Calandale
Mockingbird
Wyrd
Forum Malcontent
Offline
Posts: 983
I mock you
Badges: (View All)
|
|
« on: July 16, 2014, 07:32:28 pm » |
|
In the interests of disclosure, Roger had some issues accessing this site. I don't think there's anything wrong, but thought I'd copy our conversation over on CSWSocial. I went there, said I had to install some player as firefox version was out of date, then dumped a poopieload of other spammy programs on my PC....I will not be going there to see your vids.....I will stick to youtube
especially Omiga-plus.....what poopiety hijack program.
Odd. Never had any issue there. Haven't used FF for a long time though. There are no 'players' required for the site. It's a pretty simple SMF forum.
You had me worried so I ran Norton and TrendMicro scans. They showed no issues.
Did not mean to alarm, more to warn. I have recently changed to Firefox, and when I went to your new "home", it said my FF video player was needed to be updated. I am normally more cautious about these things, but being new to FF and it's love of add-ons and plug ins I just ok'ed it.....WRONG MOVE. I got rid of all the crap with Malwarebytes, but it had totally hijacked FF and installed a pile of new programs which needed to be uninstalled. My bad judgement really as I should know better....ha ha ha Not wargames, I meant military games, and I have just tried Google Chrome and it was fine. It must be something to do with Firefox, or something looks for Firefox users..... My worry is that there is something on the site. But the AV web test sites say it's all clean. No one else has had anything like that. Looking at the source page, I'm not seeing this. Can't duplicate the behavior in my very old firefox. It almost sounds like clickjacking - but if that's the case, I'm not sure why I wouldn't see signs of it in the source displayed, unless there is something local to your firefox installation. There are a number of ways to attack someone directly at otherwise secure sites. I'm not sure that someone would go through that effort though. It strikes me more likely that this is something that was already present on his side. If anyone else has gotten any weird redirects though, let me know - there will be residual evidence to any such attack. If possible, keep a copy of the source page that redirected you.
|
|
|
|
|
KevinR
Professional Rules Lawyer
Forum Curious
Offline
Posts: 30
Badges: (View All)
|
|
« Reply #1 on: July 16, 2014, 07:39:46 pm » |
|
I was getting a lot of odd things on my Android phone, until I turned off Javascript. It struck me as likely being bad ads.
On my Mac I block Flash and am not getting that, but there are quite a few Flash-based ads here.
|
|
|
|
|
Calandale
Mockingbird
Wyrd
Forum Malcontent
Offline
Posts: 983
I mock you
Badges: (View All)
|
|
« Reply #2 on: July 16, 2014, 07:42:13 pm » |
|
If they're supporting bad flash ads, it's an issue.
Flash is very exploitable. Someone could definitely launch a clickjacking attack that way.
|
|
|
|
usrlocal
Magnificent Bastard
Forum Malcontent
Offline
Posts: 448
Tony Clifton's love child
Badges: (View All)
|
|
« Reply #3 on: July 16, 2014, 07:44:35 pm » |
|
I run a Malwarebytes Anti-Malware scan on my Win7 rig nightly, and haven't picked anything up from this site when using Firefox. Norton is also good with it. And just for fun, I also tried Avast. It's clean.
|
|
|
|
jezarik
n00b
Offline
Posts: 4
Badges: (View All)
|
|
« Reply #4 on: July 16, 2014, 07:59:26 pm » |
|
I'm using Chrome. When I came over to this site yesterday (it was probably the third or fourth time I accessed the forum) I got a message saying I needed to download an update to Java and then it automatically downloaded a file labelled java_installer.exe. I'm pretty ignorant when it comes to stuff like this, but I knew better than to open files that download without my consent. A few seconds later I got a notification from AVG saying that the file contained Malware and it deleted the file. According to my Chrome history, here is the address associated with the file:
websitecom.us/entry/node/file/pkg/java/s/java_installer.exe?offer_id=13232&aff_id=20749&transaction_id=2d323a2b-ea54-497f-b89c-b448aa64ba95
|
|
|
|
KevinR
Professional Rules Lawyer
Forum Curious
Offline
Posts: 30
Badges: (View All)
|
|
« Reply #5 on: July 16, 2014, 08:06:02 pm » |
|
This site seems to be using several ad providers, including some I've never seen before. One (adnxs) I've seen associated with malware before, although I can't quickly find a comment on whether they are ever legitimate.
