forum.piriform.com was blocked by avast antivirus for awhile earlier today as noted in a thread at their forum:
http://forum.avast.c...?topic=108365.0
Their experts say it was a bona fide infection but I'm not so sure. Anybody know?
I have same problem and do NOT use Avast.
Apparently website code went pear shaped.
This was an issue last night
so far the moderator staff has not been informed what occurred, but as soon as we know you will know as well I assume
currently it looks like some images may have been lost as well
Symantec Enterprise was blocking it as a mass injection and other browser/OS's were showing a major PHP error
My avast free antivirus also blocked access, earlier on today, to the CCleaner forum.
Avast 7 also blocked portable defraggler & ccleaner as "possible infections" (or tried to) when I was using them on a test machine.
I haven't too much faith in Avast. Too many false positives.
Now, the forum, yes, it was down for me also last night, & no, that was not Avast that caused it!!!
Didn't you read my link? The forum was hacked and avast protected you, that means it was doing it's job.
Thanks for the link Hazelnut
Originally Posted by ratchetI'm worried about hazelnut. Hope she is safe!
I got sleepy and added my avatar back.
Yes, I read it.
_____
On the test machine, I was using Avast + CCleaner + Defraggler (To which Avast detected as "possible malicious programs), which is false.
I had not tried the Piriform website on the machine using Avast.
On my machine, I was using AVG & simply had the same error as others listed here, but no warning from AVG.
I also, am using Firefox.
_____
Nothing happened, except I could not access the forums till sometime today when I came home.
As I had this same error loading page as others here, & I was not using Avast on my main machine, I simply deduced that the website was down.
And not that Avast was protecting the machine(s) listed above.
I could be incorrect on this.
_____
It is also possible that my ISP automatically blocked the website while it was under attack.
You are incorrect. Avast protected you. Stop trying to kid yourself it was a false positive.
What happened to the forum earlier was nothing to do with what happened with the exploit later.
People who were using a Piriform product which was set to check for updates could have also triggered alarms from their av's when the updater contacted the Piriform servers.
People who were using a Piriform product which was set to check for updates could have also triggered alarms from their av's when the updater contacted the Piriform servers.
That surprises me.
Many times when I tried to contact the forum website I never had a warning but I had the error
"Fatal error: require_once() [function.require]: Failed opening required './initdata.php' (include_path='.:/usr/local/php53/pear') in /home/ccleaner/public_html/index.php on line 23"
BUT
I also tried
http://www.piriform.com/ccleaner/download'>http://www.piriform.com/ccleaner/download
and that connected immediately without any problem
but when I clicked on the Support button on that page and chose the "Community Forum"
I again got
"Fatal error: require_once() [function.require]: Failed opening required './initdata.php' (include_path='.:/usr/local/php53/pear') in /home/ccleaner/public_html/index.php on line 23"
I assumed it was only the forum website that had a coding error.
Are you saying that there was an exploit affecting both
http://www.piriform.com
and
and here's me thinking it was as simple as some Webmaster publishing some poorly tested PHP code.
ISUPME showed it down at the time: http://www.isup.me/h...um.piriform.com
urlQuery.net is a service for detecting and analyzing web-based malware. It provides detailed information about the actions a browser takes while visiting a site and presents the information for further analysis.
You are incorrect. Avast protected you. Stop trying to kid yourself it was a false positive.
What happened to the forum earlier was nothing to do with what happened with the exploit later.
People who were using a Piriform product which was set to check for updates could have also triggered alarms from their av's when the updater contacted the Piriform servers.
Good to hear Avast provided protection!
So everyone understands it:
someone hacked the forum and got access to the file system.
They changed some files and included an iframe.
The iframe loaded the new blackhole exploit kit v2.
And this loaded (on my machine where I saw this) some payload, it loaded also a jar file.
Google chrome blocked it for me directly.
The php error was due to the changed files and just fooled you. There was more than only this error message, the iframe, but you could not see it.
ISUPME showed it down at the time: http://www.isup.me/h...um.piriform.com
Strangely, http://www.downforev...neorjustme.com/ showed it was up.
You are incorrect. Avast protected you. Stop trying to kid yourself it was a false positive.
What happened to the forum earlier was nothing to do with what happened with the exploit later.
As stated above, the test machine using Avast was NOT used to connect to Piriform, but rather the main machine with AVG.
As per the forum, I also stated that it is possible that my ISP blocked the website due the infection.
Have heard that my ISP has a kind of firewall they use to protect users, etc.
Not sure on how deep their protection goes, but I listed it because they may have blocked it on their end.
* Bolded my prior statement concerning my ISP. As it is entirely possible they did block it till it was fixed. (Hence your observation differing from mine).
well, if nothing else, it's made us all re-find our avatars and prompted others to change theirs.
well, if nothing else, it's made us all re-find our avatars and prompted others to change theirs.
Thank you for this; I didn't even notice that my avatar was missing. Time for a new one, anyway...