Wierd redirects to dodgy site

S

SimonH2

Joined
4 Nov 2010
Messages
6,181
Reaction score
662
Location
Cumbria
Country
United Kingdom
A few times lately I've loaded a page (usually it's been clicking on the "View this Thread" link in the "this thread has a new post" emails - then after just a few seconds the address bar starts flickering a number of different URLs like it's hitting a redirect to a URL that's a redirect to a ...
And then Eset pops up an alert that "this site is on our list of dodgy sites" (or words to that effect).

At first I thought I must have accidentally clicked on an advert - but I've deliberately kept my hands away from keyboard and trackpad and still seen this. I'm wondering if there's some dodgy code around that's causing this - either the forum has been hacked, or much more likely, there's a dodgy advert that pushing it.

Anyone else seen this sort of thing ?
 
Sponsored Links
not me.

I use Norton. It occasionally blocks sites but it seems to be when their security certificate has expired or in some way doesn't match the URL. It does hog the disks a bit when opening pages with lots of links.

if I ever land on a suspicious or annoying site, or get popups, like a gambling one, I add it to Windows/tools/internet options/security/restricted sites on the suspicious one, and the one that sent me there, so it doesn't happen again. I can't remember when it last happened. It might have been Ebay links or maybe news/humour links. I remember Taboola was one of them. Norton seems to add a big list of shady sites automatically.

I tighten the settings on my machines during installation and I run in Protected Mode.

Next time it happens to you, C&P the "from" and "to" URLs and report them.
 
Last edited:
Well I've turned ad-blocking back on for this site and will see how it goes. I normally leave it off this site.
 
Whilst reading about other members experiences, I was just redirected to a site that F-secure does not like. I clicked on nothing
 
Sponsored Links
Had something similar when clicking on forum posts a couple of weeks ago, happened two or three times.

OOI what does DIYnot do as a site to intercept viruses, trojans etc?

Blup
 
My suspicion is that one of the ad vendors they use has allowed a "nasty" through - not the first time it's been spotted (not with this site though AFAIK). It's a good wheeze on the part of the b***ards - buy some advertising space, let the "agency" vet the ads, then switch them for something with some malicious code in it. Et voila - malicious code served up to users in adverts on multiple websites that the user trusts.
I'd guess that there's some javascript in one of them that's triggering the redirect to another URL, then that redirects, and so on through a few sites till it hits their "drive by download" site. The redirects will be to avoid AV packages spotting the URL in the code and blocking it at source.
While I've had the ad-blocker on, it's not happened again.

DIYnot won't see the ads, I assume they just reference the ad-server in the relevant places and the user's browser fetches the ads direct. As such, any site showing ads has to really trust the ad agency to vet the ads properly before serving them ... :whistle:
 
SimonH2 said:
My suspicion is that one of the ad vendors they use has allowed a "nasty" through - not the first time it's been spotted (not with this site though AFAIK).
Click to expand...
Yes, that was my assumption as well. I've turned my ad blocker off again for DIYnot (they have to get their running costs from somewhere) and it's not happening again.

It's a good wheeze on the part of the b***ards - buy some advertising space, let the "agency" vet the ads, then switch them for something with some malicious code in it. Et voila - malicious code served up to users in adverts on multiple websites that the user trusts.
I'd guess that there's some javascript in one of them that's triggering the redirect to another URL, then that redirects, and so on through a few sites till it hits their "drive by download" site. The redirects will be to avoid AV packages spotting the URL in the code and blocking it at source.
Click to expand...
Yup, that's how it works.

DIYnot won't see the ads, I assume they just reference the ad-server in the relevant places and the user's browser fetches the ads direct. As such, any site showing ads has to really trust the ad agency to vet the ads properly before serving them ... :whistle:
Click to expand...
Exactly - and as has been proved time and time again, that trust is misplaced.

Something else that many people don't know ...
Google and others have real-time bidding systems for adverts that leak a lot of information to the advertisers. The way the system works is that when an ad space is shown in a browser, information is gathered and then sent out to advertisers who analyse the information and decide how much that ad space is worth to them. Whoever bids the most gets to put their ad in that space.
https://www.theregister.co.uk/2019/02/20/iab_rtb_complain_fresh_evidence/

But that's diverging from the original topic :whistle:
 
You must log in or register to reply here.
Sponsored Links

Similar threads

ChrisR
More darned malware - now is it dying?
4 5 6
Replies
75
Views
9K
Monsterminty
Monsterminty
M
  • Locked
  • Sticky
Forum rules / General Info
Replies
0
Views
128K
moderator
M
F
Boyfriend to husband upgrade problem
Replies
2
Views
1K
Igorian
I
D
Boiler cuts out the colder it gets
Replies
11
Views
2K
deadkenny
D
J
Off topic: Thread Splitting in this forum
Replies
0
Views
759
JohnW2
J
Back
Top