Reply
 
Thread Tools Search this Thread Display Modes
 
Old 03-23-2006, 10:30 AM   #29
3 Rivet Member

 
2004 25' Safari
1971 27' Overlander
1957 22' Caravanner
Jourdanton , Texas
Join Date: Nov 2004
Posts: 202
Another instance of getting a norton nsg and need to reboot

You can add our laptop to the list of machines that are experiencing the norton threat message reorted by 2air'. After the message the only recourse for forum access is reboot.

The problem only occurs if we accesss the thread "Calling All WBCCI Members". If you stay away from that one no problems. The desktop machine running Zone Alarm Pro doesn't share the problem.

Jim
__________________
pienjim is offline   Reply With Quote
Old 03-23-2006, 01:09 PM   #30
Administrator
 
Andy R's Avatar
 
1961 16' Bambi
Dallas , Texas
Join Date: Feb 2002
Posts: 2,980
Images: 13
Blog Entries: 1
I will update all the software running this site next week and then let's go through more troubleshooting. FYI - Sorry for all of those that are having issues. Nothing has changed on the site for a long time (as far as software).
__________________
AIR # 2 - 1961 Bambi - Jeep Cherokee
------------------------------------
Campground Reviews: Submit and review campgrounds around the US
Andy R is offline   Reply With Quote
Old 03-23-2006, 01:50 PM   #31
_
 
. , .
Join Date: Dec 2004
Posts: 8,812
hi andyr and thanks for checking in on us......

while nothing has changed on the forums......
is it possible that when we click on these links......that seem to be the problem.....we are re-routed to those links....and off the forum server.....so upgrades/protection on the forum server won't help, or isn't the issue? does my question make sense?

hi, jordandvm and pienjim......

it appears we are having issues with the same sites, which aren't the actual forum threads...but the hyperlinks...in the posts.....so for now i'd just avoid them....
i haven't had an issue with the photo contest thread....but i haven't gone to the linked site/slideshow link.....did you?

if you go to the norton security suite.....on your desktop.....
and find the activity log......and open 'intrusion detection'....there will be a list and a red warning, next to the issues......and how norton has handled it......for me it's a 30 minute block of the ip address....

so doing this will allow you to see details about what triggered the alert, and so on......i've not needed to reboot...but wait out the 30 minutes....and this setting can be made shorter....i think.

when azflycaster gets on line later......perhaps he or one of the other 'it' gurus can chime in.....

since reporting this issue.....i've just avoided those links......with no more warnings by norton....

cheers
2air'
__________________
2airishuman is offline   Reply With Quote
Old 03-23-2006, 01:52 PM   #32
Moderator
 
Stefrobrts's Avatar

 
1968 17' Caravel
Battle Ground , Washington
Join Date: Dec 2002
Posts: 11,805
Images: 50
Blog Entries: 1
2air also mentioned to me he got the warning when following the link in my sig, which used to go to my blog, hosted by Google. Now it goes to my private website, which is on our business server and he said he didn't get the alert at the new site.
__________________
Stephanie




Stefrobrts is offline   Reply With Quote
Old 03-23-2006, 02:10 PM   #33
_
 
. , .
Join Date: Dec 2004
Posts: 8,812
hi stef.....

did you see my cryptic/secret message to you, in post 23?

cheers
2air'
__________________
2airishuman is offline   Reply With Quote
Old 03-23-2006, 02:28 PM   #34
Moderator
 
jcanavera's Avatar

 
2004 30' Classic Slideout
Fenton , Missouri
Join Date: Mar 2002
Posts: 8,601
Images: 143
Send a message via AIM to jcanavera Send a message via Skype™ to jcanavera
I'm running the Norton Anti-Virus for watching the email, but I use the free version of Zone-Alarm for my firewall. While it doesn't have all the bells and whistles of the pay version, the basic firewall protection is the same as the pay version. Best of all it's free and probably one of the best software firewall product out there.

