It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Something is wrong after I press post on ATS

page: 2
6
<< 1    3 >>

log in

join
share:

posted on Nov, 18 2014 @ 06:26 AM
link   
i am not tech savvy , but i think i have removed flash on my PC , because i was getting the same thing , and i still have the same issue here , what are my options to protect my self ?


thanks much




posted on Nov, 18 2014 @ 09:24 AM
link   

originally posted by: Walsh
... i think i have removed flash on my PC , because i was getting the same thing , and i still have the same issue here ...

Removing flash isn't going to stop that web-page appearing , the scammers just mention flash because the majority* of computers have got it.

[ * Adobe claim 99% ]


originally posted by: Walsh
what are my options to protect my self ?

If you see a flash update or Java update being offered whilst on ATS ignore them : don't click to download anything from them.
Personally if I see such a scam I close the browser , (there's no hurry) , as clicking on the X in the corner of the scam window to close it can permit a download.
edit on 18-11-2014 by engvbany because: (no reason given)



posted on Nov, 18 2014 @ 10:20 AM
link   

originally posted by: engvbany

originally posted by: Walsh
... i think i have removed flash on my PC , because i was getting the same thing , and i still have the same issue here ...

Removing flash isn't going to stop that web-page appearing , the scammers just mention flash because the majority* of computers have got it.

[ * Adobe claim 99% ]


originally posted by: Walsh
what are my options to protect my self ?

If you see a flash update or Java update being offered whilst on ATS ignore them : don't click to download anything from them.
Personally if I see such a scam I close the browser , (there's no hurry) , as clicking on the X in the corner of the scam window to close it can permit a download.


thanks again for all the info !

is or can ATS do anything about this ?



posted on Nov, 18 2014 @ 10:33 AM
link   
a reply to: Walsh

Aside from knocking off specific ads that we find have been hijacked with this sort of crap, not really.

The best thing to do is to educate the user (that holds true for any computer issue).

If a random popup is telling you that your software is out of date don't believe it. Get your updates straight from the source. Go to adobe.com or java.com and check versions there.

Alternatively there are some great utilities that can scan your computer to see if you have anything that needs to be upgraded. I personally use one from filehippo.com (an excellent site) to see if I've got any outdated software.

Either way the best way to keep safe is not to trust anything you didn't ask for. I operate with the same mentality regarding phone calls as well. If someone calls me and asks for my personal info they're not getting it, no matter who they are. I will call them back at a number I know is them and then deal with them.

In short, yes we can kick these ads to the curb but the sort of people who make these things are damn fast in making new ones so the best option is to be very wary while browsing anywhere.



posted on Nov, 22 2014 @ 01:33 PM
link   
no

but I am suddenly getting a script error message

so after 3 times, I clicked the built-in IE script de-bugger box... lets see it that bug is resolved



posted on Nov, 22 2014 @ 02:32 PM
link   
a reply to: Djarums

sweet ! ty DJ for the reply , i think i have fixed the problem . i had to disable Java , well .. i have it set on "click to run"

thanks again

Walsh



posted on Dec, 5 2014 @ 02:49 AM
link   
Just got a popup again to yet another virus hosting site from ATS

pckeeperapp.zeobit.com... l_pop_ron_fr&utm_term=&utm_content=&userDefiner=mzb_2336&trt=33_825031&tid_ext=220

The HTTP referrer that did a 302 is

Referer: engine.4dsply.com... SegmentId=15891&PassBackId=&RegionCode=&DMA=&PostalCode=

Add Blocking was turned off in my browser so I could keep an eye on ATS for its members and I think that ATS needs to review who it is selling add space to.


a reply to: mysterioustranger


I can see why there would be some issues for some people...sometimes on some devices, servers, settings and locations! Its inevitable, though I beleive much of it is unintentional

The mix is massive but was the add-servers not to be hijacking and redirecting requests to trick people into downloading a virus then we would all be fine and yes this happens from time to time on other sites but far too much here on ATS



posted on Dec, 5 2014 @ 03:00 AM
link   
a reply to: Djarums
Good to see you are listening !

The add space here is sub-let and a good chance that it is bid on electronically in a fraction of a second so any number of people could be providing the adverts that send people to a virus page.

