Have we been hacked?

Got this from a member less than an hour ago. Don't want to wait 2 days for Ning staff to respond to ticket just put in. Could be an urgent matter.

Who knows what about this??

I received this message while reading an email in my ANG inbox. Please forward to Ning for analysis ASAP, because of this site is compromised, it could hurt a lot of people in a short time.

I looked over the links on the page on Latest Activity, but by the time I did that, I didn't see any posters that weren't long-term members. However, it's worth doing an immediate scan of your system.

Danger: Surf-Shield has detected active threats on this page and has blocked access for your protection.The page you are trying to access has been identified as a known exploit, phishing, or social engineering web site and therefore has been blocked for your safety. Without protection, such as that in the AVG Security Toolbar and AVG, your computer is at risk of being compromised, corrupted or having your identity stolen. Please follow one of the suggestions below to continue.

URL: if5tv1.com/img.php
Name: Blackhole Exploit Kit

Favorite

0 members favorited this

▶ Reply to This

Replies to This Discussion

Permalink Reply by Eric Suesz on December 5, 2011 at 11:40am

It sounds like your member has some software on their computer that could be causing them to see this message. I don't see this message when I visit your site. Please let me know your ticket number and I will make sure it is routed to the right people.

Here's an example of other people having the same issue on sites across the Internet, FWIW.

▶ Reply

Permalink Reply by Rev. O.M. Bastet on December 5, 2011 at 12:20pm

Oh thank you Eric. Breathing a sigh of relief. I was aware of that message as being relatively common and not necessarily meaning anything, and I will check out the example you linked to.

Here is the ticket number, I think, with my deep gratitude for your prompt attention!

ref:00D8cCLt.5004HmUuH:ref

▶ Reply

Permalink Reply by Eric Suesz on December 5, 2011 at 1:07pm

Okay, it looks like we have this ticket going to the right people here.

I did a quick look around your network, and I don't see any ads or embeds or anything on your site that looks suspicious, if that helps in any way. I suppose it could be a profile page embed somewhere. If I find one, I'll come back here, and we'll try to get your ticket answered without too much delay.

▶ Reply

Permalink Reply by Rev. O.M. Bastet on December 5, 2011 at 1:15pm

Muah!!!!

Yeah, I try to keep outside influences to a minimum, LOL!!!

I think I'll ask him whose message he was reading.....Then I could look at the profile, and ask him if there were any links or embeds in the message. I meant to do that sooner.....

Blessings to ya!

▶ Reply

Permalink Reply by Rev. O.M. Bastet on December 5, 2011 at 11:00pm

Our network has tickets that still haven't been addressed, and I posted some important questions here in Creators which Ning staff has not addressed, but I have to publically acknowledge that on this matter, the response was both prompt and thorough!

Here's the Ning response, sent to us about 2 1/2 hours after the ticket was filed. Eric probably expedited it due to my post here....

"I'm not seeing this warning when I go to www.anewgaia.ning.com or the sign up page at http://www.anewgaia.ning.com/main/authorization/signUp?.

I've taken a quick look at your social network and don't see anything unusual. Additionally, the Google Safebrowsing Diagnostic page forwww.anewgaia.ning.com is all clear: http://www.google.com/safebrowsing/diagnostic?site=http://www.anewg.... I've also taken a look and seen that according to Norton Safe Web, Norton rates your site as safe: http://safeweb.norton.com/report/show?url=www.anewgaia.ning.com.

You can forward this information to any concerned members. You may also want to contact "Surf-Shield", a third-party for more information regarding this. "

The member said there were no links or embeds in the message he was reading, so the overall conclusion is that this was another instance of false and misleading advertising by AVG.

Gratefully,

▶ Reply

Permalink Reply by AnitaC on December 6, 2011 at 7:39pm

I have been getting Blackhole Exploit Kit warnings also from the AVG Antivirus and one of them was actually because of Timthumb issue. Not sure if Ning uses Timthumb or not but I thought I'd share this. AVG will totally block you from seeing a website if it picks up this Blackhole issue.

▶ Reply

Permalink Reply by Eric Suesz on December 6, 2011 at 7:52pm

That's good to know. Thank you! I will check with the team and see if I can find out more.

▶ Reply

Permalink Reply by James Alexander on January 11, 2012 at 5:49am

Eric can you help,

Where do I contact to recover my network?

It seems that I have been deleted from the network and all my tabs apart from the basic ones deleted!

Everything is gone!

Can you help? or point me to help

thanks

James

▶ Reply

Permalink Reply by Eric Suesz on January 11, 2012 at 9:13am

Is this your network, James? Have you shared your sign-in info with anyone? If so, that could be a problem. Have you contacted us about this yet? If not, I would immediately open a ticket here and give me that ticket number.

▶ Reply

Permalink Reply by James Alexander on January 11, 2012 at 1:19pm

Nope not shared sign in data with anyone.

Yes thats the network Eric.

Nope this is the first contact.

I opened a ticket:

this is from the email ref: ref:00D8cCLt.5004HppnO:ref

thanks

▶ Reply

Permalink Reply by James Alexander on January 13, 2012 at 12:44am

Thanks Eric for your fast response.

It has all been sorted now :)

All the best,

James

▶ Reply

Permalink Reply by Rev. O.M. Bastet on December 6, 2011 at 9:01pm

Oh that's very interesting Anita. That suggests that AVG was actually responding to something about the particular webpage, not just gratuitously,out of thin air, generating an ad for its paid products....