Journey with Confidence RV GPS App RV Trip Planner RV LIFE Campground Reviews RV Maintenance Take a Speed Test Free 7 Day Trial ×
 

Go Back   Keystone RV Forums > Welcome to KeystoneForums.com! > Forum Admin, News & Member Account Info
Click Here to Login

Reply
 
Thread Tools Display Modes
 
Old 03-11-2020, 04:22 PM   #1
LHaven
Senior Member
 
LHaven's Avatar
 
Join Date: Feb 2019
Location: Wickenburg
Posts: 3,270
Malware in ad

Admins: Today I am receiving frequent "update your Flash Player" malware solicitations from this forum, with no way to cancel. This is typically a symptom of someone submitting a "poisoned" ad to the pool of advertisements you display.
__________________
2019 Cougar 26RBSWE
2019 Ford F-250
LHaven is offline   Reply With Quote
Old 03-11-2020, 08:06 PM   #2
jsb5717
Senior Member
 
jsb5717's Avatar
 
Join Date: Mar 2019
Location: Milwaukie, OR
Posts: 1,388
What browser are you using? I had some weird stuff with Microsoft Edge. I was testing the new version. Haven't had the malware with Firefox or Chrome.
__________________
Jeff & Sandi (and Teddy - 7lb Schnorkie)
2018 Montana High Country 305RL
2015 RAM 3500 Crew Cab 4x4 DRW
Demco Recon Hitch on RAM Puck Ball
jsb5717 is offline   Reply With Quote
Old 03-11-2020, 08:30 PM   #3
LHaven
Senior Member
 
LHaven's Avatar
 
Join Date: Feb 2019
Location: Wickenburg
Posts: 3,270
I'm using Safari on Apple High Sierra. I had to come to Tapatalk just to answer this post, because as I sit there trying to read it, it doesn't take four seconds for the ad to grab the page and throw me to "gogo.thepowerrangers.com" where one of those phony ads lives. Every time I hit the back key, it throws me back to the malware within about two seconds.
__________________
2019 Cougar 26RBSWE
2019 Ford F-250
LHaven is offline   Reply With Quote
Old 03-11-2020, 08:35 PM   #4
LHaven
Senior Member
 
LHaven's Avatar
 
Join Date: Feb 2019
Location: Wickenburg
Posts: 3,270
I should add that it's not just this forum. I pulled up a particular news item from Reuters today that sends me to the exact same malware within about 20 seconds.


UPDATE: The only extensions I run are 1Password (which I've run forever) and Honey (which I just added, but I verified that I still get the same bad behavior when it's not running).
__________________
2019 Cougar 26RBSWE
2019 Ford F-250
LHaven is offline   Reply With Quote
Old 03-11-2020, 09:08 PM   #5
hankpage
Site Team
 
hankpage's Avatar
 
Join Date: Jun 2009
Location: Venice
Posts: 5,346
LHaven, One of our moderators had a similar problem yesterday that went away when he logged out and then back in. The rest of us have not seen anything out of the ordinary so we are kicking it up to the admins to see if they have seen this on any of their other forums. Didn't want you to think we were not paying attention to your problem. Travel safely, Hank

P.S. I have recently added Honey also but have not had any problems.
__________________
Hank & Lynn
2007 Cougar 290RKS, E-Z Flex, 16" XPS RIBs ( SOLD .. Gonna miss her ... looking for new 5r)
2004.5 Dodge 2500 QC, LB, 5.9HO, WestTach gauges, Ride-Rite
hankpage is offline   Reply With Quote
Old 03-11-2020, 10:19 PM   #6
LHaven
Senior Member
 
LHaven's Avatar
 
Join Date: Feb 2019
Location: Wickenburg
Posts: 3,270
I thought I'd include one of the resulting URLs just in case. It has a lot of trailing parameters that may help you identify the offending ad. (For heaven's sake, don't click on it.)


Code:
https://gogo.thepowerrangers.com/0d09f9d8-90dd-4dd5-8b2c-2031e317fb90?aff_sub2=d361f4b4-92a1-425a-98c1-b8a2132d9ec5_1583993400&aff_sub3=MEDIAMATH-MO&ssp=ruc&aff_sub4=728x90&aff_sub6=keystoneforums.com&domain=keystoneforums.com&domain_id=e2f4d5c200a2fff5ee29029cf18ae0f9&campaign_country=US_OSXSF_MNST_WIFI_POP
__________________
2019 Cougar 26RBSWE
2019 Ford F-250
LHaven is offline   Reply With Quote
Old 03-12-2020, 04:00 AM   #7
gkainz
Senior Member
 
