Jump to content

Recommended Posts

Posted

Yesterday, I tried to get into TheAerodrome website - without success.

After thre attempts, I received a screen message telling me that I was banned due to

attacks being made from my system.

It took me a while to understand, and I let my KASPERSKY AV program make a system check.

It found this trojan:

 

"Exploit.Java.Agent.du"

 

(I have added quotation marks to prevent it becoming a clickable address - I may sound foolish,

but don't know much about such stuff, and I don't want to create more chaos.)

 

What ever that trojan exactly did - The Aerodrome felt being attacked and banned me.

I have eliminated that trojan, of course.

But still, after three E-mails to their webmaster, I haven't even got any response on my question,

what I could possibly do to drop the bann.

 

Has anyone here ever had such a situation? And what did you do then?

Posted

Maybe it was only your IP address that was banned. If it was only that , you can switch off and then turn on your router to renew your IP address.

Otherwise register with a different email and everything will be all right.

No drama.

Posted

just some tech info on said trojan,

 

This is a program-exploit that uses Sun Microsystems Java (CVE-2008-5353) vulnerability for its execution on a victim’s machine. It is a Java-class file. Depending on version it can be 3 to 60 kB in size.

This vulnerability makes it possible for attacker to execute applet with increased privileges. The following software is vulnerable: Java Runtime Environment (JRE) for Sun Java Development Kit (JDK) and JRE6 10th Update and earlier versions; JDK and JRE 5.0 16th Update and earlier versions; Software Development Kit and JRE 1.4.2_18 and earlier versions.

sorry I cant help with the site ban,

Posted (edited)

Just tried as you said, von Paulus, but I am still banned, although I had a different IP-Nr. Here is the message I keep getting:

 

403 FORBIDDEN!

 

Either the address you are accessing this site from has been banned for previous malicious behavior...

OR...

The action you attempted is considered to be hostile to the proper functioning of this system.

 

The detected reason(s) you were blocked are:

Scraper/Probe/listed on abuse.rfc-ignorant.org. .

 

Your IP, and Domain Name (if resolvable) has been logged to a honeypot,

along with the referring page (if any), QUERY, POST, User Agent, time of access, and date.

 

Please either 1. Stop the bad behavior, or 2. Cease accessing this system.

 

Your connection details:

Record #: XXX

Time: Thu, 06 Jan 2011 12:46:13 -0800

Host: XXXXXXXXXXXx.de

IP: XX:XXX:XXX:XX

Post:

Query: vbseourl=index.php

Stripped Query: vbseourl=index.php

Referer: http://www.theaerodrome.com/index.php

User Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 ( .NET CLR 3.5.30729; .NET4.0C)

Reconstructed URL: http:// www.theaerodrome.com /forum/

 

Generated by ZB Block 0.4.8

 

I have Xed those parts which I thought should not be exposed in public.

Any ideas?

Edited by Olham
Posted

I've deleted all cookies, started the router new and tried with a new IP address - still no go.

 

When I get to The Aerodrome main page, there is a note at the top saying the sites needs

an application I have not installed.

 

Java Runtime Environement

 

Could that be the reason, and is it safe to install it?

Posted

I've deleted all cookies, started the router new and tried with a new IP address - still no go.

 

When I get to The Aerodrome main page, there is a note at the top saying the sites needs

an application I have not installed.

 

Java Runtime Environement

 

Could that be the reason, and is it safe to install it?

Go to Java website and follow directions to uninstall Java in Vista-W7. Reboot and then reinstall latest version of JRE.

It may not help you being banned, but at least you'll have a clean JRE install.

 

plug_nickel

Posted

The worst thing is that what happened to Olham can happen to anybody, and probably at every other site too. All it takes is some nasty piece of code that infects your computer.

 

The Internet is a great thing, but unfortunately there are many scumbags out there who use their programming skills for doing harm. How twisted can one be to get satisfaction from such things?

Posted

I agree Hasse Wind..seems like a sad, lonely..'I eat too much pizza and never done a days work in my 19 pathetic, useless years of life' .. sort of existence really

Posted

Thanks a lot, Widowmaker - you're a nice chap too, mate!

 

A wooden badger??? Which "Troja" did you watch, Lou - must have been a pirate copy?

 

Hasse Wind, I was on several websites, including this forum, before I knew

and eliminated the trojan. No other site banned me.

Posted

You need to contact their network administrator I'd imagine. Until they unblock you there's not much you can do, short of getting a new IP address entirely or acquiring software like Hide My IP to mask your IP address. I've used that before to get around such restrictions (Megavideo 75 minute time limits), worked fine but probably not worth the $30 just to access one pesky website.

Posted

.

 

Olham, my experience with contacting admin at The Aerodorme forums has shown they can take several days to get back to you on your email. Hopefully they will get it sorted out for you soon Sir.

 

.

  • 2 weeks later...
Posted

After 14 days, and 3 or even 4 mails to the webmaster of "The Aerodrome", I am still banned,

and didn't even receive an answer. I wouldn't bother, if that wasn't just one of the top websites

and forums about the field of WW1 aviation. I can't understand it.

Posted

It seems to be quite difficult to contact their administrators. I've been looking for anyone in charge there besides webmaster@aerodrome or whatever that chap's address is, because it seems he doesn't check his e-mail very often. However the staff seems quite unavailable and they don't even have a forum dedicated to support issues or anywhere you can raise a concern

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use, Privacy Policy, and We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue..