TRIPAWDS: Home to 18789 Members and 1942 Blogs.
HOME » NEWS » BLOGS » FORUMS » CHAT » YOUR PRIVACY » RANDOM BLOG

Caring for a Three Legged Dog or Cat

Tripawds is the place to learn how to care for a three legged dog or cat, with answers about dog leg amputation, and cat amputation recovery from many years of member experiences.
JUMP TO FORUMS

Join The Tripawds Community

Learn how to help three legged dogs and cats in the forums below. Browse and search as a guest or register for free and get full member benefits:

  • Instant post approval.
  • Private messages to members.
  • Subscribe to favorite topics.
  • Live Chat and much more!

REGISTER   |   LOG IN

Be More DogWhat does it mean to Be More Dog?

Find out in Be More Dog: Learning to Live in the Now by Tripawds founders Rene and Jim. Learn life lessons learned from their Chief Fun Officer Jerry G. Dawg! Get the book and find fun gifts in the Be More Dog Bookstore.

Please consider registering
Guest
Search
Forum Scope




Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
Register Lost password?
sp_Feed sp_PrintTopic
Topic Rating: 0 Topic Rating: 0 Topic Rating: 0 Topic Rating: 0 Topic Rating: 0 Topic Rating: 0 (0 votes) 
sp_TopicIcon-c
Survey: Does Your AntiVirus Report Tripawds as an Attack Site?
sp_NewTopic Add Topic
Here and Now


Forum Posts: 12456
Member Since:
25 April 2007
sp_UserOfflineSmall Offline
16
21 December 2011 - 9:23 am
sp_Permalink sp_Print
0
sp_QuotePost

cometdog said:

I thought it was just a conflict in advertising script and norton is thinking it's ugly.   

These "attacks" have nothing to do with scripts from this site. Upon further investigation, our server's IP address is found nowhere in any of the reports. Not knowing Norton, we are unsure how anyone can confirm this domain as the cause. We would sure like to know.

All the IP addresses reported so far are suspicious and have been blocked. We doubt we have many users in Maldova. But the source of "browser fingerprinting" is not necessarily a website being viewed, it usually indicates active malware but can be be facilitated by any open connection to the Internet.

..now I am getting advertising banners from places I have visited on the net.

This is the very nature of Google, it is not specific to any scripts on this site. Over the past couple years the Google Monster has become very good at tracking where everybody has been to present them with "better targeted ads". We wrote about this in another blog back in late 2009. It is the nature of the Beast.

No worries from our end!   

Thank you, we are doing our best to keep it that way and have escalated the issue for further investigation.

New Jersey
Forum Posts: 270
Member Since:
4 June 2011
sp_UserOfflineSmall Offline
17
21 December 2011 - 3:02 pm
sp_Permalink sp_Print
0
sp_QuotePost

My Norton just popped up with an Attack message. This is the first one I've received. Tripawds was the only site open on my browser at the time. Hope this helps.

Las Vegas, Nevada
Forum Posts: 4344
Member Since:
14 August 2009
sp_UserOfflineSmall Offline
18
21 December 2011 - 4:23 pm
sp_Permalink sp_Print
0
sp_QuotePost

These forum people are getting it too.

http://www.audi.....?p=5232318

 

Same one.  I just got a norton notice when I logged in. It is coming out of Moldova.  IP Range 178.17.163.0 through 178.17.163.255

Can you just block all IP's in that range?

Her Retired AvatarComet - 1999 to 2011

She departed us unexpectedly  January 23, 2011 at the age of 12 1/2.

She was born with a deformed front leg and a tripawd all of her life.

Las Vegas, Nevada
Forum Posts: 4344
Member Since:
14 August 2009
sp_UserOfflineSmall Offline
19
21 December 2011 - 4:32 pm
sp_Permalink sp_Print sp_EditHistory
0
sp_QuotePost

Just had it happen again to when I logged into the forums

178.17.163.115/80

server location:

Moldova, Republic of

 

Can you just block Moldova (where ever that is!?) Or block this IP range 178.17.163.0 through 178.17.163.255 ?

 

Here is another forum that is getting hit by this server.  I did read not all the posts, but you find something in their discussion that might be helpful

http://www.audi.....?p=5232318

P.S.

After doing a little research, it does appear to be the ad script through Google. It appears bad guys are slipping in malicious script in ad spaces they have on Google.  That would explain why it is random since the ads are random.

Her Retired AvatarComet - 1999 to 2011

She departed us unexpectedly  January 23, 2011 at the age of 12 1/2.

She was born with a deformed front leg and a tripawd all of her life.

