nycphotography

One of your advertisers has started serving malicious / phishing type ads. Every so often I'll get a full screen log in box, or "infection" warning, or some other kind of malicious crap that most reputable sites have long since exterminated.

I'd suggest having someone who knows how to track down such things take a look.

It happens once or twice a day for the last couple weeks. Took me a while to figure out it was your site... I wasted a few hours figuring out how to get an run malware bytes for my macbook before realizing, through googling about it, that it was probably a malicious ad insertion, and then it took me a while to isolate that it is indeed (definitely) coming from bikeforums and not from some other site.

Rollfast

Again, if you could try and tell them what it was for or some other information the staff and IB techs could probably tell you if it actually came from here etc and they can have those sources blocked.


It really does help. We all have to help each other.


Also, there is a misconception of many that these things are easily traced and correctable...some exploits and bad advertisements are somewhat random and since the ads may be different than what others see (because the ad server may personalize them based on the browsing patterns they know of for you) others might not be seeing the same things.


HOWEVER...with your help they can see if that ad was served to BF and ultimately you (No, we DON'T all get the same ads) and they can tell the ad vendor that the ad is inappropriate and have it removed from being served to the site.


The internet is stranger than the Oompah-Loompahs.

nycphotography

ah yes, thanks to micro targeting you can no longer police your own back yard. OK, I'll watch for more details and see if helps.

I know these things are hard (near impossible) to track down. I basically killed several of my web sites because it was impossible to maintain both revenue and integrity.

Rollfast

Sure it's easy. You get your ad buys ahead of time, as sponsors and stop letting Google etc ruin your day.


Run the ads as pictures with URLs but not clickable. Tell the users to paste them.


If you explain nicely it should be fine for all but the fussbudgets you don't want.

nycphotography

got one on the mac (none on the win 10 box so far)

Dear Verizon User,
Congratulations! You've been selected to participate in an anonymous survey about your experiences with Verizon.
In consideration for your time, at the end of this short survey you will be presented with several exclusive reward offers (worth at least $70).

url https://www.mellowsurvey.com/?sid=isp.opt.3a6x&ow=us.ao96ho9gbr467d49.nojs.c&isp=Mci%20Communications%20Services%20inc.%20Dba%20V erizon%20Business&browser=Firefox&os=OS%20X&region=New%20York&city=xxxx&ip=xxx.xx.xxx.xxx&countryname=United%20States&device=DESKTOP&brand=Desktop&model=Desktop&country=US&track=www.trunkssurvey.com&tid=0ba6f51c-279d-4a68-82c0-dc5e8b9e9e67&caid=3fc624b7-4074-4b7f-aa2a-a68cbc6a0c97&head=ret.ss.asp.ncxw9c&did=5269&voluumdata=BASE64xxxREDACTEDxxx&c1=5269&c2=13031&c3=454 14&c4=US&c5=xxxx&c6=Firefox

lots of shady here, especially the 2k of base64 payload

nycphotography

Another one: NFL Picks 2016: 5 Best Bets Against The Spread For Week 17

NFL Picks 2016: 5 Best Bets Against The Spread For Week 17


this one navigated away from a half typed reply to a message causing me to lose my work in progress!!!

Rollfast

Okay...let's go from this angle.


Check some of the sites/apps you use for 'safety' in search.


Some people have downloaded games or apps that look innocent enough but are known for malware/exploits...you may not notice unless you visited un the same timeframe or before coming here...it does happen.

nycphotography

FWIW the mac has almost nothing installed on it. I used to run windows in a VM but eventually killed that and the mac has like... nothing installed. malwarebytes says squeaky clean.

finally, they ONLY happen when on bikeforums in firefox, often taking over the active tab.

is anyone from BF/IB going to weigh in on this or am I just jerking myself off?

Rollfast

I think this site isn't all that conducive, not even the bike porn...


Real PCs can be found dirt cheap, I build mine from donations and stripped chassis.

