Olham 164 Posted January 7, 2011 Yesterday, I tried to get into TheAerodrome website - without success. After thre attempts, I received a screen message telling me that I was banned due to attacks being made from my system. It took me a while to understand, and I let my KASPERSKY AV program make a system check. It found this trojan: "Exploit.Java.Agent.du" (I have added quotation marks to prevent it becoming a clickable address - I may sound foolish, but don't know much about such stuff, and I don't want to create more chaos.) What ever that trojan exactly did - The Aerodrome felt being attacked and banned me. I have eliminated that trojan, of course. But still, after three E-mails to their webmaster, I haven't even got any response on my question, what I could possibly do to drop the bann. Has anyone here ever had such a situation? And what did you do then? Share this post Link to post Share on other sites
Von Paulus 8 Posted January 8, 2011 Maybe it was only your IP address that was banned. If it was only that , you can switch off and then turn on your router to renew your IP address. Otherwise register with a different email and everything will be all right. No drama. Share this post Link to post Share on other sites
ONETINSOLDIER 2 Posted January 8, 2011 just some tech info on said trojan, This is a program-exploit that uses Sun Microsystems Java (CVE-2008-5353) vulnerability for its execution on a victim’s machine. It is a Java-class file. Depending on version it can be 3 to 60 kB in size. This vulnerability makes it possible for attacker to execute applet with increased privileges. The following software is vulnerable: Java Runtime Environment (JRE) for Sun Java Development Kit (JDK) and JRE6 10th Update and earlier versions; JDK and JRE 5.0 16th Update and earlier versions; Software Development Kit and JRE 1.4.2_18 and earlier versions. sorry I cant help with the site ban, Share this post Link to post Share on other sites
Olham 164 Posted January 8, 2011 Thank you, guys! I'll try that, von Paulus. Share this post Link to post Share on other sites
Olham 164 Posted January 8, 2011 (edited) Just tried as you said, von Paulus, but I am still banned, although I had a different IP-Nr. Here is the message I keep getting: 403 FORBIDDEN! Either the address you are accessing this site from has been banned for previous malicious behavior... OR... The action you attempted is considered to be hostile to the proper functioning of this system. The detected reason(s) you were blocked are: Scraper/Probe/listed on abuse.rfc-ignorant.org. . Your IP, and Domain Name (if resolvable) has been logged to a honeypot, along with the referring page (if any), QUERY, POST, User Agent, time of access, and date. Please either 1. Stop the bad behavior, or 2. Cease accessing this system. Your connection details: Record #: XXX Time: Thu, 06 Jan 2011 12:46:13 -0800 Host: XXXXXXXXXXXx.de IP: XX:XXX:XXX:XX Post: Query: vbseourl=index.php Stripped Query: vbseourl=index.php Referer: http://www.theaerodrome.com/index.php User Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 ( .NET CLR 3.5.30729; .NET4.0C) Reconstructed URL: http:// www.theaerodrome.com /forum/ Generated by ZB Block 0.4.8 I have Xed those parts which I thought should not be exposed in public. Any ideas? Edited January 8, 2011 by Olham Share this post Link to post Share on other sites
Olham 164 Posted January 8, 2011 I've deleted all cookies, started the router new and tried with a new IP address - still no go. When I get to The Aerodrome main page, there is a note at the top saying the sites needs an application I have not installed. Java Runtime Environement Could that be the reason, and is it safe to install it? Share this post Link to post Share on other sites
almccoyjr 7 Posted January 8, 2011 I've deleted all cookies, started the router new and tried with a new IP address - still no go. When I get to The Aerodrome main page, there is a note at the top saying the sites needs an application I have not installed. Java Runtime Environement Could that be the reason, and is it safe to install it? Go to Java website and follow directions to uninstall Java in Vista-W7. Reboot and then reinstall latest version of JRE. It may not help you being banned, but at least you'll have a clean JRE install. plug_nickel Share this post Link to post Share on other sites
UK_Widowmaker 571 Posted January 8, 2011 I can't imagine you Olham being banned from Anywhere! You're such a nice chap!....damn those Trojan's Share this post Link to post Share on other sites
RAF_Louvert 101 Posted January 8, 2011 . Perhaps if we built a large wooden badger. . Share this post Link to post Share on other sites
Hasse Wind 46 Posted January 8, 2011 The worst thing is that what happened to Olham can happen to anybody, and probably at every other site too. All it takes is some nasty piece of code that infects your computer. The Internet is a great thing, but unfortunately there are many scumbags out there who use their programming skills for doing harm. How twisted can one be to get satisfaction from such things? Share this post Link to post Share on other sites
UK_Widowmaker 571 Posted January 8, 2011 I agree Hasse Wind..seems like a sad, lonely..'I eat too much pizza and never done a days work in my 19 pathetic, useless years of life' .. sort of existence really Share this post Link to post Share on other sites
Olham 164 Posted January 8, 2011 Thanks a lot, Widowmaker - you're a nice chap too, mate! A wooden badger??? Which "Troja" did you watch, Lou - must have been a pirate copy? Hasse Wind, I was on several websites, including this forum, before I knew and eliminated the trojan. No other site banned me. Share this post Link to post Share on other sites
Javito1986 14 Posted January 8, 2011 You need to contact their network administrator I'd imagine. Until they unblock you there's not much you can do, short of getting a new IP address entirely or acquiring software like Hide My IP to mask your IP address. I've used that before to get around such restrictions (Megavideo 75 minute time limits), worked fine but probably not worth the $30 just to access one pesky website. Share this post Link to post Share on other sites
Olham 164 Posted January 8, 2011 As I said in the first post - I did. No answer. Share this post Link to post Share on other sites
RAF_Louvert 101 Posted January 8, 2011 . Olham, my experience with contacting admin at The Aerodorme forums has shown they can take several days to get back to you on your email. Hopefully they will get it sorted out for you soon Sir. . Share this post Link to post Share on other sites
Olham 164 Posted January 9, 2011 Thanks for that comfort, Lou - so I'll wait - their site's worth it. Share this post Link to post Share on other sites
Olham 164 Posted January 22, 2011 After 14 days, and 3 or even 4 mails to the webmaster of "The Aerodrome", I am still banned, and didn't even receive an answer. I wouldn't bother, if that wasn't just one of the top websites and forums about the field of WW1 aviation. I can't understand it. Share this post Link to post Share on other sites
Javito1986 14 Posted January 22, 2011 It seems to be quite difficult to contact their administrators. I've been looking for anyone in charge there besides webmaster@aerodrome or whatever that chap's address is, because it seems he doesn't check his e-mail very often. However the staff seems quite unavailable and they don't even have a forum dedicated to support issues or anywhere you can raise a concern Share this post Link to post Share on other sites
Olham 164 Posted January 22, 2011 Thank you, Javito! Perhaps they'll find it some time soon. Share this post Link to post Share on other sites