|
|
|
|
usrlocal
Magnificent Bastard
Forum Malcontent
Offline
Posts: 448
Tony Clifton's love child
Badges: (View All)
|
|
« Reply #6 on: July 16, 2014, 08:09:54 pm » |
|
I am running AdBlock, by the way. Maybe that's why I'm not picking anything up.
|
|
|
|
Calandale
Mockingbird
Wyrd
Forum Malcontent
Offline
Posts: 983
I mock you
Badges: (View All)
|
|
« Reply #7 on: July 16, 2014, 10:03:33 pm » |
|
This is troubling.
|
|
|
|
Sluggonics
Fancy Lad
Forum Malcontent
Offline
Posts: 107
Tell you what, Smithers- have him beaten to a pulp
Badges: (View All)
|
|
« Reply #8 on: July 16, 2014, 10:44:36 pm » |
|
I'm using Chrome. When I came over to this site yesterday (it was probably the third or fourth time I accessed the forum) I got a message saying I needed to download an update to Java and then it automatically downloaded a file labelled java_installer.exe. I'm pretty ignorant when it comes to stuff like this, but I knew better than to open files that download without my consent. A few seconds later I got a notification from AVG saying that the file contained Malware and it deleted the file. According to my Chrome history, here is the address associated with the file:
websitecom.us/entry/node/file/pkg/java/s/java_installer.exe?offer_id=13232&aff_id=20749&transaction_id=2d323a2b-ea54-497f-b89c-b448aa64ba95
I had this happen, too. It's only happened once so far - I just closed the browser through Task Manager and didn't click on anything. It didn't actually download any file.
|
Look out honey, 'cause I'm using technology!
|
|
|
usrlocal
Magnificent Bastard
Forum Malcontent
Offline
Posts: 448
Tony Clifton's love child
Badges: (View All)
|
|
« Reply #9 on: July 17, 2014, 09:55:43 am » |
|
I just had Avast do a realtime in-browser report of this site (using its Firefox plugin). Avast declare it as safe. Once again, this is Firefox under Windows 7, with Adblock enabled.
|
|
|
|
Sluggonics
Fancy Lad
Forum Malcontent
Offline
Posts: 107
Tell you what, Smithers- have him beaten to a pulp
Badges: (View All)
|
I just had Avast do a realtime in-browser report of this site (using its Firefox plugin). Avast declare it as safe. Once again, this is Firefox under Windows 7, with Adblock enabled.
It's got to be related to the ads the site is running, then.
|
Look out honey, 'cause I'm using technology!
|
|
|
Calandale
Mockingbird
Wyrd
Forum Malcontent
Offline
Posts: 983
I mock you
Badges: (View All)
|
That's my guess. They probably don't screen them well enough.
And they suggest turning off flash in POSTS because it's a possible security risk!
|
|
|
|
pnpfanatic
Now 100% PnP
Forum Malcontent
Offline
Posts: 191
Badges: (View All)
|
I run FF and have had no problems but I run Noscript as well which blocks click jacking and malware and warns you if something is trying to run under the browser.
I highly rec Noscript...it's free, available through add-ons and has saved my butt more times than I can count at other sites (primarily well known commercial sites and even a couple times at BGG).
|
|
|
|
pnpfanatic
Now 100% PnP
Forum Malcontent
Offline
Posts: 191
Badges: (View All)
|
Just played the video for The Fall in the 'embed' thread and after allowing the base site and YT (Noscript allows you to pick what you want to allow to run...nice way to keep Google out of your ass as well if you like) the video displayed and played properly. No warnings, no pop ups or directions to upgrade or install anything. Noscript throws a big box in the middle of the screen and stops anything from happening if it appears suspicious or is in its database. ALWAYS follow its directions no matter what the **** video is that you are trying to see
|
|
|
|
pnpfanatic
Now 100% PnP
Forum Malcontent
Offline
Posts: 191
Badges: (View All)
|
That's my guess. They probably don't screen them well enough.
And they suggest turning off flash in POSTS because it's a possible security risk!
That's why Apple doesn't allow FLASH on their gear. ALL FLASH has potential to harm. That is why the new HTML 5 browsers and up support the WEBM video format...it plays in the browser without a plug-in. I haven't read anything bad about it at this point but I know YT supports it.
|
|
|
|
|