HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


Users using Google Translate get flagged as hackers

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#107554 (In Topic #20961)
TQ
Avatar

Honoured member

Hi All,

Not sure if it's something I've done wrong or if it's a bug but from time to time I get an email like this:

Code

Notification: Suspected hacking attempt by 2.138.61.xxx
Reason: A POST request by an authenticated member was made from an external website (http://translate.googleusercontent.com/translate_c?depth=1&hl=es&prev=search&rurl=translate.google.es&sl=en&u=http://hamfiles.co.uk/site/dload.php%3Fid%3D107%26keep_session%3D1902855469%26for_session%3D58b6d71afd83704c1c3804f7649be9f3&usg=ALkJrhhpP-hW3EsiFt0eXA0UkoHK4O9ZxQ); this has been blocked as it represents a security threat (it is likely a malicious site tricked a member to fill in a form which directs privileged actions towards this site).
IP address: 2.138.61.xxx
Member ID: xxxx
Username: xxxxxx
User Agent (typically, the web browser): Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36
Referrer: Traductor de Google
Operating System: Windows NT 6.2; WOW64
Date and time: 4:21 PM
URL: /index.php?page=login&type=
login&filtered=1

If I look at the users profile etc it looks like they are 100% ok. I actually do get a number of real hacking attempts every week so I have to take care I do not take punitive action against legitimate users.

Any feedback would be appreciated.

TQ
Back to the top
 
Posted
Rating:
#107559
Avatar

How bizarre. It looks like Google Translate is prompting the user's browser to do a form post over to one of your downloads.

Add "translate.googleusercontent.com" to the  "Form-posting partner sites" option if you want to accept this.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#107561
TQ
Avatar

Honoured member

Thank you Chris, I've added the site as directed.

I will come back to this post if it happens again but I suspect all will be well.

TNX

TQ
Back to the top
 
Posted
Item has a rating of 5 (Liked by KingBastLiked by KingBast)  
Rating:
#108216
TQ
Avatar

Honoured member

As a footnote to the above, I have now had to add icl.googleusercontent.com to the 'Form-posting partner sites' as it was flagged as a hack. Google details here

TQ
Back to the top
 
Posted
Rating:
#108226
Avatar

Community saint

Not sure how I managed to like this twice, but I did :)
Back to the top
 
Posted
Rating:
#108227
TQ
Avatar

Honoured member

KingBast said

Not sure how I managed to like this twice, but I did :)

Well, bless you for doing it  :thumbs:
Back to the top
 
1 guests and 0 members have just viewed this: None
Control functions:

Quick reply   Contract

Your name:
Your message: