LQ Suggestions & FeedbackDo you have a suggestion for this site or an idea that will make the site better? This forum is for you.
PLEASE READ THIS FORUM - Information and status updates will also be posted here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Once again there is news of the problems that can be caused by malicious java script. This is particularly of concern on sites that allows users to upload content. (And, in fact, maybe about a year ago, Yahoo had problems with this very thing.) Normally I leave Java Script disabled; LQ is one of the few sites I enable it for because it makes the editing of posts so much more sane. So I just want to double check that LQ does what is necessary to make sure that functional Java Script cannot be uploaded by users. Within this question (and something I don't know due to my lack of HTML knowledge) is whether when sombody posts Java Script (within code tags or not) whether there is any way a browser might end up executing it.
For the record, prior to posting this, I searched this thread for Java Script, and ended up reading the entire thread from last year about the pop up issues. I could not find that this issue has been specifically addressed before.
I doubt Jermey would let malicious javascript uploads on this site
I am sure it would not be intentional. As I said, Yahoo got caught with their pants down and I just wanted to make sure it is something that has been thought about here.
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,600
Rep:
We do everything we possibly can to prevent things like what you are describing. The issue in the thread you linked to was a client issue and unrelated to LQ.
The problem which is described in the second link of the OP about the pop up issue, happened twice on my machine since yesterday.
It is as described in the link
My machine runs Arch Linux, not Windows.
And it happens only when I visit the LQ site.
It's very annoying because the LQ page disappears and is not available again until Firefox is restarted. Before that, nothing can be done with the browser because it is hijacked by the spurious site (even the window size where the browser stands is changed).
I cannot but think that it is related with something at the LQ site.
Can somebody search for a possible cause please ?
It's the first time since I run Linux on my machine that something like that happens, it reminds me of the Windows vulnerabilities when surfing the Web.
Distribution: Solaris 11.4, Oracle Linux, Mint, Debian/WSL
Posts: 9,789
Rep:
I have been hit by the very same malware yesterday night.
Brand new O/S installation (Solaris Express build 66 + Firefox 2.0.0.3).
The only site visited before LQ were the Firefox Google welcome page then a google search.
While browsing LQ, I was redirected to that URL (found in Firefox history):
http://
fr.errorsafe.com
/pages/scanner/index.php?ax=1&ex=1&ed=2&aid=which95k_rdt&lid=intl&affid=&mpt=[CACHEBUSTER]
Me too. It happened three times in the last two days and only when I was browsing the LQ site. Next time I will log and post all the relevant information, if this can help to go deep inside the question.
Yes, I agree. I never thought it could be caused from Jeremy's doing. I wonder how can it happen, but unfortunately I am not an expert in these issues.
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,600
Rep:
I've not seen this happen, but any additional information that will help me track down if it's LQ ad server related would be appreciated. We will work to kill the ad ASAP if it did sneak in somehow.
It happened again to-night just before this post.
I enter LQ directly at the forum page and I didn't click anything before the problem occurred.
The site responsible for the hijacking is saved in the Firefox history as
h..p://www.drivecleaner.com/.freeware/?p=56&ax=1&ex=1&ed=2&aid=which95k&lid=intl&affid=&aid=which95k&mpt=[CACHEBUSTER]&aid=which95k_rdt
('h..p' is for 'http' for preventing the url tags)
I cannot identify which ad may cause that because the browser is pushed out of the LQ site before I could see anything.
I think it may be caused by one of the ads, as it doesn't happen every times.
Edit: I'm now sure that this is from a javascript execution, because I had allowed scripts to move or resize existing windows in the Firefox preferences options. And that is what happened.
Similar behaviour just happen to me again. I have just started to navigate the LQ site and the pop-up has shown again (always the same for me but different from those reported above). In detail: the browser resize to a little square windows (about 1 inch) and a pop-up appear with the following message
Quote:
The page at h..p://amaena.com says:
NOTICE: If your computer has been running slower than normal, it may be infected with Viruses, Adware or Spyware.
WinAntiVirus PRO can perform a quick and completely FREE scan of your system for malicious programs.
Download WinAntiVirus PRO FREE now!
I can take any action and the browser resize again to the maximum screen size and connect to the URL h..p://amaena.com/securityworm58/index.php?aid=which95k_rdt_it_en_ed2&lid=intl&affid=&ax=1&p=&ex=1&h=0&j=0
Again I can take any action (this time I tried to reconnect to LQ from my bookmarks) and a new pop-up appears:
Quote:
The page at h..p://amaena.com says:
NOTICE: You have not completed viruses and spyware scan. If your computer has viruses, spyware and adware trojans, it can cause your private and billing information leaks, unpredictable or erratic system behaviour, freezes, crashes or permanent damage to your PC.
WinAntiVirus PRO can perform a quick and completely FREE scan of your system for viral and spyware infections.
Would you like WinAntiVirus PRO to scan for and, if found, remove any malicious software now? (Recommended)
If I close the pop-up, the browser goes under my control again and can reconnect to LQ following my previous request. It does not seems so malicious, but undoubtfully is very annoying! I know these informations are not valuable to figure out where the problem resides. If you need some info from my system, as the system log, I will provide them. Thank you and sorry for the long post.
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,600
Rep:
Is this happening only on specific pages? I'm completely unable to replicate this or find any indication that it's coming from LQ at this time. We only use two ad providers and both of them have been extremely reliable in the past. Only one (Google) allows for arbitrary ad placement, but they do not allow javascript at all. The one commonality I see here is the "which95k" string. Any additional information will help.
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,600
Rep:
An update: The culprit here has potentially been tracked down. It was not directly related to LQ itself, but rather an aberrant ad. We'll be working with our ad provider to ensure this doesn't happen again. Thanks for the patience. Your security and privacy are extremely important to us and I'm happy to say that neither were impacted in this case. We do apologize for the annoyance.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.