# Warning Came Up!



## redbud60 (Sep 14, 2010)

Strange, this warning popped up when I tried to load the site. Closed the browser and it seems fine now. Could be a certain page or something?
I reported that this site does NOT contain threats.


----------



## Medi 1 (Sep 14, 2010)

ya im gettin them all day. mine is different, mine`s telling me its from mozilla fire fox though. its a virus. ive stopped all them so far


----------



## sguardians2 (Sep 14, 2010)

I got the same message, what's up with that, is the site safe?


----------



## sparkabowl (Sep 14, 2010)

Yeah, me too. Everything (other posts) work fine, but I went to check up on one of my threads and was blocked by firefox or AVG.


----------



## goldenone (Sep 14, 2010)

maybe admins need to check and make sure the site hasn't been hacked. It happens to a lot of legitimate sites all the time. I was infected a few days ago with a fake antivirus, but I don't know that it was caused by this site. I killed it quick though.


----------



## Vento (Sep 14, 2010)

It's the Fed's...lookin in all your directorys they are ....

Not come across this myself yet .... But if it happens i will call Bill Gates and put him straight


----------



## SuperLemonMe (Sep 14, 2010)

SITE ADMINS HURRY UP !!

At some point, someone posted messages or script containing link to a malware site

THIS IS GUARANTEED. The detection by google doesn't lie. Someone posted malware and they need to be banned

It could even be in an avatar..


----------



## jesus of Cannabis (Sep 14, 2010)

Advisory provided by	Google
Safe Browsing
Diagnostic page for www.rollitup.org/hydroponics-aeroponics

What is the current listing status for www.rollitup.org/hydroponics-aeroponics?

This site is not currently listed as suspicious.

What happened when Google visited this site?

Of the 4 pages we tested on the site over the past 90 days, 1 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-09-14, and the last time suspicious content was found on this site was on 2010-09-14.

Malicious software is hosted on 1 domain(s), including cnjug.com/.

1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including drads.net/.

This site was hosted on 1 network(s) including AS46176 (SKIPL).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, www.rollitup.org/hydroponics-aeroponics did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

Next steps:

* Return to the previous page.
* If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.

Updated 18 hours ago

©2008 Google - Google Home


----------



## blazin256 (Sep 14, 2010)

i get it everytime i click anything within the forum. using firefox
View attachment 1156746


----------



## Weedoozie (Sep 14, 2010)

blazin256 said:


> i get it everytime i click anything within the forum. using firefox
> View attachment 1156746


this is the same thing I got with firefox, whats the dealio?


----------



## guy incognito (Sep 14, 2010)

yep me too.


----------



## coopdevillan (Sep 14, 2010)

I get it to. Thats creepy can they do shit like that and hack in to gather IP addresses and shit ??????


----------



## plsfoldthx (Sep 14, 2010)

I got this message from my browser when I tried to view this site today

*Safe Browsing*

*Diagnostic page for rollitup.org/cfl-growing*

*What is the current listing status for rollitup.org/cfl-growing?*
Site is listed as suspicious - visiting this web site may harm your computer.​ *What happened when Google visited this site?*
Of the 4 pages we tested on the site over the past 90 days, 4 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-09-14, and the last time suspicious content was found on this site was on 2010-09-14.Malicious software is hosted on 1 domain(s), including cnjug.com/.
1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including drads.net/.
This site was hosted on 1 network(s) including AS46176 (SKIPL).​ *Has this site acted as an intermediary resulting in further distribution of malware?*
Over the past 90 days, rollitup.org/cfl-growing did not appear to function as an intermediary for the infection of any sites.​ *Has this site hosted malware?*
No, this site has not hosted malicious software over the past 90 days.​ *How did this happen?*
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.​ *Next steps:*


Return to the previous page.
If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.


----------



## Illumination (Sep 14, 2010)

Too many weird things happening here lately....really thinking about leaving here...seriously

Namaste' 

ps- kinda makes one think first the "upgrading" with NO upgrades...Then this tweet BS...and now this place is flagged as hosting malware...And the reason we can't become elite members is security concerns...looks like WE have LEGITIMATE SECURITY CONCERNS


----------



## Weedoozie (Sep 14, 2010)

it seems to be gone now...

oh, nevermind, it was only not showing up when I went to My Rollitup.
it shows up on forum links still.


