Webhost infected?

Not sure if anyone else is seeing this, but I'm sometimes seeing two things when browsing this forum (and no others).

On the relatively benign front, sometimes (not often) I see mutliple ad pages when I use the back button in IE, as if the page is being diverted via one or more ads before coming back here. I've seen well over 10 in the past. I don't actually see many pages of ads load.

Recently, however, I've been intermittently being redirected to http:// testables.net/d/juicyru.com, which (probably fortunately) is blocked by Trend for me (only without the space, wanted to prevent it accidentally becoming a link to something nasty - if it is).

Now, I know that often these days it's the host rather than the website who has got hacked, if indeed this isn't my machine infected and for some reason only triggering here, but this was the only way I could think of to report the issue.

I would make sure your system is clean. I had a quick look at the HTML for this thread and couldn't see anything particularly malicious. It's possible that the ad providers themselves could be serving malicious ads, but that appears to be google ads and they're usually pretty careful with that kinda stuff.

Try Malware Bytes Anti Malware and see if the problem persists. A quick search on google against the URL you provided shows that a few people are having the same issue in November 2012, so it sounds like possibly a fairly recent strand of malware.

I'm not ruling out the possibility that any of the several javascripts that kolmafia.us loads might be infected, I didn't look through all of them. At this stage, though, I would make sure your system is definitely clean first. Trend Micro doesn't have the best track record when it comes to picking up the newest strands of malware, IMO.

Will do so.

The reason I said webhost rather than website, though, is that often these things infect a webserver, rather than a site, and redirect on a small % of the page hits. It'd be odd for it to only affect this website if it's my computer, but not impossible.

Update - Quick scan and Flash Scan found nothing, doing less Full scan.

Also, being that this is considered to be either a computer or webserver issue, it's not a mafia bug... thread should probably be moved to Community Support.

I'll move to Community by and by. I had meant to reply to this sooner. Sorry.

My work laptop came with some TrendMicro "protection" installed and it was pretty aggressive about blocking a lot of stuff with "juicyru". I was seeing it at numerous sites that served up ads. Based on my research I could not actually figure out why Trend Micro didn't like the site to being with. My best guess is that it was being blocked because it was aggressive about serving up ads and not necessarily malicious. ("You have won" ads. "Are you sure you want to leave this page" kind of stuff).

As a general rule I am quite used to commercial "protection" products being over zealous or having some Human Resources Department's definition of what should be blocked embedded. Just try and use tools that are used by both Black and White Hat hackers and see what I mean.

Bottom line for me is that I disagree with Trend as to how much of a "threat" the sites are and I have seen numerous sites serve up the ads so I doubt that kolmafia.us is "infected". IMO. YMMV.

The full scan also came up empty.

I suspect it may well just be some ads that do some slightly dodgy stuff, and maybe Google has sorted them or will do. At least, I think an ad which causes a page to load but not display multiple ad hits before loading and displaying the page you wanted is probably trying to game a number of hits metric at the expense of the person browsing.

I mainly posted here to see if I was the only one seeing this stuff here.

Most likely it was an ad that was up for a brief time and then pulled. Not really something I can do to prevent.

Looks like a Google Ad issue :

https://productforums.google.com/forum/?fromgroups#!topic/adsense/x_g9lDeF9tw

I had a strange experience a couple of weeks ago, but it went away the next time I loged into KoLmafia.us, so I thought no more about it. But it's back today, and this thread was created in the interim, so this looks like it could be related. What happens is anytime I click a link in the forums, there's a flurry of activity in the lower left hand corner of the browser (FireFox, specifically), then it stalls for 2 to 5 or so minutes displaying "Waiting for static.wowhead.com" and the progress bar in the lower right hand corner just sits at about 7/8 done. I don't have a WoW account and have never logged in nor visited their site. I Googled for "static.wowhead.com" and it looks like it's a legitimate WoW site. Is there some connection between KoLmafia.us and static.wowhead.com? Should this be happening? Are others seeing anything like this?

System details (in case they matter)
OS: MacOS X 10.6.8
Browser: Firefox 3.6.13 (I know it's very old, but it doesn't leak memory like a sieve)

In general, my philosopy is "Don't fix it unless it's broken." So I generally don't upgrade software until I have to. Is this a signal to me that something is broken and I need to apply some dreaded upgrades?

Thanks in advance for any help you can offer.

It's probably a dodgy advert for the site, or for a site using it's content. The difficulty is that it's hard to pin down, as you don't actually see it.

I actually work for Wowhead and I sometimes use Kolmafia.us to test vBulletin features I'm coding up.

fewyn said:

I actually work for Wowhead and I sometimes use Kolmafia.us to test vBulletin features I'm coding up.

Click to expand...

And the sister site for KOTOR I'm assuming, which is why we can do things like this:

[ability]XS Freighter Flyby[/ability]
[item]Ace in the Hole[/item]

resulting in:
[ability]XS Freighter Flyby[/ability]
[item]Ace in the Hole[/item]

I always just assumed you were running a fan-forum on the same host and the Wow/TORhead plugins leaked over