Anyone know whether the re-direct when clicking on links in Pprune through:

apicdn.viglink.com is a new thing ?

Hovering over links shows it too.Seems it is for the purposes of serving ads.

nnnnnnnnnnnnnnnnn
nnnnnnnnnnnnnnnnn
nnnnnnnnnnnnnnnn

Had similar problems and cured it by running Malwarebytes and deleting suspicious program in control panel.

Thanks for that.

I just updated and ran Malwarebytes and nothing suspicious showed up.Only seeing it on links within PPruNe.

What was the prog you deleted ?

I've just noticed this too and thought I had a virus.

Yup, my MalWareBytes classified it as a PUP and deleted it......

It's a VBulletin add-on

Now More Control with the VigLink vBulletin Mod | VigLink Blog (http://www.viglink.com/blog/2013/09/23/vbulletin-mod/)

For reference, Malwarebytes will only run properly on an infected machine when you boot the infected machine in Safe Mode With Command Prompt and avoid starting explorer.exe - i.e. you'll need to navigate to the Malwarebytes' folder in Program Files (or Program Files (x86)) through DOS commands and then run MBAM.EXE in order for the scan to be fully successful.

Interesting content in the link from TWT above.

It's an apparent modification to calm down a bit of a war that's developed. In recent months I've been getting regular requests from some pretty big companies to remove links on PPRuNe to their sites. They seem to be coming under pressure from google to request their removal.

We have the policy that if links are from long term ppruners offered to assist others on the site then that is absolutely fine by us. If google have a problem then they can write to PPRuNe. So it looks like the modification to the software is designed to help sites maintain a similar stance more easily.

Rob

Here's how it typically works:

PPRuNe, for example, decides to be a Viglink affiliate. It installs a bit of gubbins on its web site.

Someone posts a message saying 'I bought my rubber duck at "x", and it was a very nice rubber duck.' If retailer "x" is one of Viglink's 30k clients, then the link is replaced by one which goes through Viglink, and PPRuNe gets a referral fee if a sale is made through that link.

In this case, PPRuNe is IB so I assume IB Is using Viglink across many of its sites. Viglink claims to be the #2 monetization tool after Google Ads.

Stick this in ya hosts file

127.0.0.1 apicdn.viglink.com viglink.com
(and the "w w w .viglink.com" one too- pprune expands the link if i use Wx3)

that'll teach 'em.

I don't know what that viglink does, but it's not part of where I want my browser to go, so I've added it to the long list of PUP loaders and virus sites in my Hosts file.

I now copy the link on the PPRuNe site into PFE, edit out all the waffle, and paste the relevant bit into a browser window. It's more effort, but I know I'm not going to pick up any more PUPs.

I do that too Keef, but thinking about taking it to the next level one could run a local lightweight http server (say Nginx) and using a host file point all that *.viglink.com malarky to it. The local http server can extract the target URL and redirect the browser to it.

If I knew how to do link filtering in FF I'd write a JavaScript plugin which would be even simpler. I'm surprised Ghostery doesn't already do this for us.

I wonder if someone would be so kind as to explain to a computer dummy ( me ) just how to stop this Viglink thing.

In the good old days, I'd take a look at the link and could be pretty sure if it was ok or not. Now it just seems to look like a load of junk that I can't understand. Therefore, I avoid links that may be interesting, uesfull and informative.


Cheers ;-)

It used to be that a link was a simple thing that just took you to another website. Nowadays, you can never be sure where a link is taking you - spammers send messages that look as if they're taking you to your bank, but actually they take you to the spammer's website where your bank details can be stolen and your account emptied for you.

Having had my computer compromised years ago by an apparently innocent link on a website, I have belt-and-braces security. Dodgy links are flagged with a red mark to show I shouldn't go there. All links on PPRuNe get the red card from my PC these days, even ones posted by Tony Draper.

The quickest/easiest fix is to use WOT (Google it; a link in here won't go there) as well as a full-service anti-virus and NoScript. That's still not 100%, but it's better.

If you want to stop any "browser grabber", then you need to do what cattletruck says. In your C:\Windows\System32\drivers\etc folder there should be a file called simply "hosts". It tells your computer not to visit certain sites.

Find the address of the offending "grabber" - the bit after the http:// - and put it into your hosts file preceded by 127.0.0.1 - something like this:

127.0.0.1 somewhere.naughty.com

Stick this in ya hosts file

127.0.0.1 apicdn.viglink.com viglink.com
(and the "w w w .viglink.com" one too- PPRuNe expands the link if i use Wx3)
Problem with that is that all links in any forum post become unusable.

Problem with that is that all links in any forum post become unusable.

... unless you edit them.

Keef, generally too much hassle.

Hassle it certainly is, but the effects of a browser hijack are vastly more hassle. I choose not to take the risk.

IMO, this has far more to do with corporate control of the net than preventing a browser hijack.

The links are modified to a degree that editing them so they actually work is like needle/haystack, especially if the poster has named the link rather than just pasting it to the post. eg NoScript - JavaScript/Java/Flash blocker for a safer Firefox experience! - what is it? - InformAction (http://noscript.net) vs useful firefox site
(http://noscript.net)
In the former, a user can at least c&p the relevant parts of the link. In the latter, not so much.
My latest hosts file update actually blocks the viglink site, without my having to add anything.

I've found that disabling/prompting for active scripts on a page (there are add-ons that do this very nicely) stops drive-by downloads dead in their tracks.

My hosts file blocks viglink too. Better safe than sorry!

This viglink plugin is so dangerous on a public forum that's why I block it. To me it is a degenerate way of using HTML links and is open to exploitation. Viglink should be reading the web server access logs instead which has exactly the same, if not more, information.