Russian Popups?

[Snowden]

2 hours ago, Wow said:

Ok. Yes, the guest box with a couple of ads should be there.

The popups after clicking links was the big clue.  Had an old account called Viglink still running that alters link redirects for certain key words. I've removed the old script.. I guess someone had hacked the old code and injecting the malicious crap into them.

Just tested, it's not fixed.

[jacindc]

Yeah, just tested in an incognito tab on my tablet and got a redirect. (Incognito shouldn't access the cache,  right? Because I was thinking cache issues might keep the old code in play.)

[thess]

Just another "me too". It's far worse when not logged in, literally every single click.

[birdsofprey02]

 

The malicious code is hard to find as it is encrypted and appears under certain conditions only.

The malicious code looks like this (virus is framed red)

Usually it is injected in the main template (in the database) and in the template cached copy (in the file)

The malicious code can be detected by searching for “strstr($mds”, “preg_replace($i” or “#c#.substr” within database dump or skin cache files.

Forum administrators should remove the code from the database and then clean skin cache to completely remove the malware from the site.

 

Do not delete the code in cached skins only as it’ll appear again upon cache rebuild.

[Wow]

I never cleared the cache so that may be the issue.  Just did.  At worst all I ever got was a single pop-up on first click of any link while logged out and ad block disabled. Thereafter, never got anything.  Seems it acts differently for everyone.

[vespasian70]

Happened to me just now while logging back in. Otherwise it seems to be just fine ... but the again I'm using AdBlock.

[Wow]

Ok I finally was able to get in front of a computer and found the code.  Should be ok now.

[jacindc]

1 hour ago, Wow said:

Ok I finally was able to get in front of a computer and found the code.  Should be ok now.

Yes, I just logged in without getting any redirects.

Sorry that this happened during your vacation, but glad you found and fixed! Thank you!

 

 

[birdsofprey02]

3 hours ago, Wow said:

Ok I finally was able to get in front of a computer and found the code.  Should be ok now.

Nice, thank you...  was it anything similar to what I posted above?  

[Wow]

1 hour ago, birdsofprey02 said:

Nice, thank you...  was it anything similar to what I posted above?  

It wasn't php code, but a modified HTML language that the template bits use to eval php scripts.  Located just before the closing body tag.  Originated from Ukraine based on the IP who hacked into the CP and inserted the code. 

[Snowden]

3 hours ago, Wow said:

It wasn't php code, but a modified HTML language that the template bits use to eval php scripts.  Located just before the closing body tag.  Originated from Ukraine based on the IP who hacked into the CP and inserted the code. 

Nice! Do you know how they got into the CP? (known exploits, default username/password, etc.) and can we confirm there was nothing else comprised like account passwords?

[Casualbrain]

Thanks for the work to fix this issue all!

 

[Wow]

18 hours ago, Snowden said:

Nice! Do you know how they got into the CP? (known exploits, default username/password, etc.) and can we confirm there was nothing else comprised like account passwords?

The CP logs record every action of anyone who logs into yur CP and all that was done was throwing alteration to the global template coding.  All accounts with access to CP have new passwords in place and additonal security measures have been taken as well.

[mattie g]

Thanks @Wow for your work on this, but (and there’s always a “but”) a heads up that it just happened to me again - twice within a couple minutes.

[nzucker]

Why do we need pop-ups at all?

Pathetic cash grab.

[ApacheTrout]

I'm getting new tabs (State Farm ad) when I click on 'new post by ...." when using Firefox on a pc.

[25thamendmentfan]

I think we need to get Mueller in here to find out "what the hel! Is going on" as trump would say.

[25thamendmentfan]

8 hours ago, nzucker said:

Why do we need pop-ups at all?

Pathetic cash grab.

I have no problem with them monetizing the site if this is indeed happening. This business model is beginning to work for the ny times.

[25thamendmentfan]

I've often wondered if anyone's making money off this site? There's enough snow lovers from dc to Maine to sell winter subscriptions and make a decent amount of money. And then a separate annual tier for year round members who post year round like many of the New England bros.

[tstate21]

FYI I have been getting a ton of redirects and ads on the mobile version of the site in the past couple days. Wasnt having this issue before. 

[Baroclinic Zone]

9 hours ago, nzucker said:

Why do we need pop-ups at all?

Pathetic cash grab.

Well this site doesn't pay for itself.  Costs money to develop and host monthly.  So either you go with ads or you set up a monthly subscription to access.  The owners of this board chose the former.  This being said, all your concerns are duly noted and have been passed on so they can be rectified.

[MJO812]

42 minutes ago, tstate21 said:

FYI I have been getting a ton of redirects and ads on the mobile version of the site in the past couple days. Wasnt having this issue before. 

Same here

It's annoying 

[forkyfork]

2 hours ago, Baroclinic Zone said:

Well this site doesn't pay for itself.  Costs money to develop and host monthly.  So either you go with ads or you set up a monthly subscription to access.  The owners of this board chose the former.  This being said, all your concerns are duly noted and have been passed on so they can be rectified.

what was wrong with donation drives?

[the ghost of leroy]

16 minutes ago, forkyfork said:

what was wrong with donation drives?

they worked years ago before the staff squandered good will with the member base and became complacent

[mappy]

started getting pop ups last night. i can handle the large banner ads at the top and bottom of pages, but legit pop ups in the middle of my page is super annoying. 

[the ghost of leroy]

Just now, mappy said:

started getting pop ups last night. i can handle the large banner ads at the top and bottom of pages, but legit pop ups in the middle of my page is super annoying. 

that's that fire ass year 2002 web monetization strategy

[mappy]

1 minute ago, cmasty1978 said:

that's that fire ass year 2002 web monetization strategy

oh. im back at 4pm. 

[Baroclinic Zone]

28 minutes ago, forkyfork said:

what was wrong with donation drives?

Good question.  Not sure they've been as successful in the past few years.

[Rjay]

24 minutes ago, mappy said:

oh. im back at 4pm. 

Lol

[mappy]

4 minutes ago, Rjay said:

Lol

3:57 to be exact.