Johnny Mullet

I'm running Linux Mint Mate 18.1 with Firefox and have never had any issues with this or any other site. I don't even have any anti-virus software on this rig.

ibtyen

As Rollfast has mentioned, tracking these things down is a difficult task. Could you email the screenshots you posted full size directly to me?

tyson.yen@internetbrands.com

nycphotography

absolutely. i'll send the one I have later tonight and start watching for new ones.

smarkinson

Started getting a spam/phishing ad that takes over the browser after about 10 seconds of the page loading and redirects away from BF to a different site. This has started happening in the last couple of days.

It doesn't happen on every BF page but it seems to happen consistently on this thread https://www.bikeforums.net/general-cy...rformance.html .

The ad pretends to be a facebook page with Membership Rewards as the title. "Congratulations, you could be selected to receive a reward!"

The address that I get redirected too is ucns.online/newipau/index.php?s1=lam_au&pubid=www.bikeforums.net_son&bid=aeb9b921ac651693f39e4d420981043f

It appears to be rather harmless (at least on android, I'd hate to try it on a PC).

This is happening on both my Android tablet (Google browser) and my Android phone (again a google browser) but not on my Apple Ipod. In both cases the redirected address is the same (including the hex characters at the end). The other difference is on my Android devices I am logged in as a user of BF while on the ipod I am not logged in.

I couldn't tell if it happens on my PC as this is the reason I have adblockers on my PC.

nycphotography

all of these contest and gift card sites are blind phishing for credentials which then be further exploited. definitely NOT harmless.

Deal4Fuji

I had this same problem get progressively worse this week. This Malware or Adware pop-up would appear when on Bike Forums and I'd have to exit out completely and get back on BF, then in about 5 minutes or less it would happen again. I looked National Consumer Center up on the web and found out that's how these things operate. The removal steps looked like more than I wanted to tackle, and since I'm a Norton subscriber I contacted their Cust Service dept and they took control of my PC via a live chat type session and it's gone. Here's a screenshot of what I was getting:

nycphotography

looks like bf definitely needs to police their advertisers.

on my part this has not (yet) happened when I have been on any other web site

Rollfast

See the eagle icon and yellow jersey with my name? WORKS!

nycphotography

so you're saying it's a shady shakedown?
I suspect not.

Rollfast

What I am saying is one or all of this:


Stop using the mobile browser.


Turn ON the popup blocking for your browser.


Do work with them. I'm not God or mama and I don't have popup ads.


Do tie the spam we now block with preemptive actions and these together in some fashion, it's probably related.


But DON'T blame it on the incompetence of the owners by saying "nobody else has this problem". You do not know the circumstances nor are you aware of what is being worked on right now. The version of vB we are currently using was designed for IB sites with forums in the realization that other versions of vB had problems that were hard to fix. This is actually BETTER than the 4.2.x running on Non-IB sites in a number of ways. Pobody's Nerfect tho.


You don't even use the same browser I do IF I understand. Why aren't you looking into that?


I can see from you signature what some of the problem is. You don't take any responsibility to help fix the problem. It is all of our problem, and all of us help to try and solve all of our problems. We have had other problems far longer and still worked to solve them.


IB will NOT be using something else, they own VBS and that is that.


I'm not giving you a lecture. I'm trying to help if I can, but I'm still not God or your mama. I suspect it's that hand held toy because with Windows 7 and IE 11 I'm not having these problems and especially because I have a premium membership status there are no ads in my page when I am logged in...remember, logged in.

ibtyen

Thanks for the info guys. I'm updating the tech ticket I have with this new info/images.

f4rrest

These popups are driving new visitors away. I guarantee you.

I experienced the same on my Android and am very experienced with web servers and internet security.

So, it is IB's problem if they want to maintain a healthy number of website visitors. Don't put the blame on the website visitors or their choice of technology.

Rollfast

Why not? You can't read BF on a cellphone, all the people said so earlier.


Is anybody having a trip on a Dell? I've got a few...

Rollfast

PS Don't bother tripping on a Dell, she's getting married now.

JeremyLC

I'm experiencing the Facebook phishing redirect on Chrome (55) on Android(7.1.1) on my Pixel XL. I'll try to grab a screenshot when it happens again. It's usually accompanied by a JavaScript pop-up dialog of some kind.

ibtyen

We have adjusted a few ad networks last night. Please let us know if you guys are still experiencing problems.