I've had a report from a user about a giant viagra ad coming up when trying to access the forums. Has anyone else had this problem? If yes, please tell me what your OS version and browser version are. He says "When I clicked through to any of the forums I was getting a big page filling ad from something like cialis or viagra and no forum. I was assuming that you failed to pay for keeping your domain name and some spammers swooped it out from under you."
Thanks for your help!
I do get an ad page trying to sell me various drugs but the strange thing is it only seems to strike when I connect to the forum from my phone or tablet over 3G. WIFI seems immune. No other pages suffer the same indignity. I'm completely foxed as to what's going on. Cleared down the cache but the pattern seems consistent; from either of those two devices over 3G I sometimes get that drugs page, and under no other circumstances.
Thanks for the info! We're working on it.
We've identified this as likely the "Pharma Hack", which tries to serve the GoogleBot with drug ads. You can see them in the results if you Google "Atlas Games forum". We think we've cleared the infection, but the ads are still lingering on the Google results, so there may still be an unresolved issue. Please post here if you have any more info or observations about it. Thanks!
I've been having this problem forever. I originally logged in as "Slerotin" and I thought maybe my profile was somehow corrupted. I made a new account today "Easydamus" and I'm getting the same thing. When you click on a forum link, you go to a page with blue text boxes talking about some random drug, with other links to drug-related sites. It's extremely frustrating. It hasn't been fixed.
Ugh. We've let this problem fester too long on the assumption that the infection's only a hassle to the Google computer.
My apologies, Easydamus. I'll see if I can't find someone with the time to seek a solution.
I don't think this is an Atlas issue. I'm not, nor have I ever seen the giant viagra ad.
My guess is that this is some kind of DNS man in the middle attack where the individuals are getting redirected from the page they want sent to a different page that the man in the middle wants. This is a bit outside of my expertise, but it doesn't look like the Pharma hack that was previously mentioned (as that's a Wordpress thing).
Easydamus, what is the exact problem you are having? Is it the one in the OP, or is it slightly different? The reason I ask is that it could also be a malware infection. Do you have different experiences on different devices, too?
I did some research on this a few months ago, and it does seem to be an issue with something that's gotten its tentacles into our installation of phpbb. I was very optimistic, before I started my research, that it was something we could blame on an external party. Doesn't seem to be, though.
Well, if it were something that affected Atlas, everyone would have the same experience, right? I never had had this experience with any links on an Atlas site. For what it's worth I use OpenDNS for my DNS servers. Marklawford's example suggests that different DNS servers are passing different info along, because 3G networks typically use different DNS servers than what might be used by the user's ISP.
The malware that seems most likely as our infection candidate screens for the browser's user agent, and returns spam if you are GoogleBot. The goal of the malware is to infect Google with bad entries advertising Viagra (etc.). If you Google for various pharmaceuticals inside the Atlas domain ("viagra site:atlas-games.com," say) there are a couple of hundred entries. But when a human follows the link (well, most humans), you see a regular forum page. The point appears to be to create link juice for outside sites, rather than to get ArM fans to buy little blue pills.
Although this state of affairs is undesirable, we figured that all humans were being served the actual forum pages, so we haven't made a fix a super-high priority, given that we're a small staff with lots of competing priorities. But obviously, some other user agent, some other IP range, some other DNS — who knows — is also flagging the wormy little malware into serving up Viagra pages.
I'm browsing from Chrome on my smart phone and am definitely getting ads for Viagra and Cialis and such. If I'm at the main board index and click on any forum it leads me to a large blue and white ad page. My work around was selecting a user, which takes me to their profile page and then using the drop down box at the bottom to go to the forum I would like to view.
::headdesk::
I don't want to alarm you guys but When I click on the FOrum heads it brings up the Viagra/Cialis ads I can clickinto the individual threads via peoples last posts but any Main header link is this Pharma thing.
When I connected to the Forum from my hotel in Sweden (Scandic Victoria in Sweden if it is any help) I was getting the ads.
It was odd in that I got them if I went to any subforum, but I could get to the main forum page without trouble.
I'd bet that if you changed your DNS servers to Google's or OpenDNS's servers you wouldn't have this problem. I've never seen this problem, but I'm using OpenDNS servers.
Open DNS: 208.67.222.222 and 208.67.220.220
Google: 8.8.8.8 or 8.8.4.4
Not a DNS Hack. I switched to Google DNS and clear both the MAC DNS Cache and the Chrome DNS Cache, and restarted the machine. The problem remained.
The problem occurs only with URLs of the form forum.atlas-games.com/viewforum.php?f=## and only when the forum number (##) is between 1 and 55. 56 and above work. The forum entry (no f=) works. Thus, it looks like a highly selective hack in the server php logic.
Just popping in to add to the list of complaints. It doesn't seem as broadly site-affecting for me, though. I can't get to "Ask Atlas" or the Ars Magica forum, but apparently I can get into Unknown Armies. shrug I'm thinking it has to do with where you guys are all accessing from. I never had this problem at home, yet as soon as I try to access the site from the library WiFi, the blue ads of death show up. It's really quite distressing, but as the Atlas people have apparently been saying for over two years now, they have bigger priorities. 