URL4SHORT.INFO redirects

[TimG]

I periodically get redirected to a spam site when I access MLW - i thought it was my machine but it showed up on my iPad too. It seems that there is an exploit in the BB software used by mapleleafweb:

http://peter.upfold....url4short-mess/

Edited February 10, 2013 by TimG

[cybercoma]

I've never been redirected on Macbook using Safari w/ Adblock installed.

[Sleipnir]

I periodically get redirected to a spam site when I access MLW - i thought it was my machine but it showed up on my iPad too. It seems that there is an exploit in the BB software used by mapleleafweb:

I'm using Chrome and I've been re-directed to anything else from MLW.

[TimG]

I'm using Chrome and I've been re-directed to anything else from MLW.

I use chrome too - it shows up if i do a google search for MLW and click on the link. If you look at the link I provided above it explains how it could be the result of an exploit in the s/w used by MLW - other sites with the same s/w report similar problems. Edited February 11, 2013 by TimG

[Sleipnir]

I use chrome too - it shows up if i do a google search for MLW and click on the link.

I have MLW in the favourite tab. Perhaps that's why I haven't run into what other people have been experiencing.

If you look at the link I provided above it explains how it could be the result of an exploit in the s/w used by MLW - other sites with the same s/w report similar problems.

I'll check it.

Edited February 11, 2013 by Sleipnir

[Charles Anthony]

- it shows up if i do a google search for MLW and click on the link.

It sounds like Google is delivering this link to you.

Why are you doing a Google search for MLW?

[TimG]

It sounds like Google is delivering this link to you.

MLW is the only site that i get this spam on and it shows up on Windows AND iOS.

That combination suggests it is the MLW.

However, I did provide a very detailed technical link that explains exactly how the java script running the IP.Board can be infected. From the link:

Another important question is how the injection was possible in the first place. A week later, and after much further analysis of a number of sources of information, it cannot be absolutely determined with the information I have available to me.

I can tell you what I think is most likely.

The attack likely happened around Christmas 2012, when a number of other forum sites were hit, exploiting either VB.SEO plugin vulnerabilities in the case of vBulletin, or the critical vulnerability in IP.Board in our case.

It seems most likely that the site was compromised, and this PHP was injected, in the 24-hour latency between the patch being made available and it being applied, or perhaps before the patch was available (zero-day).

This should underline, if it is not already obvious, the important of prompt application of security updates.

Edited February 11, 2013 by TimG

[Greg]

I've seen no evidence that the forum is infected.

Is anyone else reporting this issue?

[Greg]

Correction - I am now seeing the issue.

I'm looking into it and I will update this thread when I know more.

[Greg]

The forum will be upgraded and we will have this issue fixed shortly.

Thanks for being it to my attention.

[guyser]

Funny enough it just happened to me. I saw the name and said'...hmmm I think Ive seen that name before" and voila, checked here and yup , url4short.info .

[Greg]

This issue has been resolved, I am closing this thread.