Today I am using a VPN via France so maybe they are just trying to infect computers from that area who are using IE

it's very hard to say but you must record this data and inform the add-company at the top of the chain so that they can dump the bad clients even if it only buys them a little time before another domain name is used.
ATS could look towards embedding the adverts in the page via a relay from the add servers instead of using I-Frames and then check any relayed scripts or HTML to ensure no scamming is going on but ATS would need to work with the main add-servers to get this working



posted on Dec, 5 2014 @ 09:54 AM
link   
a reply to: VirusGuard

You must try and understand here....some...hundreds if thousands of members...have no such issues. AT All.

So you can't say its from, caused by, due to etc...ATS. Its not.

Realizing its the member visiting this site...on a particular device or devices...due to settings unique to them...goes a long way to understanding how one person can block and greatly limit all these.

I and thousands of others have no or minimum ads, banners or popups.

It s more accurate to say its when visiting ATS...one hasn't figures out how limit or cancel these issues.

So its not ATS itself....but one's settings TO us....
edit on 07-31-2014 by mysterioustranger because: (no reason given)



posted on Dec, 5 2014 @ 10:55 AM
link   
a reply to: mysterioustranger


So you can't say its from, caused by, due to etc...ATS. Its not.

Yes I can because I happen to be a software developer who has been known to earn over $1000 a day and is an expert in JavaScript, HTML, Internet infrastructure and not only did I provide the HTTP header to backup my statement but if you read back you will see that I am not alone.

Sure I can block all the adverts here using techniques most people can only dream about but the facts remain that add-servers here are sub letting space, they loose control and this is the reason people are being asked to download a virus and the referrer string makes the point.

Further more a quick Google will dig up results dating back years from people that have seen the same here before so unless the KGB/CIA is just targeting people here using MIM when using a SSL/VPN then take it as read that what I say is a matter of fact.



posted on Dec, 5 2014 @ 11:01 AM
link   

originally posted by: VirusGuard
and the referrer string makes the point.

Being a JavaScript expert, you should know that referring strings in both ad network waterfalls, and malware are commonly generated dynamically.



posted on Dec, 5 2014 @ 06:37 PM
link   

originally posted by: SkepticOverlord

originally posted by: VirusGuard
and the referrer string makes the point.

Being a JavaScript expert, you should know that referring strings in both ad network waterfalls, and malware are commonly generated dynamically.


As maybe but since I record the process accessing the network card then it's coming from the browser and it has no extensions apart from Flash installed, the user-agent checks out and if you look at the full http request I posted at the start of the thread then it even includes ATS in the GET url.

Would you care to state where this script got injected into the browser if not by your add-servers please and script can add a header but for security reasons it can not over write an existing header but a proxy server could do this if I was using one that I didn't write myself.

Any .exe virus would avoid sending a Referer string unless they wanted to get someone in to trouble and no script does not have access to raw sockets to fake requests like I often do.

I know that a lot of what you can dig up on Google is BS but try looking at adnxs.com if you think they have a good name but looking at fra1.ib.adnxs.com has virus warnings all over the internet and I was told it has been taken down (not checked yet) but it is a sub domain of adnxs.com so that as far as I can see is the root of the problem

You also need to see from other posts in this thread to know that I am not alone in reporting this issue or that the I-Frames used here often go several levels deep because someone else besides me has also captured the logs and posted them

PM me bills email address because we don't need to have the conversation here


edit on 5-12-2014 by VirusGuard because: (no reason given)



posted on Dec, 5 2014 @ 06:52 PM
link   
a reply to: VirusGuard



Yes I can because I happen to be a software developer who has been known to earn over $1000 a day and is an expert in JavaScript, HTML, Internet infrastructure

i feel bad for who ever hires you.
the problem isnt ats, its you.



posted on Dec, 5 2014 @ 06:58 PM
link   

originally posted by: Rikku
a reply to: VirusGuard



Yes I can because I happen to be a software developer who has been known to earn over $1000 a day and is an expert in JavaScript, HTML, Internet infrastructure

i feel bad for who ever hires you.
the problem isnt ats, its you.


After brownie points are we ?



posted on Dec, 5 2014 @ 07:10 PM
link   

edit on 5-12-2014 by Rikku because: (no reason given)



posted on Dec, 5 2014 @ 07:27 PM
link   
a reply to: Rikku

"pretending your an expert"

Care to pit your skills against mine or would you like to pick someone to do battle on your behalf because so far I've seen nothing from you to suggest you know anything about what you are talking about.