I've run a few independent outside test tools that test to see if the firewall is exploitable, and so far we have come through with flying colors.

Jack
__________________
Jack Canavera
STL Mo.
AIR #56
'04 Classic 30' S.O.,'03 GMC Savana 2500,'14 Honda CTX 700
jcanavera is offline   Reply With Quote
Old 03-23-2006, 02:57 PM   #35
Moderator
 
Stefrobrts's Avatar

 
1968 17' Caravel
Battle Ground , Washington
Join Date: Dec 2002
Posts: 11,805
Images: 50
Blog Entries: 1
Quote:
Originally Posted by 2airishuman
hi stef.....

did you see my cryptic/secret message to you, in post 23?

cheers
2air'
No, I have a heard enough time figuring out what things say on the surface, I don't dig very deep!
__________________
Stephanie




Stefrobrts is offline   Reply With Quote
Old 03-23-2006, 11:53 PM   #36
VAC President
 
Buttercup's Avatar
 
1977 27' Overlander
1954 25' Cruiser
1990 34.5' Airstream 345
VC Highlands , Nevada
Join Date: Mar 2005
Posts: 2,144
Send a message via Skype™ to Buttercup
Quote:
just to be clear...this 'detection' happened while on the forum....but after i clicked on links in posts to other sites.....specifically the save wally dot org link...and the decals/pdf document there....so while norton reported it coming from the forums....it was while connected to another site through the forums...is that any clearer? what norton does in in that situation....is lock out the site/ip address for a defined time...in this case 30 minutes....
2air - what pdf file are you talking about. While we have many PDF files on our site, we do not have a "decals" pdf. I am attempting to reproduce this problem but as of yet have not been able to on any machine that I have, mac or pc running several versions of AV software. The virus scanning software I use went through some 6800 files during my testing and found nothing. I do not have Norton.

Also, did I understand correctly that you got the error message AFTER visiting Savewally.org but not while visiting the site? Or did it come up when opening one of the files on the site?

Did your AV software SPECIFICALLY flag any piece of content from Savewally.org? If not, I am confused how you determined that it was caused by Savewally.org.

As the webmaster of that site I take security, and any suggestion of lack thereof, very seriously. Your help in this is appreciated...
__________________
Buttercup's Web Site. WBCCI #17330, 11281 & 7830. VAC Past President & Webmaster, TAC NV-2 & NV-3.
2014 Mouse count: Buttercup - 0 / Airtini -
Buttercup is offline   Reply With Quote
Old 03-24-2006, 01:04 AM   #37
_
 
. , .
Join Date: Dec 2004
Posts: 8,812
hello b'cup

norton throws a little popup window onto the desktop, lower right corner... whenever there is action...updates in virus definitions, threats, detections (real or not) and so on....since i don't use the full screen for windows....i can see it working.

for me the first time was clicking on carol's link...in message 1? followed by the the pdf doc of the survey....norton didn't fire till the survey opened....not just viewing the home page....was well into the survey....like at the comments section near the end....

next night, same sequence only this time i clicked on the emblems/decals tab.....on the .org page.....again norton fired off....

both times i'd been on the forums sites....an hour or so without issues (and really without issues ever)....

when i closed the .org link and page, which open in a separate window.... and clicked back to the forums page which was still up in the background...the forums page would shut/lock....trying to reopen the page would get a "page not available error"....

norton makes a log of all activity...and recored the issue as i described in post 1...with a 30 minute time out....after which the forums home page would open normally....

when this happend the 2nd time....i watched the norton log....in real time...and while it recorded the forums ip address as the issue it was the minute i hit the .org link to the emblems/decals....or whatever term you are using....

so no norton didn't id the .org ip address, but rather the forums ip address....but my eyes saw the pop up detection box while i was viewing on .org as explained here....does that make sense?

now the other time, i was reading stef's post in this thread....and clicked her blog link....and norton fired again....but after she changed host sites for her blog, no more problems.... she may have changed hosts, literally the same nite you guy went live....so i think her hit was in between my 2 visits to .org....

