PPRuNe Forums

PPRuNe Forums (https://www.pprune.org/)
-   Private Flying (https://www.pprune.org/private-flying-63/)
-   -   This forum is infected (https://www.pprune.org/private-flying/436237-forum-infected.html)

IO540 9th December 2010 13:40
This forum is infected
 
Look in your browser's View Source and if you see alice.it ....

Actually I think it is something in the Italian thread

IanPZ 9th December 2010 13:48
OMG, says I. I would have expected the various scanners I have to pick it up, but its there.....

And then I realised that I had searched for it, and found the string that was actually your thread starter.

Doh!:ugh:

englishal 9th December 2010 14:43
I can see Alice.it in the source....because you wrote it :}:}

As it was explained to me once, sometimes website designers leave it little bits of code which point to a dead domain, just in case their clients refuse to pay the bill. In that case the domain comes alive and they can sabotage the website.

Some of the time, depending on how clever your virus scanner is, these are picked up as possible viruses by heuristic scans, when in actual fact they are benign.

IanPZ 9th December 2010 14:50
we used something similar in a bunch of early web applications we wrote, but to track unique user base, many many years ago. Page would pull in a single pixel image from our website embedded in the client site, so we could keep track of whether they were paying for correct user license. Permission was granted somewhere deep in T&Cs.

Now its pretty much used by everyone in products like Webtrends. Ah, I wish we'd had the foresight to make that product :-) Never mind

IO540 9th December 2010 15:09
It was definitely in the "Italian" thread; I could make the warning pop-up anytime I did an F5 on that thread. Now it's gone.

The URL was
xoomer . alice . it / hpcave / p66.jpg
and it's identified as a known phishing site.

If you go to the Italian thread, without any AV software running, and see the URL in there...
sometimes website designers leave it little bits of code which point to a dead domain, just in case their clients refuse to pay the bill. In that case the domain comes alive and they can sabotage the website.
Nasty - but I have seen that on another aviation forum. Actually every aviation forum I know of has been hit with "silent redirection" hacks (usually SQL insertion in the advert feed) within the past year. The admins never like to advertise it.

Page would pull in a single pixel image from our website embedded in the client site, so we could keep track of whether they were paying for correct user license. Permission was granted somewhere deep in T&Cs.
That technique is used today to see if people have read their emails :) You stick the 1-pixel image URL in the email and log the server hit. Like most of these things, it works best with Micro$oft email software ;)

Now its pretty much used by everyone in products like Webtrends
Easily blocked by NoScript plug-in in Firefox. I block all that stuff by default.

IanPZ 9th December 2010 16:08
IO, you're incredibly well informed on technology for a 92 year old :-)


All times are GMT. The time now is 14:42.


Copyright © 2026 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.