Tweet
Originally posted by ShockBand
View Post
-
I didn't see onclkads app installed looking at Apps & Features and I didn't see any unusual extensions in my browsers. My extensions are either disabled or I don't have any. It would seem that if I did have an onclkads extension or something similar installed, then it would happen on other webpages besides Shockernet. -
I am having the same issue on both my iPhone and my Mac (Safari).Comment
-
Having the same issue as well. Definitely site-sideComment
-
Well, if it isn't appearing on a deep search locally, then it is likely server-side. I will alert Kai and see if I can help him ferret out the issue.Be who you are and say what you feel, because those who mind don't matter, and those who matter don't mind. ~Dr. SeussComment
-
-
It's 100% server side. vBulletin is serving up a script from url.ie called 11o2s. Just need to grep the vBulletin software for that and disable whatever component is serving it up. Probably need to upgrade/patch vBulletin too.Kung Wu say, man who read woman like book, prefer braille!Comment
-
Also 11o2t, but really just search for "url.ie" and then you will know what part of vBulletin has been hacked. If it doesn't appear in the source then it might be a SQL injection (in the HEAD section or something).Kung Wu say, man who read woman like book, prefer braille!Comment
-
Thanks, Kung Wu. I just ran an network check with Chrome dev tools, and found that url.ie (2 in fact) as well. Those are URL shorteners and redirect to sumpin' shitty. I also advised Kai to check the main page HTML for a rogue div inject.Be who you are and say what you feel, because those who mind don't matter, and those who matter don't mind. ~Dr. SeussComment
-
Should be easy for his host to find. It's whatever code runs between google-analytics and the vbulletin-core. I see yui in there but that may be part of the url.ie hack.Originally posted by ShockBand View PostKung Wu say, man who read woman like book, prefer braille!Comment
-
If that doesn't work, you can always torque up the phaser caddies, and hope the hyperdrive gems with the PLCTV.onion verged cards.Originally posted by Kung Wu View PostComment
-
Originally posted by Kung Wu View PostIt looks like 11o2s redirections to onclkds.com and 11o2t redirections to pushnative.com.Originally posted by Kung Wu View Post
CheckShortURLComment
-
My bookmark to SN comes up clean with no interference.
Same thing if I type the url. I've got no problems, so if it's on the server side it seems that perhaps it doesn't affect Win7?The future's so bright - I gotta wear shades.
We like to cut down nets and get sized for championship rings.Comment
-
Might depend which version of each browser you are running.Originally posted by Aargh View PostKung Wu say, man who read woman like book, prefer braille!Comment
-
I think Palm has hacked Shockernet.Where oh where is our T. Boone Pickens.Comment
-
Had the same problem the last 48 hours. I ran windows defender the full scan. It can back and said I had a virus " SupportScam:JS/techBrolo.aa" . I deleted it seems ok now. Hope this helps.Comment
Comment