Jump to content
bojon

Is there a security issue with someone from TU hacking my PC?

By bojon, in Soft Plastics

Recommended Posts

Delw Newbie

Delw

Posted
Posted

There shouldnt be any problems with vb espeially the new version. what happens is that norton and Mcaffee has certain scripts and certain words they look for and if those scripts match they will pop up an alert. pop up ads are one of those things and so are cookies. just set your settings a tad lower, did you just install a new version of Mcaffee? or windows maybe a new version of your browser? usually that is why its noticeable now and not before. Also some hacks that are used in a forum for making things avail to users will pop-up a alert sometimes.

Norton is absolute junk when on a forum mcaffee usually isnt that bad.

one thing you never do is use the same pw on a forum that you would use on your online checking or personal stuff.

Forums get hacked all the time they are easy to hack for a hacker but unless you DOWNLOAD something your security is not at risk. Like download something from a new user or even play a video that is from someone that you don't know.

Link to comment
Share on other sites
redg8r Newbie

redg8r

Posted
Posted
My security,McAfee,said someone from this site is trying to get into

:mad:my computer.Any others having the same problem?I wont answer questions for awhile till it is resolved.Sorry.

Hi Ron,

Please send an email with any information given by McAfee, pertaining to TU. Email to tu@tackleunderground.com.

McAfee checks TU daily for suspicious behavior & they give us a clean bill of health, you can check here for yourself:

tackleunderground.com | Web Safety Ratings from McAfee SiteAdvisor

Link to comment
Share on other sites
redg8r Newbie

redg8r

Posted
Posted (edited)

Hi Ron,

Yes, please take note of any further warnings & pass it along directly to me.

There is an optional user setting to have TU issue a "popup" notification that you have a new private message, that may or may not be what McAfee is flagging. That is the only popup TU issues other than the automated chatroom login.

Regardless, I would like to see any information you could provide.

All the best.

Edited by redg8r
Link to comment
Share on other sites
Piscivorous Pike Newbie

Piscivorous Pike

Posted
Posted

I just joined, but got a warning before and after joining. Each time a page was opened I got the warning. The information was blocked so I just closed the warning and continured as I can work around it. Today, I got no warnings. I thought this was strange and was wondering if the information had been extracted and that is why or I did I get a trojan? Well, now, aafter stumbling onto this information it is time for full scans.

I use Trend Mirco, PC-cillin

It stated the site was trying to access my phone numbers, my software is pretty good in stating what exactly in detail is going on. It is a new Dell with MS Win Vista Home Premium and the Trend program is under subscribtion being it is new.

If I get it again I will screen shot it to you. I think it maybe a cookie that is causing it.

Link to comment
Share on other sites
redg8r Newbie

redg8r

Posted
Posted
I use Trend Mirco, PC-cillin

It stated the site was trying to access my phone numbers

Thanks for the information, but I don't understand.

Phone numbers?

How does your computer store your phone numbers? are you on dialup?

TU does not collect, nor require a phone number to join.

Our partners at Hagen's require a phone number in exchange for their catalog, other than that we do not collect phone numbers.

If you don't mind, please run the scan again & copy me the information to tu@tackleunderground.com

Thanks again.

Link to comment
Share on other sites
Piscivorous Pike Newbie

Piscivorous Pike

Posted
Posted
Thanks for the information, but I don't understand.

Phone numbers?

How does your computer store your phone numbers? are you on dialup?

TU does not collect, nor require a phone number to join.

Our partners at Hagen's require a phone number in exchange for their catalog, other than that we do not collect phone numbers.

If you don't mind, please run the scan again & copy me the information to tu@tackleunderground.com

Thanks again.

I believe the data miner went to the windows registration or dell registration data held in the system files that is necessary to open newly purchased Vista. That is generally how these miners work othewise how else would it detect useable data. As I said I paid little attention to it because my set up blocks this stuff very well, but definately my Virus Program reported that the miner was trying to pull the phone number that just happens to be my residents.

I just completed scans and only three data mining cookies were found; I doubt these were the culprit because the scan runs automatically every night and deletes these things so these three I picked up in the last 24 hours and as I looked into further the attacks do not correlate with any cookies that were detected as spyware.

I checked my "personal firewall" logs and it seems that this IP is hitting me:

157.130.221.26

The holder is

OrgName: MCI Communications Services, Inc. d/b/a Verizon Business OrgName: MCI Communications Services, Inc. d/b/a Verizon Business

So it could be anybody operating on that providers system. It correlates to the times I was on TU but does not correlate to any cookies that were deleted by my Virus Program. So I am not sure what type of attack it is.

It seems to link up to the time I joined, so I think it is the source.

Because it is spyware and showed up each time I opened a TU page I did not use my real Birthday in profile because I thought these attacks were connected to TU as it looked like advertising data mining. But the rest of my data is correct. I almost did not join because of it, I was suspicious and a bit irked. As I said I work for a "governmental employer" and I have taken great care and with court orders sealed all my public records to stay safe; I was not too enthusiastic about the prying. Since it seems we are all victims hear I will do what I can to try to track it down and share it with you all.

I am fairly computer competent and savy and I have this machine tweaked to the point I do not worry about these things and had just been closing the warnig windows and ignoring the fact it was interupting my soft plastic casting education.

If it emerges again I can track it through the virus program logs as it logs virus, spyware, personal data attacks, cookies, trojans...etc.

Folks that got warnings from their virus or spayware programs could probably find the culprit in their program logs. Granted sometimes those logs are not readly accessable to the average computer user.

Link to comment
Share on other sites
redg8r Newbie

redg8r

Posted
Posted
I had someone try to get in mine also. I don't know how to find out who it was. I usually just get out asap. Happened 2 times, late at nite.