----------



## dudeoflife (Sep 14, 2010)

Yes, it has to be a security vulnerabilty after this site made those upgrades a few days/weeks ago.

RIU is operating on an open source software called Vbulletin. It is an excellent piece of forum software, similar to phpBB.

As a moonlighting open source developer, I can say that we sometimes make simple stoner mistakes when upgrading parts of the software installation, including the core, as well as plugin upgrades that enhance the functionality of the site.

The "permissions" configuration of most open source software is often overlooked, too. I develop sites on the Drupal & Wordpress platforms, and get way too baked to remember to doublecheck permissions settings after an upgrade. I am certain I can speak for the maintainers of RIU and say that someone was a little too baked when they made some changes in some configuration screen somewhere.

I say this because users right now can embed code other than bbcode and basic html, either in their signatures or forum posts.

Javascript, most likely. Nefarious javascript.


----------



## Weedoozie (Sep 14, 2010)

damn...RIU could lose some great knowledgeable and helpful assets to their site this way...


----------



## khm916 (Sep 14, 2010)

Use OSx and you dont have to worry about anything.


----------



## StonedBlownSkiller (Sep 14, 2010)

I wonder why this is the only thread I can read with no warnings....


----------



## goldenone (Sep 14, 2010)

StonedBlownSkiller said:


> I wonder why this is the only thread I can read with no warnings....


Ditto same thing with me


----------



## dudeoflife (Sep 14, 2010)

Weedoozie said:


> damn...RIU could lose some great knowledgeable and helpful assets to their site this way...


Yes, this could be a dealbreaker for some. This is a paranoid community by nature, and for good reason!

Really, though, I have come across this from time to time. 

I once had a site that got over 12000 visits a day from Russian spammers! Talk about a PITA. It was a goddamn invasion of cyalis and viagra links in the content. Nike Air Jordans, too, strangely enough.

Anyway, I would speculate that whoever is fucking with this site is looking for a quick financial gain instead of IP addresses. Asshole gets the clicks, gets paid X cents for each click.

If this were some government/law enforcement agency trying to hack the site, it would lose funding right right away for its lack of efficacy.

The browser picks up the malicious code instantly. Amateur. It's a bug created by some 12 year old with braces still in his mouth, who wears sweatpants that smell like pee.

No worries here.


----------



## KolorBlind (Sep 14, 2010)

Been getting the same using Google Chrome in Incognito mode. Between this and the server timing out on a regular basis, RIU is really becoming a pain for me. I consider it my primary source of MJ info, but anymore I have found myself spending just as much or more time on other sites due to small things like this that should never have happened in the first place.

Paranoia strikes deep, and I have far too much to lose. We need a lid put on this ASAP!
KB


----------



## dudeoflife (Sep 14, 2010)

However, I AM going to log off for a day, and hope that stoner support will fix this ASAP.

It's either a user content permissions vulnerabilty, a banner ad, or some kind of general fuckup that occurred during this site's last major upgrade.

That's open source software for ya.


----------



## KolorBlind (Sep 14, 2010)

dudeoflife said:


> If this were some government/law enforcement agency trying to hack the site, it would lose funding right right away for its lack of efficacy.


I agree with your post all except that part. Dont ever believe that. Anyone who truly believes such statements is extremely naive or LEO themselves. Dont ever underestimate the Govt, and even more so, dont ever over estimate them either. Chances are its not, but taking chances is the first step to imprisonment. Best to treat any and every threat as a serious one.

KB


----------



## dudeoflife (Sep 14, 2010)

One more thing-

Hey Rollitup DUDES!

Why are you still using Vbulletin? That's so 2001!

Here's an idea for you: Consider Migrating Your Site to Drupal.

It's only like the world's best damn content management system known to mankind, with a huge community growing daily. MTV, Sony, among many other big names use and develop on this platform for its many features. Security and high volume traffic handling are its strongest points, obviously the two most important things you need in order to grow a huge online community.

Vbulletin is soooo passe.

Imagine having page load times of less than 300 milliseconds- even with thousands of users logged in at once!

Anyway, you should hit me up for a few ideas. I know a shit-ton about Drupal, as I have been developing sites with it for a few years now. My latest project is an ecommerce site for my totally awesome fertilizer that I will soon be taking to market, Called SmokeNGrow. It is on my local server right now, and will go live here within the week. I choose Drupal for all my projects, and strongly recommend you/your staff to seriously consider Drupal to be a part of your long term plan for your success of this site.

Want to see what Drupal is all about? Go to the forums on Drupal.

http://drupal.org

I always thought it'd be so cool to see mj plant on there instead of a bunch of computer geeks....imho...

Just an idea. Contact me!


....logging out for real this time....


----------



## Weedoozie (Sep 14, 2010)

dudeoflife said:


> One more thing-
> 
> Hey Rollitup DUDES!
> 
> ...


lol you should work for them man!

ps you're still logged on


----------



## dudeoflife (Sep 14, 2010)

Weedoozie said:


> lol you should work for them man!
> 
> ps you're still logged on


I'm BAAAACK!

I FOUND IT! 

It's an advertising network! 

drads.net


----------



## dudeoflife (Sep 14, 2010)

Yes, I SHOULD work for rollitup. 

I would absolutely love to be involved with developing/migrating a forum onto the Drupal platform.

It would be the capstone of everything I know in this world: Web development and horticulture!

But I should kinda focus on this here nutrient company I've been working on for some time now....ahem.....


----------



## Weedoozie (Sep 14, 2010)

dudeoflife said:


> I'm BAAAACK!
> 
> I FOUND IT!
> 
> ...


Nice dude
where are the admins when you need them...


----------



## dudeoflife (Sep 14, 2010)

Weedoozie said:


> Nice dude
> where are the admins when you need them...


Tell me about it.

This is almost as much fun as diagnosing a nutrient deficiency, though.


----------



## dudeoflife (Sep 14, 2010)

.....the software is the equipment

....the traffic is the conditions

......the users are the nutrients....


----------



## dudeoflife (Sep 14, 2010)

StonedBlownSkiller said:


> I wonder why this is the only thread I can read with no warnings....


No banner ads on the support pages- that's my guess!


----------



## Weedoozie (Sep 14, 2010)

Lol dude you totally get a rep for this


----------



## dudeoflife (Sep 14, 2010)

Weedoozie said:


> Lol dude you totally get a rep for this


Thanks Wee!

I feel a little better about things, now. It'll probably take a day to clear up, though. 

We can all sleep a little better, anyways. 

And Drads.net: fuck off and die. Fly-by-night sites like yours never last, never offer any real value to the internet, and almost always lose in the end. Get your clickthroughs while you can, you fat, sweaty, ignorant, inbred bastard, because you'll be standing in the freestore line soon enough. 

Logging off for rizzo...


----------



## goldenone (Sep 15, 2010)

Looking at some other forums and it seems a lot like this one. This is what one of the members had to say.

"Another forum I belong to popped that up, and it was due to people's signatures. Some were using banners from a website that became compromised, and the forum was getting reported as a site hosting malware due to the sigs."


----------



## plsfoldthx (Sep 15, 2010)

I'm done with this site. I have a feeling admins are actually responsible for this and plus they haven't addressed this issue at all yet.


----------



## Goku97 (Sep 15, 2010)

dudeoflife said:


> Tell me about it.
> 
> This is almost as much fun as diagnosing a nutrient deficiency, though.


lmfao. I deff think someone's hacking the site to try to gain people's ID info to get easy $. For where I love people are actually legally aloud to grow up to 10 plants with out a green card all the cops can do here if your not selling is just take your plants and that's it no fines no jail time nothing


----------



## EmptyWords (Sep 15, 2010)

this isnt really anything to worry about. hopefully admins will come and fix this. i assume some scripting is enabled but i haven't tried because im lazy but also someone could have easily got access to the sites server through sql injections. should be an easy fix and this stuff happens all the time to websites. i also agree with dudeoflife, this site would be better off with drupal but im sure they will never change to it. also no site is safe from being hacked, so this is nothing new and will probably happen again. it looks like someone is possibly trying to make a quick buck.


----------



## Zane Xander (Sep 15, 2010)

Aye here too just moments ago...what's the deal here. Has the DEA infiltrated the site?


----------



## Zane Xander (Sep 15, 2010)

Makes ya wonder if were being scoped out, after thinking about it, this isnt very safe way to fly under the radar by posting you chit online. I got to thinking just how dumb I was for breaking rule #2 Tell No one. You cant surf without leaveing a trace nower days... I bet this site is full of 5.0, huh


----------



## dudeoflife (Sep 15, 2010)

Zane Xander said:


> Aye here too just moments ago...what's the deal here. Has the DEA infiltrated the site?


Highly highly doubt it. Malicious Javascript, most likely by a spammer.


----------



## Zane Xander (Sep 15, 2010)

check this out. Things that make you wonder. obtw, that tweet tab is annoying!!

http://www.websiteoutlook.com/www.rollitup.org


----------



## Zane Xander (Sep 15, 2010)

*Server Location : *
Atlanta, Georgia, 30356, United States Yeah were all going to Jail.. lol the GBI is not a group to mess with, you will think Satan himself has landed in your yard.


----------



## Admin (Sep 15, 2010)

Allright so from what I can see, we were flagged by the way we are showing our advertisements. As the advertisements are sent by one of our other sites this looks like "malware" I have asked Google to review the site and it should be back to normal hopefully by morning.


----------



## KolorBlind (Sep 15, 2010)

So because the address is in Atlanta, GA, it must be the GBI?


----------



## Zane Xander (Sep 15, 2010)

KolorBlind said:


> So because the address is in Atlanta, GA, it must be the GBI?


just some early morning paranoia, no ill intentions intended.


----------



## Admin (Sep 15, 2010)

Alright we are back at 90% 
Straight from google: 

Status of the latest badware review for this site: A review for this site has finished. The site was found clean. The badware warnings from web search are being removed. Please note that it can take some time for this change to propagate.


----------



## jesus of Cannabis (Sep 15, 2010)

admin said:


> Alright we are back at 90%
> Straight from google:
> 
> Status of the latest badware review for this site: A review for this site has finished. The site was found clean. The badware warnings from web search are being removed. Please note that it can take some time for this change to propagate.


thx admin, u rock


----------



## jesus of Cannabis (Sep 15, 2010)

plsfoldthx said:


> I'm done with this site. I have a feeling admins are actually responsible for this and plus they haven't addressed this issue at all yet.


you have been a member for a year now and 33 posts? Thx for contributing and dont let the door hit you in the butt


----------



## Medi 1 (Sep 15, 2010)

and now there is a new update already for the vbulletin. my warnigs are gone this morning


----------



## StonedBlownSkiller (Sep 15, 2010)

Awesome.... I was hoping there wasnt a serious problem going on. I like it here and was going to be very dissapointed if Site went under. Good job RIU for getting shit under control. SBS


----------



## The sim's Bob Newbie (Sep 15, 2010)

Last night I got a fucking trojan from the "harvesting and curing" forum - "Trojan Horse - Cryptic.AWZ" and "Trojan Horse - Crypt.AAEY"

Dunno WTF happened, thought it was shitting me - just refreshed the forum, it told me "windows media player needs to install these updates to veiw items on this page" with a yes/no click

That's funny, especially as it wasn't a thread so I just said "no" - then media player popped up so I closed it down immediately, then AVG Anti-Virus popped up "potentially dangerous virus, type - trojan horse, name Crypt"...did a couple scans and updates and sorted it out...

Did anyone else actually GET the virus?


----------



## ReAVeR (Sep 15, 2010)

SuperLemonMe said:


> SITE ADMINS HURRY UP !!
> 
> At some point, someone posted messages or script containing link to a malware site
> 
> ...



indeed....the virus was probably in there ^..


----------



## sguardians2 (Sep 15, 2010)

Already another thread on this, the admin has responded and has got it fixed, just might take awhile for it to go into effect.


----------



## Goku97 (Sep 15, 2010)

The sim's Bob Newbie said:


> Last night I got a fucking trojan from the "harvesting and curing" forum - "Trojan Horse - Cryptic.AWZ" and "Trojan Horse - Crypt.AAEY"
> 
> Dunno WTF happened, thought it was shitting me - just refreshed the forum, it told me "windows media player needs to install these updates to veiw items on this page" with a yes/no click
> 
> ...


Nop. I did a few scans to make sure. I always do a scan every day at least once a day some times to 3 times a day


----------



## blazin256 (Sep 15, 2010)

still getting the attack site when i go to spirituality & sexuality & philosophy. thats the only one i can see so far.


----------



## moash (Sep 15, 2010)

i just got one goin to my rollitup,but it stopped now


----------



## dudeoflife (Sep 15, 2010)

It's just about gone!

It'll go away 100% once all the pages are cached. Still a few "old" pages showing it.

WTG RIU!


----------



## dudeoflife (Sep 15, 2010)

And thanks, POTroast, for that ginormous +rep injection.... phewweeeeee!

Guess my diagnosis was correct? Not that you couldn't have figured it out, too


----------



## coopdevillan (Sep 15, 2010)

jesus of Cannabis said:


> thx admin, u rock


concur........


----------



## Weedoozie (Sep 15, 2010)

woohoo, no more attack site nonsense!


----------



## Zane Xander (Sep 16, 2010)

I got hit by another url seconds ago.


----------



## Zane Xander (Sep 16, 2010)

bikleman.com/sex/[email protected] destination Adress -> ( 213.163.64.36,80 )
attemped to access IE.exe

Source Adress: 78.28.239.205

found a bunch of this crap: &#31119;&#24314; &#21414;&#38376;&#28165;&#21326;&#22823;&#23398;&#27993;&#27743; &#26477;&#24030;&#21704;&#23572;&#28392;&#24066;&#19978;&#28023;&#24066;&#23425;&#22799;&#38134;&#24029;&#21271;&#20140;&#21313;&#22576;&#21326;&#20013;&#31185;&#25216;


----------



## StonedBlownSkiller (Sep 16, 2010)

Now everybodies getting these ads in their posts. WTF


----------



## Medi 1 (Sep 16, 2010)

ya im getting hit with it again as soon as i log in. so its catchin this...but is it catching them all and now all us that get this now have bugs in our pc`s. 
seems an easy enough fix. use your old back up and then get up to date on the new vb they released yesterday. should this not by pass the virus the entered in the past few days then. the back up should be virus free if done before we got hit here.????


----------



## Medi 1 (Sep 16, 2010)

ya now im getting viruses all over here and warnings to log in to authenticate...im done here till you can fix this. my whole system just went nuts over multi hits even as i type this...gone


----------



## Zane Xander (Sep 16, 2010)

Yeah I think I have made a huge mistake by posting pictures and stuff. When you upload pictures the site log the location where the pictures come from computer and IP, Now I am freaking... Somewhat.. Now I have to shut down everything. Atleast I found out now.. before it was too late. 

Thanks for all the help, Howard, tranquility and others.


----------



## stelthy (Sep 16, 2010)

StonedBlownSkiller said:


> Awesome.... I was hoping there wasnt a serious problem going on. I like it here and was going to be very dissapointed if Site went under. Good job RIU for getting shit under control. SBS



Hi dude, yeah I agree.... I had a red warning pop up on 'chrome' summink about do I trust the site? oh well - 'Yes I do'  Whats up with that tweet thing on the left, as someone else said it is bloody annoying lol, well so long as the sites comes to no harm, I am happy! and BOO!!! to the bugger thats causing problems, Oh well back to ,my project  - STELTHY


----------



## Babs34 (Sep 16, 2010)

redbud60 said:


> Strange, this warning popped up when I tried to load the site. Closed the browser and it seems fine now. Could be a certain page or something?
> I reported that this site does NOT contain threats.
> 
> View attachment 1156280


Don't click on that picture!!!!
WTF????
It froze my computer and I couldn't even MANUALLY turn off my computer.


----------



## StonedBlownSkiller (Sep 16, 2010)

stelthy said:


> Hi dude, yeah I agree.... I had a red warning pop up on 'chrome' summink about do I trust the site? oh well - 'Yes I do'  Whats up with that tweet thing on the left, as someone else said it is bloody annoying lol, well so long as the sites comes to no harm, I am happy! and BOO!!! to the bugger thats causing problems, Oh well back to ,my project  - STELTHY


 Yea but it seems to be having issues still. Whats this add on everybodies posts for? Im about to log out and come back in a few days. I not trying to deal with viruses and shit.


----------



## Babs34 (Sep 16, 2010)

StonedBlownSkiller said:


> Yea but it seems to be having issues still. Whats this add on everybodies posts for? Im about to log out and come back in a few days. I not trying to deal with viruses and shit.


no doubt man, I'm with you.


----------



## Sinistry (Sep 16, 2010)

I dont think the malware warnings and this weird pic on everyone's post is all of it. Ive got some suspicious emails claiming to be from this site, but look bogus. Im gonna stay off this site for a few days as well.

Check out the thread:

https://www.rollitup.org/support/367568-account-validation-request.html


----------



## Serapis (Sep 16, 2010)

I've been avoiding the site when I get the warning in my chrome browser. Seems like the problem was identified in this thread on page 2 or 3.... I'm beginning to wonder about the security of this site...


----------



## TheOldRat (Sep 16, 2010)

Logged in to get this:
http//bikleman.com/sex/tmp/des.jar multiple threats connection terminated - quarantined Threat was detected upon access to web by the application: C:\Program Files (x86)\Java\jre6\bin\java.exe.
http//bikleman.com/sex/tmp/des.jar » ZIP » dev/s/AdgredY.class a variant of Java/Exploit.CVE-2009-3867.AC trojan 
http//bikleman.com/sex/tmp/des.jar » ZIP » dev/s/DyesyasZ.class a variant of Java/TrojanDownloader.OpenStream.NAO trojan 
http//bikleman.com/sex/tmp/des.jar » ZIP » dev/s/LoaderX.class a variant of Java/TrojanDownloader.Agent.NBQ trojan 

I use NOD32 antivirus it rocks and finds/removes stuf Norton/McAfee/AVG cant.

and NEVER Click on a ON LINE SCAN!!! they are allways a trojan or scam.
most virus nowadays actually try to trick you into installing the trojan...
You may also get a pop up that looks very legit from a antivirus or windodos that has a message, error click here to remove virus. When you do you install one!!!
only scan using your installed antivirus and only trust messages from your installed antivirus. 

TR


----------



## Silent Running (Sep 16, 2010)

Drads.net is throwing the error for my browser. The script that is running the advertisement banners has a java exploit coming out of drads.net according to my protection software. Fortunately, with adblock on FF, I just added drads.net to my filter and don't get the error popup any more. Also added that twitter link from the left to adblock filter.


----------



## Illumination (Sep 16, 2010)

Silent Running said:


> Drads.net is throwing the error for my browser. The script that is running the advertisement banners has a java exploit coming out of drads.net according to my protection software. Fortunately, with adblock on FF, I just added drads.net to my filter and don't get the error popup any more. Also added that twitter link from the left to adblock filter.


love that avatar

Namaste'


----------



## Admin (Sep 17, 2010)

drads.net has been removed from the site as our ad server. We are now using a completely different ad server.


----------



## stelthy (Sep 17, 2010)

admin said:


> drads.net has been removed from the site as our ad server. We are now using a completely different ad server.



Ever since RIU has had its make over there's been lot's of probs..... Why is this? the add that has half appeared on all my latest posts is pretty annoying to say the least and the twitter tab should go to hell to! I love this site and have BIG respect for most the people on it, Someone please fix it asap... make it normal and user friendly again, many thanks - STELTHY


----------

