Ben X Posted March 4, 2015 That was a dig at the two people repeating my post, btw, not at you! OMG NEW PAGE! HOW EMBARRASSING AND EXCITING AND UNUSUAL! Share this post Link to post Share on other sites
Sno Posted March 4, 2015 Okay, i might be going crazy, or there might be something on my end, but if i visit specifically the front page of this forum with cookies cleared - or in a private window as it turns out - my noscript plugin shows that the forum is trying to run scripts from an "alnera.eu" domain, which googling seems to suggest is involved with a variety of driveby exploits. Has the forum been a victim of something? Share this post Link to post Share on other sites
toblix Posted March 4, 2015 Hmm, I don't get that. Only idlethumbs.net, googleapis.com and google-analytics.com. Maybe someone is injecting something into the page. Do you see where in the page it tries to load the alnera.eu script? Share this post Link to post Share on other sites
Sno Posted March 4, 2015 I'm not exactly sure what i should be looking for, but noscript detects it fairly reliably, but only on a first visit with no cookies set. This is the only site i have ever seen that domain. Share this post Link to post Share on other sites
syntheticgerbil Posted March 4, 2015 That was a dig at the two people repeating my post, btw, not at you! Hah, well I was just commenting on the quality of the search function. I like it and I get irrationally defensive when people call it broken, but this time it really was broken. ANYWAY ALL THAT BACKSTORY. Share this post Link to post Share on other sites
Sno Posted March 4, 2015 Googling came up with this, so is this relevant to what i'm noticing, possibly? Share this post Link to post Share on other sites
Sno Posted March 4, 2015 Hmm, I don't get that. Only idlethumbs.net, googleapis.com and google-analytics.com. Maybe someone is injecting something into the page. Do you see where in the page it tries to load the alnera.eu script? Alright, i'm kind of a layman with this stuff, but i've spent my day reading up and i think i have a guess at what the offending script is. If anybody wants to fire me a private message, we can have a back and forth about it. Share this post Link to post Share on other sites
tabacco Posted March 5, 2015 I'm not seeing any evidence of script injection, but if you found something please send me any details you've got. Share this post Link to post Share on other sites
toblix Posted March 5, 2015 I'm not seeing any evidence of script injection Exactly what an injected script would say! Share this post Link to post Share on other sites
Twig Posted March 5, 2015 I like it i don't understand these words Share this post Link to post Share on other sites
Sno Posted March 6, 2015 I'm not seeing any evidence of script injection, but if you found something please send me any details you've got. Like i said, i'm kind of layman with this, so i'm not sure what specific information you want, let me know and i'll send it your way. Looking into it more though, i can definitely see the script and possibly the details that reveal what it is, but it only shows up consistently when i'm in private browsing. It doesn't seem like it appears if i'm logged in? I don't understand, but it seems to mirror what's in that security blog pretty closely though. If really nobody else is seeing it, is it something on my end? Share this post Link to post Share on other sites
Bjorn Posted March 8, 2015 So I duplicated your efforts on Firefox, and I get the same thing, a blocked script from alnera.eu. But only in private browsing mode. This is in Firefox 35.0.1, running AdBlock Plus and NoScript as security addons. Edited to add: I just checked 6 additional sites in private browsing mode, both ones I use on a regular basis and ones I don't, and the alnera thing didn't pop up in any of those. So if it is something local on my machine, it seems to be oddly local to idlethumbs? I can check more or try whatever to verify it more. Share this post Link to post Share on other sites
Sno Posted March 16, 2015 Okay, so it's not just me, then. Share this post Link to post Share on other sites
toblix Posted March 16, 2015 What URL(s) exactly are you guys loading, and which domains try to load scripts, and which of those do you block/allow? Share this post Link to post Share on other sites
tabacco Posted March 16, 2015 Managed to track this down. Looks like an ip.board vulnerability allowed for a malicious avatar image to be uploaded that, when called, modifies a cache file to add a forum hook to call back to the avatar script to redirect urls with a specific set of params. If you've been seeing those redirects, just make sure you have some sort of antivirus solution in place (which is good advice no matter what). And thanks for reporting it. Sorry it took so long to track down. It was hard to find, and built to be hard to fix by just recopying the source files for the forum. Share this post Link to post Share on other sites
Bjorn Posted March 16, 2015 Cool, glad you found it! The weird thing is that it only appeared in private windows, I couldn't find anything in regular windows. Share this post Link to post Share on other sites
Sno Posted March 16, 2015 Now i get to be unreasonably paranoid about whether or not i've been impacted by this. Glad i could be of use, at least. Share this post Link to post Share on other sites
melmer Posted March 25, 2015 When I submit posts on the mobile version of the site (iphone 4) the page just hangs, loading forever. The post is made in the background but I have to manually refresh the page to see it Share this post Link to post Share on other sites
elmuerte Posted March 26, 2015 you are probably holding your old iPhone4 incorrectly. Share this post Link to post Share on other sites
SecretAsianMan Posted March 26, 2015 Is there a reason that the Movies/TV thread is no longer pinned? I don't really mind it that way, I'm just curious. Share this post Link to post Share on other sites
Ben X Posted March 27, 2015 Also this thread used to be pinned, right? Perhaps the Welcome thread knocked them off their perch! Share this post Link to post Share on other sites
Erkki Posted April 5, 2015 Maybe the pins weren't securely attached Share this post Link to post Share on other sites
Gerretic Posted April 5, 2015 Post count doesn't matter or anything, but does it make sense not to count Idle Banter posts for it? I haven't been reading this forum for long but the long running threads there seem like a big part of the community. Share this post Link to post Share on other sites
Gwen Posted April 8, 2015 What about being able to like/dislike a post with the click of a little 16x16 icon like on other boards? Share this post Link to post Share on other sites
Zeusthecat Posted April 8, 2015 What about being able to like/dislike a post with the click of a little 16x16 icon like on other boards? Share this post Link to post Share on other sites