Board index Other Forum

forum.flightgear.org hacked? / AV-software warning

Questions about the forum itself, suggestions or issues with the forum software.

forum.flightgear.org hacked? / AV-software warning

Postby OE-LML » Fri Sep 23, 2022 10:29 am

Hallo!

In the recent days I am always getting warning notifications from Bitdefender Internet Security while browsing through the forum (no matter if logged in or not). I am not clicking on any links but these notifications say something like:

Suspicious connection blocked.
firefox.exe tried to establish a connection based on a non-trustworthy certificate. The connection has been blocked because non-trustworthy certificates are being issued by non-recognized certification centers.
Or: firefox.exe tried to establish a connection based on a non-corresponding certificate. The connection has been blocked because the certificate has been issued for a different web address.


Sites which Firefox tried to connect with are:

www(dot)science-and-fiction(dot)org
www(dot)bitwisetech(dot)com
fgfs(dot)goneabitbrusar(dot)com
www(dot)hoerbird(dot)net
flightgearhusky(dot)altervista(dot)org


I have to admit that I do not know much about bits and bytes, but is it possible that the forum is being hacked? Is there any threat?

Thanks in advance for your help.
OE-LML
 
Posts: 88
Joined: Wed Nov 14, 2018 11:18 pm
Location: irgendwo in der FIR LOVV

Re: forum.flightgear.org hacked? / AV-software warning

Postby Gijs » Fri Sep 23, 2022 10:41 am

Hi,

Sounds like those websites are all lacking (proper) SSL certificates and are referenced as (embedded) images in forum posts. Are you perhaps using some addon like HTTPS Everywhere? That would rewrite the image urls to https, even tough the particular website doesn't support it.
Not much to do with the forum, so don't worry, it's not caused by a hack on our side. Disabling the addon (for these domains) should fix the issue for you.

Gijs
Airports: EHAM, EHLE, KSFO
Aircraft: 747-400
User avatar
Gijs
Moderator
 
Posts: 9544
Joined: Tue Jul 03, 2007 3:55 pm
Location: Delft, the Netherlands
Callsign: PH-GYS
Version: Git
OS: Windows 10

Re: forum.flightgear.org hacked? / AV-software warning

Postby erik » Fri Sep 23, 2022 10:46 am

OE-LML wrote in Fri Sep 23, 2022 10:29 am:[i]www(dot)science-and-fiction(dot)org

This is Thorstens website so I think Gijs is right: It's probably references to images on non SSL-protected websites.

Erik
Current: Parachutist, Paraglider, Pterosaur, Pilatus PC-9M and variants, ERCO Ercoupe, Fokker Dr.1, Fokker 50, Fokker 100
Less active: Cessna T-37, T-38, Santa Claus. Previous: General Dynamics F-16. Worked on: Wright Flyer
erik
 
Posts: 2245
Joined: Thu Nov 01, 2007 2:41 pm

Re: forum.flightgear.org hacked? / AV-software warning

Postby Gijs » Fri Sep 23, 2022 11:00 am

Yes, the others are also from forum users.
Airports: EHAM, EHLE, KSFO
Aircraft: 747-400
User avatar
Gijs
Moderator
 
Posts: 9544
Joined: Tue Jul 03, 2007 3:55 pm
Location: Delft, the Netherlands
Callsign: PH-GYS
Version: Git
OS: Windows 10

Re: forum.flightgear.org hacked? / AV-software warning

Postby OE-LML » Sat Sep 24, 2022 9:12 pm

FF add-ons I am using are ublock and some anti-tracker thing which was auto installed with Bitdefender.
Although I don't understand anything in IT, it now sounds some kind of logical to me that the warning messages came because of images uploaded on these sites.
I was just a bit worried because it said my browser wants to connect to something i didn't click on and which has no relation to FG on the first view ...
OE-LML
 
