While I'm investigating all the ways this code could be getting on to pages, I've spoken to our ad tech partners and we have now reverted everything back to barest of bones. If this issue pops up again, please get a screenshot, copy the url and email the (long, Base64 encoded) string and screenshot to badads@diyaudio.com. I'm hopeful, however, that this issue will now be resolved by the action taken.
Malware? diyaudio homepage loads many different websites
Since some time the diyaudio homepage loads very slow. Using firebug it showed that many different websites are loaded.
Any idea what has been changed the last weeks?
Attached a picture showing some of the loaded websites.
Can anybody confirm my findings?
BR, Toni
Since some time the diyaudio homepage loads very slow. Using firebug it showed that many different websites are loaded.
Any idea what has been changed the last weeks?
Attached a picture showing some of the loaded websites.
Can anybody confirm my findings?
BR, Toni
Attachments
Of course we could use ad blocker but better to use a ads provider which doesn't load 100s of pages.
E.g.: this is a reload of this page: 117 requests! My account has disabled ads! If you google for some domains "malware" is often included in the text results. I'm sure Jason doesn't want to provide us malware so my question is if this is normal or a hacked java script or something else...
E.g.: this is a reload of this page: 117 requests! My account has disabled ads! If you google for some domains "malware" is often included in the text results. I'm sure Jason doesn't want to provide us malware so my question is if this is normal or a hacked java script or something else...
Code:
__http://www.diyaudio.com/forums/forum-problems/315210-malware-diyaudio-homepage-loads-websites.html (HTTP/1.1 200 OK 388ms)
__http://files.diyaudio.com/forums/clientscript/vbulletin_important.css (HTTP/1.1 200 OK 0ms)
__http://files.diyaudio.com/min/css/css2.css (HTTP/1.1 200 OK 0ms)
__http://files.diyaudio.com/min/js/vb7.js (HTTP/1.1 200 OK 0ms)
__http://files.diyaudio.com/forums/clientscript/tcattd_imageresizer.js (HTTP/1.1 200 OK 0ms)
__http://cdn-s2s.buysellads.net/pub/diyaudio.js (HTTP/1.1 304 Not Modified 81ms)
__http://files.diyaudio.com/min/js/hs2.js (HTTP/1.1 200 OK 0ms)
__http://files.diyaudio.com/forums/clientscript/vbulletin_post_loader.js (HTTP/1.1 200 OK 0ms)
__http://files.diyaudio.com/forums/vault/resources/css/cache/<removed>.css (HTTP/1.1 200 OK 0ms)
__http://www.google.com/coop/cse/brand (HTTP/1.1 302 Found 56ms)
__http://files.diyaudio.com/forums/clientscript/vbulletin_multi_quote_mod2.js (HTTP/1.1 200 OK 0ms)
__http://files.diyaudio.com/forums/clientscript/vbulletin_textedit.js (HTTP/1.1 200 OK 0ms)
__http://files.diyaudio.com/forums/clientscript/vbulletin_quick_edit.js (HTTP/1.1 200 OK 0ms)
__http://files.diyaudio.com/forums/clientscript/vbulletin_quick_reply.js (HTTP/1.1 200 OK 0ms)
__http://files.diyaudio.com/forums/clientscript/vbulletin_css/style-9bd9c2f1-00012.css (HTTP/1.1 200 OK 0ms)
__http://files.diyaudio.com/forums/clientscript/vbulletin_ajax_threadrate.js (HTTP/1.1 200 OK 0ms)
__http://s.skimresources.com/js/<removed>.skimlinks.js (HTTP/1.1 200 OK 0ms)
__http://files.diyaudio.com/forums/vault/resources/js/y/yui/yui-min.js (HTTP/1.1 200 OK 0ms)
__http://files.diyaudio.com/forums/vault/resources/js/base.js (HTTP/1.1 200 OK 0ms)
__http://files.diyaudio.com/forums/vault/resources/js/vb3/base.js (HTTP/1.1 200 OK 0ms)
__http://files.diyaudio.com/forums/vault/resources/js/editor.js (HTTP/1.1 200 OK 0ms)
__http://files.diyaudio.com/forums/vault/resources/js/vb3/editor.js (HTTP/1.1 200 OK 0ms)
__http://files.diyaudio.com/forums/vault/resources/js/bbcode.js (HTTP/1.1 200 OK 0ms)
__http://files.diyaudio.com/forums/vault/resources/js/vb3/bbcode.js (HTTP/1.1 200 OK 0ms)
__http://files.diyaudio.com/forums/clientscript/vbulletin_editor.css (HTTP/1.1 200 OK 0ms)
__https://cse.google.com/coop/cse/brand (HTTP/2.0 200 OK 0ms)
__http://ads.servebom.com/purchs2s.js (HTTP/1.1 200 OK 127ms)
__http://www.googletagservices.com/tag/js/gpt.js (HTTP/1.1 304 Not Modified 66ms)
__https://www.google-analytics.com/analytics.js (HTTP/2.0 200 OK 0ms)
__http://p.skimresources.com/px.gif (HTTP/1.1 200 OK 29ms)
__http://p.skimresources.com/px.gif (HTTP/1.1 200 OK 38ms)
__http://r.skimresources.com/api/ (HTTP/1.1 302 Moved Temporarily 54ms)
__http://files.diyaudio.com/forums/yui_loader.php (HTTP/1.1 301 Moved Permanently 0ms)
__http://assets.rubiconproject.com/utils/xapi/multi-sync.js (HTTP/1.1 304 Not Modified 32ms)
__https://adservice.google.com/adsid/integrator.js (HTTP/2.0 200 OK 82ms)
__https://securepubads.g.doubleclick.net/gpt/pubads_impl_168.js (HTTP/2.0 200 OK 0ms)
__http://tmn-d.openx.net/w/1.0/afr (HTTP/1.1 302 Moved Temporarily 157ms)
__http://sync.aralego.com/idSync/ (HTTP/1.1 302 Found 1248ms)
__http://sync.c1exchange.com/sync/user (HTTP/1.1 302 Found 427ms)
__http://ads.pubmatic.com/AdServer/js/user_sync.html (HTTP/1.1 200 OK 107ms)
__http://eb2.3lift.com/getuid (HTTP/1.1 302 Found 69ms)
__http://sync.go.sonobi.com/uc.js (HTTP/1.1 200 OK 174ms)
__http://purch-sync.go.sonobi.com/us (HTTP/1.1 302 Found 122ms)
__http://ib.adnxs.com/getuid (HTTP/1.1 302 Found 65ms)
__http://bh.contextweb.com/bh/rtset (HTTP/1.1 302 Found 127ms)
__http://ssum.casalemedia.com/usermatch (HTTP/1.1 302 Moved Temporarily 142ms)
__http://ap.lijit.com/pixel (HTTP/1.1 307 Temporary Redirect 242ms)
__http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html (HTTP/1.1 200 OK 0ms)
__http://ads.servebom.com/purchs2stag.js (HTTP/1.1 200 OK 68ms)
__http://www.diyaudio.com/forums/yui_loader.php (HTTP/1.1 200 OK 0ms)
__http://r.skimresources.com/api/ (HTTP/1.1 200 OK 36ms)
__https://www.google-analytics.com/collect (HTTP/2.0 200 OK 26ms)
__http://ads.pubmatic.com/AdServer/js/showad.js#PIX&kdntuid=1&SPug=true&p=<removed>&predirect=__http%3A%2F%2Fads.servebom.com%2Fpartner<removed> (HTTP/1.1 200 OK 0ms)
__http://ib.adnxs.com/bounce (HTTP/1.1 302 Found 28ms)
__http://eb2.3lift.com/getuid (HTTP/1.1 200 OK 31ms)
__http://ib.adnxs.com/getuid (HTTP/1.1 302 Found 32ms)
__http://dpm.demdex.net/ibs:dpid=<removed>&dpuuid=<removed> (HTTP/1.1 302 Found 158ms)
