I have been experiencing problem posting replies to topics in that the instead of the topic being displayed with the new pot added it hangs in mid post or that is what it appears to do. If I go back and refresh the topic I can see the post I added.
When this hang happens I saw a 1 pixel square at the top left of the screen and it would appear that there is another script running form mediacount, in the forum of an iFrame 1 pixel X 1 pixel. I had noticed this square in previous pages but didn’t twig what it was.
I don’t know what the consequences of placing an iFrame outside of the body/head of a wc3 standard page would be.
This I believe is happening because I have noscript and firefox, and becake this is a new addition to avast pages, I have only allowed avast.com and google-analytics.com and not mediacount.net. It took ages to find this and trying to ad mediacount.net is proving to be difficult.
Is anyone else experiencing this problem or noticing the 1 pixel square at the top left of pages ?
So what is avast using mediacount.net for and why use an iFrame tag, which is notorious for introducing malware into systems as it can run scripts with user input ?
This use of an iFrame tag on what is a security based web site I feel is a big mistake.
Edit: Looks like this mention of the iframe and malware exploit proved to be very accurate (see images below).
This is what the screen looks like with the 1 pixel iFrame if experiencing this problem.
If the hang occurs the URL in the window is where it hangs.
Edit: The images I tried to attach failed because the malware iframe screwed with the attachments and they don’t display so I have removed 1-pixel.gif and 1-pixel-hang.gif to avoid anyone trying to load them.
There also seems to be a further problem in that the attached images don’t display either.
So since this mediacount.net iFrame it has screwed my forum use with the Babylon theme, making it almost impossible to use the forum not knowing if the post was successful. Not very useful when you post about 20 posts a day.
Edit: absolutely no change with NoScript disabled. I have no idea what is going on since this iFrame for mediacount.net has been added but it totally screws me up.
Well I guess I found out a little more it would appear that the iFrame is a malware infestation on the forums, I wondered why it was lonely on the forums.
Wow, its lonely on here, I have just looked at the recent posts and I’m the only one soldiering on with 10 out of the last 12 posts since 6 p.m. UK local time.
I have reported the forum as infected to virus @ avast . com lets hope it is resolved quickly.
Seems it’s working now… testing…
Edited: the page does not come back to the same topic but to an empty page… strange. Look at the active tab in Firefox…
I noticed the 1x1 pixel square whenever I log in. I had mediacount.net disabled by No-Script but when I disable No-Script, I still see the square as well. :-\
Well, I’m glad I read these posts. Have been unable to log on in Firefox, and when I attempt in IE7, Avast AV blocks the page from loading. Ironic.
Strange. Just noticed I am logged on. Just got a pixel before.
Also unable to modify profile.
Firefox by all accounts isn’t vulnerable to this attach by all accounts, even with noscript disabled, when I experienced page problem I checked the page source in trying to track the problem and saw the iframe tag. At first I just thought the forums was using it to gather page visited data, etc. and thought it a crazy method to do it.
However, when I tried using avant an IE clone web shield alerted. So I twigged the site had been infected, so I sent a report to avast.
These were the two images I tried to attach earlier that failed.
It would be interesting to know if this was purely a security failing of SMC 1.1.2 as I found several such issues on the Simple Machines forums and they were also using 1.1.2 but it seemed they also had a weakness in their webhosting service.
A forum member at Wilders suggested it would be a good idea for the Avast forum admin to send a mass email to all the forum users briefly explaining what happened, and offering the appropriate reassurance. (Or not ;))
I agree with that thinking.http://www.wilderssecurity.com/showthread.php?t=183634&page=3
I think like Bob. I’d rather an explanation (what was compromised by the exploit: our emails, our personal forum data, the posts themselves…) than a spam hysteria.
I never did get any malware warning, but I did get weird behavior here last night and this morning that, given the (coincidental?) timing, could very well have been tied into the same thing.
If I attempted to mark a forum as read, or in some cases simply returned to a forum after reading a topic, I got an error message to the effect that session verification had failed, try logging out and back in again. But hitting the log-out button simply gave me the same error and left me logged in.
Whatever happened, it’s nice to see everything’s back up and running normally again.
