Jump to content
Jake

New Forums! Post feedback, notes, etc here

Recommended Posts

That was a dig at the two people repeating my post, btw, not at you!

 

OMG NEW PAGE! HOW EMBARRASSING AND EXCITING AND UNUSUAL!

:wtz:   :stan:   :miyamoto:   :hypnotoad:   :oldman:   :violin:   :eyebrow:   :kiss:   :gaming:   :woohoo:    :owned:    :frusty:    :devil:    :ancient:    :nuts:    :hitler:   :wtf:

Share this post


Link to post
Share on other sites

Okay, i might be going crazy, or there might be something on my end, but if i visit specifically the front page of this forum with cookies cleared - or in a private window as it turns out - my noscript plugin shows that the forum is trying to run scripts from an "alnera.eu" domain, which googling seems to suggest is involved with a variety of driveby exploits. Has the forum been a victim of something?

Share this post


Link to post
Share on other sites

Hmm, I don't get that. Only idlethumbs.net, googleapis.com and google-analytics.com. Maybe someone is injecting something into the page. Do you see where in the page it tries to load the alnera.eu script?

Share this post


Link to post
Share on other sites

I'm not exactly sure what i should be looking for, but noscript detects it fairly reliably, but only on a first visit with no cookies set.

 

This is the only site i have ever seen that domain.

Share this post


Link to post
Share on other sites

That was a dig at the two people repeating my post, btw, not at you!

Hah, well I was just commenting on the quality of the search function. I like it and I get irrationally defensive when people call it broken, but this time it really was broken.

 

ANYWAY ALL THAT BACKSTORY.

Share this post


Link to post
Share on other sites

Hmm, I don't get that. Only idlethumbs.net, googleapis.com and google-analytics.com. Maybe someone is injecting something into the page. Do you see where in the page it tries to load the alnera.eu script?

 

Alright, i'm kind of a layman with this stuff, but i've spent my day reading up and i think i have a guess at what the offending script is. If anybody wants to fire me a private message, we can have a back and forth about it.

Share this post


Link to post
Share on other sites

I'm not seeing any evidence of script injection, but if you found something please send me any details you've got.

Share this post


Link to post
Share on other sites

I'm not seeing any evidence of script injection

Exactly what an injected script would say!

Share this post


Link to post
Share on other sites

I like it

i don't understand these words

Share this post


Link to post
Share on other sites

I'm not seeing any evidence of script injection, but if you found something please send me any details you've got.

 

Like i said, i'm kind of layman with this, so i'm not sure what specific information you want, let me know and i'll send it your way. Looking into it more though, i can definitely see the script and possibly the details that reveal what it is, but it only shows up consistently when i'm in private browsing. It doesn't seem like it appears if i'm logged in? I don't understand, but it seems to mirror what's in that security blog pretty closely though. If really nobody else is seeing it, is it something on my end?

Share this post


Link to post
Share on other sites

So I duplicated your efforts on Firefox, and I get the same thing, a blocked script from alnera.eu.  But only in private browsing mode. 

 

This is in Firefox 35.0.1, running AdBlock Plus and NoScript as security addons. 

 

Edited to add: I just checked 6 additional sites in private browsing mode, both ones I use on a regular basis and ones I don't, and the alnera thing didn't pop up in any of those.  So if it is something local on my machine, it seems to be oddly local to idlethumbs?  I can check more or try whatever to verify it more. 

Share this post


Link to post
Share on other sites

What URL(s) exactly are you guys loading, and which domains try to load scripts, and which of those do you block/allow?

Share this post


Link to post
Share on other sites

Managed to track this down. Looks like an ip.board vulnerability allowed for a malicious avatar image to be uploaded that, when called, modifies a cache file to add a forum hook to call back to the avatar script to redirect urls with a specific set of params. If you've been seeing those redirects, just make sure you have some sort of antivirus solution in place (which is good advice no matter what). And thanks for reporting it. Sorry it took so long to track down. It was hard to find, and built to be hard to fix by just recopying the source files for the forum.

Share this post


Link to post
Share on other sites

Cool, glad you found it!  The weird thing is that it only appeared in private windows, I couldn't find anything in regular windows. 

Share this post


Link to post
Share on other sites

Now i get to be unreasonably paranoid about whether or not i've been impacted by this.

 

Glad i could be of use, at least.

Share this post


Link to post
Share on other sites

When I submit posts on the mobile version of the site (iphone 4) the page just hangs, loading forever. The post is made in the background but I have to manually refresh the page to see it

Share this post


Link to post
Share on other sites

you are probably holding your old iPhone4 incorrectly.

Share this post


Link to post
Share on other sites

Also this thread used to be pinned, right? Perhaps the Welcome thread knocked them off their perch!

Share this post


Link to post
Share on other sites

Post count doesn't matter or anything, but does it make sense not to count Idle Banter posts for it? I haven't been reading this forum for long but the long running threads there seem like a big part of the community.

Share this post


Link to post
Share on other sites

What about being able to like/dislike a post with the click of a little 16x16 icon like on other boards?

Share this post


Link to post
Share on other sites

What about being able to like/dislike a post with the click of a little 16x16 icon like on other boards?

 

post-31977-0-43134800-1428526955_thumb.gif

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×