__http://x.bidswitch.net/sync (HTTP/1.1 302 Moved Temporarily 72ms)
__http://sync.rhythmxchange.com/usersync2/sonobi (HTTP/1.1 302 Found 265ms)
__http://ad.afy11.net/ad (HTTP/1.1 200 OK 334ms)
__http://eb2.3lift.com/getuid (HTTP/1.1 302 Found 33ms)
__http://bh.contextweb.com/bh/rtset (HTTP/1.1 302 Found 42ms)
__http://mid.rkdms.com/bct (HTTP/1.1 200 OK 308ms)
__http://ap.lijit.com/pixel (HTTP/1.1 307 Temporary Redirect 115ms)
__http://ib.adnxs.com/getuid (HTTP/1.1 302 Found 39ms)
__http://sync.go.sonobi.com/uc.js (HTTP/1.1 200 OK 64ms)
__http://purch-sync.go.sonobi.com/us (HTTP/1.1 302 Found 68ms)
__http://sync.c1exchange.com/sync/user (HTTP/1.1 302 Found 169ms)
__http://us-u.openx.net/w/1.0/cm (HTTP/1.1 302 Moved Temporarily 42ms)
__http://match.adsrvr.org/track/cmf/generic (HTTP/1.1 302 Found 69ms)
__http://trc.taboola.com/sg/sonobi-ssp-network/1/rtb-h (HTTP/1.1 302 Found 71ms)
__http://sync.mathtag.com/sync/img (HTTP/1.1 302 Moved Temporarily 94ms)
__http://ap.lijit.com/pixel (HTTP/1.1 307 Temporary Redirect 248ms)
__http://tmn-d.openx.net/w/1.0/afr (HTTP/1.1 200 OK 66ms)
__http://ads.servebom.com/partner (HTTP/1.1 200 OK 53ms)
__http://ads.servebom.com/partner (HTTP/1.1 200 OK 55ms)
__http://ssum.casalemedia.com/usermatch (HTTP/1.1 200 OK 38ms)
__http://ads.servebom.com/partner (HTTP/1.1 200 OK 122ms)
__http://ads.servebom.com/partner (HTTP/1.1 200 OK 53ms)
__http://ads.servebom.com/partner (HTTP/1.1 200 OK 58ms)
__http://delivery-europe-west-1.openx.net/w/1.0/ri (HTTP/1.1 200 OK 113ms)
__http://ads.servebom.com/partner (HTTP/1.1 200 OK 51ms)
__http://ib.adnxs.com/bounce (HTTP/1.1 302 Found 30ms)
__http://eb2.3lift.com/getuid (HTTP/1.1 200 OK 31ms)
__http://sync.go.sonobi.com/us.gif (HTTP/1.1 200 OK 54ms)
__http://x.bidswitch.net/ul_cb/sync (HTTP/1.1 302 Moved Temporarily 34ms)
__http://ib.adnxs.com/bounce (HTTP/1.1 302 Found 77ms)
__http://ads.servebom.com/partner (HTTP/1.1 200 OK 60ms)
__http://dpm.demdex.net/demconf.jpg (HTTP/1.1 200 OK 61ms)
__http://ads.servebom.com/partner (HTTP/1.1 200 OK 83ms)
__http://ads.servebom.com/partner (HTTP/1.1 200 OK 96ms)
__http://match.taboola.com/sg/sonobi-ssp-network/1/rtb-h (HTTP/1.1 302 Found 110ms)
__http://ads.servebom.com/partner (HTTP/1.1 200 OK 91ms)
__http://sync.go.sonobi.com/us.gif (HTTP/1.1 200 OK 99ms)
__http://eu-u.openx.net/w/1.0/pd (HTTP/1.1 302 Moved Temporarily 91ms)
__http://pixel-us-east.rubiconproject.com/exchange/sync.php (HTTP/1.1 307 Temporary Redirect 284ms)
__http://us-u.openx.net/w/1.0/cm (HTTP/1.1 200 OK 41ms)
__http://match.adsrvr.org/track/cmb/generic (HTTP/1.1 200 OK 53ms)
__http://sync.mathtag.com/sync/img (HTTP/1.1 200 OK 40ms)
__http://match.adsrvr.org/track/cmf/generic (HTTP/1.1 302 Found 144ms)
__http://ads.servebom.com/partner (HTTP/1.1 200 OK 56ms)
__http://sync.go.sonobi.com/us.gif (HTTP/1.1 200 OK 54ms)
__http://bsw.digitru.st/syncx (HTTP/1.1 302 Moved Temporarily 72ms)
__http://ads.servebom.com/partner (HTTP/1.1 200 OK 53ms)
__http://match.basebanner.com/match (HTTP/1.1 302 Found 68ms)
__http://eu-u.openx.net/w/1.0/pd (HTTP/1.1 200 OK 34ms)
__http://pixel-us-east.rubiconproject.com/sync.php (HTTP/1.1 200 OK 131ms)
__http://match.adsrvr.org/track/cmb/generic (HTTP/1.1 200 OK 53ms)
__http://gce-be.bidswitch.net/sync (HTTP/1.1 302 Moved Temporarily 119ms)
__http://sync.go.sonobi.com/us.gif (HTTP/1.1 200 OK 52ms)
__http://gce-be.bidswitch.net/ul_cb/sync (HTTP/1.1 200 OK 27ms)
__https://js-agent.newrelic.com/nr-1059.min.js (HTTP/2.0 304 Not Modified 80ms)
__http://files.diyaudio.com/forums/clientscript/highslide/graphics/zoomout.cur (HTTP/1.1 200 OK 0ms)
__http://www.diyaudio.com/forums/attachments/forum-problems/647397d1511431195-malware-diyaudio-homepage-loads-websites-diyaudio_malware-png (HTTP/1.1 200 OK 0ms)
__https://securepubads.g.doubleclick.net/static/3p_cookie.html (HTTP/2.0 304 Not Modified 23ms)
__http://tpc.googlesyndication.com/safeframe/1-0-14/html/container.html (HTTP/1.1 200 OK 0ms)
__https://bam.nr-data.net/1/<removed> (HTTP/1.1 200 OK 1095ms)
I just logged in to the forum on my iPhone in both Safari and Chrome. I get no warnings or glitches of any type.I do see banner ads on those browsers. Looks like I can't be of any help.
It is “fixed” now. Mine was continually redirecting the last few days. Today it is working normal in an iPhone.
The so called Four Virus seems to be common, there is info on it many places. It's a scam browser hijacker common on Android and iOS. Here is some good info,
Fix: Your system is heavily damaged by four virus - Appuals.com
Fix: Your system is heavily damaged by four virus - Appuals.com
it appears to be a bad google ad...
VM7947:1 Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://www.diyaudio.com/forums/forum-problems/315210-malware-diyaudio-homepage-loads-websites.html#post5254618' from frame with URL 'http://tpc.googlesyndication.com/safeframe/1-0-13/html/container.html'. The frame attempting navigation of the top-level window is sandboxed with the 'allow-top-navigation-by-user-activation' flag, but has no user activation (aka gesture). See 'allow-top-navigation-by-user-activation' <iframe sandbox> keyword - Chrome Platform Status.
VM7947:1 Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://www.diyaudio.com/forums/forum-problems/315210-malware-diyaudio-homepage-loads-websites.html#post5254618' from frame with URL 'http://tpc.googlesyndication.com/safeframe/1-0-13/html/container.html'. The frame attempting navigation of the top-level window is sandboxed with the 'allow-top-navigation-by-user-activation' flag, but has no user activation (aka gesture). See 'allow-top-navigation-by-user-activation' <iframe sandbox> keyword - Chrome Platform Status.
Just to clarify: the many sites are independend of operating system. The same problem exists using androids firefox version or opensuse firefox version.. If the browser would be infected, why do I get the long list only with diyaudio?
BR, Toni
P.S. an ads blocker helps here but this is not a solition for everybody!
BR, Toni
P.S. an ads blocker helps here but this is not a solition for everybody!
- Status
- This old topic is closed. If you want to reopen this topic, contact a moderator using the "Report Post" button.