Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


LET asking for username and password (when I'm already logged in)
New on LowEndTalk? Please Register and read our Community Rules.

LET asking for username and password (when I'm already logged in)

I just came onto LowEndTalk and I was greeted by a popup asking for a username and password. I'm assuming this is related to getflywheel.com but I just thought I'd make sure that it's not malware of some sort.

Here's a screenshot of the popup:

LET Screenshot

Comments

  • I think you got an malware.

    Buy Site Ads - Advertising Platform

  • jarjar Provider

    That is being requested by blacksheep.flywheelsites.com. Perhaps a bit more going on than meets the eye. Any plugins querying your flywheel site, or minimized browsers?

    "Note that Romania has laws agains all the illegal activities just like US, including copyright. Is not the Dracula's country or no man's land as you thought." - Random email from someone I don't know, about nothing I've done or said

  • earlearl Member

    I get it too from the front page, I think it has something to do with this post..

    http://lowendtalk.com/discussion/comment/1023453/#Comment_1023453
    http://theblacksheepagency.com/blog/images/uploads/ScaryGif.gif

    seems @riz tried to link to a password protected pic..

  • I get the same thing when I am not logged in, and I am viewing this on an iPad through Safari, so it has to be something wrong with LET. I logged in to post this as I don't want on of my most favorite destinations to be contaminated with malware or crap.

  • SSDBlazeSSDBlaze Member, Provider

    They better get a malware scanner on it ASAP. I'd be shocked if it isn't malware... it looks to fake

    Enterprise Dedicated Servers under $100 | NYC + Dallas Locations |

  • jarjar Provider

    earl said: I think it has something to do with this post..

    Consistently not receiving that, for what it's worth. No extra browser plugins (just 1Password).

    "Note that Romania has laws agains all the illegal activities just like US, including copyright. Is not the Dracula's country or no man's land as you thought." - Random email from someone I don't know, about nothing I've done or said

  • SSDBlazeSSDBlaze Member, Provider

    @Jar said:
    Consistently not receiving that, for what it's worth. No extra browser plugins (just 1Password).

    Im not getting it either, but 2 or 3 people reported they have it. Its just weird

    Enterprise Dedicated Servers under $100 | NYC + Dallas Locations |

  • I'm not having a problem with Chrome is this limited to Firefox?

    ClamHost - Affordable Anti-DDoS Hosting Solutions

  • earlearl Member
    edited April 2015

    @Jar said:
    Consistently not receiving that, for what it's worth. No extra browser plugins (just 1Password).

    Maybe something to do with the lastpass plugin in firefox? In chrome it just shows a broken link to the image.. no login popup..

    It's definetly connected to the image link that @riz posted.. maybe a mod can remove the link from @riz post?

  • SSDBlazeSSDBlaze Member, Provider

    @earl said:

    Sounds legit. Im on chrome and Im not getting it, Ill move to firefox and let you guys know what happens :)

    Enterprise Dedicated Servers under $100 | NYC + Dallas Locations |

  • SSDBlazeSSDBlaze Member, Provider

    Confirmed, it did it on my firefox but not chrome.

    Enterprise Dedicated Servers under $100 | NYC + Dallas Locations |

  • earlearl Member

    image

    The broken image links to site below.. kinda makes sense since the login is taking you to blacksheep.flywheelsites.com

    http://theblacksheepagency.com/blog/images/uploads/ScaryGif.gif

  • SSDBlazeSSDBlaze Member, Provider

    @earl said:

    image

    http://theblacksheepagency.com/blog/images/uploads/ScaryGif.gif

    would that considered malicious?

    Enterprise Dedicated Servers under $100 | NYC + Dallas Locations |

  • earlearl Member
    edited April 2015

    @SSDBlaze said:
    would that considered malicious?

    I don't think so, probably blacksheep disabled hotlinking to the image.. so you need to login or view it directly from the site.. either way the image is not downloaded to your computer so I don't see where the harm can come from.

    I could be wrong thought.. maybe run a malware scan.

  • SSDBlazeSSDBlaze Member, Provider

    @earl said:
    I could be wrong thought..

    Your reasoning is spot on. It makes sense.

