Should have a red stop sign with ABP in it, maybe one of the links here will direct...
https://adblockplus.org/blog/first-o...to-for-android
Printable View
Should have a red stop sign with ABP in it, maybe one of the links here will direct...
https://adblockplus.org/blog/first-o...to-for-android
Having used the product for almost five years (I think), this is really only true if you want to see ads and pop-ups, pop-outs. I have rarely run in to issues.
One site I like to see content from, every now and then, has completely disabled their site if it detects ABP -- Forbes.com. Every other site I visit is ad sterile, and I have very few complaints.
As some who designs and maintains multiple websites and forums... If even occasionally the ad providers are serving up malware ads on a clean machine... It's a problem that the site needs to take seriously and select another ad approach that they can control.
I agree that many machines are infected, but a site should not have to tell users to use abp to keep from seeing malware on a clean machine.
I'd hard code ad links to the legit sponsors before I let 3p ads cause issues for users with clean machines.
I'll try to test later with a read-only known clean instance to see if I see a problem. Will say that via tap-a-talk I never see a problem on m4c, and pretty much don't read forums which do not support it for whatever reason.
Known clean machine, the flash ads under the legit site sponsor ads serve up malware/redirect ads after the 4th or 5tg refresh.
I suspect a bad ad provider network, will try to inspect the code later to see if its just the ad network or a forum code infection.
Personally, I would never relinquish control to a third party ad network with the quality of legit sponsors m4c has. Not worth the disruption to legit advertisers and site traffic.
I'll have to test more later, but here's what I've found so far:
- Surfaces in the last iframe before the body, and is coded to point to the gunbroker ad network
- Most GB ad's are legit and firearm related. But periodically the malware one surfaces
- Takes several seconds before redirects
- I can duplicate on sterile android instances. I see the bad ad & provider (largely blank), but it does not redirect like it does on android
- Harder to duplicate on IE/Chrome with recent browsers
- The ads (good and bad) are in javascript/AJAX space, which is why it's harder to see/debug
- Adblock plus and similar are stopping it, but are blocking the Gunbroker ad's entirely
- I can see the problem ad loading the gunbroker ad link directly. It appears to be associated with the yashi network, but I need to confirm
I cannot tell if the malware ad is just one in a sequence of the GB ads or the network taking advantage of browser vulnerabilities or what.
To be very clear, I cannot confirm the ads are originating by gunbroker, just that they are displayed in stream with the gunbroker carousel ads and I can see them even directly via the gunbroker link. (Proceed judiciously). It could be their hosting provider, etc. Or the ad network, as I'm seeing non-firearm related ads periodically. (state farm, the economist, ftd, etc)
While I still think the problem ads are in the gunbroker ad carousel, it appears to be via a fourth party ad network in the mix causing the problem. It's the non-firearm related ads with the yellow star in the lower right. (Yashi network?)
It might take 20-30 reloads to get the bad ad, but if you are patient it can be duplicated. I've duplicated on android and windows directly via the ox-gunbroker link. (OX is openX, gunbroker's hosting provider)
The ads are either "flash player out of date" malware, or similar for java on desktop browsers. On android they are the "you have a virus" or playstore redirects. pubmatic is a common one, and is a known mal-ad provider.
They also do not occur if you are forcing use of https via an extension, as that bad ad content do not have valid certificates. (another reason you may not be able to duplicate) The legit ads do not have an issue with https. (I use httpsanywhere, but similar is not available for most mobile devices)
There is also a clear difference between the gunbroker placed ads and the ones served via the 4th party ad network (Yashi? pubmatic? eyecyou?) in behavior and structure.
My recommendation would be to disable the gunbroker iframe in the vbulletin code until their ad carousel is only serving their native ads and any 4th party providers are disabled.
That will not effect the native m4c sponsor ads, and hopefully the site is not dependent on click through revenue from thirdparty ad networks. You don't want to risk ill will from ad hijacks rolling onto your native site sponsors as users cannot differentiate.
Thanks for the decomposition of the issue. Appreciate the legwork. I am pretty sure it is being looked at again, but as I mentioned it's been changed at least twice that I've been told, and the issue creeps back.
More data on duplication:
- Typically takes 20 refreshs/reloads before the network ads appear.
- Some network (non gun broker) ads typically appear around the 18th refresh, but problem ones not until about 20 or so.
- Seems to happen much faster on mobile devices than on desktops browsers. But that could just be luck of the random ad rotation. I have seen it take 20 refreshes to trigger on Android as well.
- Chrome will not allow most of the mal-action to occur due to cross site scripting constraints, etc. Internet Explorer is easier to trick.
- This is active java DOM/AJAX code... not a static web page. I can watch it try different things in the browser javascript console over 20-30 seconds before giving up. It's also fairly adaptive to mobile browsers, etc. I can also confirm that it's being served up initially via the gunbroker iframe and is not browser extension related, etc. IE: Not a local infection.
One last thing, while what I'm seeing fairly confident to be generated via the 4th party ad network, pubmatic and similar can also be known infection with browser extensions, search toolbars, etc. IE: even if the ad carousel issue is fixed you may still see problems if your machine is also infected.
OK, more data. OpenX is not GB's hosting provider, it's the ad platform they are using. With, apparently, a long history of malvertising infection through sql injections, old code, default passwords, etc.
This article explains it better than I can, but does match exactly what I'm seeing: https://blog.avast.com/2013/11/14/ma...openx-servers/
As an aside, I can duplicate the problem on the main gunbroker website as well as they also use the same banner ad carousel.
This is the curse of the modern web world. I let very few third parties embed in sites I admin/design as it's just too hard to police. When you do, you are not just relenquishing control of content, but their code can utilize browser vulnerabilities, etc and you get the blame. Every time I've allowed anyone other than biggies like google and such it's caused problems much later, and usually someone had to tell me. IE: users see it but an admin does not know to look for it.