Go back and argue with engbanhy too if you have a valid reason to think my report is wrong.

Expert I am so come teach me otherwise if you dare ?



posted on Dec, 5 2014 @ 07:38 PM
link   
a reply to: VirusGuard

ATS is a hugely popular site so is prone to come under attack, everything from DNOS to Hacker's trying to place malware but in my opinion given there high profile and almost constant attempts by these hacker's there staff do a good job of stopping it.

That said Advertiser's which are where ATS gain's there revenue from are unfortunately also a potential access point for hacker's.

In these matter's ATS is no different to any other site which gain's a high profile and large user base, it is the users the hacker's are after as they offer he possibillity or gaining personal or financial data which ATS does not hold and also of setting up bot net's or other malware.

I high percentage of these hack attacks will originate in three locations, China, Eastern Europe and Nigeria.

I suspect it is something ATS will fix if the problem is on there end but of course they are one site and how many have you or I visited so to be on the safe side and I know it takes ages but run a deep or full scan with your AV program just in case.

It would not be the first time people have suspected the site may have a redirect on it though, JAVA update leading to a fake java site was one a while back, I alway's go to the official site and never use redirects for anything.

Also I have more frequent network attack's when I visit ATS, it may be coincidental but not necessarily and I traced there data back to Turkey which was the portal through which they sent there attack from where ever in the world they were launching them.

edit on 5-12-2014 by LABTECH767 because: (no reason given)



posted on Dec, 5 2014 @ 07:51 PM
link   

originally posted by: VirusGuard
As maybe but since I record the process accessing the network card then it's coming from the browser and it has no extensions apart from Flash installed,

That has no impact on the execution of client-side JavaScript.



the user-agent checks out and if you look at the full http request I posted at the start of the thread then it even includes ATS in the GET url.

Which would be exactly the specific case if a malicious piece of code is on your computer, and executing while on ATS or any other site. And would be exactly the specific case of a dynamic JavaScript in an ad network waterfall, being referred by ATS -- as is normal -- and passing along that referral in the dynamic variables of the GET request.



Would you care to state where this script got injected into the browser if not by your add-servers…

Impossible to tell. Are you using Firebug? If so, that's one of the better ways to trace the origins of a JavaScript being executed by the browser.



...and no script does not have access to raw sockets to fake requests like I often do…

Why are you doing that on ATS? That's not a methodology for troubleshooting JavaScript origins, but instead, for testing target servers for exploitable vectors (among other things).



...or that the I-Frames used here often go several levels deep...

Very common methodology for the ad network waterfall -- you do know what that is… right?



posted on Dec, 5 2014 @ 08:00 PM
link   
a reply to: SkepticOverlord

I'm no where near as computer savvy as you and this other member, but I do know that I've mentioned this very same issue before and it only happens on ATS.

It's happened on my machine at home and at work and both machines are absolutely clean. Out of all of the websites I browse, it only happens on ATS.

I'm not saying you're doing it on purpose, nor do I think you would, but there is something "going-on" with the ads (or something else) for this to be the case.



posted on Dec, 5 2014 @ 08:16 PM
link   
a reply to: LABTECH767
OK so if I was to check the IP-address of the HTTPS request in the loop as I can do then these would not resolve to the correct domain names if hackers were using DNS hacks to redirect requests which is possible but why do you say that China would like to harm the site when most of what's said here is often covered up by the western press.

I actually recommend this site for testing out add-ware blockers because it kicks out to so many servers so could it be that the high level of trust is being broken in the chain by so called add-servers down on the list.

Sure my upstream DNS server could be resolving to the wrong ip's but I use port 5353 and OpenDNS to avoid my ISP hijacking DNS requests as they do all the time to save on bandwidth or my VPN could inject anything into the stream before it becomes encrypted but without following every packets it's a fair bet to say it's not OpenDNS or CyberGhost and is just like I have said.

Odd thing is that I have an email from the add-server involved that says they have dealt with the problem but they assumed that I didn't know quite how sub-domains work which I am happy to forward to SO if needs be and not that I could not do a good job of faking just about email.

What I do know is I tend to get redirected soon after visiting the site with cookies being cleared down and then only once per session even if I stay connected all day long.



new topics

top topics



 
6
<< 1    3 >>

log in

join