advertising malware?
BlueCloud
27 Oct 2013
Today , on my Mac using Safari, I clicked on a thread here to read it, and instead of opening it, it launched 5 or 6 windows including some porn sites .
This ONLY happens on Longecity's forums, and over the 3 years i had an iPad and used it every day to surf the web with Safari, i have NEVER seen anything like that , wich really lead me to think that the forum might been have hacked in some way or another...
Edited by caliban, 19 November 2013 - 12:15 AM.
title
YOLF
27 Oct 2013
rwac
27 Oct 2013
Can you try a different browser, since both are safari?
How about a different ipad or mac?
Can you save a copy of the webpage and zip and upload it here when it does that?
Edited by rwac, 27 October 2013 - 07:09 PM.
BlueCloud
29 Oct 2013
Attached Files
rwac
29 Oct 2013
Did you install any suspicious programs (might be a download manager) recently?
It might be a browser addon like a toolbar or plugin or extension.
https://www.google.c...i avazutracking
Edited by rwac, 29 October 2013 - 11:20 AM.
BlueCloud
29 Oct 2013
Also Safari on the iPad doesn't even allow installation of any extensions or plugins at all. Don't even know how it could be hijacked...
rwac
29 Oct 2013
Also, can you check to see if your homepage has been redirected?
Have you tried clearing your website data on the ipad?
settings>safari>advanced >website data
BlueCloud
29 Oct 2013
Homepage still the same.
I just cleared all cookies and history both on iPad and Mac right now. I usually do it every couple of days. Maybe I forgot to do it on the iPad. I'll report if this happens again.
BlueCloud
29 Oct 2013
I'm excluding the possibility of the browser being compromised, or viruses, since this happens on the iPad ( non-jailbreaked) as well.
According to this website : http://www.thesafema.../ it's either my network being compromised ( if this doesn't happen when i'm using other networks), or the forum has really been injected with some malicious code.
I will test the forum on my iPad tomorrow on different networks outside home and see what happens.
BlueCloud
29 Oct 2013
EDIT : lol, just after resetting the DNS and clearing the cache and cookies again on Safari, I got redirected again...
I'll try tomorrow from an outside internet connection.
EDIT 2 : also, this is unrelated but very hilarious coincidence, check what the link for this thread is "66666"
Edited by BlueCloud, 29 October 2013 - 03:38 PM.
BlueCloud
31 Oct 2013
- It's not a malware or anything like that.
- Not a general issue with DNS being redirected , otherwise all my websurfing activities would be affected, however ONLY Longecity is affected by the issue and being redirected.
- It's not the forum being hacked, otherwise you would have lots of similar reports, and I seem to be the only one (?) reporting this.
- I found out that it's possible that an ad has been hacked and redirected. Since Longecity has two types of ads , ones that are placed by the admins, and others placed automatically by GoogleAds/Adchoices , it could one of the local ads that's being hacked. So I installed Adblocker in Safari ( on the Mac ), and blocked the ads ( the ones placed by Longecity still show up ). Surprise surprise : no more redirections. Been browsing for more than an hour with any issues.
EDIT : Actually I know now exactly wich ad it is. As soon as this one shows up ( and it shows up a LOT of times more than the others), boom : redirection to the same mmo games. Ironically, it's an ad for... an ad network ! Probably to demonstrate how efficient their unethical methods are..
Edited by BlueCloud, 31 October 2013 - 12:02 PM.
niner
31 Oct 2013
YOLF
31 Oct 2013
Luminosity
02 Nov 2013
hamishm00
09 Nov 2013
I also now get popup screens randomly when I am in other apps.
I know I am getting this because my registration lapsed and now of course I get spammed. Won't be re - registering on principle until this is fixed.
Edited by hamishm00, 09 November 2013 - 05:28 AM.
hamishm00
09 Nov 2013
maxwatt
09 Nov 2013
Layberinthius
09 Nov 2013
Also nasty shit that appears in my firewall logs after I joined here.
It could be anti-longevity proponents trying to attack and identify in real life the users of this forum, or it could be government resistance.
Frankly I think this forum software needs to be more resilient by simplifying everything. But I know that suggestion will fall on deaf ears.
I would suggest to everyone who uses this forum to use the firefox/chrome plugin "https everywhere" bare minimum. https://www.eff.org/https-everywhere
And to install a suitable software firewall.