Alright, before it gets misconstrued, please be a little more specific.

Are you claiming that your computer was attacked twice by the TU server? And what do you mean by "I usually just get out asap"?

Do you simply leave the site, or shut down your machine?

I dont mean to come off rude, but I dont take ANY of these issues lightly & would like to investigate them so please be more specific or come with some form of documentation, scan report, log, something.

I'm fully confident that these issues are either false positives from new or upgraded AV software, or simply lack of user understanding of the AV software. Regardless, I would like some information from those of you who are making claims. I can't help without some kind of concrete information.

& before it happens, please do NOT post any scan reports or private information in the forum, send them directly to me: tu@tackleunderground.com

Link to comment
Share on other sites
ROBOT Newbie

ROBOT

Posted
Posted (edited)

i'm a new user and this is my first post. i tried logging in last week and kept on getting referred off to the disney world home page.

two of the other fishing forums i go on have been hacked recently and when i get home i'll be running a full scan of my pc, especially after seeing this thread.

my concern isn't that TU is specifically trying to hack my machine but that a hacker is using TU as a medium to do it.

Edited by ROBOT
Link to comment
Share on other sites
redg8r Newbie

redg8r

Posted
Posted

I checked my "personal firewall" logs and it seems that this IP is hitting me:

157.130.221.26

The holder is

OrgName: MCI Communications Services, Inc. d/b/a Verizon Business OrgName: MCI Communications Services, Inc. d/b/a Verizon Business

TU's dedicated IP is: 72.186.65.207

Link to comment
Share on other sites
redg8r Newbie

redg8r

Posted
Posted
Got it!

I deleted my Phone Number from the screen shot!!

It says it originates from TU, what is that about?

Thanks, that would be a false positive by your AV software.

It's flagging our in-house advertising system.

I understand this false positive, because our ad system software is very popular & has the ability to serve ads from other ad agencies like "Commission junction" or "tribal fusion", etc. These types of ad agencies are known to serve ads that come from advertisers with questionable code attached.

We do NOT use affiliate programs in our ad server, the banners you see on this site are sold directly by us & we control the integrity of the link code, AKA "In-house" ads.

However your AV software recognizes our software & flags it (even though we use it properly)

Your best solution is to either block (which we dont recommend, our advertisers help pay the bills) or whitelist TU in your AV software.

We fully control our ads & dont allow any shady advertising, including pop-ups, pop-unders, or affiliate programs in the ad server.

Thanks for the info.

Link to comment
Share on other sites
Piscivorous Pike Newbie

Piscivorous Pike

Posted
Posted (edited)
TU's dedicated IP is: ...

Yes, and as you can see by the warning I just got what ever tried to access my phone number from System registration files came in on the TU connection as I opened the page. Clearly that is a TU address of appears to be one.

That is not to say TU has anything to do with it. It is made to look like that is all. Do you think there is a 'bot on a server? Maybe your provider or webmaster can look closely at those addresses and figure what is happening.

I really like this forum but this goes in spurts that everytime I open a page I get a warning about something trying to export data from system files.

Got it I see your reply, we posted over each other!

Edited by Piscivorous Pike
Link to comment
Share on other sites
redg8r Newbie

redg8r

Posted
Posted
Mcafee pops up and says it stopped someone from tryin to get into my computer. Don't remember the exacat words. I cut power when it happened.

Were you on TU at the time, or just sharing that you have been a victim of a possible hacking attempt?

Link to comment
Share on other sites
redg8r Newbie

redg8r

Posted
Posted (edited)
i'm a new user and this is my first post. i tried logging in last week and kept on getting referred off to the disney world home page.

two of the other fishing forums i go on have been hacked recently and when i get home i'll be running a full scan of my pc, especially after seeing this thread.

my concern isn't that TU is specifically trying to hack my machine but that a hacker is using TU as a medium to do it.

Hi Robot,

Your issue is being flagged by us.

Your usernam being "ROBOT" and your address being obviously fake, the site flagged you as a possible bot. Ironic isnt it? :lol:

The redirection & likely slow server response time is a measure we put in to cripple any unwanted bots & eventually they go away empty handed.

Edited by redg8r
Link to comment
Share on other sites
redg8r Newbie

redg8r

Posted
Posted
:)Thanks,

I trust your judgement on this, since I am not being "mined" I will white list it and worry no more!:yay:

Your choice of course, but again, the flag coming from that URL is definitely a false positive, it's not possible for our ad server to initiate any bad code, because we manually insert that code whenever a new advertiser purchases an ad.

If you whitelist TU, (add exception, in your case) that should only cover ads here, any other unintended activity coming from TU will still be caught by your AV.

Thanks for helping me clear it up.

Link to comment
Share on other sites
redg8r Newbie

redg8r

Posted
Posted
Yes, and as you can see by the warning I just got what ever tried to access my phone number from System registration files came in on the TU connection as I opened the page. Clearly that is a TU address of appears to be one.

That is not to say TU has anything to do with it. It is made to look like that is all. Do you think there is a 'bot on a server? Maybe your provider or webmaster can look closely at those addresses and figure what is happening.

I really like this forum but this goes in spurts that everytime I open a page I get a warning about something trying to export data from system files.

Got it I see your reply, we posted over each other!

Yeah, this thread has gone nuts, sorry for the disorganized replies.

We did a server scan when the first complaint came in & I informed the guys at the datacenter. They are running more in-depth scans, but I am running my own scans for trojans, shell bombs, zombie like behavior, bots, etc.

Bots & zombies are the easiest to find because they use alot of resources, so far nada.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Go to topic listing
×
×
  • Create New...
Top