Posts: 88
Joined: Wed Nov 14, 2018 11:18 pm
Location: irgendwo in der FIR LOVV

Re: forum.flightgear.org hacked? / AV-software warning

Postby wkitty42 » Sat Sep 24, 2022 11:06 pm

remember, all images are hosted on other servers elsewhere in the world... some are hosted on http while others are hosted on https... some of today's browsers and addons are a bit too "chicken little" (the sky is falling! the sky is falling!) about some things...
"You get more air close to the ground," said Angalo. "I read that in a book. You get lots of air low down, and not much when you go up."
"Why not?" said Gurder.
"Dunno. It's frightened of heights, I guess."
User avatar
wkitty42
 
Posts: 9148
Joined: Fri Feb 20, 2015 4:46 pm
Location: central NC, USA
Callsign: wk42
Version: git next
OS: Kubuntu 20.04

Re: forum.flightgear.org hacked? / AV-software warning

Postby merspieler » Sat Sep 24, 2022 11:16 pm

um... not really. it's 2022... everyone should always have https, you can literally get it for free with lets encrypt. time wise it costs you less than a minute to get that cert with certbot
Nia (you&, she/her)

Please use gender neutral terms when referring to a group of people!

Be the change you wish to see in the world, be an ally to all!

Join the official matrix space
merspieler
 
Posts: 2242
Joined: Thu Oct 26, 2017 11:43 am
Location: Wish to be in YBCS
Pronouns: you&, she/her
Callsign: you&, she/her
IRC name: merspieler
Version: next
OS: NixOS

Re: forum.flightgear.org hacked? / AV-software warning

Postby wkitty42 » Sat Sep 24, 2022 11:24 pm

umm, yes... really... some sites are (still) http only or offer both http and https... it doesn't matter what year it is... i mean :roll:
"You get more air close to the ground," said Angalo. "I read that in a book. You get lots of air low down, and not much when you go up."
"Why not?" said Gurder.
"Dunno. It's frightened of heights, I guess."
User avatar
wkitty42
 
Posts: 9148
Joined: Fri Feb 20, 2015 4:46 pm
Location: central NC, USA
Callsign: wk42
Version: git next
OS: Kubuntu 20.04

Re: forum.flightgear.org hacked? / AV-software warning

Postby Husky Dynamics » Sun Sep 25, 2022 5:20 am

OE-LML wrote in Fri Sep 23, 2022 10:29 am:flightgearhusky(dot)altervista(dot)org


Oh, that one's mine. I should probably update it to use https but haven't gotten around to it yet (just started college so I'm a little busy).

Edit: I can confirm it is 100% safe, though. I am the only one with access to the site's backend and uploaded/created all of the pages and downloadable files myself.
Last edited by Husky Dynamics on Thu Sep 29, 2022 4:28 am, edited 1 time in total.
Get my custom FG liveries here: https://flightgearhusky.altervista.org/

I'm off at college so I've stopped making liveries (for the time being, at least), but I'm continuing to ensure compatibility for the ones I've already published.
User avatar
Husky Dynamics
 
Posts: 143
Joined: Mon Oct 12, 2020 10:33 pm
Location: United States
Version: LTS
OS: Windows 10

Re: forum.flightgear.org hacked? / AV-software warning

Postby Thorsten » Sun Sep 25, 2022 6:46 am

um... not really. it's 2022... everyone should always have https


Yeah. And according to some bankers, everyone should pay card only and not use cash. According to some data security types, everyone should pay cash of course. According to Zuckerberg, everyone should use Facebook. According to smartphone sellers, everyone should have one. According to neurologists, pretty much no one should.

And so on.

It is pointless to make normative statements how you wish the world to be - they're just that, your personal wishes.
Thorsten
 
Posts: 12490
Joined: Mon Nov 02, 2009 9:33 am

Re: forum.flightgear.org hacked? / AV-software warning

Postby Octal450 » Sun Sep 25, 2022 3:28 pm

You only need https if the site is communicating important details like personal information, payment info, etc. Otherwise, it's not that important.

