Go Back   nV News Forums > Website Related > Feedback Forum

Newegg Daily Deals

Reply
 
Thread Tools
Old 08-21-07, 03:32 PM   #25
DiscipleDOC
 
DiscipleDOC's Avatar
 
Join Date: Dec 2002
Location: Alabama, Planet Earth
Posts: 5,993
Default Re: Pop-ups?

So, did someone hijack the forum?
DiscipleDOC is offline   Reply With Quote
Old 08-21-07, 03:36 PM   #26
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Pop-ups?

Remote code URL is http://nvnews.us.intellitxt.com/v3/d...ews.net/forum/

The offending ad is coming from amch.questionmarket.com
evilghost is offline   Reply With Quote
Old 08-21-07, 03:38 PM   #27
Redeemed
Registered User
 
Join Date: May 2005
Posts: 17,982
Default Re: Pop-ups?

Ghost- you never cease to amaze me with how much you know.

I'm betting Mike is glad he has you as a friend instead of an enemy...
Redeemed is offline   Reply With Quote
Old 08-21-07, 03:40 PM   #28
DiscipleDOC
 
DiscipleDOC's Avatar
 
Join Date: Dec 2002
Location: Alabama, Planet Earth
Posts: 5,993
Default Re: Pop-ups?

Ghost is teaching me Debian. 'nuff said.
DiscipleDOC is offline   Reply With Quote
Old 08-21-07, 03:45 PM   #29
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Pop-ups?

Here is the solution. MikeC gets some money from Intellitxt I'm sure (why else would it be there). If you want to support Intellitxt as a revenue source but do not want some worthless Flash driven spam flying across your browser window, simply add the following line to your HOSTS file:

Code:
127.0.0.1     amch.questionmarket.com
Your HOSTS file is in %WINDIR%\System32\drivers\etc\hosts. An easy way to edit it is to simply open a CMD window and type:
Code:
echo 127.0.0.1     amch.questionmarket.com >> %windir%\system32\drivers\etc\hosts
exit
%WINDIR% is an environment variable for the Windows installation directory, type it as-is. Close and re-open IE and the changes should be cached/loaded.
evilghost is offline   Reply With Quote
Old 08-21-07, 03:47 PM   #30
DiscipleDOC
 
DiscipleDOC's Avatar
 
Join Date: Dec 2002
Location: Alabama, Planet Earth
Posts: 5,993
Default Re: Pop-ups?

Dang...I had to deal with a host file today to allow stuff to go out of our firewall....


This should be moved to our Networking/Security Forum.
DiscipleDOC is offline   Reply With Quote
Old 08-21-07, 03:56 PM   #31
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Pop-ups?

Here's over the wire, as you can see, I was right about the cookie.

Code:
GET /static/sc_trans2_black_li-350x250-1l-eng-nul.swf?clickTag=javascript:DL_GotoSurvey();&clickTag2=javascript:DL_Close(); HTTP/1.1

Accept: */*
Referer: http://www.nvnews.net/vbulletin/
x-flash-version: 9,0,16,0
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Host: amch.questionmarket.com
Connection: Keep-Alive
Cookie: linkjumptest=1
Here's the direct link to the annoying worthless flash that flies across your screen:

Code:
http://amch.questionmarket.com/static/sc_trans2_black_li-350x250-1l-eng-nul.swf?clickTag=javascript:DL_GotoSurvey();&clickTag2=javascript:DL_Close();
And here's me owning that same link with a blatant XSS vulnerability:

Code:
http://amch.questionmarket.com/static/sc_trans2_black_li-350x250-1l-eng-nul.swf?clickTag=javascript:DL_GotoSurvey();&clickTag2=javascript:alert('evilghost is your daddy');
Go ahead, open it, and click the 'Close' button

MikeC, if you want to engage intellitxt, this post is what you need. It's the direct URL to the flash they are serving up.
evilghost is offline   Reply With Quote
Old 08-21-07, 04:27 PM   #32
MikeC
Administrator
 
MikeC's Avatar
 
Join Date: Jan 1997
Location: Virginia
Posts: 6,660
Default Re: Pop-ups?

Thanks for the detective work evil. I will pass on your findings to the folks at Intellitxt.

In addition to maintaining a local hosts file, another recommendation that I have for visitors is that they review their browsers security settings. As I mentioned earlier, I have yet to receive a pop-up and believe that it is a result of changing a few default settings.

For example, accept cookies manually and use the restricted web site feature. Also, review security settings and disable automatic downloading of ActiveX controls. If you are not sure about disabling a specific setting, request that you be prompted instead.
MikeC is offline   Reply With Quote

Old 08-21-07, 04:39 PM   #33
Bman212121
Registered User
 
Join Date: Jan 2006
Posts: 6,726
Default Re: Pop-ups?

Quote:
Originally Posted by MikeC
Thanks for the detective work evil. I will pass on your findings to the folks at Intellitxt.

In addition to maintaining a local hosts file, another recommendation that I have for visitors is that they review their browsers security settings. As I mentioned earlier, I have yet to receive a pop-up and believe that it is a result of changing a few default settings.

For example, accept cookies manually and use the restricted web site feature. Also, review security settings and disable automatic downloading of ActiveX controls. If you are not sure about disabling a specific setting, request that you be prompted instead.
Sounds like a great tutorial brewing for the Network and security forum.
Bman212121 is offline   Reply With Quote
Old 08-21-07, 05:07 PM   #34
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Pop-ups?

Quote:
Originally Posted by MikeC
Thanks for the detective work evil. I will pass on your findings to the folks at Intellitxt.
Always glad to help.
evilghost is offline   Reply With Quote
Old 08-22-07, 02:00 PM   #35
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Pop-ups?

For what it's worth, it appears fixed, Intellitext must have pulled that ad (good). Good work MikeC.
evilghost is offline   Reply With Quote
Old 08-22-07, 02:37 PM   #36
Bearclaw
Guest
 
Posts: n/a
Default Re: Pop-ups?

Quote:
Originally Posted by evilghost
For what it's worth, it appears fixed, Intellitext must have pulled that ad (good). Good work MikeC.
Ya, it appears to be gone now. I was getting it earlier in the day and now I am not.
  Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
Shootmania beta sign ups Logical Gaming Central 5 07-10-12 03:16 PM
4-Star Stocks Poised to Pop: NVIDIA News Archived News Items 0 06-15-12 12:30 AM
Nvidia: Nomura Ups to Buy; Likely Beat on FYQ1 News Archived News Items 0 05-07-12 05:40 PM
UPS Question FastM General Hardware 2 10-02-02 02:21 PM

All times are GMT -5. The time now is 11:39 PM.


Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright 1998 - 2014, nV News.