STH forum serving malicious ads

Terry Kennedy

Well-Known Member
Jun 25, 2015
1,067
505
113
New York City
www.glaver.org
I was browing the Hardware pron thread and was forcibly redirected to this:


Note that the underlying page actively blocked being captured, presumably to avoid recording of the URL. Sorry, but I wasn't going to stay parked on that page long enough to manually transcribe the URL - I took IE out and shot it after capturing this.
 

Patriot

Moderator
Apr 18, 2011
1,310
692
113
I pinged patrick but... Ads by google? I wish you captured which ad it was so it could be forwarded on to them.
I experienced no redirect on chrome but it is sandboxed and far less vulnerable to redirects. Now that you have properly disposed of IE perhaps you too can browse safely :p
 

Terry Kennedy

Well-Known Member
Jun 25, 2015
1,067
505
113
New York City
www.glaver.org
I pinged patrick but... Ads by google? I wish you captured which ad it was so it could be forwarded on to them.
I thought I mentioned that it was a whole-frame redirect to the malware-serving site (not a Google URL) with the child window as shown in my post. The page apparently actively blocked being captured (everything except the child window was captured as transparent).
I experienced no redirect on chrome but it is sandboxed and far less vulnerable to redirects. Now that you have properly disposed of IE perhaps you too can browse safely :p
No, I'm still using IE - I just shot it with task manager as that is the only way to close these annoying sites. If I browsed here with Chrome I'd get a bunch of annoying things unless I re-enabled Javascript, etc. and started accepting cookies (I used IE, Firefox and Chrome for different things).
 

Patrick

Administrator
Staff member
Dec 21, 2010
11,934
4,891
113
Thanks @Terry Kennedy

Looking into this. Not seeing it in Edge/ Chrome/ Firefox on any of the test systems we have setup. Ads on the forums are all via AdSense right now. Still looking into how this is getting served. In the meantime, did the minor update to XF.
 
Last edited:

mstone

Active Member
Mar 11, 2015
505
117
43
42
This is true of all ad networks, it's why I use an ad blocker and noscript. I get the economic argument, but until the ad networks police themselves (not holding my breath) it's stupid to trust them.
 
  • Like
Reactions: William

Patrick

Administrator
Staff member
Dec 21, 2010
11,934
4,891
113
Near term on the STH main site I want all static ads from our ad servers.

Longer term I am exploring the idea with our marketing team of just doing a sponsored by all with chicklets and just having everyone's static logo.

After adding Fujitsu and likely late this quarter or early next quarter Cisco to our review stable we will be reviewing servers and chips from every major x86 vendor, and most of the big Arm vendors.

Frankly, I would prefer just to say everyone in the industry supports STH's work by providing hardware and technical support. I do not think ads are the long term direction I want to go, but they are what the marketing folks all work with.

I want this to happen in 2020 but realistically it is 2021 at the earliest.