Here and Now


Forum Posts: 12456
Member Since:
25 April 2007
sp_UserOfflineSmall Offline
20
21 December 2011 - 5:37 pm
sp_Permalink sp_Print sp_EditHistory
0
sp_QuotePost

The problem with blocking IP ranges is that legitimate users with dynamic addresses can be denied access, and hackers will often just rotate their IP batches or use a proxy anyway. 

We've gone ahead and blocked the range reported. If we start receiving complaints from users and visitors being blocked we'll send them your way. Please advise of any further attacks from Moldova, or suspicious activity from other IP address ranges.

As far as advertising goes, it shall remain out of pure necessity until such a time that this site generates enough income to support our efforts.

San Diego, CA
Forum Posts: 2503
Member Since:
29 October 2010
sp_UserOfflineSmall Offline
21
21 December 2011 - 6:08 pm
sp_Permalink sp_Print
0
sp_QuotePost

Just now when I opened a new window to come to the forums, I got a message from Norton saying it had blocked a "high risk" attack. I've not seen that message before. I do have other windows open, but, like I said, it popped up right after coming to the forums. (I use Firefox)

Source IP address of 212.95.55.24

Abby: Aug 1, 2009 – Jan 10, 2012. Our beautiful rescue pup lived LARGE with osteosarcoma for 15 months – half her way-too-short life. I think our "halflistic" approach (mixing traditional meds + supplements) helped her thrive. (PM me for details. I'm happy to help.) She had lung mets for over a year. They took her from us in the end, but they cannot take her spirit! She will live forever in our hearts. She loved the beach and giving kisses and going to In-N-Out for a Flying Dutchman. Tripawds blog, and a more detailed blog here. Please also check out my novel, What the Dog Ate. Now also in paperback! Purchase it at Amazon via Tripawds and help support Tripawds!

Las Vegas, Nevada
Forum Posts: 4344
Member Since:
14 August 2009
sp_UserOfflineSmall Offline
22
21 December 2011 - 7:36 pm
sp_Permalink sp_Print
0
sp_QuotePost

I'll try to brush up on my Moldov-ese!

 

Just another suggestion...perhaps sending the IP's to Google and letting them know that perhaps someone has slipped some malware script into their adsense program?

I will try to make a point if it happens again, to see what ad is in rotation. Maybe we can figure it out. It seems to happening only on the forums.

Her Retired AvatarComet - 1999 to 2011

She departed us unexpectedly  January 23, 2011 at the age of 12 1/2.

She was born with a deformed front leg and a tripawd all of her life.

Las Vegas, Nevada
Forum Posts: 4344
Member Since:
14 August 2009
sp_UserOfflineSmall Offline
23
21 December 2011 - 7:41 pm
sp_Permalink sp_Print
0
sp_QuotePost

Well, that didn't take long.  I got one when I hit the save button on the above post.  It's the same 178 block IP.

The ad space above the K9 Immunity link on the botoom of this page is now blank.  Nothing there.

Her Retired AvatarComet - 1999 to 2011

She departed us unexpectedly  January 23, 2011 at the age of 12 1/2.

She was born with a deformed front leg and a tripawd all of her life.

Las Vegas, Nevada
Forum Posts: 4344
Member Since:
14 August 2009
sp_UserOfflineSmall Offline
24
21 December 2011 - 7:44 pm
sp_Permalink sp_Print
0
sp_QuotePost

Okay, this can't be good:

This is a screenshot of the bottom of this page now:

Image Enlarger

Her Retired AvatarComet - 1999 to 2011

She departed us unexpectedly  January 23, 2011 at the age of 12 1/2.

She was born with a deformed front leg and a tripawd all of her life.

Here and Now


Forum Posts: 12456
Member Since:
25 April 2007
sp_UserOfflineSmall Offline
25
21 December 2011 - 9:58 pm
sp_Permalink sp_Print sp_EditHistory
0
sp_QuotePost

We've temporarily removed the Google Ads from the site footer and look forward to seeing if these "attacks" diminish.

Getting through to Google is another matter. Especially since they will only help if we can provide the link URL of the offensive ads, which we have now removed.

Here and Now


Forum Posts: 12456
Member Since:
25 April 2007
sp_UserOfflineSmall Offline
26
22 December 2011 - 10:16 am
sp_Permalink sp_Print
0
sp_QuotePost

This just in from our server manager...

It seems like it's a flash and/or java program that's being delivered via google ads that pops up a misleading window that looks like it's coming from Windows that installs a virus on your computer.  Many other forums (and other sites) appear to be affected by this too.  If you google "Vista antivirus 2012" you can find some good info on it; apparently this is what the virus installer calls itself.  It seems like a painful virus to remove.

