Malicious Ad Redirects on OzB?

Lwetsandwich on 02/01/2020 - 12:42
Last edited 02/01/2020 - 12:55

Hi, so a few times when on the main page / deals page, I've suddenly found myself staring at antivirus or online casino ads. The Ozb page has redirected me to this sort of thing without me clicking on anything.

Before you blame me, this happens both on my highly firewall'd work PC, as well as my home PC. My work PC is IE, my home pc is Chrome.

It's not often, but maybe 1-2 times per day.

It has never happened on any other website.

Example URL I just found myself on:

https://www.avast.com/lp-ppc-hp?ppl=ajsdh3&gclid=56198151123…

Site Discussion

Comments

  • WoodYouLikeSomeCash on 02/01/2020 - 12:44
    -1

    Your internet may be compromised.

  • Sergeant Salami on 02/01/2020 - 12:46
    +1

    Clear your cache and cookies.

    • wetsandwich on 02/01/2020 - 12:55

      Tried that and it happened again before I'd even logged back into the site.

      • Sergeant Salami on 02/01/2020 - 13:03
        +3

        You must have a dodgey Add In/Extension installed. Try removing them otherwise you can do a Browser "reset" in IE and Chrome.

  • Diji1 on 02/01/2020 - 13:12
    -2

    uBlock Origin.

    Internet advertising is regularly hijacked by criminals, usually looking to exploit your system, while Google tells idiots that it's all over the problem so there's nothing happening.

  • Katie2014 on 02/01/2020 - 15:43
    +1

    There's a discussion about the issue here:https://www.ozbargain.com.au/node/436226

    I had the same problem (only when visiting OzBargain, only with Safari, no Malware or virus detected etc) but haven't had any problems since I stopped using Safari.

    Switching ads off has also fixed the problem for other users.

  • deme on 05/01/2020 - 11:41

    Hold up, your post says you were sent to avast.com with an affiliate code.

    Are both computers on the same network?

    https://www.grc.com/dns/dns.htm

    run this test the point of this test for you is not the spoofability but rather to check that the name servers that appear in the result of that of your ISP if they're not and you have not intentionally change them it would appear likely that your router is compromised.

    Another test you can do is see if the ads appear when navigating to http://www.ozbargain.com.au vs https://www.ozbargain.com.au if ads appear only on the https site it is likely that your traffic is being intercepted probably through a compromised home router.

    • wetsandwich on 07/01/2020 - 16:35

      I ran this and don't quite understand what I'm seeing, but several of the nameservers returned 'very bad' and 'bad'. This is on my work connection via MSP..

  • deme on 07/01/2020 - 20:22

    What is MSP?
    Managed service provider?

    What you saw is a measure of the randomness of information that is used to protect your DNS queries from being spoofed.

    That's really interesting, I haven't seen a very bad except for years ago when it was discovered some DNS servers had poor randomness.

    Is your phone on the same network and do you have the same problem with it?

    • wetsandwich on 08/01/2020 - 09:15

      Yes, Managed Service Provider. They've been very competent when I've had to troubleshoot other issues with them, so they seem to generally know what they're doing..

      Our actual ISP is Vocus I believe.

      I will try to reproduce it on my phone in the meantime, but no I don't usually connect that to the work wifi so it will just be 4g Telstra. I don't think I've ever noticed it on my phone but then there isn't much need to browse ozb on that (more fiddly to actually buy anything on the small screen).

      My home PC which has had it happen has absolutely nothing in common that I can think of. Different browser, different ISP (TPG), different part of Melbourne. If it wasn't for all this I would actually believe the people saying 'ItS jUsT YoU' but I really can't think of anything in common other than the fact it's only on OzB.

      I even use adblock on Chrome at home where it has happened.

      • deme on 08/01/2020 - 20:14

        That's really helpful, I wrongly assumed you worked from home.

        I strongly suspect bad ads. How often does it occur?

        Bad ads do happen even for the large players.

        @scotty do you use multiple ad networks? Not putting them blame on you, just want to go find bad ads.

        • wetsandwich on 09/01/2020 - 14:07

          Seems to be isolated to when I start a new session, so when I've just logged into the computer it happens without fail the first time I go to Ozb straight away, or when I've closed the site for a while then load it up in a fresh IE window/tab.

          I have never got it yet on my phone (Chrome) so maybe it is isolated to the type of scripts that PC browsers can run compared to a mobile browser.

          I've also emailed Avast about it as presumably it's against their affiliate T&C (though not their fault as a company obviously).

  • wetsandwich on 14/01/2020 - 16:44
    +1

    Update, since my last post in this thread, nothing has changed on my end in terms of browsers, plugins, computers used etc - and I haven't received the redirects since. So something, somewhere changed..

Login or Join to leave a comment
Login Join