i know very little about these issues....and only what i've posted as links to the color memory module threats...and i've been careful not to declare where the problem is....or if it's even real....

now 2 others using norton have had something similar......while azfly' had no issues...

any insight welcome

2air'
__________________
2airishuman is offline   Reply With Quote
Old 03-24-2006, 02:35 AM   #38
VAC President
 
Buttercup's Avatar
 
1977 27' Overlander
1954 25' Cruiser
1990 34.5' Airstream 345
VC Highlands , Nevada
Join Date: Mar 2005
Posts: 2,144
Send a message via Skype™ to Buttercup
Well, I can offer this.

I downloaded the entire site (89.8 MB, 4867 files) to my hard drive on the corporate computer where I work. That computer has firewall and antivirus protection out the yin-yang (as best as you can for a windows machine). Using McAfee on demand scan, I checked the entire contents of the site. Nothing found. I am not sure what McAfee can check but it does list overflows as one of the checks it performs - for whatever that's worth. I do know that there is no software (MAC or PC) that I could find to test files directly to identify the existence of this overflow issue. Only patches for Windows.

The color management overflow issue is not a new one for PC's and I suspect that, as some of the content is produced on a PC, with photoshop and that software is one that can perform color management on an image (not sure that this makes a difference), this may be part of the issue. But I am not an expert in viruses.

I have read enough about Norton to learn that while it lists no false positives, that may not be the case at all (as reports on a few security forums on the web indicated) - but I'll let the hard core techies determine the validity of that.

I believe that it is the system configuration & Norton issue, rather than our content, that is the root of the problem being as the issue is limited to only a few individuals (and being that I trust Norton's "no false positive" statement about as far as I could throw it.


If you are able to locate this in your log files (assuming that is enabled) I would love to take a look at the sequence recorded when Norton picked it up.
__________________
Buttercup's Web Site. WBCCI #17330, 11281 & 7830. VAC Past President & Webmaster, TAC NV-2 & NV-3.
2014 Mouse count: Buttercup - 0 / Airtini -
Buttercup is offline   Reply With Quote
Old 03-24-2006, 12:45 PM   #39
Rivet Master
 
jordandvm's Avatar

 
2005 28' International CCD
Western , Oregon
Join Date: Mar 2004
Posts: 796
Images: 58
Quote:
Originally Posted by 2airishuman
hi andyr and thanks for checking in on us......

while nothing has changed on the forums......
is it possible that when we click on these links......that seem to be the problem.....we are re-routed to those links....and off the forum server.....so upgrades/protection on the forum server won't help, or isn't the issue? does my question make sense?

hi, jordandvm and pienjim......

it appears we are having issues with the same sites, which aren't the actual forum threads...but the hyperlinks...in the posts.....so for now i'd just avoid them....
i haven't had an issue with the photo contest thread....but i haven't gone to the linked site/slideshow link.....did you?

if you go to the norton security suite.....on your desktop.....
and find the activity log......and open 'intrusion detection'....there will be a list and a red warning, next to the issues......and how norton has handled it......for me it's a 30 minute block of the ip address....

so doing this will allow you to see details about what triggered the alert, and so on......i've not needed to reboot...but wait out the 30 minutes....and this setting can be made shorter....i think.

when azflycaster gets on line later......perhaps he or one of the other 'it' gurus can chime in.....

since reporting this issue.....i've just avoided those links......with no more warnings by norton....

cheers
2air'
Update to 2air's suggestion to look into my norton intrusion detection log...... it shows that the information (details) on the intrusion is: IP Address- 69.56.211.54 , Location-Dallas, TX , Node Name 69-56-211-54-the planet.com, Internet Services, Inc. Is this a webhosting address that someone is using on this forum?
I don't know what all this means, but it's the same address each time I get blocked for 30 minutes.
I got blocked today without any warning showing, and I didn't click on any links or enter the March Photos thread or savewally website. Anyone else besides 2air, pienjim, and me having problems?
__________________
Jim & Cheryl

