KNOWN ISSUE: Pop-up ad

1. 94

   melbelposted 11 years ago

   I was viewing this forum post at ~ 9:00PM EST when a pop-up ad opened.
   
   See screenshot for more details:
   http://i.imgur.com/hchAcC3.png

   replyreport
   1. 70

      Matthew Meyerposted 11 years agoin reply to this

      We have done research on our end and the conclusion is that there are no known issues with the HubPages servers that would result in the pop-up ad users are seeing.
      
      This appears to be the result of client-side malware.
      The specific domain for the ad that pops up is womenshealthfour dot co
      The reporting users do not seem to have a common operating system.
      I and other people have tried to go recreate the issue and have not been able to do so on many computers spanning location, ISP, and operating systems.
      
      IKf you are seing this pop-up ad, I would suggest running a full virus and malware scan on your computer.
      If you do not have any such software in Windows, Microsoft security essentials may be a good option.  You might also look into malware scanning software such as Malware Bytes.  They offer a free "home" version of the software.
      
      For OS X users, you may want to check out Sophos.
      
      Keep an eye out for browser toolbars and any other extensions as well.
      It may help to try a different web browser, disable or remove all browser extensions, and/or uninstall and reinstall the browser.

      replyreport
      1. 0

         epsonok0posted 11 years agoin reply to this

         Deleted
   2. 70

      Matthew Meyerposted 11 years agoin reply to this

      We believe we have finally detected the advertiser responsible and have blocked the content.
      If anyone continues to see it the "womenshealthfour dot co" pop-up, please let us know.
      Hopefully, there will be no further occurrences and we have identified the problematic advertiser.

      replyreport
      1. 0

         sheilamyersposted 11 years agoin reply to this

         Thank you Matthew. I had the same thing happening and was going to report it the next time it happened. Thankfully it hasn't popped up again so I guess whatever you did worked.

         replyreport
2. 66

   relacheposted 11 years ago

   Email that screenshot direct to admin.  They'll be all over it.

   replyreport
3. 0

   epsonok0posted 11 years ago

   I get that all over HP now. It happens about every hour.

   replyreport
4. 93

   Rochelle Frankposted 11 years ago

   I reported a "pop-up" once, and it trurned out that I accidentally 'moused-over' an ad that flounced its way over the text I wanted to read, and that was not considered a 'pop up'.

   replyreport
   1. 0

      epsonok0posted 11 years agoin reply to this

      That is usually called nav links. If it happens again you have a virus. Go into your tools, and then add ons or extensions. Look for we down loader and remove it. Only if it happens again.;

      replyreport
   2. 94

      melbelposted 11 years agoin reply to this

      Ugh, I hate mouse-over ads. I've noticed HubPages seems to have more of those as of late (is that an AdSense thing? For some reason I remember seeing some AdSense ads like that.) I don't have a virus, though.
      
      I sent a message over to team about the pop-up.

      replyreport
      1. 0

         epsonok0posted 11 years agoin reply to this

         If it is highlighted text in random spots that is a virus. I had that problem and dont anymore. I can assure you, I do not see highlighted text right now.

         replyreport
         1. 94

            melbelposted 11 years agoin reply to this

            It's not, it's a mouseover ad.
            
            However, highlighted text is not necessarily a virus. It could also be an innocuous, but annoying plug-in either in the end-user's browser or as a part of the website (ie. some Wordpress publishers like to make a fraction of a cent off users who will most definitely never return.)

            replyreport
            1. 0

               epsonok0posted 11 years agoin reply to this

               Thats what I was trying to say. LOL A plug in on firefox called wedownload manager causes it for firefox.

               replyreport
5. 78

   psycheskinnerposted 11 years ago

   I am getting this as a redirect when I click to read a thread--so it is hijack not a mouse over or anything like that. I know what link I was clicking when it redirected.

   replyreport
   1. 0

      epsonok0posted 11 years agoin reply to this

      Oh no, I understand I get it daily. It looks like a newspaper. And my browser has pop ups blocked. It just means HP had a low level server intrusion. Usualy it happens when I click some peoples profiles and occasionally in a forum thread.

      replyreport
6. 78

   psycheskinnerposted 11 years ago

   So I wonder if we will get some acknowledgement, or this needs to be bumped to them somehow so they realize it is not the usual malware stuff.

   replyreport
7. 78

   psycheskinnerposted 11 years ago

   That is the domain I see exactly--and it shows when I click a thread on the forum that *should* just open a thread.  I am not anywhere near an ad at the time.  Instead I am taken right to that site and it is really hard to get out of as it also opens two "do you really want to leave" pop-ups.
   