    Thanked by 1earl

    Enterprise Dedicated Servers under $100 | NYC + Dallas Locations |

  • Sometimes I receive notification email from LET about someone mentioned me, I click on link in email and it ask for log in. While I'm logged in already.

    I'm using Google Chrome 41.

  • earlearl Member

    @TheKiller said:
    Sometimes I receive notification email from LET about someone mentioned me, I click on link in email and it ask for log in. While I'm logged in already.

    I'm using Google Chrome 41.

    Probably has something to do with an expired security token.. I notice even thought I'm logged in to LET on one tab when I visit LET from say a link on Google for an older thread I'm generally not logged in.

  • RizRiz Member

    @earl I googled the image and haven't been asked to login or what not at all. Don't quite know what's going on for you.

  • earlearl Member

    @Riz said:
    earl I googled the image and haven't been asked to login or what not at all. Don't quite know what's going on for you.

    Hmm.. I'm not sure why its happening to us and not you.. if you are still able to, maybe remove the link and we can see if it's still happening.

  • mikhomikho Member, Provider

    @TheKiller said:
    Sometimes I receive notification email from LET about someone mentioned me, I click on link in email and it ask for log in. While I'm logged in already.

    I'm using Google Chrome 41.

    This depends on on what url you have logged on to.
    If you login at http://www.lowendtalk.com , all links at http://lowendtalk.com will require you to login again.

    Thanked by 2earl TheKiller
    I can now be found at https://talk.lowendspirit.com
    or on twitter
    Come say HI! :)
  • Just don't login in with your username and password in such HTTP 401 ERROR.

    Maybe someone can use it to hack your account.

    Link: (CN)
    http://wooyun.org/bugs/wooyun-2010-015248

    Not for earl, juse a notice.

    Thanked by 1earl
  • earlearl Member

    @mikho said:
    If you login at http://www.lowendtalk.com , all links at http://lowendtalk.com will require you to login again.

    That makes sense, I'll be sure to notice that the next time it happens..

    And thanks for removing the image.. No more pop up login when I visit the page..

    Thanked by 1mikho
  • earlearl Member

    @imlonghao said:
    Just don't login in with your username and password in such HTTP 401 ERROR.

    Maybe someone can use it to hack your account.

    Link: (CN)
    http://wooyun.org/bugs/wooyun-2010-015248

    Not for earl, juse a notice.

    Yeah its probably not a good idea to try to do that.. If you did probably best to change your LET password as they may have logged your failed login details..

  • Looks like it was the image that @riz tried to include with his comment. It's good that the mods are on the top of their game, cause if this was malware and they didn't take care of it, they'd have alot of unhappy users by now.

  • RizRiz Member

    Weird. Sorry guys and specifically @ub3rstar. Thank you @mikho for changing it -- it's just Mr. Bean with no popcorn left to eat..

  • earlearl Member

    @Riz said:
    Weird. Sorry guys and specifically ub3rstar. Thank you mikho for changing it -- it's just Mr. Bean with no popcorn left to eat..

    I'm sure it wasn't intentional.. no big deal :)

  • mikhomikho Member, Provider

    @Riz said:
    Weird. Sorry guys and specifically ub3rstar. Thank you mikho for changing it -- it's just Mr. Bean with no popcorn left to eat..

    @earl said:
    I'm sure it wasn't intentional.. no big deal :)

    Could be the site owner who set the image password protected because of the increased amount of hits when people browse this forum.

    Thanked by 1earl
    I can now be found at https://talk.lowendspirit.com
    or on twitter
    Come say HI! :)
  • usually happens when im searching

  • perennateperennate Member, Provider
    edited April 2015

    I've seen a few attacks where people do this maliciously: embed an image that requires HTTP authentication, send private message to an admin, and then record password (another common one is to use image to grab IP address). Although blocking this in browser would be the easiest, it's also not hard for site operator who has lots of bandwidth to resolve it by providing proxy for image download, e.g. https://github.com/willnorris/imageproxy (I use that one since it supports caching too, though it's a bit of overkill with all the other features it supports).

    Of course that doesn't necessarily fix the problem if other embedded content is allowed like iframe.

Sign In or Register to comment.