Site Infection?

adam42381

Well-Known Member
Silver Supporter
SoSH Member
Mar 14, 2006
4,883
Kernersville, NC
I’ve been getting random redirects to a site saying my iPhone may be infected when I click on the main board. This doesn’t happen every time, but it’s only happening on my iPhone (iPhone 8 running iOS 11.0.3) using Safari. Anyone else having this problem? I can provide links if needed.
 

DrewDawg

Dorito Dink
SoSH Member
Dec 16, 2010
33,793
I had a few issues earlier today when I used my laptop--said site was down and sent me to a cached version.
 

InsideTheParker

Member
SoSH Member
Jul 15, 2005
24,360
Pioneer Valley
It happened to me once today on my laptop, at home. There was a message the gist of which was that it was not my computer, not my network, but originated with the website. It was brief, and next click brought it up.
 

TFP

Dope
Dope
Dec 10, 2007
17,291
I've been getting that exact thing a lot on mobile. I just close out and re-load and it's fine.

Any way to figure out which ad is doing it? It's quite annoying.
 

AlNipper49

Huge Member
Dope
Apr 3, 2001
40,363
Mtigawi
I think ti was part a security agent that I had on the server. Changed things around a bit and rebooted. If things happen more than once for you can you report back here?

Thanks all!
 

TFP

Dope
Dope
Dec 10, 2007
17,291
I think ti was part a security agent that I had on the server. Changed things around a bit and rebooted. If things happen more than once for you can you report back here?

Thanks all!
Just happened to me twice on two different threads.
 

SumnerH

Malt Liquor Picker
Dope
Jul 18, 2005
25,839
Alexandria, VA
That's definitely an ad trying a phishing attack. Note that the URL is an amateurish phishing attempt: "app1e-secur1ty . com".
 

canderson

Fomenting voting confusion and angst since 2016
Gold Supporter
SoSH Member
Jul 16, 2005
22,641
Harrisburg, Pa.
Is it feasible to donate enough to have ads removed? I’d gladly help the cause if the ads are messing with everyone.
 

AlNipper49

Huge Member
Dope
Apr 3, 2001
40,363
Mtigawi
Originally they were hidden for subscribers. About 1% of our traffic is from people logged in so we wanted a way to make the unwashed masses pay. Then we had huge issues with the subscription system and also got a new skin/software where it was more difficult to selectively hide things.

My guess is that google cleans up the bad ads being displayed, if it’s a bad ad we’re not the only one complaining (and I did). If you guys get a bad ad is there a way to identify what the actual ad is?
 
Last edited:

SumnerH

Malt Liquor Picker
Dope
Jul 18, 2005
25,839
Alexandria, VA
Yeah, if you could see what add is at the bottom of the page when it triggers that might help track it down. I just tried spoofing an iphone user-agent and refreshed the main board a few dozen times, but I couldn't get it to happen (I don't have an actual iphone to test with).
 

Curtis Pride

Well-Known Member
Bronze Supporter
SoSH Member
Jul 25, 2005
1,092
Watertown, MA
I think it's mainly a problem with iOS 11 and Safari. The pop -up may come from a site put a cookie on your phone and then prompts a site redirection. To fix it (mostly):

1. Quit Safari by double-pressing the home button and swiping Safari up. That stops Safari from running in the background.
2. Clear your website history by going to Settings -> Safari -> Clear History and Website Data and tapping "Clear History and Data."

That may solve the problem for now, but because the pop-ups are triggered by a file in the "Website Data" section of iOS I cannot guarantee that the problem will not recur.. Hope this helps.
 

j44thor

Member
SoSH Member
Aug 1, 2006
8,924
Same here. always a CloundFront redirection.
I'm getting the Cloudfront redirection on Android 7.0 once per day.
Pop up giving a $100 Amazon gift cert. Easy to get around but a lay person might get stuck.
It only happens on SOSH and only happens once per day.
 

Couperin47

Well-Known Member
Silver Supporter
SoSH Member
There is a posting in the Ridiculously Cute Animals thread that links to the site www.bite.ca. ESET reports:

Time;Scanner;Object type;Object;Threat;Action;User;Information;Hash;First seen here
11/16/2017 9:22:32 AM;HTTP filter;file;http://www.bite.ca;HTML/ScrInject.B trojan;connection terminated;UP\Jeff;Threat was detected upon access to web by the application: C:\Program Files\Pale Moon\palemoon.exe (571638FB5FB0042782409C8BC0977A27B0B5AD5F).;B940B20513E219D81654B6D9B9742E9B940FB794;

That link should be deleted.
 

hoothehoo

Member
SoSH Member
Jul 15, 2005
368
Here
I think ti was part a security agent that I had on the server. Changed things around a bit and rebooted. If things happen more than once for you can you report back here?

Thanks all!
I just got one of those "congratulations you've won" ones in the BbtL forum.