PH page hijacked and redirecting to malware

PH page hijacked and redirecting to malware

Author
Discussion

Funk

Original Poster:

26,254 posts

208 months

Thursday 24th December 2015
quotequote all
So in a somewhat ironic situation, I browsed to the 'Do you use adblock on PH?' thread on the only device I don't use adblocking on only to be promptly redirected to a malicious site:



This then redirected me to here:



and finally it hijacked the vibrate function and would not allow me to exit. The only way out was to crash the phone to restart. You can see the sequence of PH pages I browsed here:



yeah.youmadethedeal.com, play.leadzu.com and specs.appmobi.com are nothing I've browsed to myself. Thinking back it's not the first time I've had this happen when browsing PH but I brushed it off and it wasn't as malicious as this event.

This is on Android 5.0.1 on an unrooted HTC One M8. I'm running Lookout Premium along with Belarc Security Advisor. There are no apps on the phone which were not downloaded from the Play Store.

This 100% came as a browser hijack from PH within seconds of loading the page. I'd suggest you guys sort this st out pronto, it makes you look like amateur hour and is NOT the sort of experience I expect from a site the size of PH.

I shouldn't have to root my device and install Adblock to avoid this kind of crap.

Edited by Funk on Friday 25th December 00:14

Ollie_M

2,268 posts

105 months

Saturday 26th December 2015
quotequote all
Thank you Funk for bringing this to our attention.

I will be pass this on for the immediate attention of the technical team when PH Towers re opens after the Festive period.


Ollie

Lgfst

391 posts

108 months

Monday 28th December 2015
quotequote all
I had the same thing earlier but from a different set of Web pages...


Funk

Original Poster:

26,254 posts

208 months

Monday 28th December 2015
quotequote all
Glad to see it's not just me...

No doubt the PH response will be to point the finger at the '...company that supplies the ads..' and it '...being outside the remit of what PH allow...' and that '...they'll ensure it doesn't happen again.'

PH - if you can't trust the company you currently employ to handle your ads, you need to SACK them and find a way of monetising the site which doesn't redirect your users to sodding malware.

Ollie_M

2,268 posts

105 months

Tuesday 29th December 2015
quotequote all
Hi Funk

I will be sure to let you know the cause of this once I have passed this over to the relevant department

Ollie

Funk

Original Poster:

26,254 posts

208 months

Tuesday 5th January 2016
quotequote all

pc.iow

1,879 posts

202 months

Tuesday 5th January 2016
quotequote all
Funk said:
So, err, what's that 'undress me' game like then?

Funk

Original Poster:

26,254 posts

208 months

Tuesday 5th January 2016
quotequote all
pc.iow said:
So, err, what's that 'undress me' game like then?
I have no idea, didn't click anything and binned the page off after getting a screenshot.

Ollie_M

2,268 posts

105 months

Tuesday 5th January 2016
quotequote all
We're looking into this now FUNK

Dom_PH

358 posts

103 months

Tuesday 5th January 2016
quotequote all
Thanks for the reporting this Funk. Apologies that this has happened.

Lgfst - what device are you using?

If this happens to anyone else then replying with what device you are using would be very helpful to our investigation.

Thanks,
Dom

Lgfst

391 posts

108 months

Tuesday 5th January 2016
quotequote all
Dom_PH said:
Lgfst - what device are you using?
Galaxy S5. Android 5.0

Using Google Chrome (when that happened) with malwarebytes anti malwarebytes, eset mobile security and AVG privacy.

Switched to Adblock Browser and hasn't happened since. I'd prefer to return to Chrome though.

Funk

Original Poster:

26,254 posts

208 months

Sunday 10th January 2016
quotequote all
So, any news a week down the line?

Dom_PH

358 posts

103 months

Monday 11th January 2016
quotequote all
Hi Funk,

The issue has not been able to be replicated, and unfortunately I am told there is a limited amount that can be done to mitigate this issue without having steps to replicate the problem.

I have been assured that all our ads are scanned regularly, and if any are found to be associated with any invalid/blacklisted URLs they would be disabled automatically and flagged as malware.

We are hoping this is a rare occurrence and that it was an odd rogue ad that got through for a small period of time. However, if this is still happening to you or happening to anyone else, please let us know and we will investigate this again.

Thanks,
Dom

AW111

9,455 posts

132 months

Monday 18th January 2016
quotequote all
I have twice today been redirected to the play store, but my browser is not supported, so I have no idea what it was trying to get me to install.
What a shame.

Funk

Original Poster:

26,254 posts

208 months

Wednesday 20th January 2016
quotequote all
It's going to st mate. They'll pump the golden goose harder for eggs until it croaks.

To be frank, it's probably not the fault of the devs - there are some management wkers somewhere that need hauling over the coals for presiding over such a clusterfk.

I've just replaced my One M8 with a Nexus 6P and debating whether to root it or not specifically so I can install ad-blocking.

hornetrider

63,161 posts

204 months

Thursday 21st January 2016
quotequote all
Funk said:
It's going to st mate. They'll pump the golden goose harder for eggs until it croaks.

To be frank, it's probably not the fault of the devs - there are some management wkers somewhere that need hauling over the coals for presiding over such a clusterfk.
Amen brother.

TallPaul

1,517 posts

257 months

Thursday 21st January 2016
quotequote all

Each time I go back from a topic I get this, using my Windows PC!

Ollie_M

2,268 posts

105 months

Friday 22nd January 2016
quotequote all
Dom is one of our developers so he his better to respond to this than I.. I'll ask him to jump on line again and see where we are with this.

Ollie

Funk

Original Poster:

26,254 posts

208 months

Friday 22nd January 2016
quotequote all
Ollie_M said:
Dom is one of our developers so he his better to respond to this than I.. I'll ask him to jump on line again and see where we are with this.

Ollie
I admire your attempts Ollie and I can imagine you guys are as frustrated at things as we are. Keep kicking this up the line until someone takes note and actually does something about it.

It's not good enough for a site the size of PH to be serving up 'malvertising' and then going all slopey-shouldered and saying it's not PH's fault, it's down to 3rd parties - if that's the case, fk the 3rd parties off and boot them out.

The changes that have happened with PH over the last couple of years are like death by a thousand cuts. As has been mentioned before that the forums aren't considered 'important' to Haymarket as part of the PH brand, perhaps hive it off and let people quietly enjoy it without all the bullst that seems to happen as a result of the relentless pursuit of monetising the site as a whole.

Ollie_M

2,268 posts

105 months

Monday 25th January 2016
quotequote all
I have arranged a meeting with the Heads of Ad Ops for tomorrow so hopefully I will be able to get some solid answers for you.
Apologies it's taking so long to get to the bottom of it all..

Ollie