Status Update - Exploit Message In Bitdefender

[Syaoran]

Chrome 80.0.3987.106

Windows 10 1909 18363.592

 

When doing a status update with the word, echo, with parenthesis around the word, and in italics, Bitdefender blocks it and the status update doesn't go through

 

 

EDIT: It should look like this

[FakeCIA]

Do you mean status update on here?

[Syaoran]

3 minutes ago, FakeCIA said:

Do you mean status update on here?

Yes here in the forums. 

The area where you can in your own profile

[FakeCIA]

53 minutes ago, Syaoran said:

Yes here in the forums. 

The area where you can in your own profile

That is kinda weird. You are using Chrome, correct? I'll download it really quick and try to recreate it because I use Bitdefender and Malwarebytes. Both block certain scripts from running on websites, but I haven't seen them act that way for sites like this.

[FakeCIA]

I'm not able to recreate it on standard settings. Can you give me the basics of what settings you have on for Bitdefender and Chrome? Don't give me any personal info.

[FakeCIA]

When I check Flagfox via Tor, the Linus Tech Tips forum is registered via Go Daddy in Scottsdale, Arizona, USA powered by Cloudflare in Dallas, Texas. There is no record of fraudulent activity since the domain was registered on 2008-04-28. The IP address shown does match the one in the screenshot, but I'm not seeing anything suspicious on my end. In Bitdefender, there is a logging tool where you can mark suspicious IP's and they'll be blocked automatically. Go there and mark that IP in the setting to passive scan or to not scan. It may be an issue with where the IP is registered vs. where the business is located as LMG is based in Canada. Sometimes Malwarebytes does that when I access Bank of America via VPN. The only weird thing I see is the DomainsByProxy LLC affiliation, but I've seen those guys before. They're next to the Go Daddy HQ and Harley Davidson dealership on Hayden Road. They have concerts there and really good food. I think the guy who owns Go Daddy actually owns Harley too, but I could be mistaken on that.

[FakeCIA]

5 hours ago, Syaoran said:

Chrome 80.0.3987.106

Windows 10 1909 18363.592

 

When doing a status update with echo and with parenthesis around the word, Bitdefender blocks it and the status update doesn't go through

 

 

Updates for you. Read above comments.

[LogicalDrm]

16 minutes ago, FakeCIA said:

Spoiler

When I check Flagfox via Tor, the Linus Tech Tips forum is registered via Go Daddy in Scottsdale, Arizona, USA powered by Cloudflare in Dallas, Texas. There is no record of fraudulent activity since the domain was registered on 2008-04-28. The IP address shown does match the one in the screenshot, but I'm not seeing anything suspicious on my end. In Bitdefender, there is a logging tool where you can mark suspicious IP's and they'll be blocked automatically. Go there and mark that IP in the setting to passive scan or to not scan. It may be an issue with where the IP is registered vs. where the business is located as LMG is based in Canada. Sometimes Malwarebytes does that when I access Bank of America via VPN. The only weird thing I see is the DomainsByProxy LLC affiliation, but I've seen those guys before. They're next to the Go Daddy HQ and Harley Davidson dealership on Hayden Road. They have concerts there and really good food. I think the guy who owns Go Daddy actually owns Harley too, but I could be mistaken on that.

 

 

Forum service runs through Cloudflare... And wouldn't be first time Cloudflare is causing something funny.

 

But I think is is more by some browser addon. Forum doesn't send stuff (afaik) anywhere else, but some addon or something else monitoring browser or typing activity might. Like I don't get anything when using any parenthesis and word echo.

[FakeCIA]

6 minutes ago, LogicalDrm said:

 

Forum service runs through Cloudflare... And wouldn't be first time Cloudflare is causing something funny.

 

But I think is is more by some browser addon. Forum doesn't send stuff (afaik) anywhere else, but some addon or something else monitoring browser or typing activity might. Like I don't get anything when using any parenthesis and word echo.

Seems like most issues here come through Cloudflare.

[LogicalDrm]

Just now, FakeCIA said:

Seems like most issues here come through Cloudflare.

Not really. Cloudflare protection against attacks. Only times when it causes issues is when certain IP or IP range is blocked because suspection of DDoSing. And to other way around, BitDefender might have blacklisted IP used by CF for some reason.

[colonel_mortis]

That sounds like a BitDefender issue to me, and I would recommend raising the issue with them. Neither we, nor Cloudflare, not anyone else is doing anything weird to the text that you submit in a status update, it is just transmitted verbatim to the server to be stored.

[Syaoran]

15 hours ago, FakeCIA said:

I'm not able to recreate it on standard settings. Can you give me the basics of what settings you have on for Bitdefender and Chrome? Don't give me any personal info.

Chrome is basically default except everything in autofill is disabled

In Bitdefender, I only have Firewall, Vulnerability, and Advance Threat Defense enabled

[Syaoran]

@FakeCIA @LogicalDrm @colonel_mortis I don't know why I didn't try this before, but it has to be italicized

 

[FakeCIA]

2 minutes ago, Syaoran said:

@FakeCIA @LogicalDrm @colonel_mortis I don't know why I didn't try this before, but it has to be italicized

 

Replied to you in status update.

[LogicalDrm]

(echo)(echo)

Not causing anything. Are you running free version of BitDefender or paid one?

 

E: aaand remembered to test with Status Update too.

 

Though I'm using Firefox so this might be Chrome only too.

Edited February 17, 2020 by LogicalDrm

[FakeCIA]

(test) (test) (test) (test)

Nothing happened.

Edited February 17, 2020 by FakeCIA

[Syaoran]

Just now, LogicalDrm said:

Not causing anything. Are you running free version of BitDefender or paid one?

Free trial but it should be working like the paid version

 

Also, I had to remove the (echo) part in the quote in order to reply 

[LogicalDrm]

6 minutes ago, Syaoran said:

Free trial but it should be working like the paid version

 

Also, I had to remove the (echo) part in the quote in order to reply 

Ok, this is 100% your end. Have you tried with another browser?

[FakeCIA]

3 hours ago, LogicalDrm said:

Ok, this is 100% your end. Have you tried with another browser?

Is OP gonna update on this?

[Syaoran]

5 hours ago, LogicalDrm said:

Ok, this is 100% your end. Have you tried with another browser?

 

1 hour ago, FakeCIA said:

Is OP gonna update on this?

Same issue in Firefox and edge

[FakeCIA]

41 minutes ago, Syaoran said:

 

Same issue in Firefox and edge

Take this up with Bitdefender then. Seems like it is on your end. I'm not seeing anything wrong with the forum or with my program.

[mariushm]

My guess is that it's just BitDefender being too smart for its own good.

 

When you're typing certain combinations of characters, the message box where  you type connects to the website in background to retrieve stuff or be helpful... do stuff  like auto complete  or for example when you type @ character followed by a character, the forum suggests member names. BitDefender basically blocks the connection the forum page would make to get the list of members that start with the letter you typed after @ character.