Go Back  Bike Forums > News & Suggestions > Forum Suggestions & User Assistance
Reload this Page >

AD ISSUES: popups/hijacks -- PLEASE INCLUDE SCREEN SHOT

Forum Suggestions & User Assistance Have a suggestion for the forums? Need help with the Forums? Post here.

AD ISSUES: popups/hijacks -- PLEASE INCLUDE SCREEN SHOT

Reply

Old 01-01-18, 05:52 PM
  #176  
jitteringjr
Senior Member
 
jitteringjr's Avatar
 
Join Date: Sep 2001
Location: Colorado
Posts: 1,954

Bikes: 2018 Canyon Aeroad CF SLX 9.0 2016 Bombtrack Arise Campy build cross bike 2005 Fuji Outland Pro

Mentioned: 3 Post(s)
Tagged: 0 Thread(s)
Quoted: 353 Post(s)
Originally Posted by bogydave View Post
Anybody reading , working on the problem
Hello
Anybody there?
Hello
There are people reading it, but obviously no one who knows how or is willing to fix it.
jitteringjr is offline  
Reply With Quote
Old 01-01-18, 06:40 PM
  #177  
bogydave
Senior Member
 
bogydave's Avatar
 
Join Date: Dec 2015
Location: ALASKA , SoCal
Posts: 801

Bikes: /Skye/ Torker mt, Sirrus flat bar

Mentioned: 4 Post(s)
Tagged: 0 Thread(s)
Quoted: 163 Post(s)
Originally Posted by jitteringjr View Post
There are people reading it, but obviously no one who knows how or is willing to fix it.
Thanks
Am used to being “ignored”
Been Married for 44 years
bogydave is offline  
Reply With Quote
Old 01-01-18, 06:42 PM
  #178  
bogydave
Senior Member
 
bogydave's Avatar
 
Join Date: Dec 2015
Location: ALASKA , SoCal
Posts: 801

Bikes: /Skye/ Torker mt, Sirrus flat bar

Mentioned: 4 Post(s)
Tagged: 0 Thread(s)
Quoted: 163 Post(s)
Originally Posted by jitteringjr View Post
There are people reading it, but obviously no one who knows how or is willing to fix it.
Thanks
Am used to being “ignored”
Been Married for 44 year’s
bogydave is offline  
Reply With Quote
Old 01-01-18, 07:20 PM
  #179  
bogydave
Senior Member
 
bogydave's Avatar
 
Join Date: Dec 2015
Location: ALASKA , SoCal
Posts: 801

Bikes: /Skye/ Torker mt, Sirrus flat bar

Mentioned: 4 Post(s)
Tagged: 0 Thread(s)
Quoted: 163 Post(s)
Amazon.com - Congratulations!!
bogydave is offline  
Reply With Quote
Old 01-01-18, 07:22 PM
  #180  
bogydave
Senior Member
 
bogydave's Avatar
 
Join Date: Dec 2015
Location: ALASKA , SoCal
Posts: 801

Bikes: /Skye/ Torker mt, Sirrus flat bar

Mentioned: 4 Post(s)
Tagged: 0 Thread(s)
Quoted: 163 Post(s)
Barely got the above in before
“ amazon’d”
Attached Images
bogydave is offline  
Reply With Quote
Old 01-01-18, 07:26 PM
  #181  
bogydave
Senior Member
 
bogydave's Avatar
 
Join Date: Dec 2015
Location: ALASKA , SoCal
Posts: 801

Bikes: /Skye/ Torker mt, Sirrus flat bar

Mentioned: 4 Post(s)
Tagged: 0 Thread(s)
Quoted: 163 Post(s)
This pic
Was next

Diff address
Attached Images
bogydave is offline  
Reply With Quote
Old 01-01-18, 07:31 PM
  #182  
bogydave
Senior Member
 
