SDC redirects to Google

Status
Not open for further replies.
E

EarthlingX

Guest
When i try to get to any space.com URL with FireFox, i get redirected to http://www.google.com.
It doesn't happen with Chrome, which i'm using to write this.

Deleting history or cookies, restarting FF or comp doesn't help. When i dump http traffic i see as a referer to Google the page on SDC which i was trying to access.

Any ideas ?


edit: changed title, since it's not only FF.
 
E

EarthlingX

Guest
Re: SDC redirects Firefox to Google

Blocking ajaxstat.net solved the problem, for now.
 
D

doublehelix

Guest
Re: SDC redirects Firefox to Google

Thanks, EX, I've forwarded this on to our helpdesk.

-dh
 
S

SpeedFreek

Guest
Re: SDC redirects Firefox to Google

I'm getting this issue too, using google chrome, but not getting it using firefox.

Norton is telling me that ajaxstat.net is ATTACKING my computer.

Whatever I try, I cannot get chrome to load SDC, it just switches to google. grrrrr

How do I block ajaxstat.net for chrome? I installed adblock (which is what I assumed was allowing me to access SDC via firefox) but it is no help.

What infernal malicious software is SDC forcing upon me now?

GRRRRRRR

I never have any of these problems with the other sites I visit, only SDC causes me problems, which is why i post here less than I used to.

AND WHEN WILL YOU FIX THE GODDAMNED LOGIN BUG?!?
 
D

doublehelix

Guest
Re: SDC redirects Firefox to Google

Just wanted to let you all know that I just got off the phone with head of IT and he told me that they are working on it - it's just a painstakingly tedious task. But they are on it and this is their top priority right now. I'll pass on anything else that I hear that would help you guys. Apologies for any hassles you are experiencing with this.

-dh
 
D

doublehelix

Guest
Re: SDC redirects Firefox to Google

SpeedFreek":33vc9mbc said:
What infernal malicious software is SDC forcing upon me now?

It's definitely not on the SDC servers but probably coming in through an ad.

I also know for a fact that the login process is being reassessed. I'll let you know more when I know more. Thanks! :cool:

-dh
 
S

SpeedFreek

Guest
Re: SDC redirects Firefox to Google

doublehelix":2dryl7ui said:
SpeedFreek":2dryl7ui said:
What infernal malicious software is SDC forcing upon me now?

It's definitely not on the SDC servers but probably coming in through an ad.

I also know for a fact that the login process is being reassessed. I'll let you know more when I know more. Thanks! :cool:

-dh

Thanks for the update DH, and sorry for my bad temper! I am posting from firefox right now as chrome still won't let me in.
 
E

EarthlingX

Guest
Re: SDC redirects Firefox to Google

dh, thanks. :cool:
If you need any more detailed info, like TCP traffic dump, just ask.


SpeedFreek, i just installed Adblock for Chrome, no biggie. At the end of the install it asks you if you wish ABP button add-on, which i used to add filter to ajaxstat.net, but in FF - Chrome works for me.

In short :
ABP/preferences/Add filter

I hope it helps.
 
A

a_lost_packet_

Guest
Earlier today I was testflying Avast....

It did NOT like a compressed javascript that SDC index and forums were trying to load. Screenies follow:

http://i55.tinypic.com/htsm4g.jpg

http://i51.tinypic.com/mhvuqs.jpg

Hmm, thought I had more screenshots than that.. Anyway, the same class package was on both the home index page and forum page. Though, I don't believe the files were the same. I'll see if I can find my other screenies.

Anyway, I tested the page with about five different url scanners and checked multiple reports/hosts/etc. None showed a current problem with SDC's homepage index or the forum page.

But, it seems this compressed java script file was something that AVAST did not like at all. Some ID'd it as a popular attack package, used for plugging in malware javascripts.

Curiously enough, it's no longer popping up. Sorry for not posting this earlier.

Note: ADP didn't have a chance to get to it, neither did other security add-ons/software because Avast stomped it before it could move further down the line.
 
J

Joshua99

Guest
Josh here, internal helpdesk support for the TechMediaNetwork.

I just wanted to thank those of you that have provided information in regards the the recent bugs. Every little bit counts, and its is appreciated. We are currently working in overdrive to resolve this issue. Please be patient with us, as DH said, it is a very complex system, and a complicated process to narrow down where it is coming from, and how to solve it.

Thanks!
 
D

doublehelix

Guest
Re: SDC redirects Firefox to Google

SpeedFreek":5zu1jac8 said:
Thanks for the update DH, and sorry for my bad temper! I am posting from firefox right now as chrome still won't let me in.

Hey SpeedFreek, you're welcome! Thanks for the kind words, too. I know how frustrating this kind of thing is, so I can understand the aggravation. Sometimes when stuff like this happens at home, I want to pull my hair out. So no worries. :cool:

-dh
 
S

SpeedFreek

Guest
Re: SDC redirects Firefox to Google

doublehelix":2jmwgyor said:
SpeedFreek":2jmwgyor said:
Thanks for the update DH, and sorry for my bad temper! I am posting from firefox right now as chrome still won't let me in.

Hey SpeedFreek, you're welcome! Thanks for the kind words, too. I know how frustrating this kind of thing is, so I can understand the aggravation. Sometimes when stuff like this happens at home, I want to pull my hair out. So no worries. :cool:

-dh

Sorry again, I shouldn't lose my temper over these issues. I know how hard you work! :)

All the best.
 
A

abq_farside

Guest
a_lost_packet_":264fj97j said:
Earlier today I was testflying Avast....

....Note: ADP didn't have a chance to get to it, neither did other security add-ons/software because Avast stomped it before it could move further down the line.

I was getting the same error earlier today and I run Avast on my laptop. I had reported this a few weeks ago as a trojan and Avast had flagged it a couple of other times.

Could never tell is was a false positive or not, but I am not getting it now.
 
E

EarthlingX

Guest
I just disabled ABP to try if i can repeat the bug, but it works now. Filter for ajaxstat.net logged about 60 hits before that.
Since it works, i can't help with more info atm, but will keep it open and post if it happens again and i manage to dig anything more.
 
A

a_lost_packet_

Guest
When I first got the warning and block, I did some urlscans and they couldn't find any malware hits or likely exploits. A few urlscan sites did show some historical hits within the past 30 days, but nothing at present.

From Avast's forums, it appears that Avast is kicking in on this particular family of Warnings because of the way the content is delivered in what they refer to as an "obscured compressed javascript package" and they wonder "why it would be delivered in such a way." (Don't have the forum link where it was discussed handy, atm.)

So, basically, Avast and other programs flagging this particular javascript problem are hitting on the compressed delivery package, not the content itself.

Is it a problem? It could be a "potential" problem if the package is compromised and has malware code that gets dumped out when it is uncompressed.

So far, no hits since I logged in this afternoon. But, this morning there certainly were.
 
A

adrenalynn

Guest
Hi Josh [and all] - thanks for running down the advertiser bringing ugliness with it.

Here's another datapoint from this morning that may help in your hunt. I can further confirm that it is not a false positive but a legitimate concern. After disassembling the jar (it's not javascript, it's a compiled java application), and running it through VirusTotal, it's definitely blowing bad across the board.

space-serve-virus-1.png


After analyzing it, it appears to me to contain a dropper and a downloader. The downloader is attempting to fetch infected PDFs. A half dozen of them, only two still existing.
 
Status
Not open for further replies.

Latest posts