LumberJocks

Malicious script on the projects page

  • Advertise with us

« back to LumberJocks.com Site Feedback forum

Forum topic by Charlie Kilian posted 02-26-2018 05:01 PM 830 views 0 times favorited 19 replies Add to Favorites Watch
View Charlie Kilian's profile

Charlie Kilian

80 posts in 815 days


02-26-2018 05:01 PM

Apologies if this has been posted already, I didn’t see it.

The projects page is currently serving me a malicious script that is redirecting each link to an external site (not sure which one; it’s getting blocked by my work’s firewall, fortunately).

This is the link I am getting:

http://redirect.viglink.com/?format=go&jsonp=vglnk_151966427197313&key=7480ef029b6d60b2e931c19360e0c889&libId=je4guwfm0100zey7000DA76vb8hjgqpfp&loc=http%3A%2F%2Flumberjocks.com%2Fprojects&v=1&out=http%3A%2F%2F47.60.2ea9.ip4.static.sl-reverse.com%2Fprojects%2F366185&title=Woodworking%20Projects%20Gallery%20%40%20LumberJocks.com%20~%20woodworking%20community&txt=%3Cimg%20alt%3D%22how%20to%20make%20T%20track%20%20with%20cornice%22%20src%3D%22%2Fassets%2Fpictures%2Fprojects%2F1963457-196x130.jpg%3F1519659521%22%3E

This seems to only be happening on this page:

http://lumberjocks.com/projects

It isn’t happening if I click on an individual user’s projects page.

On the front page, clicking on a user’s profile is also infected with this malicious redirect.

Edited To Add: It might be coming from an infected ad, too. I know that happens sometimes.


19 replies so far

View Murdock's profile

Murdock

129 posts in 2681 days


#1 posted 02-26-2018 05:24 PM

I’m not seeing that issue, that makes me thing one of a few things:
1. the issue is resolved
2. there is more than one server and not all have the bad script
3. The issue is actually not with the site but something on your end. I have seen this before in my job, If that is the case you may want to run some malware scans.
4. The issue is caused by some server between LJ and you. (HTTPS would help with this issue, maybe the admins would consider adding it going forward)

Hopefully others that know more about the structure of the site can take a closer look to see if the issue exists on the site as a whole.

-- "Anyone who has never made a mistake has never tried anything new." - Albert Einstein

View Charlie Kilian's profile

Charlie Kilian

80 posts in 815 days


#2 posted 02-26-2018 05:30 PM

I’m not seeing it now, either. I suspect it isn’t my local, as I’m at work, and there are many scans that happen routinely. And it’s only happened to me on this site. But it could definitely be a malicious ad, or just one infected server, etc. Also, some of these malware scripts only attack, say, every 100th client, which make them MUCH harder to find.

I’m mostly just reporting it so admins know someone has experienced it. I’m definitely not judging or pointing fingers at anyone.

View Redoak49's profile

Redoak49

3660 posts in 2186 days


#3 posted 02-26-2018 05:55 PM

I hope you sent a message to Cricket.

View Cricket's profile

Cricket

2429 posts in 1790 days


#4 posted 02-26-2018 05:57 PM

You should never see viglinks when you are logged in.

I am checking, but am not seeing any issues yet.

-- LumberJocks.com Community Manager

View Rick S...'s profile

Rick S...

10913 posts in 3230 days


#5 posted 02-26-2018 06:20 PM

This is the Message (BELOW) I get when I click on: http://redirect.viglink.com/?

Nothing when I click on “Projects” Or “A Members Project”

I am however Getting a Message In My Title Block: “Your Connection To This Site Is NOT Secure” and a description as to why.

Also that 13 Cookies are in use on this site.

Also THIS when I run a “Tracking System.” Piece of Software. (I had to Disable “Social Networks” and “Others” as they were causing HAVOC On Here as We are Well “Socially Connected.”)

9 TRACKING SYSTEMS
on website lumberjocks.com
Social networks (0)
Ad Tracking (6) All allowed
Web Analytics (3) All allowed
Others

Yes I’m Obviously “Logged In.”


Rick

-- I Chose "The Road Less Travelled" Now I'm Totally Lost! (Ontario, CANADA)

View Cricket's profile

Cricket

2429 posts in 1790 days


#6 posted 02-26-2018 06:31 PM

Okay, I didn’t clarify what I was saying very well.

I do not see that link anywhere on the project page.

Can you give me a screenshot where you are seeing the link itself?

