Malicious redirect?

  • Unknown's avatar
    tvanderloo · Member ·

    My site, bankruptcyfocus.wordpress.com is giving some users trouble today. The site resolves to the IP address 192.0.78.12, but when users click on bankruptcyfocus.wordpress.com, sometimes they get to our site, but at other times they do not.

    Doing a traceroute to bankruptcyfocus.wordpress.com gives the following:

    C:>tracert bankruptcyfocus.wordpress.com

    Tracing route to lb.wordpress.com [192.0.78.12]
    over a maximum of 30 hops:

    1 <1 ms <1 ms <1 ms 156.125.4.162
    2 <1 ms <1 ms <1 ms 156.125.65.2
    3 <1 ms <1 ms <1 ms 172.18.50.29
    4 32 ms 43 ms 6 ms 172.18.50.2
    5 37 ms 37 ms 39 ms 172.16.0.26
    6 33 ms 33 ms 33 ms 172.16.0.25
    7 * * * Request timed out.
    8 * * * Request timed out.
    9 * * * Request timed out.
    10 * * * Request timed out.
    11 * * * Request timed out.
    12 * * * Request timed out.
    13 * * * Request timed out.
    14 * * * Request timed out.
    15 * * * Request timed out.
    16 60 ms 60 ms 63 ms 192.0.78.12

    Trace complete.

    Websense reports that 192.0.78.12 is a compromised website and is to serve up malicious content to visitors. They recommend that users not visit the URL in a web browser until the malicious content has been removed.

    Please answer the following questions:

    Is 192.0.78.12 the appropriate address to which our site should resolve?

    If yes, is this address compromised (or was it) with malicious software?

    If yes, has the malicious software been removed?

    Thank you.

    The blog I need help with is: (visible only to logged in users)

  • Unknown's avatar
    shawnajroberts · Member ·

    Can you give me a link to where you found the websense information? I can take a closer look.

  • Unknown's avatar
    tvanderloo · Member ·

    http://csi.websense.com/Report/Index/9f4f2a0c-3714-495b-a261-a457007da887

  • Unknown's avatar
    shawnajroberts · Member ·

    I believe that’s probably unassociated with the connection issues your users were seeing. There were widespread Verizon outages that caused sporadic connection issues for users, but only to particular sites.

    I’m not sure why websense is reporting that our IP address is a Bot Network, but I’m not seeing any information there about why they’ve classified it as such. This means that’s there’s really nothing I can do to fix this.

    Your connection should be restored as of last night since Verizon fixed their network. Are you still having connection issues?

  • Unknown's avatar
    tvanderloo · Member ·

    No, the connection issues have been resolved. I was concerned that perhaps you all were unaware of a malicious redirect issue. It appears that the Websense report was a false positive.

    Thank you for your assistance.

  • Unknown's avatar
    shawnajroberts · Member ·

    Happy to help! Let me know if there’s something else I can help with. :)

  • The topic ‘Malicious redirect?’ is closed to new replies.