Malware on ARRSE ?

_Chimurenga_

LE
Gallery Guru
#1
Got this alert a couple of minutes ago when I tried to click on "LAST 50" tab.

 
#4
Yesterday I periodically got a warning message that the site 'certificate' had expired and was asked to accept or refuse. I always refused & the page loaded correctly so I assumed it was something to do with one of the ads.
 
#5
It can sometimes happen with img code links.
 
#6
Thanks for the heads up. I found mention of this on two other forums this morning, but I can't find eqads in google's control panel where we can choose which networks can use us. I'm therefore a bit stumped. I will spend some time on the site this morning and try to get the same thing.
 
#7
Yesterday I periodically got a warning message that the site 'certificate' had expired and was asked to accept or refuse. I always refused & the page loaded correctly so I assumed it was something to do with one of the ads.
That sounds like an SSL certificate warning - the padlock that you get at the top of the page when you use online banking, email and so on. We have never used SSL connections, and you can't connect at all to the site on an https:// URL. So I'm really surprised to hear about that error. Can you take a screenshot the next time it happens? Or at least a note of the URL?
 
#8
That sounds like an SSL certificate warning - the padlock that you get at the top of the page when you use online banking, email and so on. We have never used SSL connections, and you can't connect at all to the site on an https:// URL. So I'm really surprised to hear about that error. Can you take a screenshot the next time it happens? Or at least a note of the URL?
OK, so far it hasn't happened today.
 

Brotherton Lad

LE
Kit Reviewer
#9
Just had the malware warning on the self-taken photo page. egad again
 
#10
I have scriptsafe running on chrome to prevent scripts automatically running on a page. Currently on this page (and all others i've been to on arrse today) its blocking hundreds of scripts being served by www.arrowpushengine.com. this is not normal behavior !

www.arrowpushengine.com is some sort of live chat engine that seems to be trying to execute xml scripts. something is wrong with this. after 1 minute on a page i'm blocking 1000 scripts


 
#11
I have scriptsafe running on chrome to prevent scripts automatically running on a page. Currently on this page (and all others i've been to on arrse today) its blocking hundreds of scripts being served by www.arrowpushengine.com. this is not normal behavior !


Could this be a function of the new chat with 130+ people logged onto it, according to the new button at the bottom of the page?
 
#12
Could this be a function of the new chat with 130+ people logged onto it, according to the new button at the bottom of the page?

Yes i've just seen the new chat feature mentioned on another thread. it seems to be whats generating the scripts.
i get a bit ******* paranoid when stuff like this happens
 
#14
this is not normal behavior


They are AJAX requests from the chat package - at an educated guess it's updating how many people are online. AJAX - asynchronous javascript and XML is how modern websites get desktop-like behaviour. It allows your browser to communicate with a server without you refreshing a page, by sending small bits of information back and forth. It's use is widespread and perfectly normal. Normally my sympathy for this sort of paranoia is limited - plugins that cripple your browser for no obvious reason are not something that I have a great deal of time for.

This does however sound quite extreme and thanks for flagging it up. For most people, most of the time, a chat package is not wanted. Having a constant data flow without even using it just seems wrong. I will therefore do some digging - I won't modify anything yet as I don't know if it's staying, but will look in to it.
 
#15
That sounds like an SSL certificate warning - the padlock that you get at the top of the page when you use online banking, email and so on. We have never used SSL connections, and you can't connect at all to the site on an https:// URL. So I'm really surprised to hear about that error. Can you take a screenshot the next time it happens? Or at least a note of the URL?
screenshot.JPG
 
#16
... and I have just had this ... ARRSE security.jpg
 
#17
Border_Reiver - I think that's dragknuckle's sig block causing that. Don't know if it's a bad thing (the message, not his sig block - you be the judge of that...)
 

Similar threads

Latest Threads

Top