-- LumberJocks.com Community Manager

View Cricket's profile

Cricket

2429 posts in 1790 days


#7 posted 02-26-2018 06:55 PM

I am escalating this to our tech team to check for any issues.

I will update you when I hear more.

-- LumberJocks.com Community Manager

View Rick S...'s profile

Rick S...

10913 posts in 3230 days


#8 posted 02-26-2018 06:59 PM



Okay, I didn t clarify what I was saying very well.

I do not see that link anywhere on the project page.

Can you give me a screenshot where you are seeing the link itself?

- Cricket

Nor do I. I took it from the OP as above.

-- I Chose "The Road Less Travelled" Now I'm Totally Lost! (Ontario, CANADA)

View Charlie Kilian's profile

Charlie Kilian

80 posts in 815 days


#9 posted 02-26-2018 07:37 PM

I’ll take a screenshot next time. I can show you where it was happening, but it wouldn’t be in the current screenshot. Would it help to take screenshots and point to the links that were affected? If so, let me know, and I’ll do that.

I didn’t know to notify Cricket, but if this happens again, I’ll make sure he sees it.

View Cricket's profile

Cricket

2429 posts in 1790 days


#10 posted 02-26-2018 07:58 PM

I really need the screenshot to be from when it happens.

In the meantime, I have asked our tech team to take a look because I have been unable to replicate it.

-- LumberJocks.com Community Manager

View Cricket's profile

Cricket

2429 posts in 1790 days


#11 posted 02-26-2018 08:54 PM

They are still looking but in the meantime, can I get some information from you?

What device are you using to access the site? Computer? Tablet? Phone?
Which operating system are you using? (Windows 10, etc.)
Which browser are you using? (Chrome, Firefox, Edge, IE, etc.)
Have you already tried clearing your cookies/cache?

The reason I need more information is that I have tried on multiple browsers and have been unable to replicate this. The techs will keep looking to be 100% certain, but it may be as simple as a bad ad slipped through.

You have done a scan on your PC, right?

-- LumberJocks.com Community Manager

View Charlie Kilian's profile

Charlie Kilian

80 posts in 815 days


#12 posted 02-26-2018 09:06 PM

I’m using a PC—actually a VM running Windows Server 2016, it is what I use as my primary computer at work (I’m a software developer). It has the latest updates; I apply them every day. At a minimum there are virus and spyware updates daily. It has scanning on all the time via Windows Defender, but I’ve gone ahead and kicked off a full scan right now and will report back the results. It’ll take awhile.

For a web browser, I’m using Chrome 63.0.3239.132 (Official Build) (64-bit)
(As I looked this up inside Chrome, Chrome found an update, which it is downloading right now.)

I haven’t cleared my cache, but the problem did go away about an hour after I first reported it.

I think it’s likely it was a bad ad. And just to repeat, I’m 100% not upset or judging anyone for having this happen. I have done enough web development work to know this stuff just happens sometimes, and all you can do is fix it and try to see if you can find a way to prevent that particular threat from slipping through next time. I didn’t know who to notify, and I figured you’d want to know, even if it was just an ad. I don’t know your particular controls, of course, but I know sometimes administrators can block an ad if they can identify the one that was causing the problem.

I’m sorry I didn’t get a screenshot of it. If it ever happens again, I’ll be sure to do that, and see if I can poke around and figure out where it was coming from, too.

View Cricket's profile

Cricket

2429 posts in 1790 days


#13 posted 02-26-2018 09:51 PM

I appreciate, your response.

Our team is still going to double check everything to verify there are no issues.

-- LumberJocks.com Community Manager

View Charlie Kilian's profile

Charlie Kilian

80 posts in 815 days


#14 posted 02-26-2018 10:16 PM

The scan of my PC is completed. It was a Full scan from Windows Defender. It resulted in “No threats were detected on your PC during this scan.”

View Kelster58's profile

Kelster58

670 posts in 738 days


#15 posted 02-26-2018 10:20 PM

Same thing came up for me yesterday on the Blogs page…....Hope Lumberjocks is aware and users are aware, Thanks for posting.

-- K. Stone “Tell me and I forget, teach me and I may remember, involve me and I learn.” ― Benjamin Franklin

showing 1 through 15 of 19 replies

Have your say...

You must be signed in to reply.

DISCLAIMER: Any posts on LJ are posted by individuals acting in their own right and do not necessarily reflect the views of LJ. LJ will not be held liable for the actions of any user.

Latest Projects | Latest Blog Entries | Latest Forum Topics

HomeRefurbers.com