Intrusion attempts at your site.

Why does norton anti-virus keep on detecting and blocking medium risk intrusion attempts when I am playing at your site 2-3 times a day?

Originally posted by Teshuvah
Why does norton anti-virus keep on detecting and blocking medium risk intrusion attempts when I am playing at your site 2-3 times a day?

Because when you are playing at this site you are on the internet - hence they could be coming from anywhere. Where does Norton say they are from?
It also means that Norton is doing it's job and stopping the bad stuff.
I just looked at my firewall log and it says there has been 48000 odd blocked intrusions. And that's only from the last few months.

I know Im on the internet...

However very rarely do I get intrusion attempts from any of the other sites I visit. In fact I dont. I get the odd attempt every now and then if I go to a new to me site.

Since discovering red hot pawn I get no less than 3 a day here. In about 1hr. of time spread about the day.

I will have to check on the next one to see exactly *where* they are coming from. I dont know much about firewalls etc and just do what norton recommends everytime I get one, which is basically nothing.

Originally posted by Teshuvah
I dont know much about firewalls etc and just do what norton recommends everytime I get one, which is basically nothing.

Is there a box to check when you are notified [or somewhere in the settings/preferences] saying not to keep notifying you.
I'm using Zone Alarm Firewall and there is with that.

The reason is because one of your advertisers (for those not subscribers) is an intrusive bit of spam/spyware that should be stopped immediately.

Ok, just got another one when I clicked on the profile of a guy I am playing. There were no adds on the page, if that matters.

"A computer with the IP address 127.0.0.1 sent information that is characteristic of the HTTP_ActivePerl_Overflow attack."


From nortons site:

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a buffer overflow vulnerability in the ActivePerl Perl implementation.


I don't like all of these intrusion attempts I am getting here. Especially since reading up on them.

Neat site but I don't feel it is very secure.

If Norton is blocking the intrusions you have nothing to worry about have you?

Who are you?

Are you like the community response team all in one?


You do know that norton has failed to block things in the past right? RIGHT?


Run along now if youre done being helpful.

Originally posted by Teshuvah
Who are you?

Are you like the community response team all in one?


You do know that norton has failed to block things in the past right? RIGHT?


Run along now if youre done being helpful.

there appears to be an intruder that has found a way into RHP. Russ is looking into it now.

As for secure. I have yet to get any of these notices. ( I run mcafee at home and Nortons at work) and I have been on the site for a year.

I would recomending using the site feedback at the bottom of the screen to inform the site Admin just exactly what you have found and see what can be done to correct this problem.

Originally posted by Teshuvah
Who are you?

Are you like the community response team all in one?


You do know that norton has failed to block things in the past right? RIGHT?


Run along now if youre done being helpful.

Considering the fact that Dr. S. is trying to help you, you could be a little more thankful and polite. Even if a particular response didn't help you, just say so, and don't do it through some smart ass questions.

Adje

Originally posted by KJCavalier
there appears to be an intruder that has found a way into RHP. Russ is looking into it now.

Is this an OFFICIAL response? Or are you making this up. I don't see anything in announcements or in Russ' recent forum posts.

Originally posted by Teshuvah
"A computer with the IP address 127.0.0.1 sent information that is characteristic of the HTTP_ActivePerl_Overflow attack."

I don't know how Norton works, but are you aware that 127.0.0.1 is simply aloopback address? and from that quote, it would seem the data/attack ORIGINATED from YOUR machine. Not from RHP.

Originally posted by tmetzler
I don't know how Norton works, but are you aware that 127.0.0.1 is simply aloopback address? and from that quote, it would seem the data/attack ORIGINATED from YOUR machine. Not from RHP.

He thinks a notification from Norton means his computer security has been breached, when in fact ALL computers are having 'intrusions' blocked - that's what people get the software for in the first place.

Dont confuse yourself dr strangeone.

I know full well what norton does and is for. My only concern was the sheer amount of attempts I get when at this site, and only this site. A concern you've seemingly failed to grasp to this pt.

I've taken kjc's helpful advice and am in contact with the admin of this site now on the matter and so this conversation can end. Or you can continue in your delusions about what I believe on the matter.

Have a nice day!

Originally posted by Teshuvah
Ok, just got another one when I clicked on the profile of a guy I am playing. There were no adds on the page, if that matters.

"A computer with the IP address 127.0.0.1 sent information that is characteristic of the HTTP_ActivePerl_Overflow attack."


From nortons site:

Severity: High

This attack could pose a serious security threat. You should ...[text shortened]... here. Especially since reading up on them.

Neat site but I don't feel it is very secure.

1. 127.0.0.1 is the IP address of your own computer.

2. NIS does not recognize a threat called HTTP_ActivePerl_Overflow, nor is it listed on the symantec website.

3. Attacking the ActivePerl buffer would be almost pointless as very few people will have ActivePerl installed on their computer.