Anyone else get blank pages sometimes at LNE?

Here you can give feedback about (the working of) this board, like problems, questions, remarks, suggestions and praise.
Martian
Posts: 1944
Joined: Thu 26 Jul 2007 18:29
Location: Friesland, the Netherlands

Re: Anyone else get blank pages sometimes at LNE?

Post by Martian » Wed 30 Sep 2009 22:47

Here is some new data on the weird blank page phenomenon.

When I get a blank page and view the source code, it shows a weird javascript line. Further, I have checked the server log at the time I got the blank page, and there is no entry!So I don't know where that blank page with javascript line is coming from.

*puts on tin foil hat*

You wouldn't think that certain dark forces of Lymeland have anything to do with this?! :shock:

admin
Site Admin
Posts: 342
Joined: Wed 25 Jul 2007 21:06

Re: Anyone else get blank pages sometimes at LNE?

Post by admin » Thu 1 Oct 2009 5:07

Warning!

After many hours of investigating this I finally discovered what is probably going on here:

Malicious Server-Wide Meta Redirects.



The site http://www.UnmaskParasites.com tests if sites are hacked and infected with parasites. You can let it check web pages. The result for the LNE homepage can be found here
http://www.UnmaskParasites.com/security ... europe.org

The test reports:
Suspicious Inline Scripts

Script outside of <HTML>...</HTML> block

var rwhfak=new Date( ); rwhfak.setTime(rwhfak.getTime( )+12*60*60*1000); document.cookie="\x6e\x5fs...
The last line is a part of the weird script I found in the source code of the blanc pages (which I reported earlier).


The following article describes in detail what is VERY LIKELY going on here at LNE:
http://blog.unmaskparasites.com/2009/07 ... redirects/

IN SUMMARY: THE SERVER THAT LYMENET EUROPE IS RUNNING ON IS VERY LIKELY HACKED, WHICH SOMETIMES MAKES IT SERVE MALICIOUS CONTENT BY MEANS OF INJECTED CODE.

IF YOU SUDDENLY SEE AN ANTIVIRUS MESSAGE APPEAR WHILE VISITING LYMENET EUROPE, THEN IT IS PROBABLY A FAKE ANTIVIRUS MESSAGE SERVED BY THE MALICIOUS CODE. DO NOT CLICK OKAY TO LET THE FAKE PROGRAM RUN A SCAN OR ANYTHING, BUT TRY TO CLOSE THE WINDOWS.


As long as you haven't received those fake antivirus messages AND didn't use it (clicking OK button), there is probably not a problem. I also received those fake messages a few times the past days and I knew rightaway they were fake, but I didn't realise this could be related to the recent problems with LNE, but they are almost certainly related! Yesterday I let several anti malware programs scan by PC and they couldn't find anything. Now I understand why, the message is served via the internet.

If you did receive fake spyware/virus scanner messages while visiting LNE, please let me know, and tell me if you used the fake scanner. I received pop-up messages from a fake tool displaying names like "Total Security (Tool)" and similar names.

Source: http://www.2-spyware.com/remove-total-security.html
Once installed, Total Security performs fake system scan and displays various infections that cannot be removed until you first purchases the program, because trial version is supposedly unable to remove those infections. Actually, these infections do not really exist and are being shown only to scare you hopping that you will buy a license of Total Security 2009. The rogue may also display the Total Security Protection Center window which is very similar to legitimate Windows Security Center notifications. What is more, Total Security terminates popular anti-malware applications when users try to perform system scan.
Isn't it insane?!

I am sorry this is happening. Continue using LNE at your own risk!

I will inform my web hosting provider about this now.

Post Reply