go away.

Someone with admin rights to the site needs to contact google/firefox and sort this out.
They are reporting that trojans have been downloaded from files linked to in posts on reduser.
I'm not happy about turning off site blocking permanently, so I'm off until this is sorted. :(

I'm not happy about turning off site blocking permanently, so I'm off until this is sorted. :(

Me too!

Pat

Here is another a$$hole that needs to be banned. Actually, it is probably the same guy.

"gjdkfeir"

http://www.reduser.net/forum/showthread.php?t=48561

Come on mods!!! do something im getting this warning too

Has Interpol been notified?

Just got the warning now. Using Chrome on OSX 10.6.4 with everything up to date.

Instead of Linking spam threads here, report them using the reporting function. I went to delete them and Jason already killed them. As for the virus warnings, I can't comment... I'm out of town and only checking email and forums once every few days. I'm only have my iPad with me, no real computer, so I'm having some trouble keeping up until I get back...

Most any forum site will get such errors from the mostly-worthless site checker... Seems to be a problem any time there's tons of externally linked files or pages. ImageShack and FileShack are notorious for malware, trojans, etc...

just got it using firefox, Anyone know how to fix this?

how come you guys dont block these spams :/
This is reduser.net not a personal unsecure sh.tty forum

im getting them too, Safari on 10.6. so annoying!

I'm getting it on Firefox. I think you're under attack...

how come you guys dont block these spams :/
This is reduser.net not a personal unsecure sh.tty forum

And how do we block them? The tighter we clamp down to stop spammers, the harder it makes new user registration. And that would only stop some of them. Many of the spammers get through by directly accessing the VBulletin subsystems and not using the forum interface directly. So the best defense there is to keep the forum software up to date.

Only way to keep them out is to make the forums completely private, requiring user applications and moderator approval. Additionally we would have to shut off embedded display of externally linked images and files and possibly even still require moderator approval of all new threads, user signatures and posts from anyone who hasn't a proven history... If that were done, I would guaranty our success rate at about 85%.... Or less.

With Google Chrome will be fine!
Just used to login and don't have problem...*
but after changed to other page then got spammers again,
I don't think it's only happened to Firefox, Safari only...
Help!!!!!!!

I can surf with no warnings using Internet Explorer, but not logged in.

I believe I have located the offending content and removed it. I have submitted for review to google diagnostics... Now, just have to wait.

And how do we block them? The tighter we clamp down to stop spammers, the harder it makes new user registration. And that would only stop some of them. Many of the spammers get through by directly accessing the VBulletin subsystems and not using the forum interface directly. So the best defense there is to keep the forum software up to date.

Only way to keep them out is to make the forums completely private, requiring user applications and moderator approval. Additionally we would have to shut off embedded display of externally linked images and files and possibly even still require moderator approval of all new threads, user signatures and posts from anyone who hasn't a proven history... If that were done, I would guaranty our success rate at about 85%.... Or less.

i report spam posts everytime.You can try asking specific questions about Red in registration page.Bad idea?

Thanks Jason. I just started getting these with Chrome this morning and was wondering what was going on.

This is crazy. If you have "block reported attack sites" checked in Firefox then reduser is suddenly unusable.

This seems like an attack timed to scare off people (EDIT: NEW CUSTOMERS, $$$$$$$...) as the Epic/Scarlet cameras are being released.

Look for the man behind the curtain...

Guys, this is not related to virus on the person's PC!

It's a warning that usually starts with Google flagging the site as dangerous.

I've created a thread about this regarding the 4K Ninjas website. If REDUser has lots of links to it, that may be the cause, however the diagnosis doesn't mention anything about the 4K Ninjas site.

To get rid of this one needs to register with Google webmaster tools and request a de-flag. I've run into this with a site I hosted a forum. Forums engines are sometimes vulnerable and allow virus to plant themselves on your domain, quite weird. However, basing myself on the diagnosis, I think the problems are just links to a certain IMGEHACKS site (phishing to look similar to IMAGESHACK).

