Site Infection?

CarolinaBeerGuy

Don't know him from Adam
SoSH Member
Mar 14, 2006
9,419
Kernersville, NC
I’ve been getting random redirects to a site saying my iPhone may be infected when I click on the main board. This doesn’t happen every time, but it’s only happening on my iPhone (iPhone 8 running iOS 11.0.3) using Safari. Anyone else having this problem? I can provide links if needed.
 

DJnVa

Dorito Dawg
SoSH Member
Dec 16, 2010
53,841
I had a few issues earlier today when I used my laptop--said site was down and sent me to a cached version.
 

InsideTheParker

persists in error
SoSH Member
Jul 15, 2005
40,371
Pioneer Valley
It happened to me once today on my laptop, at home. There was a message the gist of which was that it was not my computer, not my network, but originated with the website. It was brief, and next click brought it up.
 

TFP

Moderator
Moderator
SoSH Member
Dec 10, 2007
20,380
I've been getting that exact thing a lot on mobile. I just close out and re-load and it's fine.

Any way to figure out which ad is doing it? It's quite annoying.
 

AlNipper49

Huge Member
Dope
SoSH Member
Apr 3, 2001
44,852
Mtigawi
I think ti was part a security agent that I had on the server. Changed things around a bit and rebooted. If things happen more than once for you can you report back here?

Thanks all!
 

TFP

Moderator
Moderator
SoSH Member
Dec 10, 2007
20,380
I think ti was part a security agent that I had on the server. Changed things around a bit and rebooted. If things happen more than once for you can you report back here?

Thanks all!
Just happened to me twice on two different threads.
 

SumnerH

Malt Liquor Picker
Dope
SoSH Member
Jul 18, 2005
31,893
Alexandria, VA
That's definitely an ad trying a phishing attack. Note that the URL is an amateurish phishing attempt: "app1e-secur1ty . com".
 

AlNipper49

Huge Member
Dope
SoSH Member
Apr 3, 2001
44,852
Mtigawi
Originally they were hidden for subscribers. About 1% of our traffic is from people logged in so we wanted a way to make the unwashed masses pay. Then we had huge issues with the subscription system and also got a new skin/software where it was more difficult to selectively hide things.

My guess is that google cleans up the bad ads being displayed, if it’s a bad ad we’re not the only one complaining (and I did). If you guys get a bad ad is there a way to identify what the actual ad is?
 
Last edited:

SumnerH

Malt Liquor Picker
Dope
SoSH Member
Jul 18, 2005
31,893
Alexandria, VA
Yeah, if you could see what add is at the bottom of the page when it triggers that might help track it down. I just tried spoofing an iphone user-agent and refreshed the main board a few dozen times, but I couldn't get it to happen (I don't have an actual iphone to test with).
 

Curtis Pride

Member
SoSH Member
Jul 25, 2005
1,374
Watertown, MA
I think it's mainly a problem with iOS 11 and Safari. The pop -up may come from a site put a cookie on your phone and then prompts a site redirection. To fix it (mostly):

1. Quit Safari by double-pressing the home button and swiping Safari up. That stops Safari from running in the background.
2. Clear your website history by going to Settings -> Safari -> Clear History and Website Data and tapping "Clear History and Data."

That may solve the problem for now, but because the pop-ups are triggered by a file in the "Website Data" section of iOS I cannot guarantee that the problem will not recur.. Hope this helps.
 

j44thor

Member
SoSH Member
Aug 1, 2006
10,961
Same here. always a CloundFront redirection.
I'm getting the Cloudfront redirection on Android 7.0 once per day.
Pop up giving a $100 Amazon gift cert. Easy to get around but a lay person might get stuck.
It only happens on SOSH and only happens once per day.
 

Couperin47

Member
SoSH Member
There is a posting in the Ridiculously Cute Animals thread that links to the site www.bite.ca. ESET reports:

Time;Scanner;Object type;Object;Threat;Action;User;Information;Hash;First seen here
11/16/2017 9:22:32 AM;HTTP filter;file;http://www.bite.ca;HTML/ScrInject.B trojan;connection terminated;UP\Jeff;Threat was detected upon access to web by the application: C:\Program Files\Pale Moon\palemoon.exe (571638FB5FB0042782409C8BC0977A27B0B5AD5F).;B940B20513E219D81654B6D9B9742E9B940FB794;

That link should be deleted.
 

hoothehoo

Member
SoSH Member
Jul 15, 2005
1,016
Here
I think ti was part a security agent that I had on the server. Changed things around a bit and rebooted. If things happen more than once for you can you report back here?

Thanks all!
I just got one of those "congratulations you've won" ones in the BbtL forum.