Join Date: Jan 2011
Location: Arvada, CO
Posts: 708
I believe you have a browser hijack on your computer (yes, it can happen on Mac/Apple stuff, too). I’m on a Mac or iPhone most of the time.
Download malware bytes and let it run a scan. Or google gogo powerrangers hijack for removal instructions.
__________________
2010 Laredo 245RL
2007 Dodge Ram 2500 CTD 4x4
Andersen Ultimate Gooseneck mount
gkainz is offline   Reply With Quote
Old 03-12-2020, 05:15 AM   #8
fatcatzzz
Senior Member
 
Join Date: Jun 2014
Location: Kamiah
Posts: 271
May be a man-in the-middle attack. You can google it. Reestablish a web connection to a known secure web connection and see if this still happens with ads. If ad goes away, your connection is being hacked. This is common with public wifi connection. Just my 2cents.
__________________
Ron&Sue
2017 Montana 3720RL Legacy
14' Ram 3500 DRW
fatcatzzz is offline   Reply With Quote
Old 03-12-2020, 07:15 PM   #9
LHaven
Senior Member
 
LHaven's Avatar
 
Join Date: Feb 2019
Location: Wickenburg
Posts: 3,270
For general information, I'm reasonably experienced with this stuff. I disinfect other people's machines daily. I'm also pretty confident about the security of my town's Internet service, because I built it.

I run Malwarebytes regularly. It finds nothing. I have cleaned out all the Launch*s, Startups, Plugins, site cookies, etc. It doesn't make a difference. None of that has helped this particular problem.

Other Apple users are describing the same symptoms. Only Safari, only certain websites, tied to ad deliveries. But on some big name websites (that I rarely visit) like CNN and NYT. Wordpress sites are implicated, visibly serving up the same ads as the Keystone Forum, CNN, etc.

I have the bogus site redirected to 0.0.0.0 in my hosts file to avoid the phishing page, but I still can't spend more than five seconds on a Keystone forum page that serves ads before I get hijacked to a "can't connect to URL" screen. (Conversely, I can spend forever on my profile screen because there are no ads there.)

Looks like I'm going to have to resort to Tapatalk and Firefox until the ad delivery aggregation company gets its act together.


UPDATE: I strongly suspect the reason that Firefox isn't being victimized by this is because it is apparently blocking all the ads!
__________________
2019 Cougar 26RBSWE
2019 Ford F-250
LHaven is offline   Reply With Quote
Old 03-12-2020, 09:57 PM   #10
jsb5717
Senior Member
 
jsb5717's Avatar
 
Join Date: Mar 2019
Location: Milwaukie, OR
Posts: 1,388
I'm on Firefox right now and there are the usual ads present to the right of this section as well as intermingled in the thread.

As I said, I experienced what you described in MS Edge so I quit using it. So far no problem with FF.
__________________
Jeff & Sandi (and Teddy - 7lb Schnorkie)
2018 Montana High Country 305RL
2015 RAM 3500 Crew Cab 4x4 DRW
Demco Recon Hitch on RAM Puck Ball
jsb5717 is offline   Reply With Quote
Old 03-13-2020, 06:33 AM   #11
gkainz
Senior Member
 
Join Date: Jan 2011
Location: Arvada, CO
Posts: 708
I'm in IT, too and one of the sad sayings (internally) we have when closing a request that we cannot duplicate is "I'm sorry you're sitting in the dark, but the lights are on in my office"

Hope that doesn't sound denigrating, just commiserating! I'm using Safari (a little), Chrome mostly and haven't experienced what you're seeing while here or elsewhere.

Good luck with chasing this to ground and killing it! Would be interested in hearing what the resolution turns out to be.
__________________
2010 Laredo 245RL
2007 Dodge Ram 2500 CTD 4x4
Andersen Ultimate Gooseneck mount
gkainz is offline   Reply With Quote
Old 03-13-2020, 04:00 PM   #12
Janet H
Site Team
 
Janet H's Avatar
 
Join Date: Sep 2016
Location: PNW
Posts: 601
Thanks for the reports. we believe this is likely a bad ad being slipped in occasionally (or maybe more than one). Any urls you can supply are helpful.

For safari users especially the update your flashplayer notices are annoying. I recommend running malwarebytes (free) to clear your machine of unwanted malware.
__________________
.

You have brains in your head. You have feet in your shoes. You can steer yourself any direction you choose. | Dr. Seuss
Janet H is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

» Featured Campgrounds

Reviews provided by

Powered by vBadvanced CMPS v3.2.3
Disclaimer:

This website is not affiliated with or endorsed by the Keystone RV Company or any of its affiliates in any way. Keystone RV® is a registered trademark of the Keystone RV Company.


All times are GMT -8. The time now is 01:28 AM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2024, vBulletin Solutions, Inc.