   It only happens when I am on hubpages, and it happens on multiple computers that have been scanned for malware.

   replyreport
   1. 70

      Matthew Meyerposted 11 years agoin reply to this

      Thanks you for the details!
      I'm going to follow up and see if we can get this addressed.

      replyreport
      1. 0

         epsonok0posted 11 years agoin reply to this

         Ya, I get it too. And i have PC angel as well as file shredder both get used near automatically on misbehaving files. I download to cloud servers that detect virus and malware activity and remove it. So for me to get it only on HP as well as others in other parts of the world from me, something is not right.

         replyreport
8. 0

   epsonok0posted 11 years ago

   Sometimes a not so honest company finds a loop hole in the law. With the internet their are few laws. In fact as shocking as this may sound, their is almost nothing illegal online from certain countries. Now, an add like this knows that HP staff and tech team are well aware of browser hijacking codes. They know that they can not access an American server of a known company. So they submit an add program through a group like Google and sometimes those adds have code designed specifically for browser hijacking. I know this because about 2 months ago I wanted to write a hub on the ethics of browser hijacking and malicious adds. But what I found is for all the info out their on it, few actually understand the true way companies do it. And since it does have its illegal elements to it, the ones that know keep their mouth shut. The best way for HP to combat this, it to inform Google that it violates their wishes. Then create a block that does not accept any traffic from that adds URL. They must be careful to tell Google first who may take offense to blocking any add that is sent to HP.

   replyreport
9. 78

   psycheskinnerposted 11 years ago

   What made this seem different is that it happens only on Hubpages, never any other website.  I find it hard to believe the malware is that selective--that it can decide to only pop up when I am on Hubpages.
   
   I use two good malware scanners.  They find nothing.  Nor are the malware forums talking about this one, which they normally would for a malware multiple users are finding.
   
   So me and at least two other hubbers got this malware no one else is talking about online, and that only attacks when we view this site.  Color me skeptical.

   replyreport
10. 94

    melbelposted 11 years ago

    I don't have any malware. It's only happened here as well, when viewing a forum thread.

    replyreport
    1. 70

       Matthew Meyerposted 11 years agoin reply to this

       I am in the forums many times over the course of the day and have not seen the pop-up, nor has anyone else on our end been able to reproduce the issue.
       
       Can you share what you used to look for malware on your computer as well as what browser or browsers this is affecting for you?

       replyreport
       1. 0

          epsonok0posted 11 years agoin reply to this

          it happend again this time I did a search for slow cooker recipes and when I hit page two of the results I was take there. I see you deleted my post about this and the actual solution that Google themselves advices. I am getting sick of this pop up and I wish you guys would fix it.

          replyreport
11. 78

    psycheskinnerposted 11 years ago

    My primary program is the paid version of Malwarebytes.  I also disabled that and tried the free version of Adaware.
    
    I have observed this with both Explorer and Firefox.  I use Firefox on my laptop and Explorer on my desktop.

    replyreport
    1. 70

       Matthew Meyerposted 11 years agoin reply to this

       Is it related to a specific URL or URLs on HubPages?
       Does the pop-up occur every time you go to these URLs?
       Does it occur both when you are logged in and logged out?
       If you clear your browser cache and cookies and restart your browser, does the issue persist as well?
       
       The more specific the examples, the easier it will be able to test the different scenarios.

       replyreport
       1. 78

          psycheskinnerposted 11 years agoin reply to this

          As far as I recall it was always when I was on the forum and clicking to open a specific forum thread.
          I did not get a popup (I have popups disabled).  What happened is that my browser just went to the Health webpage (a highjack).
          This happens only about once a week on different threads. It has been happening for about 8 weeks now.
          I am always logged in.
          I did cleared c&c a couple of weeks ago and it has occurred since then. But there might have been a gap of some days between clearing c&c and nonoccurrence.

          replyreport
12. 94

    melbelposted 11 years ago

    I saw it on Chrome w my Mac. I ran the Sophos thing you suggested and nothing.
    
    I also saw it at school (either Chrome or Firefox, I don't remember.) Those computers are really stripped down (we're not allowed to install anything) and wiped clean on restart except for maybe one or two word or powerpoint files I have in my documents folder.
    
    I only saw it the two times and both times it was in the forums.

    replyreport
13. 78

    psycheskinnerposted 11 years ago

    I found one other report of this sire for malware: http://pandce.proboards.com/post/4396603

    replyreport
14. 0

    epsonok0posted 11 years ago

    I see this thread got a new title. Interesting.

    replyreport
15. 94

    melbelposted 11 years ago

    It just happened on a hub, my own hub actually:
    How to Achieve Goals the Fun Way

    replyreport
    1. 70

       Matthew Meyerposted 11 years agoin reply to this

       We tracked down the rogue ad that was responsible for this pop-up content. 
       
       We have partially blocked the ad URL and have informed Google of the issue. There could still be some occurrences until they finally block the content on their end.
       
       Thanks to everyone who provided helpful information so we could track this down.
       
       If I had gold stars to award, I would be handing some out today!

       replyreport
16. 78

    psycheskinnerposted 11 years ago

    I appreciate you keeping at it until the source was found

    replyreport
17. 78

    psycheskinnerposted 11 years ago

    I just had it happen again when I came into hubpages from another website to http://hubpages.com/feed/

    replyreport
18. 78

    psycheskinnerposted 11 years ago

    Just now on http://hubpages.com/forum/topic/118423

    replyreport
19. 78

    psycheskinnerposted 11 years ago

    Just now at http://hubpages.com/forum/topic/118550

    replyreport
20. 84

    rebekahELLEposted 11 years ago

    It has popped up for me a couple of times this past week.  It just happened again.  I clicked on a hubber's name in the forums and it went to the Women's Health page.  9:45 A.M. ET

    replyreport