DennyG Posted December 13, 2012 Report Share Posted December 13, 2012 For the last several weeks, attempts to reach this forum are often hijacked and redirected. There is always an ad of some sort from infinityads.com (the most recent was for a James Bond auction) and a request to select some offer to reach "locked content". The most recent choices involved a Best Buy gift card, something from Southwest Airlines, and "All-in-one master cheat software". Closing the page and immediately re-accessing the forum works fine. I'm guessing it's time based since all is well for at least several hours. But eventually the hijacking behavior returns. This is true if I try to access the forum anew or if I try to refresh a browser page with the forum after several hours. I have not performed the sort of experiments necessary to determine how much time is involved of if it really is time related at all. Opening question: Is anyone else seeing this or anything similar? Quote Link to comment Share on other sites More sharing options...
Keep the Show on the Road! Posted December 14, 2012 Report Share Posted December 14, 2012 Denny, It is 5:35 PDST and I have been posting and reading without that problem....but I bet it will happen the next time I log in. Dave Keep the Show on the Road Quote Link to comment Share on other sites More sharing options...
DennyG Posted December 14, 2012 Author Report Share Posted December 14, 2012 I think I'd take that bet. I've seen it rather reliably for a a matter of weeks so if you haven't seen it at all, I doubt that you will. Since I only see it with the forum, I thought it reasonable that it was something at the server end but if that were the case I wouldn't be the only one seeing it. Perhaps it's something with my machine and the specific URL. I can't imagine what that could be but just about anything is possible when electrons get together. I shall continue to watch and ponder. Quote Link to comment Share on other sites More sharing options...
Alex Burr - hester_nec Posted December 16, 2012 Report Share Posted December 16, 2012 No problems in Memphis - yet!! Hudsonly, Alex B Memphis, TN Quote Link to comment Share on other sites More sharing options...
DennyG Posted December 16, 2012 Author Report Share Posted December 16, 2012 Last night I made a forum visit with no redirection even though many hours had passed since the previous one. I thought that maybe my special detour had disappeared. Nope, this morning it was back in fine form. 'Tis a puzzlement. Quote Link to comment Share on other sites More sharing options...
Keep the Show on the Road! Posted December 17, 2012 Report Share Posted December 17, 2012 Denny, The “Infinity Virus” gets a fair amount of comment on the web, as you no doubt know. Maybe I haven't gotten it because I run a highly recommended anti virus program and another anti spyware program. I have been virus and spyware free for years, despite lots of web surfing. Dave Keep the Show on the Road Quote Link to comment Share on other sites More sharing options...
DennyG Posted December 17, 2012 Author Report Share Posted December 17, 2012 I have some decent protection in place and have also been pretty much infection free for a long time. I'm even rather confident that includes now. But your post prompted me to think and search a bit more and I believe I've found something. Much like a football ref who sees the second punch, I focused on the second symptom. The Infinity Ads are a result of the redirection that is the real problem (the first punch). A search for "url4short.info" turned up some interesting things and eventually led to some discussions of an exploit that targets the MySQL DB of Invision Power boards. My current theory is that this has happened at ARMF. My (weaker) theory for why only I see it is that it is browser related. My default browser is Chrome. I stumbled across a few hints that some browsers may be aware of the evil URL and shield users.from it. The post here, which I reached through this discussion, gives some info on protection and correction. I don't expect it to make much sense to many and I don't expect it to be the ultimate reference for the administrators. It would be wise for them to do their own research but the post might be a good starting point. Quote Link to comment Share on other sites More sharing options...
beckyrepp Posted December 17, 2012 Report Share Posted December 17, 2012 Hi Denny, We'll see if there's anything that can be done on our end. Thanks for letting us know. I'll post what we find out. Best, Becky Quote Link to comment Share on other sites More sharing options...
DennyG Posted December 17, 2012 Author Report Share Posted December 17, 2012 Ever since I posted my flimsy browser based theory on why I'm the only one reporting the problem, I've been wondering if anyone else is using Chrome. Quote Link to comment Share on other sites More sharing options...
Keep the Show on the Road! Posted December 17, 2012 Report Share Posted December 17, 2012 Denny, I use Chrome almost exclusively. Dave Keep the Show on the Road! Quote Link to comment Share on other sites More sharing options...
DennyG Posted December 18, 2012 Author Report Share Posted December 18, 2012 Well, there goes another perfectly good theory. In my opinion, pretty much everything about it points to a server side issue with the exception that no one sees it but me. Some sort of internet Harvey. Perhaps I am somehow prejudiced. It just now happened to me again for the second time today though, for the first time ever, I just got the redirect to "locked content" without an ad overlaid on it. Oops. Dave, I meant to ask about the "Infinity Virus". The only thing I found was something from the early 1990s that didn't sound much like what I'm seeing. Do you know of something else? Quote Link to comment Share on other sites More sharing options...
Keep the Show on the Road! Posted December 18, 2012 Report Share Posted December 18, 2012 Denny, I used Yahoo search (I think it is the old Alta Vista) and came up with several current references....but I did not do more than scan a few. I figure you know a lot more than I do on the subject, so..... One thought, perhaps not useful, but have you tried to email Infinityads for a solution? Dave Keep the Show on the Road Quote Link to comment Share on other sites More sharing options...
mobilene Posted December 18, 2012 Report Share Posted December 18, 2012 FWIW, a year or so ago I was having problems accessing this forum that sound similar to what you describe, Denny. I'm on Chrome, btw. The problems went away on their own after a couple weeks. Quote Link to comment Share on other sites More sharing options...