bogydave's Avatar
 
Join Date: Dec 2015
Location: ALASKA , SoCal
Posts: 801

Bikes: /Skye/ Torker mt, Sirrus flat bar

Mentioned: 4 Post(s)
Tagged: 0 Thread(s)
Quoted: 163 Post(s)
Is any of this info helpful?
About 10 min to get in one post
bogydave is offline  
Reply With Quote
Old 01-01-18, 07:36 PM
  #183  
bogydave
Senior Member
 
bogydave's Avatar
 
Join Date: Dec 2015
Location: ALASKA , SoCal
Posts: 801

Bikes: /Skye/ Torker mt, Sirrus flat bar

Mentioned: 4 Post(s)
Tagged: 0 Thread(s)
Quoted: 163 Post(s)
After “post reply” button
I get Amz’d again
Don’t think it likes me complaining about the algorithm that’s
creating havoc for some ph & pad members

Getting ready to hit “post quick reply”
Will be Amz’d
Bye
bogydave is offline  
Reply With Quote
Old 01-01-18, 07:39 PM
  #184  
bogydave
Senior Member
 
bogydave's Avatar
 
Join Date: Dec 2015
Location: ALASKA , SoCal
Posts: 801

Bikes: /Skye/ Torker mt, Sirrus flat bar

Mentioned: 4 Post(s)
Tagged: 0 Thread(s)
Quoted: 163 Post(s)
3 min, redirected back to my post
Not Amz’d that time
Maybe the bug only has x number of run cycles ?
bogydave is offline  
Reply With Quote
Old 01-01-18, 07:59 PM
  #185  
billnuke1
Senior Member
 
billnuke1's Avatar
 
Join Date: Dec 2010
Location: the "Cape"
Posts: 771

Bikes: Hundreds! No longer "Hundreds". Sold a bunch. Traded a bunch.

Mentioned: 1 Post(s)
Tagged: 0 Thread(s)
Quoted: 49 Post(s)
Anything...?
billnuke1 is offline  
Reply With Quote
Old 01-01-18, 09:07 PM
  #186  
Shimagnolo
Senior Member
 
Shimagnolo's Avatar
 
Join Date: May 2008
Location: Zang's Spur, CO
Posts: 8,563
Mentioned: 7 Post(s)
Tagged: 0 Thread(s)
Quoted: 1348 Post(s)
Originally Posted by IBobi View Post
If you are CHROME, mobile, you can try this:

  • Load chrome://flags/#enable-framebusting-needs-sameorigin-or-usergesture in the browser's address bar.
  • Switch the status of the "Framebusting requires same-origin or a user gesture" experimental flag from default to enabled.
  • Restart the Chrome browser.
That is an option in MacOS Chrome, but not the iPad Chrome.
It works, (on MacOS), but Chrome did not have it enabled by default.
To test the redirection, use this URL:

https://ndossougbe.github.io/web-san...s/3p-redirect/

You should get this page shown in the image here if you pass all 3 tests.
(There may be a short delay before the 3rd test completes).

If you get the first 2 boxes, then get redirected to a random trash page, the browser is still susceptible.
I have not found any comparable settings for Safari/Firefox/Opera.
Attached Images
File Type: jpg
Untitled.jpg (73.9 KB, 52 views)
Shimagnolo is offline  
Reply With Quote
Old 01-01-18, 09:11 PM
  #187  
bogydave
Senior Member
 
bogydave's Avatar
 
Join Date: Dec 2015
Location: ALASKA , SoCal
Posts: 801

Bikes: /Skye/ Torker mt, Sirrus flat bar

Mentioned: 4 Post(s)
Tagged: 0 Thread(s)
Quoted: 163 Post(s)
Aaaaarg
Done!
bogydave is offline  
Reply With Quote
Old 01-01-18, 09:31 PM
  #188  
ericy
Señor Member
 
