|
Runbox Forum Everything related to Runbox should go here: suggestions, comments, complaints, questions, technical issues, etc. |
|
Thread Tools |
28 Mar 2013, 02:34 AM | #1 |
Member
Join Date: Dec 2008
Location: UK
Posts: 50
|
Runbox blog appears to have been partially hacked
The runbox blog site
seems to be serving up adverts to payday loan sites in the banner. I assume it isn't intentional. It doesn't inspire confidence.... |
28 Mar 2013, 02:49 PM | #2 |
The "e" in e-mail
Join Date: Sep 2001
Location: Oslo, Norway
Posts: 2,938
Representative of:
Runbox.com |
There are no ads on our blog.
Are you sure your computer isn't infected with adware?... - Geir |
28 Mar 2013, 10:32 PM | #3 | |
Member
Join Date: Dec 2008
Location: UK
Posts: 50
|
Quote:
Its not displayed when using chrome, looking at the same page using Opera with scripting disabled shows it up. It also shows up using firefox with noscript installed and blocking all scripts on the page. This is what it looks like in opera I've copied some of the page source into a pastebin here It looks like its coming out of the google analytics embedded in the page, or possibly the SEO code. PS - I've just checked using a linux livecd and the ads are embedded in the page source on that system as well, so it looks like its on the runbox end. Last edited by na_mirage : 28 Mar 2013 at 10:47 PM. |
|
28 Mar 2013, 10:49 PM | #4 |
Senior Member
Join Date: Feb 2010
Posts: 107
|
@na_mirage: I cannot confirm this here.
Opera (with adblocking) doesn't show anything the like as on your screenshot. Nor does Firefox (no adblocking). Anyway, since the original post gave rise to concern, I would highly value if we could get an authoritative answer from Runbox whether this is a problem on na_mirage's end or whether something is indeed wrong with Runbox. Above all, please let us users know asap should there be any security problems with our email accounts. BR, gecko |
28 Mar 2013, 10:54 PM | #5 |
Member
Join Date: Dec 2008
Location: UK
Posts: 50
|
I doubt the email accounts are affected or compromised.
It looks like a piece of code a runbox developer has accidentally or intentionally left in, thinking it would never be displayed. It also looks limited to the blog.runbox.com domain as I'm not seeing anything similar on the other domains. The original thread title, is a bit too alarmist if all that is the case, I'll try and re-title it if the board will allow me to do that. ** It doesn't look like it it will allow me to retitle the thread, if a mod wants to do this; 'blog.runbox.com serving hidden ads' would be a more appropriate title. |
28 Mar 2013, 10:59 PM | #6 | |
Senior Member
Join Date: Feb 2010
Posts: 107
|
Quote:
BR, gecko |
|
28 Mar 2013, 11:14 PM | #7 |
Member
Join Date: Dec 2008
Location: UK
Posts: 50
|
Its possible its being injected by the ISP, but I think its unlikely.
I think the reason why your not seeing it, is because you don't have javascript scripting sufficiently disabled, but instead of messing about with that, can you just try 'view source' in whichever browser you are using and search for the word 'smoke' or 'paydayloans' and report back if it is there? Last edited by na_mirage : 29 Mar 2013 at 03:00 AM. |
28 Mar 2013, 11:21 PM | #8 | |
Senior Member
Join Date: Feb 2010
Posts: 107
|
Quote:
One thing I would like to know though is whether this is new or has been buried there for a while without anyone noticing it!? BR, gecko |
|
28 Mar 2013, 11:30 PM | #9 |
Senior Member
Join Date: Feb 2010
Posts: 107
|
BTW, if you search with your favourite search engine for
wordpress pay day you'll get heaps of hits. Seems to be quite a common problem . |
28 Mar 2013, 11:41 PM | #10 |
Member
Join Date: Dec 2008
Location: UK
Posts: 50
|
Hmm, I see what you mean, that looks nasty and pretty widely known
Hopefully Geir will get someone to fix the runbox wordpress installation asap. |
29 Mar 2013, 09:07 AM | #11 |
Cornerstone of the Community
Join Date: Sep 2005
Location: Oslo, Norway
Posts: 555
Representative of:
Runbox.com |
I am looking into this now. Thanks for alerting me, Gecko.
Our email systems are never affected by any of our public web sites. It is on a completely different network and are very secure. Kim Last edited by kservik : 29 Mar 2013 at 09:13 AM. |
29 Mar 2013, 09:41 AM | #12 |
Cornerstone of the Community
Join Date: Sep 2005
Location: Oslo, Norway
Posts: 555
Representative of:
Runbox.com |
I cant find anything and I have taken screenshots with external services and no mention of any "payday loans" in the header.
Kim |
29 Mar 2013, 09:44 AM | #13 |
Cornerstone of the Community
Join Date: Sep 2005
Location: Oslo, Norway
Posts: 555
Representative of:
Runbox.com |
I found it.
|
29 Mar 2013, 10:14 AM | #14 |
Cornerstone of the Community
Join Date: Sep 2005
Location: Oslo, Norway
Posts: 555
Representative of:
Runbox.com |
Seems that a plugin had done some nasty stuff. Fixing it now.
Kim |
29 Mar 2013, 04:21 PM | #15 |
The "e" in e-mail
Join Date: Sep 2001
Location: Oslo, Norway
Posts: 2,938
Representative of:
Runbox.com |
I was a bit too quick there -- thank you for alerting us and detailing the problem!
We have reinstalled WordPress on our blog server so we should be rid of this nastiness. As Kim said there was no danger to our email rig at all since they are entirely separate systems. - Geir |