MartinP

Pop-up ads - WTF?

21 posts in this topic

I visited here a moment ago and the ad bar at the top of the "community" page was for "little blue pills". (I'm using a euphemism so that I don't trigger our net monitoring software here at work).

OK, that's a bit embarrasing sitting here in the office, but not too bad. However I was most annoyed to have a couple of IE pages spawned off to "planet pharmaceuticals" (which incidentally locked up my IE such that I had to kill it from Task Manager).

Sites like that can cause (understandable) sensayuma failure on the part of our net-monitoring guys, and it doesn't seem to present a very professional image for SR.

Is it SR policy to serve pop-up ads?

Martin

Edited by MartinP

Share this post


Link to post
Share on other sites

I think SR has had pop-up adds for some time now. I'm not entirely sure though because I use Firefox. I recall that there was a thread on it some time ago in the B&G.

You can add pop-up functionality to IE, just hit google. Some others may be able to give you better recommendations.

Edited by Gilbo

Share this post


Link to post
Share on other sites

I would say you have a little spy ware installed. I have been browsing SR for over a year and they have never once served me a pop-up! I don't even need a pop up blocker when browsing SR.

Share this post


Link to post
Share on other sites

You certainly shouldn't be getting multiple pop-ups like you recieved though. I second luvmich's theory.

Share this post


Link to post
Share on other sites

I don't see any banners, or pop ups, or any of that here...then again let me open the page in IE where I'm not using the Adblock extension on top of Firefox's built-in protection.

Wow. There's three graphical banners and a GoogleSyndication.com IFRAME. Don't see any popups though.

Your sysadmin people can do selective content blocking much like Adblock does, if they won't let you install the Phoenix/Firebird/Firebox happiness.

Share this post


Link to post
Share on other sites

I do use Firefox at home, but the machines here have IE, and they're locked down so I can't use FF.

I have never seen a popup on SR before, but I'm sure it came from SR because the banner ad at the top of the page was for V****a. I don't think it's spyware (unless the Planet Pharmaceuticals page installed it).

cheers, Martin

Share this post


Link to post
Share on other sites

Lately, it seems that ad companies have found new ways to bypass pop-up blockers. Started seeing some on Mac even, using Firefox (without using adblock extension). Of course some will say that using IE is almost an invite for problems. Sometimes you have to. Disabling javascript helps. Using a proxy server on your system can also.

In the past, one ad company would over-lay another companies ads. Something has infected your system or a site you visited before you got to SR probably.

From Cnet last year:

an independent security researcher found an aggressive advertising program, known as adware, that installed itself onto a victim's computer via the same two flaws in Internet Explorer. ... widespread Web server compromises have turned corporate home pages into points of digital infection.

Are you using Win XP SP1?

Filters - obviously you can't configure the router - are another option.

Security flaws in some versions of RealPlayer.

Wallon virus wrecks Windows Media Player

i would first look to insure that you don't have current AV. Then read the Denver Post article How Secure is your Computer?

Network Traffic Sniffer WORM

spyware

Sasser worm - patch

Phishing - can install a trojan horse

WINS port 42 exploit

phpBB exploit infects web servers

Google Desktop

NetGear backdoor security hole

CompuerWorld - Security

Linux - http://www.techworld.com/security/news

SSL-busting spyware

pop-up in IE

New IE hole could perfect phishing scams

Latest security flaw lets attackers create fake Web site that looks identical to a genuine site

By Joris Evers, IDG News Service

December 17, 2004

www.infoworld.com

Linux users suffering from "image" problem:

Linux Image flaw

SuSe Security

gentoo

secunia advisories

similar bug

PEG-rendering flaw

exploiting flaw

Share this post


Link to post
Share on other sites

I think the recent bypassing techniques only allows pop-unders. It's still very annoying though. Luckily none of the sites I frequent implement such unfriendliness.

Share this post


Link to post
Share on other sites

The most recent countermeasure I've discovered is filling your etc/hosts file with entries like this:

127.0.0.1 localhost

127.0.0.1 www.doubleclick.net

127.0.0.1 ad.preferances.com

127.0.0.1 ad.doubleclick.com

127.0.0.1 ads.web.aol.com

127.0.0.1 ad.doubleclick.net

127.0.0.1 ad.preferences.com

127.0.0.1 ad.washingtonpost.com

127.0.0.1 adpick.switchboard.com

127.0.0.1 ads.doubleclick.com

127.0.0.1 ads.infospace.com

127.0.0.1 ads.msn.com

127.0.0.1 ads.switchboard.com

127.0.0.1 ads.enliven.com

127.0.0.1 oz.valueclick.com

127.0.0.1 doubleclick.net

127.0.0.1 ads.doubleclick.net

If you google around you can find large lists of them. It makes pages load oh so much faster, and pretty much completely blocks banner ads.

