Jump to content

Mooney Space appears to be infected with cross site scripting or a redirect attack


Recommended Posts

Posted

That happened to me yesterday. Had to close the window and open a new one, as i couldn't escape it's loop.

Since my recent Android update, I periodically get full screen video ads that pop up at strange times, regardless of what app I'm running. I figured this stupid thing was related to that stupid thing . . . .

Posted

I was able to make this happen on my Android phone too.  I have always left ads on for my account so it could be coming from a banner ad.  This would be a bit shocking since we are only using Google AdSense which is usually pretty free of malicious ads.  

I have shutoff ads on my account for a while and I will keep testing.  I know these things are smart enough to only do the redirect every day or two so it might take a little while to sniff it out.

Posted
On 10/29/2017 at 6:47 PM, Andy95W said:

"Recent adult sites"?  On your phone?  My eyes aren't that good anymore.

And in both those screen shots, theres a bible app icon up top.  No adult sites on this phone or for me in general.  Popups still happening to me even today. 

Posted
44 minutes ago, NJMac said:

And in both those screen shots, theres a bible app icon up top.  No adult sites on this phone or for me in general.  Popups still happening to me even today. 

Not receiving the bible icon when I get the pop-up.  Same text about "Adult sites" though.  I think it's just a shot in the dark.  Tell enough people you caught them browsing porn, and more than a few will believe it.

Posted
43 minutes ago, gsxrpilot said:

A simple solution is to kick in a few bucks to support this site. Then the ads go away along with all the issues from ads that are served up.

I think an amount equivalent to ~15 minutes with an avionics shop or less than 1/2 hour with a mechanic is a good amount.

And the ROI in awesome.

  • Like 3
Posted
1 hour ago, gsxrpilot said:

A simple solution is to kick in a few bucks to support this site. Then the ads go away along with all the issues from ads that are served up.

While what you say is true from an end-user perspective, it is still best-practice for Mooneyspace to ensure that advertisements are not attempting to use the site as an infection vector...

Posted
31 minutes ago, ShuRugal said:

While what you say is true from an end-user perspective, it is still best-practice for Mooneyspace to ensure that advertisements are not attempting to use the site as an infection vector...

Of course it would be best practice... I make my living in IT Security as well. But you have to understand that MooneySpace is a part time hobby for someone who doesn't even own or fly a Mooney any longer. But thankfully Craig continues to maintain and provide the site that all of us Mooney owners realize as so extremely valuable. But as you know, this stuff doesn't happen for free. And even if Craig doesn't put any monetary value on his time, there are plenty of expenses with running/hosting a forum such as this. Consequently, the ad services that are used, while vetted as well as possible, malware does often sneak through. Even enterprise companies with huge security staff's can't alway ensure that the ad service they use is always clean. 

So in this case we'll all give Craig a pass and will simply thank him for continuing to provide this service years after leaving the Mooney community himself. So do yourself a favor and step up with a donation to support the site and solve the malware problem yourself.

  • Like 3
Posted (edited)
11 minutes ago, gsxrpilot said:

Of course it would be best practice... I make my living in IT Security as well. But you have to understand that MooneySpace is a part time hobby for someone who doesn't even own or fly a Mooney any longer. But thankfully Craig continues to maintain and provide the site that all of us Mooney owners realize as so extremely valuable. But as you know, this stuff doesn't happen for free. And even if Craig doesn't put any monetary value on his time, there are plenty of expenses with running/hosting a forum such as this. Consequently, the ad services that are used, while vetted as well as possible, malware does often sneak through. Even enterprise companies with huge security staff's can't alway ensure that the ad service they use is always clean. 

So in this case we'll all give Craig a pass and will simply thank him for continuing to provide this service years after leaving the Mooney community himself. So do yourself a favor and step up with a donation to support the site and solve the malware problem yourself.

I understand what you are saying, and from the perspective of users on this site, it makes sense.  But the solution of "just cough up a sub so you don't see the infected ad" is a bad one, for several reasons.  The biggest among them being that if the site becomes flagged as infected, it will stop turning up in search engines, and your antivirus software may stop you from visiting it altogether, which would kill the site as effectively as Craig walking away and switching off the server.

