And breathe.
Struggled all day on ipad and iphone - drove me nuts
Not appeared on laptop (firefox) recently - was an issue earlier.
Its the main template file thats infected.
If you don't mind the change of style... go to the bottom left of this site, and change from DEFAULT STYLE to DEFAULT MOBILE STYLE.
I've tested it out there... seems that the mobile style is clean as a whilstle!
That'll at least stop the malicious script from loading in for you while Eddie is on the case.
The menu is top right - those 3 dots in an icon. You can get to the "what's new" stuff from there. The one thing you can't get at is "subscribed threads" - but that's all.
It definitely confirms that its the main template style files that are infected - a good sign that its contained to that one part of the setup.
Last edited by JohnnyE; 2nd March 2017 at 23:51.
In Safari, clicking on some links opens a new tab then a pop up about a virus. Thankfully it allows the tab to be closed. This is with Adblock running. I can’t recall it being defeated in this way before.
^ That default mobile style tip does seem to work. Thanks!
Just happened to me on a W10 notebook using IE11
Ive just been getting the same, this is what popped up when I hit reply to this very thread..
http://syndication.exoclick.com/spla...ial-scam-sites!
Yep, its still happening
Downloaded AdBlock Plus for Chrome to my Windows 10 PC and that stopped it. Now to fix my Android phone...
Still happens on my iPad but but, as I mentioned yesterday, Adblock Plus has killed it on Chrome on my Windows 10 deskstop machine.
As a matter of interest has anyone using Adblock Plus figured out a way of using it on the TZ forums and allowing the clock and fundraising banner to display? Not a big deal but I am likely to forget to switch off ABP for this site once this issue is resolved.
I've installed AdBlock Plus on my Chromebook and iPhone so let's see if it works. I've lost the clock and the Timefactors banner but that's no big deal.
Still happening on my iPad, no matter what I do. Oh dear!!
Installing the Purify content blocker (and activating it in Safari settings) is a fix for iPhone/iPad.
Last edited by Seamaster73; 3rd March 2017 at 11:06.
I'm at work now, and yep, it's back.
Lots of pop-ups and redirects.
Often involving that old fraud bloke and "The Brit Method".
So clever my foot fell off.
I had logged out with the intention of staying away until this had been resolved but such is my addiction to this place I am draw back
Changing the default style works but I simply cant get on with it so have reverted back to the usual one - which of course means "Want to f*** tonight" and "Try the Brittas method" pop ups galore
My question is - is this just an annoying pop up thing or are personal details, log in and contents of PM's etc at risk?
FFS - and still - some very NSFW sites too.
going to stay away for a while and hope this gets sorted quickly
Anybody else won 27 iPhone 7s?
I think that SC will soon be flooded!
Ive just downloaded Adblock Plus - which it looks as though you have to pay for after 14 days
Seems to be working so far
The TZ clock and other links at the top of the page have disappeared though
This is a little annoying, but thanks for the tip about changing to mobile view, I can live with it until the site is sorted.
If using Adblock Plus you can allow the TZ clock and fundraiser banners through. Just do this...
- Click the red ABP icon, top of your browser
- Click "open blockable items"
- You will now see what this page loads.. and the stuff that is blocked is RED, up top.
- RIGHT CLICK on the top couple of items, then click DISABLE FILTER (3rd option down)
Allow this to get the clock back:Allow this to get the Timefactors banner:Code:http://forum.tz-uk.com/images/DreadnoughtGMT.swf
Code:http://forum.tz-uk.com/images/ads/tfmark2.jpg
- Now refresh your page
- NB: DO NOT disable the last red items with address starting go.oclassrv.com....... - thats the malicious script that you are blocking.
- Take a look through all with type=script and block any that start with
by doing a RIGHT CLICK, Block this itemCode:http://tr.im....
You certainly shouldn't have to pay for it; it's free! See this LINK and the statement immediately above the green 'Install for Chrome' banner (of course the wording will reflect your browser).
Looks like I'm going to be one of 50 millionaires 😂😂
Bloody annoying though, hope you get it sorted Eddie 👍🏻
That's because we don't have malware on our PC/laptop.. its the TZ website/forum that's infected and triggering these popups. Only ABP or similar will work until the forum software is cleaned up.
I'm surprised the hosting company hasn't pulled the plug yet! Any UK host I've used will lock down a site once they are aware of malware on their shared hosting.
Last edited by JohnnyE; 3rd March 2017 at 10:53.
Still happening to me on the iPad. The number of new phones etc that I am apparently eligible to claim is amazing.
Oops - misread the blurb on the home page
Anyway, it appears to be working which is the main thing
Being as I use my netbook for work I'm not sure that a huge pop up inviting me to have sexual intercourse or make a breast size selection whilst I am sitting in a shared office somewhere would be helpful
Is there a Facebook page or similar that I should be subscribed to in order to check on the situation in the event of the TZ site being closed down until fixed?
I think a few of us would go into cold turkey without our addiction being available.
One thing is for sure, the infected code lies in the template/skin - the main one. That's something at least... in theory, deletion of that template and a fresh install from a clean source *SHOULD* do it. However, the only way to TRULY know (given that your average php driven site is made up of thousands of files) is to create a clean site and do a migration of JUST the data from hacked->clean.
An easier route to fix comes if Eddie's hosts can run a security scan and return a list of the EXACT infected php files. If they can do that, its easier to remove BUT you remain vulnerable due to out of date VB software.
Quite often you see the malicious code crudely injected at the foot of the page code. Here, we have a <script> injected VERY PRECISELY in the middle of the page code. When all this is over, I would strongly advise you set a new password - and if you re-use that password (tut tut!!) change it on other sites/services. There is no point in doing it yet, until the infection is confirmed as gone - but if you re-use your TZ password elsewhere, I'd be changing it now on those other sites/services.
Ad block plus working on iPhone. Thanks for tip!
- - - Updated - - -
Ad block plus working on iPhone. Thanks for tip!
I ran another malware scan it it flagged a javascript widget I installed into the footer file. This records site visitors by country - "Supercounters" is the name. I've removed all javascript from the footer file and I haven't had a re-direct since doing that and clearing the forum cache.
Of course, just because it isn't happening for me doesn't mean that it isn't happening for you.
Eddie
Whole chunks of my life come under the heading "it seemed like a good idea at the time".
It is still happening Eddie, for me at least. Don't you get any support with this stuff from host?
Clear your browser cache if you haven't already. ^
I've still to get any redirects. Adblock and Firefox on my laptop and PC, and Chrome and Lookout on my mobile.
I ran another malware scan after deleting the javascripts.
Eddie
Whole chunks of my life come under the heading "it seemed like a good idea at the time".
It's not happening to me now.
EDIT: spoke too soon. :-(
R
Last edited by ralphy; 3rd March 2017 at 13:13. Reason: Oops
Ignorance breeds Fear. Fear breeds Hatred. Hatred breeds Ignorance. Break the chain.