Kind Regards,
Josh
Skillset: JSBsim Flight Dynamics, Systems, Canvas, Autoflight/Control, Instrumentation, Animations
Aircraft: A320-family, MD-11, MD-80, Contribs in a few others

Octal450's GitHub|Launcher Catalog
|Airbus Dev Discord|Octal450 Hangar Dev Discord
User avatar
Octal450
 
Posts: 5583
Joined: Tue Oct 06, 2015 1:51 pm
Location: Huntsville, AL
Callsign: WTF411
Version: next
OS: Windows 11

Re: forum.flightgear.org hacked? / AV-software warning

Postby merspieler » Sun Sep 25, 2022 4:25 pm

that can only come from an american... all data is worth protecting from highly motivated criminal ornanizations... Such as 3-letter government agencies
Nia (you&, she/her)

Please use gender neutral terms when referring to a group of people!

Be the change you wish to see in the world, be an ally to all!

Join the official matrix space
merspieler
 
Posts: 2242
Joined: Thu Oct 26, 2017 11:43 am
Location: Wish to be in YBCS
Pronouns: you&, she/her
Callsign: you&, she/her
IRC name: merspieler
Version: next
OS: NixOS

Re: forum.flightgear.org hacked? / AV-software warning

Postby OE-LML » Sun Sep 25, 2022 5:36 pm

Ok, just got the BD warning exactly at this page about Husky Dynamics' website.
Seems to be the links (?too?).
Either my PC tries to open links independently or Bitdefender is some badly programmed snake oil. :shock: :roll: :?
I suppose the latter.
OE-LML
 
Posts: 88
Joined: Wed Nov 14, 2018 11:18 pm
Location: irgendwo in der FIR LOVV

Re: forum.flightgear.org hacked? / AV-software warning

Postby Gijs » Sun Sep 25, 2022 5:46 pm

OE-LML wrote in Sun Sep 25, 2022 5:36 pm:Seems to be the links (?too?).

No, that's most likely triggered bg Husky Dynamics' avatar (which is hosted at his website).
Airports: EHAM, EHLE, KSFO
Aircraft: 747-400
User avatar
Gijs
Moderator
 
Posts: 9544
Joined: Tue Jul 03, 2007 3:55 pm
Location: Delft, the Netherlands
Callsign: PH-GYS
Version: Git
OS: Windows 10

Re: forum.flightgear.org hacked? / AV-software warning

Postby merspieler » Sun Sep 25, 2022 5:54 pm

My ff quietly suppresses that, gives the this message when I look into it: SSL_ERROR_BAD_CERT_DOMAIN

In this case it's even a serious legit issue...
We try to access flightgearhusky.altervista.org but the ssl cert is only valid for the following three domains:
ftp.poisonedrock.altervista.org
poisonedrock.altervista.org
http://www.poisonedrock.altervista.org

It is correct and important that this not only throws and error but also doesn't load at all without your explicit confirmation, else someone could tamper with your DNS (very easy, ISPs often mess with your DNS), point your banks URL at their own server and then pretend to be your bank and get your bank details... this is one of the very things SSL was designed to prevent.

To resolve this, the web server has to present a valid SSL Cert for the flightgearhusky.altervista.org domain. So at least in this case your snake oil does what it's supposed to do. And... your PC does try to open an image for your, it's Huskys profile pic... so every site where they've posted something, you'll encounter this behaviour.
Nia (you&, she/her)

Please use gender neutral terms when referring to a group of people!

Be the change you wish to see in the world, be an ally to all!

Join the official matrix space
merspieler
 
Posts: 2242
Joined: Thu Oct 26, 2017 11:43 am
Location: Wish to be in YBCS
Pronouns: you&, she/her
Callsign: you&, she/her
IRC name: merspieler
Version: next
OS: NixOS

Next

Return to Forum

Who is online

Users browsing this forum: No registered users and 2 guests