Here's the first warning:

http://a.imageshack.us/img576/1842/1stwarning.th.jpg (http://img576.imageshack.us/i/1stwarning.jpg/)

And here's the detailed diagnosis:

http://a.imageshack.us/img706/3498/diagnosis.th.jpg (http://img706.imageshack.us/i/diagnosis.jpg/)

___

And here's the thread I created about 4K Ninjas:

http://www.reduser.net/forum/showthread.php?t=48202

Cannot use Safari or Firefox now

As I stated a few posts ago, I'm pretty sure I have identified all content that has caused this flag, removed it, and have submitted to google for review... all's we can do is wait for the results of that and go from there...

Thank you Jason, you're quick on the trigger.

fyi, internet explorer doesn't do the annoying warning every time you click something. you can also disable it in firefox, and i would guess in safari as well.

Paul's right in re Firefox, go to "tools-options-security" and uncheck "block attack site warnings".

I can now say with 99.99% certainty that the flagged content was removed from this site. So, I am waiting for the review process...

Note: I am 99.99% certain that the potentially harmful content that was on reduser has been removed... the google warning will still continue until the review process is complete, however, and confirms this fact... I am not 100%, but very nearly certain.

Depends upon who is being offended. If it was Sony, Panasonic, or Arri, it could be a good long while before REDUser is "well" again.

:-)

Stephen

Thank you Jason.

If you want to turn the warning off on Firefox:
Tools > Options > Security > Un-check "Block Reported Attack Sites"

Then when Jason lets us know things are back to normal on this thread (please Jason) you can just go back and turn it back on... Not really a big deal unless you plan on going to evil sites.

0.02

This problem and so many others could be prevented if we had a genuine real names policy and a probation period before users could freely post. Other professional forums do this and they benefit from a very high signal to noise ratio.

Good shooting and best regards,

Leo

Yeah same here, and got me worried, it actually was an attempt form some one else to make me click on the link.

But also since kept coming up even when inside, basically at every single change of page click, I had to turn off the Security Alert on Safari.

Hoping for the best..

This problem and so many others could be prevented if we had a genuine real names policy and a probation period before users could freely post. Other professional forums do this and they benefit from a very high signal to noise ratio.

Good shooting and best regards,

Leo

this issue did not have to do with real names, or someone posting a bad link on the site, or spammers....

Still getting the warning Latest Safari and Mac OS

Getting the same malicious site warning for RedUser. In Firefox, but not in Safari.

This is the diagnostics info:

Safe Browsing
Diagnostic page for reduser.net

What is the current listing status for reduser.net?

Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 2 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 187 pages we tested on the site over the past 90 days, 115 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-08-14, and the last time suspicious content was found on this site was on 2010-08-14.

Malicious software includes 12 trojan(s). Successful infection resulted in an average of 4 new process(es) on the target machine.

Malicious software is hosted on 1 domain(s), including imgeshacks.com/.

This site was hosted on 1 network(s) including AS23352 (SERVERCENTRAL).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, reduser.net did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

* Return to the previous page.
* If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.

- Oliver

silliy ipad double post.

The other problem is that even if you disable the "fraudulent" warning in safari, if you click though a google search, google itself will refuse to link you though the reduser. So it's not just the browser that is refusing connections, but any google linked search as well.

jb

Warning... visiting this site may decrease all other camera company's revenues.

The conspiracy theorist in me says this was planned. Right in the middle of "HDR weekend"..?

Just sayin'

Until I disabled the warning in Safari, I could not log in.

Yeah, I'm getting it in Firefox on my Mac Pro.

Could this be industrial sabotage? lol It's really annoying.

http://img188.imageshack.us/img188/7892/picture6js.png (http://img188.imageshack.us/i/picture6js.png/)

Uploaded with ImageShack.us (http://imageshack.us)

On a Macbook Pro running Safari. Got the same notice.

Someone is trying to screw with this site.

Google did this to my site, seemingly forever. I finally figured out that someone had inserted some code into my root dir (thank you ISP for protecting me, f#rs) but there was no evidence that it was doing anything besides pinging a bunch of foreign sites. I would like to personally thank Google for replacing Microsoft as computing's next big pain in the ass. I had to "hard reboot" my Google/Android phone today, for chrissake.

im getting it on chrome

Me too.

I will update this thread when I have something to update beyond what I have already stated... which is that I am 99.99% certain that I have removed the potentially harmful content that was causing the flag, submitted the site for review for google to remove the warning, and am waiting on them now...

