Skip to content
View in the app

A better way to browse. Learn more.
ResHax

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.
Help us keep the site running.

aluigi.org is "infected"

ZenHAX
in Zenhax

Featured Replies

  • Author
  • Localization

hhrhhr, posted Wed Jul 08, 2015 2:55 pm (6223)

i use secure Yandex DNS-servers, today found that the site is considered to be "infected". translated message:
Quote:
Yandex periodically checks the sites to warn users of dangerous pages. Last checked (less than two days old) showed that the site was placed malicious code. This could be either at the request of the owners, and without their knowledge - as a result of malicious acts.

Malicious code:

It contains Mal / JSShell-B (according to the company Sophos).


it's not a problem for me, but i would in your place would have written in support of Sophos about false positives.
  • Author
  • Localization

aluigi, posted Wed Jul 08, 2015 3:55 pm (6227)

Thanks for the info.
Honestly I don't have the minimal idea of what it means, first because in the last months I have updated only quickbms and the scripts (the rest of the website is untouched), then because there is not a name of file or other additional information and then there is nothing even similar to code like this (the metasploit code that is probably related to that Mal / JSShell-B).

The files online are 100% original so I guess it's one of the usual false positives coming from my old open source proof-of-concepts.

aluigi.altervista.org is reported ok (aluigi.org is simply a redirect to aluigi.altervista.org, it contains nothing).

Anyway the problem is yandex. Sophos is simply used as a link to the information of what has been found.

Are you using the DNS 77.88.8.88/2 ?
  • Author
  • Localization

hhrhhr, posted Wed Jul 08, 2015 6:32 pm (6234)

Code:
77.88.8.88, 77.88.8.2, 77.88.8.7, 77.88.8.3:
aluigi.org.             1200    IN      A       213.180.193.250

77.88.8.8, 77.88.8.1:
aluigi.org.             10800   IN      A       217.70.184.38
aluigi.org.             10800   IN      NS      c.dns.gandi.net.
aluigi.org.             10800   IN      NS      a.dns.gandi.net.
aluigi.org.             10800   IN      MX      50 fb.mail.gandi.net.
aluigi.org.             10800   IN      MX      10 spool.mail.gandi.net.
aluigi.org.             10800   IN      SOA     a.dns.gandi.net. hostmaster.gandi.net. 1355402945 10800 3600 604800 10800
aluigi.org.             10800   IN      NS      b.dns.gandi.net.


aluigi.altervista.org works ok. I tried to inform the Yandex of false positives, but usually reach them as difficult as for Google ;)
  • Author
  • Localization

aluigi, posted Wed Jul 08, 2015 7:27 pm (6236)

Ok, please keep me updated if something changes in the next days/weeks.
Guest
This topic is now closed to further replies.
Go to topic listing

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.