Home > Blogs > Post Content
|
|
I've sent the following email to Reginald Culpepper. More information may be found here: http://safebrowsing.clients.google.com/saf... Hi Reginald, Oct 23 19:16:27 connectplatform.com tried to establish a TCP session on port 47972. When I went to report this on hbcuconnect.com I got the following display: Reported Attack Page! This web page at www.hbcuconnect.com has been reported as an attack page and has been blocked based on your security preferences. Attack pages try to install programs that steal private information, use your computer to attack others, or damage your system. Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.
Posted By: Adam Fate
Saturday, October 23rd 2010 at 8:57PM
You can also
click
here to view all posts by this author...
|
|
|
Irma, I monitor all attempts made to break into my system. The attack came from ConnectPlatform, which is why I say BIA may also be compromised. The report I linked to references HBCU Connect, but it is just that, a report. I believe any site run by ConnectPlatform could be at risk as well, even if not listed on the Google report. I need to step away for a little while. I think you should send a message to all on your friends list. My friends list is rather short.
Saturday, October 23rd 2010 at 9:53PM
Adam Fate
|
 |
Considering the risk to one's computer, It is worth checking out !
Sunday, October 24th 2010 at 1:43AM
jamal Abraham
|
|
|
Still waiting for Reggie's reply. I obviously don't want to go to the HBCU site to report the problem, even though I'm pretty confident of my system security, since I run Linux. But here's what I'm worried about. I have two firewalls, one on my router, and one on my PC. It's the one on my PC that detected the intrusion. But the fact that it got behind my router firewall, and was trying to set up a connection on a non-standard port (47972) tells me that it first installs some program through the trusted web interface, and then communicates with that program over port 47972 (or whatever port it chooses). This is likely to be a program designed to run under Windows, though it is possible the attackers would have designed a version for Linux as well. The best advice I can give is to run your anti-virus and anti-spyware tools to see if anything has been put on your system already, because that happens first before the external program contacts it for whatever information it's trying to get. What I'm saying is that many members may already have the malicious software on their system, even if they don't visit HBCU again until the problem is fixed.
Sunday, October 24th 2010 at 8:55AM
Adam Fate
|
 |
Adam, I run my anti-virus software frequently and no malicious activity or references has been reported from ConnectPlatform or any of its affiliated sites...are you sure any site ran by Connect Platform could be at risk?
Sunday, October 24th 2010 at 3:15PM
Siebra Muhammad
|
|
|
Siebra,
I only know that what alerted me was an attempted TCP connection from connectplatform.com on a non-standard port #. I have tools on my Linux system to detect and track the origin of these suspicious activities. When I went to report it (the support contact is only on hbcuconnect.com, as you know) I then found the Google advisory I linked to in the initial post above.
Only administration can tell us if BIA might also be at risk. I suppose I could also try contacting Mr. Moss, and Dante doesn't seem to read his PMs. So if you know anyone in the support group you could go to directly (wouldn't recommend going through hbcuconnect until this is sorted out), please do point them here.
I would also run your anti-spyware as well as anti-virus. My PC was not infected, but I don't use Windows, and that's what nearly 100% of attacks target.
Sunday, October 24th 2010 at 3:51PM
Adam Fate
|
|
|
Jake, I'm quite sure the attempted connection came from connectplatform.com. My system is very secure, I'm not worried about that. I am concerned for other members who might not have a secure system. If you go to the Google advisory you'll see this, among other information:
"Over the past 90 days, hbcuconnect.com appeared to function as an intermediary for the infection of 26 site(s) including lasdominicanas.com/, blackinfluence.com/, blackfaculty.com/."
Sunday, October 24th 2010 at 3:57PM
Adam Fate
|
|
|
Here is another access attempt blocked by my firewall.
Time: Oct 25 13:20:35 Source: 216.75.224.98 Destination: 192.168.1.3 In IF: eth1 Out IF: Port: 80 Length: 72 ToS: 0x00 Protocol: ICMP Service: HTTP
In this case it uses port 80 to send a ICMP request. This in itself is valid, but what information is it after? I am not saying this has anything to do with connectplatform. It may or may not. But it is to show there are things going on that most users don't know about.
So with the following command I can trace back to where the request came from:
host 216.75.224.98
98.224.75.216.in-addr.arpa domain name pointer wiline-fe1.core1.sfo1.3crowd.com.
And if you want to know the entity responsible, look here:
http://3crowd.com/
What does it mean? Don't know exactly, but it's a attempt to get some kind of information from my PC.
Monday, October 25th 2010 at 2:05PM
Adam Fate
|
|
|
Update: Administration is aware of the problem and working on a fix.
Monday, October 25th 2010 at 2:23PM
Adam Fate
|
|
|
Most certainly will Irma.
Monday, October 25th 2010 at 2:40PM
Adam Fate
|
 |
well.... there is a virus that is called.... Security Tool Hoa....
It invades the windows system...
Inherits control of your PC... Sets up a folder in C:Windows/Sun
Monday, October 25th 2010 at 6:16PM
Cynthia Merrill Artis
|
|
|
I didn't detect any virus on my system, but I don't use Windows. I imagine administration has their hands full right now, but I hope they will give us a report when they're done. But this may be something that targets servers/web sites more than end users. We shall find out.
Monday, October 25th 2010 at 6:34PM
Adam Fate
|
 |
There is always some kind of spy material being placed on computers, it's horrible that you can't go on-line without predators invading in your personal computer files. I really think about leaving the silent world of cyper-space. Things like this really harms your trust in transit communation like social sites and even business correspondence. This is awful.
Monday, October 25th 2010 at 7:21PM
MIISRAEL Bride
|
|
|
oh Miisrael everything can get caught up in the virtural worl... make sure you keep your virus protect updated and you have fire walls... never fill out those pop windows with schemes of offering you a fre trip or free cell phone or cell shone.. don't click on links from senders you do not know... just play it safe....
Monday, October 25th 2010 at 7:49PM
Cynthia Merrill Artis
|
|
|
Thanks Cent....I try to do that, I don't allow pop-ups and I think I'm okay. Don't visit strange sites either. Good advice.
Monday, October 25th 2010 at 8:18PM
MIISRAEL Bride
|
 |
My Norton Anti-virus system detected the same thing.
Uh Oh!!!
Monday, October 25th 2010 at 9:55PM
Richard Kigel
|
|
|
What's killing you guys is that Goliath Microsoft. Wish I could help y'all with Ubuntu
Monday, October 25th 2010 at 10:09PM
Adam Fate
|
 |
@Adam, will you keep us updated on this matter. (smile)
Thursday, April 10th 2014 at 6:47PM
ROBINSON IRMA
|
|
|
WTH??????????!!!!!!!!!!!!!!!?????????...????????...
Thursday, April 10th 2014 at 6:47PM
ROBINSON IRMA
|
Blogs Home
|
|
|
