Recently a few of the websites I frequent were carried to Google and other browsers and listed as infected with Malware. Without even investigating the sites goggle automatically sent out red flags for one site in particular. It pains me to see that this banner has been carried by Avast now, blocking my access TO the site.

http://yiffurs.com is NOT a Malware site. Thank you.

avast! doesn’t block this site.

Indeed, but it certainly blocks something on the site.

Really, before you go off the handle, understand that malware can come from any website, doesn’t mean they knowingly host it. No one said that. Either trust your AV to protect you, or run around being part of the problem instead of part of the solution. Avast! does not pad their database will meaningless detections.

your welcome

I’d been accessing the site fine until today when time after time Avast has it’s popup and the site never loads, just white screen… I’ve been speaking to others who can access the site just fine but I keep getting whited out.

It seems like Avast is blocking hxxp://kirol.cx.cc/?tp=06e7706b10c6f2e5
I used Internet Explorer’s Developer tools to see the html and it looks like a iframe on the page.

I ran a scan of the site with Anubis: http://anubis.iseclab.org/?action=result&task_id=172a5bc17649e6ad4b1d50ff2347b8b5a&format=html

I know the owner was talking about the site being attacked a lot recently and that he had a shield up to repel attacks… Maybe someone got through… There are a lot of haters out there. He was even freaking out because someone had suddenly reported the site as a source of malware to Google who didn’t even bother to investigate they just slapped up warnings all over the place and THEN all these things got through…

Some @$$hat must be using Goggle to attack us -

It looks like the iframe is above the header… (But i Might be wrong)

No, that is it, as it is a hidden iframe with the link to the malicious domain.

If you expand the + to the left of the iframe tag (shown in your first image) you will see more of what is going on inside this hidden iframe. But the main thing is that the remote domain in the iframe is considered malicious.

I don’t have a problem when using firefox as I have NoScript, even if I allow yiffurs.com I don’t get an alert as I have the firefox RequestPolicy add-on, which blocks cross site scripting explicitly. This is what this iframe relies on to work.

One thing for sure I wouldn’t like to be rummaging around this with IE. When I did look I used IE on a limited user (DropMyRights).

The key to this is actually the body tag: [nobbc][/nobbc]
That is what kicks off the iframe and other css and image loading, etc. So it looks like someone has slipped in this iframe tag into that object.

Hello, I am the owner of Yiffurs.com … How do I prevent someone from doing this and how do I remove it from the site? I have since then done a clean install of e107 so the live site is clean , but I would like to bring back the old setup since it was running so smoothly. Any ideas? Thanks!

Most commonly these hacks are as a result of having out of date content management software (php, sql, wordpress, joomla, etc.)which is vulnerable and being exploited. So you need to ensure that any content management software provided by you or your host is the latest.

Also see, Tips for Cleaning & Securing Your Website, http://www.stopbadware.org/home/security.

Also see, Help: I Got Hacked. Now What Do I Do? http://technet.microsoft.com/de-de/library/cc512587(en-us).aspx.

well,one of my client who came for our free malware removal service had ths iframe…i fixed it just a while ago with mbam… : : : :

We are talking about a site lol :o

He has the secret com155 MBAM that can also clean websites, a benefit of being famous throughout the city.

It is comments like this that really do show your experience levels, analysis skills and basically failure to read the topic.