ericy's Avatar
 
Join Date: May 2006
Location: Vienna VA
Posts: 1,332

Bikes: Giant OCR2, Trek DS 8.3

Mentioned: 2 Post(s)
Tagged: 1 Thread(s)
Quoted: 284 Post(s)
Glad to see I am not the only one with these issues.
ericy is offline  
Reply With Quote
Old 01-01-18, 10:16 PM
  #189  
ericy
Señor Member
 
ericy's Avatar
 
Join Date: May 2006
Location: Vienna VA
Posts: 1,332

Bikes: Giant OCR2, Trek DS 8.3

Mentioned: 2 Post(s)
Tagged: 1 Thread(s)
Quoted: 284 Post(s)
Originally Posted by Rollfast View Post
Helps if you take a SCREENSHOT instead of trying to cut and paste and ending up with a lot of base64 data gibberish.
The base64 is trivial to convert to something more readable:

https://www.base64decode.org/

it ultimately results in a bunch of javascript, which in turn has an embedded base64 javascript routine which has a bunch of hex-encoded strings. There is an URL in there:
Code:
vumhd.voluumtrk3.com/f85d7dcc-d8b8-44dd-ac78-99cbdce1d93e?aff_sub2=4f5fd080-51ae-472c-992b-33104f0540c3_1511501400&aff_sub3=APPNEXUS&aff_sub4=728x90&aff_sub6=3220690&domain=bikeforums.net&domain_id=9829be83b615119b19b00af4fd745aff&campaign_country=US_IOS
I have stripped the leading https:// as I do not know if this is a safe URL, and I would not want anyone clicking on it.

Anyways, I don't know whether it is more helpful to the techs have screenshots, base64 or something else. Some clarification would be helpful..
ericy is offline  
Reply With Quote
Old 01-02-18, 08:09 AM
  #190  
bargeon
Senior Member
 
bargeon's Avatar
 
Join Date: Jun 2014
Location: Central NY
Posts: 398

Bikes: Fuji, Focus,Felt. 20 more letters to go.

Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 103 Post(s)
FWIW I lost the Amazon ad and the fake warning about a virus infection by loading a 2nd browser and turning off the Java script option.

But shutting off Java means most sites won't load or work right, so I use this non-Java browser for infected sites (BF isn't the only one.)

I use an Android tablet.
bargeon is offline  
Reply With Quote
Old 01-02-18, 11:57 AM
  #191  
IBThomas
Administrator
 
Join Date: Dec 2017
Posts: 283
Mentioned: 33 Post(s)
Tagged: 0 Thread(s)
Quoted: 119 Post(s)
Originally Posted by bogydave View Post
Back agai
Thanks for the screenshots, bogydave. I've reported these ads... hopefully we can get a lid on this soon.
IBThomas is offline  
Reply With Quote
Old 01-02-18, 01:35 PM
  #192  
bogydave
Senior Member
 
bogydave's Avatar
 
Join Date: Dec 2015
Location: ALASKA , SoCal
Posts: 801

Bikes: /Skye/ Torker mt, Sirrus flat bar

Mentioned: 4 Post(s)
Tagged: 0 Thread(s)
Quoted: 163 Post(s)
Originally Posted by IBThomas View Post
Thanks for the screenshots, bogydave. I've reported these ads... hopefully we can get a lid on this soon.
Hope they help
Still happening on my ph
Was a fight to get to messages too
bogydave is offline  
Reply With Quote
Old 01-02-18, 02:47 PM
  #193  
IBobi
Administrator
 
IBobi's Avatar
 
Join Date: Mar 2011
Posts: 324

Bikes: 2010 Gary Fisher Marlin Disc

Mentioned: 12 Post(s)
Tagged: 2 Thread(s)
Quoted: 120 Post(s)
I have merged 4 threads on the same subject here, so that we can track this as one issue.
IBobi is offline  
Reply With Quote
Old 01-02-18, 03:25 PM
  #194  
Rollfast
What happened?
 
Rollfast's Avatar
 
Join Date: Jun 2007
Location: Around here somewhere
Posts: 6,808

Bikes: No. 7 now sitting in a box in the living room

Mentioned: 23 Post(s)
Tagged: 1 Thread(s)
Quoted: 1198 Post(s)
Originally Posted by ericy View Post
The base64 is trivial to convert to something more readable:

https://www.base64decode.org/

it ultimately results in a bunch of javascript, which in turn has an embedded base64 javascript routine which has a bunch of hex-encoded strings. There is an URL in there:
Code:
vumhd.voluumtrk3.com/f85d7dcc-d8b8-44dd-ac78-99cbdce1d93e?aff_sub2=4f5fd080-51ae-472c-992b-33104f0540c3_1511501400&aff_sub3=APPNEXUS&aff_sub4=728x90&aff_sub6=3220690&domain=bikeforums.net&domain_id=9829be83b615119b19b00af4fd745aff&campaign_country=US_IOS
I have stripped the leading https:// as I do not know if this is a safe URL, and I would not want anyone clicking on it.

Anyways, I don't know whether it is more helpful to the techs have screenshots, base64 or something else. Some clarification would be helpful..

Umm, the issue is that it makes for a mile long post in my email updates. PS My phones are cordless bondagephones and they are happy about it, I borrow cellphone for calls, build PCs from used stuff. Last Apple I had my hands on was an ancient Macintosh I was looking at for a friend and I GAVE them a Dell OptiPlex, had to teach them to avoid spam through not signing up for everything and now they have a much better computer anyway.
__________________
Summary: Life is still 100% fatal.
Rollfast is offline  
Reply With Quote
Old 01-02-18, 05:16 PM
  #195  
Phamilton
Senior Member
 
Phamilton's Avatar
 
Join Date: Oct 2014
Location: Ft Wayne, IN
Posts: 525
Mentioned: 15 Post(s)
Tagged: 0 Thread(s)
Quoted: 212 Post(s)
For those running iOS/Safari, you may consider installing an ad blocker. I was having the redirect issue, searched the App Store for "ad blocker", found one that for free will block only ads on Safari (only). The app has other functions unlockable with premium $$ but at the moment I don't require the extra functionality. I haven't had any problems since, and it has also sped up my browser some. I only tried this one app and it worked so I didn't try any of the others. It's called 1Blocker. I posted this from Safari on my iPhone 5s.
Phamilton is offline  
Reply With Quote
Old 01-02-18, 05:18 PM
  #196  
Shimagnolo
Senior Member
 
Shimagnolo's Avatar
 
Join Date: May 2008
Location: Zang's Spur, CO
Posts: 8,563
Mentioned: 7 Post(s)
Tagged: 0 Thread(s)
Quoted: 1348 Post(s)
Originally Posted by bargeon View Post
FWIW I lost the Amazon ad and the fake warning about a virus infection by loading a 2nd browser and turning off the Java script option.

But shutting off Java means most sites won't load or work right, so I use this non-Java browser for infected sites (BF isn't the only one.)

I use an Android tablet.
Don't confuse Java with Javascript.
They are two unrelated languages.

Java was invented at Sun, and is now owned by Oracle. It is now pretty much dead on the browser side of things, but is still used internally in web servers. Apple helped push it out of the client side by not supporting it on iOS.

Livescript was invented at Netscape, then in a boneheaded marketing move it was renamed Javascript to jump on the coattails of the popularity surge that Java was experiencing at the time. It is alive and well on the client side and being used for crap like the topic of this thread.

Don't feel too bad about confusing them. When I was at Sun Microsystems, their marketing idiots were slapping the name Java on everything. I actually had to explain to a co-worker one day that the "Sun Java Desktop" was just Sun's branded version of Linux, and there was no Java in it whatsoever.
Shimagnolo is offline  
Reply With Quote
Old 01-02-18, 05:37 PM
  #197  
DNZ11
Junior Member
 
Join Date: Dec 2015
Location: Philly
Posts: 13

Bikes: 1990 Raleigh Technium Chill

Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 11 Post(s)
This amazon hijack prevented me from coming to only this website for most of the day....
DNZ11 is offline  
Reply With Quote
Old 01-02-18, 05:38 PM
  #198  
chainwhip
Senior Member
 
Join Date: Jun 2017
Posts: 199
Mentioned: 3 Post(s)
Tagged: 0 Thread(s)
Quoted: 74 Post(s)
Thanks,IBobi...Chrome now seems useable for me.