DennyG Posted December 18, 2012 Author Report Share Posted December 18, 2012 Dave: I had used both Yahoo & Google and just now tried Bing. About all I've found is an Infinity company selling anti-virus software in the UK, an internet provider named Infinity that some times get mentioned along with viruses, and the Infinity Virus from 1992. I don't think that matters, however, since I believe that neither Infinity Ads nor URL4Short.info are at fault or any more evil than every other get-rich-from-internet-advertising dreamer. Both offer what are probably legitimate services which are being misused by some as yet unknown evildoer. Jim: Last night's occurrence was without the Infinity Ad overlay. I haven't seen it this morning. Maybe it's already starting to go away. If it does, I suppose I'll eventually forget about it and be content but that's not what I'm hoping for. Being involved in software, you're probably aware that one of a developer's worst fears is a problem that goes away on its own. Problems that disappear on their own are prone to reappearing on their own and it's often in the middle of a demo to the world's largest customer or something similar. Search for "url2short.info redirect" and you'll find a number of discussions regarding unwanted redirection (hijacking) most of which involve forums. VBulletin and InvisionPower are both well represented. Many of the descriptions sound almost exactly like what I'm seeing and most, if not all, involve server side redirection. The big difference is that most of them have more than one witness. Quote Link to comment Share on other sites More sharing options...
beckyrepp Posted December 18, 2012 Report Share Posted December 18, 2012 Hi Denny, We think we might have found the problem -- and hopefully fixed it. We found some code in the Invision Power Board template and removed it. So, if the issue doesn't resurface, I'm betting that was the problem. If it resurfaces, however, please let us know. Thanks for bringing it to our attention. Quote Link to comment Share on other sites More sharing options...
DennyG Posted December 18, 2012 Author Report Share Posted December 18, 2012 Excellent. That's in keeping with what I read online. Why others didn't see it remains a mystery but not a very important one. Guess they're just not as lucky as I am. What is important is determining and dealing with the security breech that allowed the intrusion. My last sighting was this morning at 8:02 EST. Quote Link to comment Share on other sites More sharing options...
mobilene Posted December 18, 2012 Report Share Posted December 18, 2012 Actually, that others didn't see it is very intriguing and would help in troubleshooting, should the problem recur. Yes, I do understand how problems that go away on their own cause real anxiety. On the other hand, I've shipped software with such self-disappearing problems. :-) Quote Link to comment Share on other sites More sharing options...
DennyG Posted December 18, 2012 Author Report Share Posted December 18, 2012 ... I've shipped software with such self-disappearing problems. :-) Me too. Quote Link to comment Share on other sites More sharing options...
DennyG Posted December 19, 2012 Author Report Share Posted December 19, 2012 Fortunately I hadn't finished uncorking the champagne when I learned that the code Becky mentioned was removed yesterday (Monday) afternoon. This morning's 8:02 redirect proved that it was not the problem. Any remaining doubt was taken care of by an occurrence just now, at 22:31. Despite what wild stories on the internet lead me to believe, a problem that is seen only by me is, almost by definition, only my problem. I shall suffer (but not very much) in silence until I discover something new or the world ends on Friday, whichever occurs last. Quote Link to comment Share on other sites More sharing options...
mobilene Posted December 19, 2012 Report Share Posted December 19, 2012 I have to conclude at this point that there's an IF statement like the following somewhere in the board's code: IF (username="DennyG") THEN redirect ELSE continue Quote Link to comment Share on other sites More sharing options...
DennyG Posted December 19, 2012 Author Report Share Posted December 19, 2012 I have to conclude at this point that there's an IF statement like the following somewhere in the board's code: IF (username="DennyG") THEN redirect ELSE continue Maybe: IF ((username="DennyG") AND (something = rand(somethingelse))) THEN redirect ELSE continue Though I'm still hoping for: IF (something = rand(somethingelse)) THEN redirect ELSE continue Quote Link to comment Share on other sites More sharing options...
DennyG Posted September 18, 2013 Author Report Share Posted September 18, 2013 As of Monday, this problem appears to have been vanquished. I quit whining but the problem had remained. After awhile, I learned that it was generally confined to access through a link on my MyYahoo page so I just avoided that except for a curiosity check every month or so to verify that the redirection still occurred. Deleting and recreating the page did nothing nor did removing and re-installing both Chrome and Firefox. Sometime prior to last Thursday, things changed. Either Chrome/Google got smarter of the exploit worsened. Chrome prevented me from visiting the forum with a "Malware ahead" warning. A new search for url4short.info turned up some new information and reports that symptoms were most often encountered using search engines. Sure enough, a Google search placed warning on any AmericanRoadForum hits. This was true for Google in both Chrome and Firefox but was not true for Bing in either browser. That problem has now been fixed and with it my MyYahoo related redirect. I agree that seeing this as a client problem was reasonable but I feel vindicated nonetheless. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.