Thanks to the script kiddies we had our work cut out for us today, but all is well again.
Well done and thanks for getting the "warning message" up - at least we knew it wasn`t us and something was in hand
Regards
David
Nice one Bob, and Jack also for the email :)
Did this propogate to CockpitBuilders' members? Each time of trying to log-in, it locked up the IE browser, and after terminating it, there were attempts to make changes to (using) Acrobat Reader.exe.
Normally, Acrobat Reader is not a part of CockpitBuilders as an requirement to use the site. After checking the Task Manager there were at least three-four instances of this exe file present. Terminated them all and that was it, but it still leaves the idea that something could happen and that it's related to this event.
Suggest everyone runs a full scan with Anti-Virus tonight, just in case...
BSD
Quote from: blueskydriver on April 05, 2011, 11:43:01 AM
Did this propogate to CockpitBuilders' members? Each time of trying to log-in, it locked up the IE browser, and after terminating it, there were attempts to make changes to (using) Acrobat Reader.exe.
Normally, this Acrobat Reader is not a part of CockpitBuilders as an requirement to use the site. After checking the Task Manager there were at least three-four instances of this exe file present. Terminated them all and that was it, but it still leaves the idea that something is could happen and that it is related to this.
Suggest everyone runs a full scan with Anti-Virus tonight, just in case...
BSD
No it did not. It was not that kind of attack. All your systems are safe. I have shutdown the Cockpitbuilders mail server for the time being as the server is still under attack I am on it.
Thanks Bob for fixing all of this.
It was odd how the AcrobatReader.exe kept trying to change things right when the page (browser) locked up, but then again it's IE8. Probably just something to do with IE and AcrobatReader; maybe a cookie fault.
Anyway, thanks again.
I ran a complete scan and all is OK.
All seems to be as it should at this time. I have restarted the the mail server and will continue to monitor it for the next few hours. I have also contacted the owner of the IP address that was at the heart of this.
As Bob has stated, we had one of our First Major attacks on the site early this morning.
I would like to thank you all for your patience. We have a great team behind Cockpitbuilders.com and if it wasn't for all of us contributing and pulling together when the $hit hits the fan, we wouldn't have such a great site.
I can only assume the reason for this kind of attack is "Jealousy". It just goes to show you that because we are getting bigger and better someone needs to try to ruin that. These individuals can not and will not ruin the good thing we have going here. It is our personal mission to stop as much of this as possible. If we can keep them out, then we are doing our jobs right, and if not we all just need to work at it harder.
Thank you all again for reporting posts, and helping to keep us informed.
Fortunatly in this case we have the offenders IP address/addresses from this attack, and will continue to follow up with our internal investigation in conjunction with the proper authorities.
Best regards to you all, and lets get the discussion back to building cockpits.
Trev
Let me explain a little further as to what happened. We DID NOT HAVE A VIRUS! What we had was an imbedded redirect to a site with reported mailware. The redirect is gone. So all are safe.
Great crew here!
Top "cockpit management"
Thanks guys!
:D
I don't know if it's a coicidence, but I got a warning about a rogue .exe file. It's the first I've had in I can't remember how long, so am thinking it might be related.
Sean
It's just a coincidence. Attacks are heavy from all sources, on anyone using the internet right now. I keep getting shipping notices from DSL, UPS and USPS. I am not waiting for any packages! So what do we think that is? Oh yes and all of them have a file attached.