Caring for a Three Legged Dog or Cat
Tripawds is the place to learn how to care for a three legged dog or cat, with answers about dog leg amputation, and cat amputation recovery from many years of member experiences.
JUMP TO FORUMS ↓
Join The Tripawds Community
Learn how to help three legged dogs and cats in the forums below. Browse and search as a guest or register for free and get full member benefits:
I thought it was just a conflict in advertising script and norton is thinking it's ugly.
These "attacks" have nothing to do with scripts from this site. Upon further investigation, our server's IP address is found nowhere in any of the reports. Not knowing Norton, we are unsure how anyone can confirm this domain as the cause. We would sure like to know.
All the IP addresses reported so far are suspicious and have been blocked. We doubt we have many users in Maldova. But the source of "browser fingerprinting" is not necessarily a website being viewed, it usually indicates active malware but can be be facilitated by any open connection to the Internet.
..now I am getting advertising banners from places I have visited on the net.
This is the very nature of Google, it is not specific to any scripts on this site. Over the past couple years the Google Monster has become very good at tracking where everybody has been to present them with "better targeted ads". We wrote about this in another blog back in late 2009. It is the nature of the Beast.
No worries from our end!
Thank you, we are doing our best to keep it that way and have escalated the issue for further investigation.
4 June 2011
These forum people are getting it too.
Same one. I just got a norton notice when I logged in. It is coming out of Moldova. IP Range 126.96.36.199 through 188.8.131.52
Can you just block all IP's in that range?
Just had it happen again to when I logged into the forums
Moldova, Republic of
Can you just block Moldova (where ever that is!?) Or block this IP range 184.108.40.206 through 220.127.116.11 ?
Here is another forum that is getting hit by this server. I did read not all the posts, but you find something in their discussion that might be helpful
After doing a little research, it does appear to be the ad script through Google. It appears bad guys are slipping in malicious script in ad spaces they have on Google. That would explain why it is random since the ads are random.
The problem with blocking IP ranges is that legitimate users with dynamic addresses can be denied access, and hackers will often just rotate their IP batches or use a proxy anyway.
We've gone ahead and blocked the range reported. If we start receiving complaints from users and visitors being blocked we'll send them your way. Please advise of any further attacks from Moldova, or suspicious activity from other IP address ranges.
As far as advertising goes, it shall remain out of pure necessity until such a time that this site generates enough income to support our efforts.
29 October 2010
Just now when I opened a new window to come to the forums, I got a message from Norton saying it had blocked a "high risk" attack. I've not seen that message before. I do have other windows open, but, like I said, it popped up right after coming to the forums. (I use Firefox)
Source IP address of 18.104.22.168
Abby: Aug 1, 2009 – Jan 10, 2012. Our beautiful rescue pup lived LARGE with osteosarcoma for 15 months – half her way-too-short life. I think our "halflistic" approach (mixing traditional meds + supplements) helped her thrive. (PM me for details. I'm happy to help.) She had lung mets for over a year. They took her from us in the end, but they cannot take her spirit! She will live forever in our hearts. She loved the beach and giving kisses and going to In-N-Out for a Flying Dutchman. Tripawds blog, and a more detailed blog here. Please also check out my novel, What the Dog Ate. Now also in paperback! Purchase it at Amazon via Tripawds and help support Tripawds!
I'll try to brush up on my Moldov-ese!
Just another suggestion...perhaps sending the IP's to Google and letting them know that perhaps someone has slipped some malware script into their adsense program?
I will try to make a point if it happens again, to see what ad is in rotation. Maybe we can figure it out. It seems to happening only on the forums.
Well, that didn't take long. I got one when I hit the save button on the above post. It's the same 178 block IP.
The ad space above the K9 Immunity link on the botoom of this page is now blank. Nothing there.
We've temporarily removed the Google Ads from the site footer and look forward to seeing if these "attacks" diminish.
Getting through to Google is another matter. Especially since they will only help if we can provide the link URL of the offensive ads, which we have now removed.
This just in from our server manager...
It seems like it's a flash and/or java program that's being delivered via google ads that pops up a misleading window that looks like it's coming from Windows that installs a virus on your computer. Many other forums (and other sites) appear to be affected by this too. If you google "Vista antivirus 2012" you can find some good info on it; apparently this is what the virus installer calls itself. It seems like a painful virus to remove.
Blocking those IPs on the server won't have any effect. Traffic from those IPs doesn't actually go through tripawds.com, it goes directly to the person's computer; the ads are offsite links. Apparently Chrome isn't vulnerable to the attack, and it might also be helpful to have people upgrade Java and Flash to the latest versions.
Unfortunately, we cannot afford to remove Google ads from this website. The best practice is to not click any ads that seem suspicious, and to never click any software warnings unless you are certain it is legitimate.
We have reactivated the footer ads site-wide and will submit the links of any malicious ads to Google for investigation. If you get an attack warning please look to see what ad might be displaying and send us the link via PM. (Do not click the link, right-click on it and copy the link location.) A screenshot will not help. We need to submit the link URL to Google or they can't do anything about it.
Thank you for your patience, cooperation and continued support.
Here's the blank ad when an attack occurs! Go get him TIGER JIM!
(I broke the link so no one could click it)
WHOIS Source: RIPE NCC
Moldova, Republic Of
Network Name: SPENELLI-MEDIA
Spenelli Media Inc.
From IP: 22.214.171.124
To IP: 126.96.36.199
Monkeybutt-Bunny Vampire Pirate said:
Here's the blank ad when an attack occurs...
Hmmm... Google informs us that's not a valid link url from the malicious ad. (Load it and you'll see a Mucinex ad.)
Do not view source code to copy the link location, that url will merely render the ad space. To copy the link location, right-click the ad and copy the link/url/destination.
Just got another attack.
Maybe giving google the domain will help since that is how they have accts setup?
Here it is: