IntegraMOD

[gcomfx.com]

"Internet access to the requested website has been denied based on your user profile and organization's Internet Usage Policy. Malicious Code/Virus"

One of my members sent me an email with the above info. Seems he can look up other forums, just not mine. Heck he can even visit some porn sites. <img>

[Drop-Forged]

Does your site use Prill???

That might trigger a tight filter.

[gcomfx.com]

Nope... no Prill. Or if I do, it's not running.

[Helter]

what is your URL?

[gcomfx.com]

100mphclub.com

[jwernerny]

One of my sites (the Snow Tire FAQ Forum -- http://www.snowtire.info/forum/) recently had a similar problem. One day it was working, and the next day it was completely gone (the directory was removed from the server)! After talking to support at wb-hosting I found out that my forum install had been compromised to the point that some malicious code was installing back doors to the system. As a automatic security measure, everything in those directories was quarantined. While not the best for my forum, I think it was the right course of action.

Once I had talked to them, they cleaned most of the infected files and restored the directory. I then went through and looked for extras, and there were some in all of the writable directories.

I have a more detailed post on this I will put in the security forum when I get out of work. I tried to post it Friday night, but I couldn't. For now, http://www.cmsimple.dk/forum/viewtopic. ... 1ca5596ddf presents a good primer on what happened. [edit] Look for "Sun May 07, 2006 9:38 pm" to get to a useful post. [/edit]

I am not sure if it was a flaw in IM that allowed the placement of the original script, or if someone else on the share server got hit with a c99 shell install. (The c99 shell allows full access to the OS, including scannng for unprotected directories and automatic install of files in them.)

- John

[gcomfx.com]

I was hacked a while back. We nuked the whole account and started with a fresh install with current fixes (at that time) I had just upgraded the day I got hacked, bad update. <img>

Anyway, I only have one person giving me this error and he was checking the site at work. My guess is they manually blocked him from the site.

[Helter]

I thought this might be the case, but it appears that you have a dns issue on your server

FAIL Open DNS servers ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it for domains it is not authoritative for (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address. Problem record(s) are:

Server 66.225.246.241 reports that it will do recursive lookups. [test] See this page for info on closing open DNS servers.
FAIL Mismatched glue ERROR: Your nameservers report glue that is different from what the parent servers report. This will cause DNS servers to get confused; some may go to the IP provided by the parent servers, while others may get to the ones provided by your authoritative DNS servers. Problem record(s) are:

ns2.gcomfx.com.:
Parent server (a.gtld-servers.net) says A record is 66.225.246.241, but
authoritative DNS server (66.225.246.240) says it is 205.234.132.158
ns1.gcomfx.com.:
Parent server (a.gtld-servers.net) says A record is 66.225.246.240, but
authoritative DNS server (66.225.246.240) says it is 66.225.219.6
ns1.gcomfx.com.:
Parent server (a.gtld-servers.net) says A record is 66.225.246.240, but
authoritative DNS server (66.225.246.241) says it is 66.225.219.6
ns2.gcomfx.com.:
Parent server (a.gtld-servers.net) says A record is 66.225.246.241, but
authoritative DNS server (66.225.246.241) says it is 205.234.132.158

when your site does not resolve correctly many mail servers will kick any mail originating from your site because your mail server url cannot be verified. Your host should be able to solve this easily enough. Also you need an SPF record. (a very likely reason your site may be tagged)

Your domain does not have an SPF record. This means that spammers can easily send out E-mail that looks like it came from your domain, which can make your domain look bad (if the recipient thinks you really sent it), and can cost you money (when people complain to you, rather than the spammer). You may want to add an SPF record ASAP, as 01 Oct 2004 was the target date for domains to have SPF records in place (Hotmail, for example, started checking SPF records on 01 Oct 2004).

http://www.openspf.org/

[gcomfx.com]

Passed the info along to my host. Thanks!!!

[gcomfx.com]

Host reply:

You had some errors in your DNS zone which I have cleared up. Please refresh your browser and flush your DNS (start -> run -> `ipconfig /flushdns`) if that does not work. This change may be immediate but if it isnt, please wait between 3 and 36 hours for the DNS change to fully propagate through the internet.

[Helter]

when it seems to be working correctly, you can check it here
http://www.dnsreport.com/

some of the cautions are not very realistic. Dont worry about things like both nameservers being on the same box, because unless you have a server farm, it is you only alternative