Zonealarm for Windows 7/8
and Sygate Personal Firewall for Windows XP.
And to setup ufw rules if they are using ubuntu.
I would also suggest that if your privacy is your primary concern to get a proxy, NOT from a company like hidemyass (they WORK for the government) but something like ipredator.
Its kind of ironic that this thread's index in the url above contains the numbers "66666", I'm not a religious man but that still kinda freaks me out a bit. lol
Edited by Layberinthius, 09 November 2013 - 11:14 PM.
caliban
10 Nov 2013
1) there is no evidence that LongeCity has been 'hacked' - your personal data as far as we know (it seems difficult to tell with governments getting involved in spying over the internet) is safe.
2) As has been mentioned in the newsletter and in this forum, we have troubles with out database recently. We are still trying to isolate the problem but while it persists, the site might crash more often. As far as we know this is an internal problem not the result of some 'hacking' attack but we will continue to investigate the issue until a solution has been found.
3) Blue Cloud has identified a malicious and annoying advertisement that is being served to LongeCity by an external network. Obviously, we didn't invite this to happen and have no control over it as such, but if you could just provide a bit more information, we can try to block that ad from being served to LongeCity again.
niner
10 Nov 2013
BlueCloud
10 Nov 2013
- It's not a Safari issue, Hamishm00 is reporting the same issues on his Android phone, and there's no Safari for it.
@ Caliban : Yes , I've cornered it to exactly one ad , as soon as it appears, boom. Curiously, since a few days, the space ( in the right low corner of the forum, out of the three ads that populate that area ) where it usually appears is now empty, yet I can still see the link to it. I don't know why it only appears on Longecity, maybe the forum has grown in popularity and looks like a nice target now for them.
Caliban , would you like me to post the details about that ad here, or do you prefer to have it on PM ?
Layberinthius
11 Nov 2013
@ Layberinthius : nah, no need to look that far. The Wild Wild Web has always been hammered everyday by sore losers ( hackers) who need to make other people's lives miserable , to compensate for their small penises
. Also It has become an ideal way to make money through hacking, extorsion, identitiy theft etc, it less risky than robbing their local supermarket.
- It's not a Safari issue, Hamishm00 is reporting the same issues on his Android phone, and there's no Safari for it.
Tell that to slashdot:
http://news.slashdot...o-serve-malware
hamishm00
11 Nov 2013
I have taken a photo of the popup on android and will take one that pops up on Firefox. Can I send them to an email address?
Just to confirm, this is the only side I visit where this happens, so it's fairly sage to say it's a Longecity problem.
I just got diverted on the Android to http://seth.avazutra...&vurl=1731_1925
That site then auto uploads malware or aware called mobogenie1503.apk on the Android.
Layberinthius
11 Nov 2013
Or to: http://postimage.org/
and then copy and paste the links to this thread if you like.
niner
11 Nov 2013
@ Layberinthius : nah, no need to look that far. The Wild Wild Web has always been hammered everyday by sore losers ( hackers) who need to make other people's lives miserable , to compensate for their small penises
. Also It has become an ideal way to make money through hacking, extorsion, identitiy theft etc, it less risky than robbing their local supermarket.
- It's not a Safari issue, Hamishm00 is reporting the same issues on his Android phone, and there's no Safari for it.
Tell that to slashdot:
http://news.slashdot...o-serve-malware
I'm pretty sure that neither NSA nor GCHQ have any interest in sending Longecity readers to a scummy adware site. It's not that they couldn't hack us if they really wanted to, but it's delusional to think that we are important enough / dangerous enough for them to bother with.
I don't know if it works for registered users or not, but members can certainly upload images directly without going through a separate storage site. You just use the "Attach Files" button.
Layberinthius
11 Nov 2013
I don't know if it works for registered users or not, but members can certainly upload images directly without going through a separate storage site. You just use the "Attach Files" button.
I was thinking of the future longevity of the server.
Its probably a good idea to not do that in the long run, this website is dedicated to people who wish to live forever, that kind of database is gonna get pretty large, and I'm sure the server will most likely struggle just to seek and access billions of pages of text.
Increasing the cost of hosting to the owner.
However image links go dead, so if the images are important (ie a part of research strategys) then use the attach file feature, if the images are however not important, then use a external image hosting.
Thats my strategy anyway.
Edited by Layberinthius, 11 November 2013 - 11:58 PM.