Blocking those IPs on the server won't have any effect.  Traffic from those IPs doesn't actually go through tripawds.com, it goes directly to the person's computer; the ads are offsite links.  Apparently Chrome isn't vulnerable to the attack, and it might also be helpful to have people upgrade Java and Flash to the latest versions.

Unfortunately, we cannot afford to remove Google ads from this website. The best practice is to not click any ads that seem suspicious, and to never click any software warnings unless you are certain it is legitimate.

We have reactivated the footer ads site-wide and will submit the links of any malicious ads to Google for investigation. If you get an attack warning please look to see what ad might be displaying and send us the link via PM. (Do not click the link, right-click on it and copy the link location.) A screenshot will not help. We need to submit the link URL to Google or they can't do anything about it.

Thank you for your patience, cooperation and continued support.

Monkeybutt-Bunny Vampire
27
24 December 2011 - 11:58 pm
sp_Permalink sp_Print sp_EditHistory
0
sp_QuotePost

http:

//googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3520336761608351&output=html&h=90&slotname=2690110450&w=728&lmt=1324796023&flash=11.1.102.55&url=http%3A%2F%2Ftripawds.com%2Fforums%

2F&dt=1324796034388&bpp=1&shv=r20111207&jsv=r20110914&prev_slotnames=9751720653&correlator=

1324796034324&frm=20&adk=3345198611&ga_vid=1515271830.1324796034&ga_sid=1324796034&ga_hid=1761973268&ga_fc=0&u_tz=-480&u_his=12&u_java=1&u_h=720&u_w=1280&u_ah=658&u_aw=1280&u_cd=24&u_nplug=0&u_nmime=0&dff=times

%20new%20roman&dfs=12&adx=269&ady=4836&biw=1263&bih=496&ref=http%3A%2F%2Ftripawds.com%2Fforums%2Ftripawds-angel-exchange%2Fmetal-raised-food-and-water-stand-

available%2F&fu=0&ifi=2&dtd=38&xpc=A1WZOtgDDp&p=http%3A//tripawds.com">

 

Here's the blank ad when an attack occurs!  Go get him TIGER JIM!

 

(I broke the link so no one could click it)

Monkeybutt-Bunny Vampire
28
25 December 2011 - 12:08 am
sp_Permalink sp_Print
0
sp_QuotePost

WHOIS Source: RIPE NCC

IP Address:
178.17.163.189
Country:
Moldova, Republic Of
Network Name: SPENELLI-MEDIA

Owner Name:
Spenelli Media Inc.
From IP: 178.17.163.184
To IP: 178.17.163.191

Allocated: Yes
Contact Name: George Spenelli
Address: Spenelli Media
Inc., UA-03179 Kiev, Ukraine
Email: george@spenelli.com
Abuse Email:
abuse@trabia.net

Here and Now


Forum Posts: 12456
Member Since:
25 April 2007
sp_UserOfflineSmall Offline
29
27 December 2011 - 12:18 pm
sp_Permalink sp_Print
0
sp_QuotePost

Monkeybutt-Bunny Vampire Pirate said:

Here's the blank ad when an attack occurs...

Hmmm... Google informs us that's not a valid link url from the malicious ad. (Load it and you'll see a Mucinex ad.)

Do not view source code to copy the link location, that url will merely render the ad space. To copy the link location, right-click the ad and copy the link/url/destination. 

Thanks!

Las Vegas, Nevada
Forum Posts: 4344
Member Since:
14 August 2009
sp_UserOfflineSmall Offline
30
31 December 2011 - 12:25 pm
sp_Permalink sp_Print
0
sp_QuotePost

Just got another attack.

Maybe giving google the domain will help since that is how they have accts setup?

Here it is:

hasaci.com/main

ip

204.12.247.51,80

Her Retired AvatarComet - 1999 to 2011

She departed us unexpectedly  January 23, 2011 at the age of 12 1/2.

She was born with a deformed front leg and a tripawd all of her life.

Forum Timezone: America/Denver
Most Users Ever Online: 946
Currently Online: benny55, manuel, mapsfamily
Guest(s) 72
Currently Browsing this Page:
1 Guest(s)
Member Stats:
Guest Posters: 1160
Members: 13833
Moderators: 2
Admins: 3
Forum Stats:
Groups: 4
Forums: 23
Topics: 17251
Posts: 241248
Administrators: admin, jerry, jim
Moderators: betaman, krun15
Tripawds is brought to you by Tripawds.
HOME » NEWS » BLOGS » FORUMS » CHAT » YOUR PRIVACY » RANDOM BLOG