Jump to content
American Road Magazine
Celebrating our two-lane highways of yesteryear…And the joys of driving them today!

Infinity Ads?


DennyG
 Share

Recommended Posts

For the last several weeks, attempts to reach this forum are often hijacked and redirected. There is always an ad of some sort from infinityads.com (the most recent was for a James Bond auction) and a request to select some offer to reach "locked content". The most recent choices involved a Best Buy gift card, something from Southwest Airlines, and "All-in-one master cheat software". Closing the page and immediately re-accessing the forum works fine. I'm guessing it's time based since all is well for at least several hours. But eventually the hijacking behavior returns. This is true if I try to access the forum anew or if I try to refresh a browser page with the forum after several hours. I have not performed the sort of experiments necessary to determine how much time is involved of if it really is time related at all.

 

Opening question: Is anyone else seeing this or anything similar?

Link to comment
Share on other sites

I think I'd take that bet. I've seen it rather reliably for a a matter of weeks so if you haven't seen it at all, I doubt that you will. Since I only see it with the forum, I thought it reasonable that it was something at the server end but if that were the case I wouldn't be the only one seeing it. Perhaps it's something with my machine and the specific URL. I can't imagine what that could be but just about anything is possible when electrons get together. I shall continue to watch and ponder.

Link to comment
Share on other sites

Denny,

 

The “Infinity Virus” gets a fair amount of comment on the web, as you no doubt know. Maybe I haven't gotten it because I run a highly recommended anti virus program and another anti spyware program. I have been virus and spyware free for years, despite lots of web surfing.

 

Dave

 

Keep the Show on the Road

Link to comment
Share on other sites

I have some decent protection in place and have also been pretty much infection free for a long time. I'm even rather confident that includes now. But your post prompted me to think and search a bit more and I believe I've found something.

 

Much like a football ref who sees the second punch, I focused on the second symptom. The Infinity Ads are a result of the redirection that is the real problem (the first punch). A search for "url4short.info" turned up some interesting things and eventually led to some discussions of an exploit that targets the MySQL DB of Invision Power boards. My current theory is that this has happened at ARMF. My (weaker) theory for why only I see it is that it is browser related. My default browser is Chrome. I stumbled across a few hints that some browsers may be aware of the evil URL and shield users.from it.

 

The post here, which I reached through this discussion, gives some info on protection and correction. I don't expect it to make much sense to many and I don't expect it to be the ultimate reference for the administrators. It would be wise for them to do their own research but the post might be a good starting point.

Link to comment
Share on other sites

Well, there goes another perfectly good theory. In my opinion, pretty much everything about it points to a server side issue with the exception that no one sees it but me. Some sort of internet Harvey. Perhaps I am somehow prejudiced.

 

It just now happened to me again for the second time today though, for the first time ever, I just got the redirect to "locked content" without an ad overlaid on it.

 

Oops. Dave, I meant to ask about the "Infinity Virus". The only thing I found was something from the early 1990s that didn't sound much like what I'm seeing. Do you know of something else?

Link to comment
Share on other sites

Denny,

 

I used Yahoo search (I think it is the old Alta Vista) and came up with several current references....but I did not do more than scan a few. I figure you know a lot more than I do on the subject, so.....

 

One thought, perhaps not useful, but have you tried to email Infinityads for a solution?

 

Dave

 

Keep the Show on the Road

Link to comment
Share on other sites

Dave: I had used both Yahoo & Google and just now tried Bing. About all I've found is an Infinity company selling anti-virus software in the UK, an internet provider named Infinity that some times get mentioned along with viruses, and the Infinity Virus from 1992. I don't think that matters, however, since I believe that neither Infinity Ads nor URL4Short.info are at fault or any more evil than every other get-rich-from-internet-advertising dreamer. Both offer what are probably legitimate services which are being misused by some as yet unknown evildoer.

 

Jim: Last night's occurrence was without the Infinity Ad overlay. I haven't seen it this morning. Maybe it's already starting to go away. If it does, I suppose I'll eventually forget about it and be content but that's not what I'm hoping for. Being involved in software, you're probably aware that one of a developer's worst fears is a problem that goes away on its own. Problems that disappear on their own are prone to reappearing on their own and it's often in the middle of a demo to the world's largest customer or something similar.

 

Search for "url2short.info redirect" and you'll find a number of discussions regarding unwanted redirection (hijacking) most of which involve forums. VBulletin and InvisionPower are both well represented. Many of the descriptions sound almost exactly like what I'm seeing and most, if not all, involve server side redirection. The big difference is that most of them have more than one witness.

Link to comment
Share on other sites

Hi Denny, We think we might have found the problem -- and hopefully fixed it. We found some code in the Invision Power Board template and removed it. So, if the issue doesn't resurface, I'm betting that was the problem. If it resurfaces, however, please let us know. Thanks for bringing it to our attention.

Link to comment
Share on other sites

Excellent. That's in keeping with what I read online. Why others didn't see it remains a mystery but not a very important one. Guess they're just not as lucky as I am. What is important is determining and dealing with the security breech that allowed the intrusion.

 

My last sighting was this morning at 8:02 EST.

Link to comment
Share on other sites

Actually, that others didn't see it is very intriguing and would help in troubleshooting, should the problem recur.

 

Yes, I do understand how problems that go away on their own cause real anxiety. On the other hand, I've shipped software with such self-disappearing problems. :-)

Link to comment
Share on other sites

Fortunately I hadn't finished uncorking the champagne when I learned that the code Becky mentioned was removed yesterday (Monday) afternoon. This morning's 8:02 redirect proved that it was not the problem. Any remaining doubt was taken care of by an occurrence just now, at 22:31. Despite what wild stories on the internet lead me to believe, a problem that is seen only by me is, almost by definition, only my problem. I shall suffer (but not very much) in silence until I discover something new or the world ends on Friday, whichever occurs last.

Link to comment
Share on other sites

I have to conclude at this point that there's an IF statement like the following somewhere in the board's code:

 

IF (username="DennyG")

THEN redirect

ELSE continue

 

Maybe:

IF ((username="DennyG") AND (something = rand(somethingelse)))

THEN redirect

ELSE continue

 

Though I'm still hoping for:

IF (something = rand(somethingelse))

THEN redirect

ELSE continue

Link to comment
Share on other sites

  • 8 months later...

As of Monday, this problem appears to have been vanquished. I quit whining but the problem had remained. After awhile, I learned that it was generally confined to access through a link on my MyYahoo page so I just avoided that except for a curiosity check every month or so to verify that the redirection still occurred. Deleting and recreating the page did nothing nor did removing and re-installing both Chrome and Firefox.

 

Sometime prior to last Thursday, things changed. Either Chrome/Google got smarter of the exploit worsened. Chrome prevented me from visiting the forum with a "Malware ahead" warning. A new search for url4short.info turned up some new information and reports that symptoms were most often encountered using search engines. Sure enough, a Google search placed warning on any AmericanRoadForum hits. This was true for Google in both Chrome and Firefox but was not true for Bing in either browser. That problem has now been fixed and with it my MyYahoo related redirect. I agree that seeing this as a client problem was reasonable but I feel vindicated nonetheless.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...