It's been more than 30 days since our last
known complaint of malware issues while
browsing ATS. (Regarding that complaint, we've stopped using the CPX ad network)
As many members may know, this has been a nagging issue that's often been difficult (if not impossible) to track down. However, we've long suspected
two sources of the problems:
Banner advertising networks
External image hosting
In fact, we've been able to document several cases of attempted malicious code injection from compromised image hosting sites, as well as advertising
with problems.
Advertising: In the scheme of things, we're still somewhat of a small player, so it's been hard for us to get into the "cream of the crop"
of online advertising. Additionally, we have lots of page views (13+ million a month) and visitors. So in an effort to improve our bottom line (we
have growth plans you know), we tried out a third-part ad optimization service for several months, beginning in late 2008. We've not used them since
mid-March.
Part of the optimization service was filling "unfilled" ad inventory with ads from lower-tier providers (in cases where our higher-level providers
of ValueClick, Casale, TribalFusion, etc. don't have an ad for a particular users). Well... as it turned out, some of those "lower tier" providers
were in the habit of delivering problematic ads.
We've moved to a different system of optimization where we have direct control and oversight, and essentially fired the previous firm. Since that
time (and killing the CPX ads), things seemed to have dramatically improved.
Image Hosting: The other problem was image hosting, and several times we discussed limiting avatars and images to the ATS domain(s)... in fact,
this was an often-enough seen suggestion by members as well. Since we had plans to integrate a video-sharing portal, we accelerated those plans and
also focused on a broad-spectrum all-file-types media portal service.
To go along with that, we also engaged in two services that constantly scan our servers for potential problems. One service scans all images and HTTP
headers for signs of malware injection code, and another service scans our pages for possible ways to inject malware. Additionally, all images and
videos are delivered over a high-performance content caching network, that also performs periodic scans.
Once this "safe environment" was in place, we switched over to requiring all image hosting through our media domain.
It appears as though these two strategies has very-nearly wiped out the once-numerous reports of malware encounters while on ATS. We had plans to
create a type of "help desk" system (mentioned
here), but it seems like it's not
needed any more.
But still... if you find problems, let us know. The fastest way is to use our
Complain/Suggestion Forum or U2U me directly.