Originally Posted by IBobi View Post
If you are CHROME, mobile, you can try this:

  • Load chrome://flags/#enable-framebusting-needs-sameorigin-or-usergesture in the browser's address bar.
  • Switch the status of the "Framebusting requires same-origin or a user gesture" experimental flag from default to enabled.
  • Restart the Chrome browser.
I just downloaded Firefox, out of frustration.
It enabled me to search out this thread re: constant redirects on BF.
Both browsers now good after a short trial.

Thanks again!
chainwhip is offline  
Reply With Quote
Old 01-02-18, 05:50 PM
  #199  
bargeon
Senior Member
 
bargeon's Avatar
 
Join Date: Jun 2014
Location: Central NY
Posts: 398

Bikes: Fuji, Focus,Felt. 20 more letters to go.

Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 103 Post(s)
Originally Posted by Shimagnolo View Post
Don't confuse Java with Javascript.
They are two unrelated languages.

Java was invented at Sun, and is now owned by Oracle. It is now pretty much dead on the browser side of things, but is still used internally in web servers. Apple helped push it out of the client side by not supporting it on iOS.

Livescript was invented at Netscape, then in a boneheaded marketing move it was renamed Javascript to jump on the coattails of the popularity surge that Java was experiencing at the time. It is alive and well on the client side and being used for crap like the topic of this thread.

Don't feel too bad about confusing them. When I was at Sun Microsystems, their marketing idiots were slapping the name Java on everything. I actually had to explain to a co-worker one day that the "Sun Java Desktop" was just Sun's branded version of Linux, and there was no Java in it whatsoever.
Yes, the option in Settings actually says"Java Script", so I hope anyone who tries it will get it, even though I just said Java.

Thanks
bargeon is offline  
Reply With Quote
Old 01-02-18, 10:21 PM
  #200  
ericy
Señor Member
 
ericy's Avatar
 
Join Date: May 2006
Location: Vienna VA
Posts: 1,332

Bikes: Giant OCR2, Trek DS 8.3

Mentioned: 2 Post(s)
Tagged: 1 Thread(s)
Quoted: 284 Post(s)
Originally Posted by Rollfast View Post
Umm, the issue is that it makes for a mile long post in my email updates. PS My phones are cordless bondagephones and they are happy about it, I borrow cellphone for calls, build PCs from used stuff. Last Apple I had my hands on was an ancient Macintosh I was looking at for a friend and I GAVE them a Dell OptiPlex, had to teach them to avoid spam through not signing up for everything and now they have a much better computer anyway.
I get that too. I come from the perspective of an application developer, so some of these things have more meaning to me. If they want screenshots, we can of course provide them, but I don't see much of anything in there that would identify which ads might be the culprit here. They all look like junk popups that seize the browser tab and redirect to something or another (not yet determined what that is). But maybe I am wrong - maybe to the techs the screenshots are useful, but I would make the observation that this problem has been around for a while and the information that they do have seems to be insufficient to resolve the issue. And I would also make the observation that whomever is doing this is trying to obfuscate what it is that they are doing in order to make it harder to filter out.

The landing pad URL that I found earlier can be found in a discussion here:

https://blog.confiant.com/hands-on-w...s-fa3c3623fd22

Basically everything I found earlier looking at the base64 that was posted earlier is also seen and discussed.

Next time I see this on my phone, I will capture the data myself to try and see if the current popups have the same signature.
ericy is offline  
Reply With Quote

Thread Tools
Search this Thread

Contact Us Archive Advertising Cookie Policy Privacy Statement Terms of Service