I still get that ZipZoomFly Flash ad down at the bottom of the page, though.

Share this post


Link to post
Share on other sites

127.0.0.1 doubleclick.net

127.0.0.1 ads.doubleclick.net

Those are the ones flooding the Web.

Share this post


Link to post
Share on other sites
Yes, SR does serve pop-ups (unfortunately) and has done so for a long time. You do only get them once a day, however.

199044[/snapback]

Just got the damn thing again, and once again it locked up IE such that I had to kill it with Task manager.

I have no access to Hosts files on this machine, unfortunately, although a number of ads do fail to appear. I suspect they are blocked by a proxy somewhere in the infrastructure here.

Maybe they'll catch up with this PITA pop-up site soon.

cheers, Martin

PS is there any way to load that hosts file into my Netgear and block them there?

Share this post


Link to post
Share on other sites
I still get that ZipZoomFly Flash ad down at the bottom of the page, though.

199052[/snapback]

That's why I don't allow Flash on my machines at home.

Any site that needs Flash, Java or Active/X to load won't get my business.

cheers, Martin

Share this post


Link to post
Share on other sites

I use FireFox and Mozilla nowadays. No more IE for browsing (kept it out of my firewall permission list for internet access). Lots of people here get spywares and adwares thru IE. Its common MSHTML engine is also used by Outlook Express, another venue for adware and spyware to get in also (in the mail, just add frame and page links/references to the malware webiste, and walla! same way IE gets infected). Pop-up blockers doesn't really help, as many of those used them are still getting parasites in their machines (using IE exploits and security flaws). Of course newer anti-virus programs does help a lot (those that have built-in spyware/adware detection). Flash is OK actually, the plugin is quite safe actually. ActiveX definitely not safe as with VBScripts (many viruses uses VBScript) also.

Btw, If a website isn't Firefox or Mozilla friendly (only IE can be used only), then they don't get my "business" either... (this means they expect an IE user, means they "could be" using exploits/flaws to compromise your machine with adware/spyware) :lol:

Share this post


Link to post
Share on other sites

Of course, one of my friends had a better method. He uses VMware to run another copy of "Windows" as a "virtual PC" on his machine. He can use I.E easily in there since its isolated from the actual machine, and can always revert back to a good working copy of Windows operating system.

You may have a go at it.. :rolleyes:

Share this post


Link to post
Share on other sites
Of course, one of my friends had a better method. He uses VMware to run another copy of "Windows" as a "virtual PC" on his machine. He can use I.E easily in there since its isolated from the actual machine, and can always revert back to a good working copy of Windows operating system.

199104[/snapback]

Sounds like a really complicated way to do what GoBack can achieve almost transparently (as long as the swapfile isn't on a GoBack-managed spindle).

cheers, Martin

Share this post


Link to post
Share on other sites

Okay, I saw this today and felt it worth mentioning.

'DNS poisoning' attacks began late last week..

In DNS poisoning attacks, malicious hackers take advantage of a feature that allows any DNS server that receives a request about the IP address of a Web domain to return information about the address of other Web domains.

ComputerWorld - DNS poisoning' attacks

Share this post


Link to post
Share on other sites
The most recent countermeasure I've discovered is filling your etc/hosts file with entries like this:

(EDIT)

199052[/snapback]

Huh, that's a neat little trick. I suppose that ad servers will just register a hundred or so names so it's hard to keep up with the edits, but it has to cut down your ad traffic somewhat.

Share this post


Link to post
Share on other sites

Because DNS queries are using UDP (connectionless protocol unlike TCP), any "returned DNS data" can come from any IP address. Since the DNS cache engine does not check from which IP address these returned DNS data come from, thus this was exploited in "DNS Poisoning".

Bad DNS coding.. :angry:

Share this post


Link to post
Share on other sites
Because DNS queries are using UDP (connectionless protocol unlike TCP), any "returned DNS data" can come from any IP address. Since the DNS cache engine does not check from which IP address these returned DNS data come from, thus this was exploited in "DNS Poisoning".

Bad DNS coding.. :angry:

199390[/snapback]

Usually, a cookie is send with the request that has to be included in the response to prevent such 'misuses'.

Share this post


Link to post
Share on other sites

I'm missing something here.

PC sends out a DNS request, and gets back the correct info for the site in question, but also invalid info for other sites.

If the hack is able to return invalid data about other addresses, why can't it simply return invalid info about the address which was actually requested?

cheers, Martin

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now