High risk website blocked

**SimonMac** · 4 March 2014, 14:14

http://forums.contractoruk.com/gener...-re-virus.html

**northernladuk** · 4 March 2014, 14:19

Originally posted by kingcook View Post

Everytime i'm on CUK forums at client co, Sophos Anti-virus keeps popping up with this message:

Access has been blocked to "ct1.addthis.com/static/r07/core124.js" as 'Mal/Badsrc-C' has been found at this website.

@mods: are you aware of this?

Exactly what do you expect the mods to do about it? Ban it?

**cojak** · 4 March 2014, 14:20

I've passed it on to Admin.

**administrator** · 4 March 2014, 14:39

Cheers for the shout. Having a look now but on first glance sounds like a false positive. The Follow us links at the top of the side nav pulls some JavaScript from AddThis.com which just provides us with some stats about what clicks and follows we have had. So unless they have been hacked and some code injected into that file...

**kingcook** · 4 March 2014, 14:39

Originally posted by northernladuk View Post

Exactly what do you expect the mods to do about it? Ban it?

Just bringing it to their attention. No need to be an arse about it.

(And no, I obviously didn't search for an existing post first!)

**administrator** · 4 March 2014, 14:58

Originally posted by kingcook View Post

Just bringing it to their attention. No need to be an arse about it.

(And no, I obviously didn't search for an existing post first!)

Really appreciate the shout kc, am still looking as always worth checking out. No modified files on the site in the last 3 days bar re-rolled css files from what I can see. Sometimes if it is a nasty they can be buggers to track down though so no giving up yet.

**xoggoth** · 4 March 2014, 15:03

Didn't note the details but I did get an IE message the other day about blocking a malicious item on CUK. However, IE11 is always stopping working for some reason or other, not sure I believe it.

**administrator** · 4 March 2014, 15:34

This is showing it as being clean:
https://www.virustotal.com/

Have checked the ad server and nothing there in the places where I have seen it hacked before - and when we had a spate of OpenX vulnerabilities a year or two ago I locked it down but that doesn't mean there aren't fresh exploits that could bypass the security measures put in place.

KC - I have removed the AddThis code for the moment - could you let me know if Sophos is still complaining at your end please as that would help narrow it down for me.

**northernladuk** · 4 March 2014, 15:51

Originally posted by kingcook View Post

Just bringing it to their attention. No need to be an arse about it.

(And no, I obviously didn't search for an existing post first!)

You know me, that is not me being an arse

High risk website blocked