 

Even ignoring that extreme eventuality, coughing up a sub is still not an optimal solution:  If I sub and then connect to this site from a device which i am not currently logged-in to, then I will be faced with the advertisements until I log in.  If I am presented with an infected advertisement during that window, then I become infected, and my plan of avoiding infectious ads via subbing fails.

 

It's not about "giving Craig a pass" or not:  Having infected content on this website is directly detrimental to ALL users of the website, subscribed or otherwise.  If you feel that I am wrong to point out that the problem exists so that it may be corrected, then you are certainly entitled to that opinion, but I would posit that dropping a sub and pretending the problem doesn't exist is doing no favors for either Craig or Mooneyspace.

Edited by ShuRugal
Posted

No, I agree it's right to point it out and as you saw, Craig immediately responded. He monitors this site very closely and consequently most agree that this site is much more pleasant and useful than most other Pilot or Airplane forums.

Having said that, if enough of us would donate to the support of this site, he could do away with Google AdSense altogether.

Posted
48 minutes ago, gsxrpilot said:

No, I agree it's right to point it out and as you saw, Craig immediately responded. He monitors this site very closely and consequently most agree that this site is much more pleasant and useful than most other Pilot or Airplane forums.

Having said that, if enough of us would donate to the support of this site, he could do away with Google AdSense altogether.

Definitely agree, very fast response from Craig, and this site does seem to be very well maintained.

 

A subscription here is on my "To Do" list, but right now my budget is prioritized with rounding out my PP ticket and taking care of the initial cost-of-purchase expenses for my new bird...

Posted
19 hours ago, ShuRugal said:

Definitely agree, very fast response from Craig, and this site does seem to be very well maintained.

 

A subscription here is on my "To Do" list, but right now my budget is prioritized with rounding out my PP ticket and taking care of the initial cost-of-purchase expenses for my new bird...

paypal him $10, that shouldn't slow your goals down or put them on hold for any length of time. Convince yourself you will get $10 worth of advice from a few very knowledgeable Mooney people that will undoubtedly save you thousands over the course of you flying and owning a Mooney. That shouldn't be too hard for you to do.

  • Like 3
Posted
On 11/2/2017 at 9:38 AM, mike_elliott said:

paypal him $10, that shouldn't slow your goals down or put them on hold for any length of time. Convince yourself you will get $10 worth of advice from a few very knowledgeable Mooney people that will undoubtedly save you thousands over the course of you flying and owning a Mooney. That shouldn't be too hard for you to do.

ya talked me into it :P

  • Like 3
Posted

I just started using Tapatalk to get away from the redirect. Solution seems to work. Guess supporting site does also.

Sent from my SM-G930V using Tapatalk

Posted
21 hours ago, NJMac said:

I just started using Tapatalk to get away from the redirect. Solution seems to work. Guess supporting site does also.

Sent from my SM-G930V using Tapatalk
 

Are you still seeing this on Android?  Anyone else?  I switched ad providers to see if that fixed it.

Posted (edited)
1 hour ago, mooniac58 said:

Are you still seeing this on Android?  Anyone else?  I switched ad providers to see if that fixed it.

I'm also still seing it on my android tablet. Should I log out and back in?

It also happens sometimes when I'm doing other things and have Chrome minimized . . . So it may not be MooneySpace, but something in the latest android update?

Edited by Hank
Posted

For whatever reason it seems to only be happening to people that are seeing ads - I was getting it as well (as I always leave ads on for my account).  Once I stopped the ads the issue went away.  It also seems that everyone that has reported this has a basic account which means they also have ads running.

The odd thing is we are now only running Google AdSense for the ads - typically you never have issues like this with them.

Posted
I'm also still seing it on my android tablet. Should I log out and back in?
It also happens sometimes when I'm doing other things and have Chrome minimized . . . So it may not be MooneySpace, but something in the latest android update?
I've actually been deferring an Android update for close to 3 weeks now. I don't think that would be the answer either

Sent from my SM-G930V using Tapatalk

Posted
18 hours ago, mooniac58 said:

Are you still seeing this on Android?  Anyone else?  I switched ad providers to see if that fixed it.

I logged back into the site on chrome to edit a post and have been on for about 5 mins and havnt been redirected.  That's a recent record.  Seems like the changes were for the better. 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.