There was something on this site. It may or may not have been malicious. It certainly wasn't kosher in its intent. It should be gone now. I am waiting for google's review process to complete and hopefully remove the safe browsing warning now.

Thanks for your patience, everyone.... Sorry for the inconvenience. It sucks that this stuff happens some times. There are assholes on the internet.

At any rate, looks like the review process has completed and you should no longer receive the warning.

If you experience any further issues, please post here so I can look into it in a timely manner.

Later,
Jason

Status of the latest badware review for this site: A review for this site has finished. The site was found clean. The badware warnings from web search are being removed. Please note that it can take some time for this change to propagate.

Later.
jason

It's good to see the site is now testing clean and the warnings should be removed soon, if not already.


i report spam posts everytime.You can try asking specific questions about Red in registration page.Bad idea?

Specific questions won't work. We can't even get many newcomers to follow the real names only policy that is presented in HUGE LETTERS on the registration page. And that still does not address the issue that many spam accounts circumvent any such checks by exploiting security holes in the forum software. Anyone familiar with the internal workings of the forum software can interface directly with the new user registration module and dodge most any custom checking we can implement, short of completely writing our own registration module, and hope no one hacks that. Reduser is a big site these days and e number of attacks and spam seems to be increasing.


This problem and so many others could be prevented if we had a genuine real names policy and a probation period before users could freely post. Other professional forums do this and they benefit from a very high signal to noise ratio.

I agree with the need for the real names policy, and we are slowly working toward that. However, probationary periods or moderator approved memberships have been avoided because the lack of security in that sense is probably better than RED losing customers if someone has a problem and wants to consult the forum, but needs to register... Then they find they cant post their question until after a probationary period or until a moderator reviews a request or something? Hmmm....

Another thing to keep in mind here is that long-time users are always linking files and inis case seem to be responsible, at least partially, with this situation. All the roadblocks for spammers and new users won't stop a legitimate user from accidentally or unknowingly linking a Trojan-infested image...

I agree with the need for the real names policy, and we are slowly working toward that. However, probationary periods or moderator approved memberships have been avoided because the lack of security in that sense is probably better than RED losing customers if someone has a problem and wants to consult the forum, but needs to register... Then they find they cant post their question until after a probationary period or until a moderator reviews a request or something? Hmmm....

Losing customers? Is Red really going to lose out on a camera sale because someone can't immediately post to the forum? That doesn't seem to add up.

In terms of a user wanting to consult directly with the forum to solve a technical problem or get a question answered, there are no restrictions on reading and searching posts if one is non-regestered. ~95% of all questions someone might have are already answered with in the posts on here by registered users.

Making new "Junior Members" wait till their ID is vetted isn't going to make the site less useable, it would likely cut down on the number of redundant threads. You're not really going to turn "customers" away if you have to wait ~24 hours to post after registering. You just might set a tone for the forum from the start that could improve things as a whole.

And which is more efficient... vetting new members from the start, or maintaing the Real Names thread and reminding members constantly that there is a Real Names policy on Red User? Your about to explode your user base when Scarlet and Epic come out, why not make it more manageable before that happens? Just suggestions.

It's good to see the site is now testing clean and the warnings should be removed soon, if not already.

(snip)



Another thing to keep in mind here is that long-time users are always linking files and inis case seem to be responsible, at least partially, with this situation. All the roadblocks for spammers and new users won't stop a legitimate user from accidentally or unknowingly linking a Trojan-infested image...
I think this is the reasonable response. S.H.I.T. is going to happen... pick it up or throw some dirt over it and just move along. No need to attach a colostomy bag to everyone.

However, probationary periods or moderator approved memberships have been avoided because the lack of security in that sense is probably better than RED losing customers if someone has a problem and wants to consult the forum, but needs to register... Then they find they cant post their question until after a probationary period or until a moderator reviews a request or something?

You could make the "probationary period" one in which new member posts are immediately visible to the RED customer support team, and maybe selected members of the community; that would give at least some help to newcomers without much delay, yet still limit the impact of random spam. I understand this solves a different problem than the one you apparently had yesterday, but it still might be worthwhile.

