Possible compromised forum?

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

nle

Member
Oct 24, 2012
204
11
18
I’m currently browsing/writing from latest Firefox on iOS and when I click on links (I.e "the flag" top right to get the latest) Firefox opens spam sites in new tabs/window.

It happened a few times in one session, but testing in a new window it did not happen, so it looks to be random (as they do sometimes to avoid detection)

I don't think it could be local on my phone, since there is no plug-ins etc. on iOS.

Please have a look into the forum software.

See the history in FF:
9C46F8E5-8B8E-44DF-A8EB-0C293C82ADB3.png A5B1F5A7-0CD6-4276-BEB2-E2286EE89BDA.png

(edit: changed to thumbnails, sorry for the big photos on desktop looked alright on mobile)
 
Last edited:
  • Like
Reactions: Twist

mackle

Active Member
Nov 13, 2013
221
40
28
On my phone I use safari with the Firefox focus content blocker, which is disabled for this site.
 

Twist

Member
Oct 15, 2015
79
42
18
48
Norway
I'm on android with latest Firefox and have a similar problem,it only happens on STH. Noticed this first time yesterday and it happend again today even if I cleaned my cookies in between.

I see some connection to:

appcenter3.com
fckmnk.com
smrtmnk.com
belombrea.com
propeller-tracking.com

Not sure if all of these are correct.


Screenshot_20200427_083548_org.mozilla.firefox.jpg Screenshot_20200428_155500_org.mozilla.firefox.jpg
 

Evan

Well-Known Member
Jan 6, 2016
3,346
598
113
Haven’t seen it on safari at all.

What i have seen some of recently is what I assume in some kind of DNS poisoning problem or similar issue as you describe but for one of Australia biggest news sites (I am not in Australia and the redirects reflect the country I am in)
 

Patrick

Administrator
Staff member
Dec 21, 2010
12,511
5,792
113
Just in case, the entire stack rebuilt fresh. Let me know if you still see anything. Even pulling ads off from STH and Google servers just in case. We can slowly add.

I know, it is ugly. Even took out theme.
 

Skud

Active Member
Jan 3, 2012
150
78
28
I had something similar happen to me last week. Browsing the forums I clicked on the Processors and Motherboards forums and it instantly took me to a “your flash is out of date/you’re the one millionth viewer type of page.”

I’m on Edge Chromium Beta channel. No issues in other sites (when I’m not clicking on stupid stuff. )
 

edge

Active Member
Apr 22, 2013
203
71
28
Just in case, the entire stack rebuilt fresh. Let me know if you still see anything. Even pulling ads off from STH and Google servers just in case. We can slowly add.

I know, it is ugly. Even took out theme.
Ugly is being kind. Fortunately, I have not been having the spam experience.
 

Patrick

Administrator
Staff member
Dec 21, 2010
12,511
5,792
113
I want to get rid of Adsense completely but our ad fill is not where it needs to be just yet. On the banners we host we only allow static images even and do not allow animated banners or custom code beyond utm in the destination URLs.

This is now a 100% up to date OS, web stack, and clean install of XF the ES search is not active even while this gets fixed. Only the official and latest XF Resources addon is installed since that has content. The only custom bit is now the logo png. All ads are now off the forums as well.

Need to give this a few days for caches to clear for everyone before even starting to add back functionality. The bad side is that the forums are pretty ugly right now but I did not want to add a theme at this point.
 
  • Like
Reactions: Vit K

SRussell

Active Member
Oct 7, 2019
327
152
43
US
"Need to give this a few days for caches to clear for everyone before even starting to add back functionality. The bad side is that the forums are pretty ugly right now but I did not want to add a theme at this point."

I thought this was a new skin and really like this look.
 

Calochortus

New Member
Feb 8, 2019
9
3
3
Saw the same thing a few times. I figured it was an ad service poisoning attack.

FF Android private tabs, pihole DNS. Wouldn't repeat if I killed the browser and restarted.
 

altano

Active Member
Sep 3, 2011
280
159
43
Los Angeles, CA
I’ve seen this once or twice on the old site with Safari on iOS. It’s not the forum upgrade (yay btw!) but surely a compromised ad network. It hijacks click events anywhere on the page to redirect you to spam and malware. :/
 
  • Like
Reactions: Jannis Jacobsen