2005 28' CCD

2013 Ford F-150 Crew Cab 4x4, 6.5' bed, 3.5L EcoBoost, 3.73 rear axle, Max Tow Pkg
Equalizer hitch
Honda 3000 genset
WBCCI #3538
jordandvm is offline   Reply With Quote
Old 03-24-2006, 02:17 PM   #40
VAC President
 
Buttercup's Avatar
 
1977 27' Overlander
1954 25' Cruiser
1990 34.5' Airstream 345
VC Highlands , Nevada
Join Date: Mar 2005
Posts: 2,144
Send a message via Skype™ to Buttercup
That is the AS Forums. Save wally is dedicated IP at 72.41.5.162.
__________________
Buttercup's Web Site. WBCCI #17330, 11281 & 7830. VAC Past President & Webmaster, TAC NV-2 & NV-3.
2014 Mouse count: Buttercup - 0 / Airtini -
Buttercup is offline   Reply With Quote
Old 03-24-2006, 03:22 PM   #41
Site Team
 
azflycaster's Avatar
 
1975 25' Tradewind
Dewey , Arizona
Join Date: Mar 2005
Posts: 12,036
Images: 62
Blog Entries: 1
IP address 69.56.211.54 is www.airforums.com . I talked to some of my team members at work yesterday and none had seen this either. I could not spend much time on it, had to run to Tucson for most of the day. Norton must be seeing a patern in a graphic that has a pattern that looks like the ICC Tagdata issue and then blocks it out. If you have an accelerator (google) it is pre fetching different links from the page and one of them might have a graphic with this pattern. In your security setup can you add this site as a trusted site? I am not familar we the Norton products as I use the Symantec Enterprise Edition. I will keep looking. BTW, I had to replace one of my hard drives today, I went ahead and replaced both. Ghost is a great product from Symantec also...
__________________

Richard

WBCCI President 2016-2017
azflycaster is offline   Reply With Quote
Old 11-19-2009, 10:09 AM   #42
_
 
. , .
Join Date: Dec 2004
Posts: 8,812
centiyo.com malware warning????

so NOW 3 years later....
___________________

ok kids wazzz UP!

in just the last 10 minutes i'm getting a funky refresh page with a warning about potential MALWARE....

the big red message is "warning this site may hurt your computer"

the link is to [link removed]

a quick google shows this is happening on many forum/member sites...

and HERE the hits are linked specifically to steveH and lorthorian? member pages...

some1 'splain pleeeeze...

wut iz dis neeeeewwwwsince????

cheers
2air'
__________________
all of the true things that i am about to tell you are shameless lies. l.b.j.

we are here on earth to fart around. don't let anybody tell you any different. k.v.
2airishuman is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Vote on lost key return service 66TradeWind Community Polls 12 05-01-2009 10:28 AM
Store your photos @ AirstreamPhotos.com! Andy R Forum Admin, News and Member Account Info 63 09-06-2004 10:02 PM
cannot delete my message femuse Our Community 1 02-15-2003 08:27 PM
The forums private message system PeterH-Airstreamer Forum Admin, News and Member Account Info 0 04-10-2002 12:25 PM


Virginia Campgrounds

Reviews provided by



Our Communities

Our communities encompass many different hobbies and interests, but each one is built on friendly, intelligent membership.

» More about our Communities

Automotive Communities

Our Automotive communities encompass many different makes and models. From U.S. domestics to European Saloons.

» More about our Automotive Communities

Marine Communities

Our Marine websites focus on Cruising and Sailing Vessels, including forums and the largest cruising Wiki project on the web today.

» More about our Marine Communities


Copyright 2002-2015 Social Knowledge, LLC All Rights Reserved.

All times are GMT -6. The time now is 06:00 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2016, Jelsoft Enterprises Ltd.

Airstream is a registered trademark of Airstream Inc. All rights reserved. Airstream trademark used under license to Social Knowledge LLC.