Don't let the non-approved users use image and link features ([URL] tags and automatic conversion when they type a link without tags) in their posts.

Also don't let them have avatars (that may be hosted on malware infested sites) and have sigs (usually sigs are full of spam links).

I'm pretty sure Avatar and Sig restrictions are pretty easy to set. Not sure about post editing options.

If you can configure this, spammers will be less effective and people with good intentions don't lose benefits.

That Google warning leaves me wondering if my anti-virus software will find any of those trojans they say they'd downloaded. Has anyone scanned their computer to find if this happened with them?

I just initiated a scan of my system to find out for myself, at least.

I cannot and will not state that the Trojan files detected by one of my anti virus sweeps yesterday was traced back to the issues being reported.
However, all of these appeared shortly after I visited the RED site:


Trojan:Win32/Ircbrute

File:C:\Documents and Settings\Brian F Kobylarz\Local Settings\Temp\0.8539636011040775.exe



Trojan:Win32/Meredrop

File:C:\Documents and Settings\Brian F Kobylarz\Application Data\gdvzfrt.exe
C:\Documents and Settings\Brian F Kobylarz\Application Data\ouwvzww.exe
Note: Did not document additional infected file before removing Meredrop



PWS:Win32/Zbot

File:C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP 1539\A0288896.exe



Trojan:Win32/Ircbrute

File:C:\Windows\system32\sysdevop.exe
Regkey:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERS ION\RUN\\System Development Operations
Note: Did not document additional infected files before removing this Trojan


Again, I am not assuming these culprits are what were triggering alarms for everyone else, but the timing makes them very suspect.
I just visited the same sites as yesterday - if the Trojans re-appear on my system and Jason is confident that he killed off anything on the RED site, I'll need to dig deeper.
I'll rescan overnight and post in the morning only if I need to play whack-a-mole. Otherwise, a real thank you to Jason for being right on top of this.

From our experience (my roommate and I), the malware and trojans got installed from an initial program off of the root reduser.net page. Not a link or an image link. Still trying to deal with it, perhaps malware bytes or another paid program will help. It really sucks and I am wary of any forums now. My hunch is that it was a flash related virus - I totally agree with Steve Jobs when he says flash is insecure and should be replaced.

I've switched to Ubuntu / Firefox to be safe for now.

I thought good paid anti-virus (like Kaspersky) was a given for any PC user.

Well... At least for those who value their PC's integrity.

Jason - is it possible to exclude certain sites from being linked to?

Any Luck with sorting this out. It's really frustrating both Safari and Mozilla are blocking every thread.

Any Luck with sorting this out. It's really frustrating both Safari and Mozilla are blocking every thread.

The problem was solved. Are you still getting the warning? I am using Safari and it's been clear sailing since Sunday.

Also, please visit the Real Names thread to update yours.

My computer got hit hard too. I've been trying to fix it for several days. It took over my machine as soon as I logged onto www.reduser.net. But, I didn't think it was from reduser.net until I read this post.

Scan for a file in the following format on your computer:
*tssd.exe" The file will be named: (bunch of random characters)+tssd.exe.

I found the info at http://www.2-spyware.com/remove-antivir-solution-pro.html

Good luck, I spent hours working on this problem.

Jason - is it possible to exclude certain sites from being linked to?

yes... well, i can internally redirect them anyways...

Sorry to be a pain but I'm still geting the warnings on Firefox 3.6.8 (Mac OSX 10.4.11) :-(

No warnings with either Firefox 3.6.8 or Safari 5.0.1, on Mac OS X 10.6.4.

Sorry to be a pain but I'm still geting the warnings on Firefox 3.6.8 (Mac OSX 10.4.11) :-(

Everything is listing as clean and I haven't seen anything in days. I'll keep an eye out, but you may want to double check by clearing your cookies/cache, etc...

I get it when I go to the site with the direct ip address (one of my comps has that saved), but not when I enter with "reduser.net"

clear the cache.

Good shooting and best regards,

Leo

clear the cache.

Good shooting and best regards,

Leo

Hmmm...tried that with Firefox - no dice & now I can't even seem to log in to RedUser :-(

Safari 4.1.1 on the other hand seems to be working fine...guess I'll have to use that just for RedUser browsing :undecided: