Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

osTicket v1.10 (stable) and Maintenance Release v1.9.15 are now available! Go get it now

Malware on website/ forum

Head's up!

On two separate occasions today I used Google for an osTicket-related search, clicked on a link that was meant to bring me to this forum, only to have my browser redirected to and hijacked by a bogus website. The site tries to aggressively push a drive-by download multiple times which on both occasions caused by browser to crash.

It appears that I am the first to report this.

It occurs to me that it is
possible that it is actually my computer that is infected, and not osticket.com/forum/, but this seems unlikely as I have visited at least a hundred other websites during the same period.


image


Comments

  • Anyone else seen this behavior?
  • edited June 14
    LOL I just clicked on this link in my Gmail accountimage
    and ended up with this lovely web page

    image

    Surely I cannot be the only person who is running into this?!
  • Yes i redirected to a random website... I thought it was my PC... but it is the forum.
  • also had the second picture yesterday when I search for osticket.com/forum in my google toolbar....
  • But I make imedimently a full scan and vulnerability search whit my "anti-virus" (I don't have the translation.) and he did not found anythings.
  • Same here also
  • Not only will this scare off new users but soon Google will catch on to what is happening and the search engine will discourage or block it's users from visiting osticket.com.

    I encourage whomever maintains the site to take immediate action.
  • yes.  Norton blocked malware.
  • I'm not able to see what you guys are seeing. We will look into this.

    Cheers.
  • I reported this to the Devs.
  • I'm using Chrome on Windows. 

    Perhaps the other people who are seeing the malware can also report their browser and OS.

    An obvious guess is that this is only affecting Windows computers.
  • same situation here and happened yesterday in a customer computer.
    red screen followed by hundreds of downloads of a .exe

    strange.
  • Yea i've seen this behaviour aswell in the last couple of days, just got sent to: http://167.99.10.111/alert?a=10012293&campid=62 after going to: http://osticket.com/forum/discussions

    Windows 10 + Chrome here aswell

    Never seem to be able to replicate except for when i've not been active for a while and never gotten it on edge/opera/firefox so far.
  • So it's only affecting Windows Users??

    Cheers.
  • Just got the exact same page as stevland trying to get back to this thread and it kept trying to download a file infinitly causing chrome to get stuck at 100% cpu load.

    The file is just 2 bytes and it seems only the first one actually downloaded, the rest fail.

  • Happend in Opera aswell now.
  • I'm still seeing the malware, but I should point out that it is intermittent (not sure if I mentioned that before).

    If the devs are having trouble tracking down the source of the malware, I have a suggestion.


    I once encountered a website that was doing the same sort of thing... attempting to drive-by download files onto the visitor's computer. 

    It turned out that it wasn't the website itself that was infected. The website had a section that displayed ads which it rented out to a third-party. And it wasn't this third-party that was infected either. The third-party re-sold the ad space to various advertisers. It was one of the advertisers that was pushing out malicious code through its ad.

    Long story short, my suggestion is to temporarily disable the "Hellobar" at the top of the site (the "We're hiring -- UI/UX Designers, Developers and DevOps" overlay). And any other scripts that are pulling in code from a third-party other than, say, Google or Gravatar.

    I hope this helps.


  • Happend in firefox aswell and malwarebytes had a fit about it too
    Category: Hijacking
    Domainn: myintohiseyes.tk
    IP-adress: 207.244.95.47
    Port: [50006]
    Type: External
    File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
  • I've experienced this over the last 2 days, on both Chrome and Firefox (both Windows 10) and its ONLY happened when on the OSticket forum and usually its happened around 2-4pm.  I'm on the web all day in multiple browsers.  My firefox is a new install with few extensions so I'm confident its not a plugin or extension in Chrome and I've got both the random web page and "big red warning page and crashed browser" in both apps.

    The certificate mismatch on this site doesn't help boost confidence either....

    Until a fix has been posted here I've added hellobar.com to my hosts file pointing at 127.00.1 so it can't fetch more pain from the web.  
  • To be clear I don't know for a fact that it has anything to do with hellobar.com, it's just something to eliminate. But the hosts file is a good idea, I'm going to try that as well.

    127.0.0.1 my.hellobar.com
  • Yes I experienced this a couple days ago. 
  • remember to flush dns cache and restart your browser if using the hosts trick.  I got the same page again after adding it to hosts but had not done those actions.  I now have and I've not had the page again since.
  • edited June 15
    @everyone

    The issue should be resolved now. We will be monitoring the site but please let us know if you still run into these issues or see anything suspicious.

    Cheers.
  • Thanks Kevin.
  • The malware is back! 

    It is exactly the same as before. :(
Sign In or Register to comment.