- Joined
- 03 Sep 03
- Moves
- 87628
01 Dec 06
Originally posted by TeshuvahI just did a little websearch for "HTTP_ActivePerl_Overflow attack"
"A computer with the IP address 127.0.0.1 sent information that is characteristic of the HTTP_ActivePerl_Overflow attack."
It seems this is a common problem with forum sites.
Evidently it is most likely a "false positive"
"This signature may not indicate malicious intent if ActivePerl versions other than those listed above are used or ActivePerl is not used at all. In this case, you can exclude this signature from monitoring."
You can search yourself for "HTTP_ActivePerl_Overflow attack" and seewhat I am talking about. I'd say just disable that warning and forget about it. Unless you actually HAVE ActivePerl installed on your computer.
01 Dec 06
1 edit
Originally posted by Ian68My IP address is not even close to 127.0.0.1.
1. 127.0.0.1 is the IP address of your own computer.
2. NIS does not recognize a threat called HTTP_ActivePerl_Overflow, nor is it listed on the symantec website.
3. Attacking the ActivePerl buffer would be almost pointless as very few people will have ActivePerl installed on their computer.
And yes, NIS does recognize that threat at their site.
Good day.
As I said I am in contact with the admins. Theres a pattern with these attempts that took me a few days to notice. Ive made it aware to the admins and have been assured they will look into it immediately.
I'll let this topic die now for my part.
01 Dec 06
"IP Loopback Address
127.0.0.1 is the loopback address in IP. Loopback is a test mechanism of network adapters. Messages sent to 127.0.0.1 do not get delivered to the network. Instead, the adapter intercepts all loopback messages and returns them to the sending application. IP applications often use this feature to test the behavior of their network interface."
Any 'attack' from 127.0.0.1 has come from within your computer not from the internet.
04 Dec 06
Originally posted by Teshuvahthe virus intrusions often come with advertisement popups on many sites. there are some on this site, I can't remember which ones they are. when you play as a non-suscriber you are susceptible to them as you get the advertisments. they don't necessarily come from "red hot pawn" but there are some sick people who invade advertisment popups with viruses. Anyhow, one way to avoid them is to install google tool bar on your browser, it has a popup blocker. also you can download pow! for browswers like firefox, etc http://www.analogx.com/ another great popup blocker. As well Windows has a popupblocker in your Windows tools. Hopefully this helps too 🙂
Why does norton anti-virus keep on detecting and blocking medium risk intrusion attempts when I am playing at your site 2-3 times a day?
RP
04 Dec 06
Originally posted by RosePetalBut pop up blockers and adblocking stuff is not allowed for non-subscribers.
the virus intrusions often come with advertisement popups on many sites. there are some on this site, I can't remember which ones they are. when you play as a non-suscriber you are susceptible to them as you get the advertisments. they don't necessarily come from "red hot pawn" but there are some sick people who invade advertisment popups with viruses. Any ...[text shortened]... As well Windows has a popupblocker in your Windows tools. Hopefully this helps too 🙂
RP
So I understand. 😞