Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

osTicket v1.10 (stable) and Maintenance Release v1.9.15 are now available! Go get it now

Malware on website/ forum

Head's up!

On two separate occasions today I used Google for an osTicket-related search, clicked on a link that was meant to bring me to this forum, only to have my browser redirected to and hijacked by a bogus website. The site tries to aggressively push a drive-by download multiple times which on both occasions caused by browser to crash.

It appears that I am the first to report this.

It occurs to me that it is
possible that it is actually my computer that is infected, and not, but this seems unlikely as I have visited at least a hundred other websites during the same period.




  • Anyone else seen this behavior?
  • edited June 14
    LOL I just clicked on this link in my Gmail accountimage
    and ended up with this lovely web page


    Surely I cannot be the only person who is running into this?!
  • Yes i redirected to a random website... I thought it was my PC... but it is the forum.
  • also had the second picture yesterday when I search for in my google toolbar....
  • But I make imedimently a full scan and vulnerability search whit my "anti-virus" (I don't have the translation.) and he did not found anythings.
  • Same here also
  • Not only will this scare off new users but soon Google will catch on to what is happening and the search engine will discourage or block it's users from visiting

    I encourage whomever maintains the site to take immediate action.
  • yes.  Norton blocked malware.
  • I'm not able to see what you guys are seeing. We will look into this.

  • I reported this to the Devs.
  • I'm using Chrome on Windows. 

    Perhaps the other people who are seeing the malware can also report their browser and OS.

    An obvious guess is that this is only affecting Windows computers.
  • same situation here and happened yesterday in a customer computer.
    red screen followed by hundreds of downloads of a .exe

  • Yea i've seen this behaviour aswell in the last couple of days, just got sent to: after going to:

    Windows 10 + Chrome here aswell

    Never seem to be able to replicate except for when i've not been active for a while and never gotten it on edge/opera/firefox so far.
  • So it's only affecting Windows Users??

  • Just got the exact same page as stevland trying to get back to this thread and it kept trying to download a file infinitly causing chrome to get stuck at 100% cpu load.

    The file is just 2 bytes and it seems only the first one actually downloaded, the rest fail.

  • Happend in Opera aswell now.
  • I'm still seeing the malware, but I should point out that it is intermittent (not sure if I mentioned that before).

    If the devs are having trouble tracking down the source of the malware, I have a suggestion.

    I once encountered a website that was doing the same sort of thing... attempting to drive-by download files onto the visitor's computer. 

    It turned out that it wasn't the website itself that was infected. The website had a section that displayed ads which it rented out to a third-party. And it wasn't this third-party that was infected either. The third-party re-sold the ad space to various advertisers. It was one of the advertisers that was pushing out malicious code through its ad.

    Long story short, my suggestion is to temporarily disable the "Hellobar" at the top of the site (the "We're hiring -- UI/UX Designers, Developers and DevOps" overlay). And any other scripts that are pulling in code from a third-party other than, say, Google or Gravatar.

    I hope this helps.

  • Happend in firefox aswell and malwarebytes had a fit about it too
    Category: Hijacking
    Port: [50006]
    Type: External
    File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
  • I've experienced this over the last 2 days, on both Chrome and Firefox (both Windows 10) and its ONLY happened when on the OSticket forum and usually its happened around 2-4pm.  I'm on the web all day in multiple browsers.  My firefox is a new install with few extensions so I'm confident its not a plugin or extension in Chrome and I've got both the random web page and "big red warning page and crashed browser" in both apps.

    The certificate mismatch on this site doesn't help boost confidence either....

    Until a fix has been posted here I've added to my hosts file pointing at 127.00.1 so it can't fetch more pain from the web.  
  • To be clear I don't know for a fact that it has anything to do with, it's just something to eliminate. But the hosts file is a good idea, I'm going to try that as well.
  • Yes I experienced this a couple days ago. 
  • remember to flush dns cache and restart your browser if using the hosts trick.  I got the same page again after adding it to hosts but had not done those actions.  I now have and I've not had the page again since.
  • edited June 15

    The issue should be resolved now. We will be monitoring the site but please let us know if you still run into these issues or see anything suspicious.

  • Thanks Kevin.
  • The malware is back! 

    It is exactly the same as before. :(
  • yup.  Norton stopped attack.
  • I've been on the forums for the last couple hours and have not seen it.
  • I haven't seen the malware since the 22nd or 23rd. But apparently the verdict is that the root cause is vulnerabilities with Vanilla Forums. @KevinTheJedi is working on migrating all existing forum content over to a new platform. No small feat.
  • Yeah he and I talked about the migration.  I understand he's almost ready to do the switch over.  Once I hear that he is ready we will announce a switch over date so that everyone knows ahead of time.
  • edited July 15
    I hate to say it but...


    When visiting the forum this morning my browser (Windows/Chrome) was redirected.

Sign In or Register to comment.