Malicious URL on diyaudio website? [RESOLVED]

Status
Not open for further replies.
Administrator
Joined 2007
Paid Member
In the interests of research (the things I do for diyAudio :D) I put livejasmin into google and clicked on the offerings. I used my old Vista laptop. Checking IE's temp files showed a Jasmin favicon and history showed new.livejasmin.com with a few entries when expanded.

I then enabled adverts on here and had a major click through all I could find but never once saw a redirect anywhere.

A normal disc clean and browser cache clean deleted all the cookies and history and they have not regenerated. Microsoft Security Essentials show system as clean.
 
Hi Jason
I have been playing around with some old IBM Thinkpads and Linux. i have just done a fresh install of Puppy Linux on a wiped hard drive. I installed an old version of Firefox as 11 was the newest version I found in the repository. I navigated to DIYaudio and immediately was linked to the Live Jasmin Website.
I have now logged on on this fresh install to report back to you.
If I have time I might try it again with just the live CD.
Regards Xoc1
 
Switches things on and off again
Joined 2000
Paid Member
Hi Jason
I have been playing around with some old IBM Thinkpads and Linux. i have just done a fresh install of Puppy Linux on a wiped hard drive. I installed an old version of Firefox as 11 was the newest version I found in the repository. I navigated to DIYaudio and immediately was linked to the Live Jasmin Website.
I have now logged on on this fresh install to report back to you.
If I have time I might try it again with just the live CD.
Regards Xoc1

Brilliant. I'll use that setup to debug the problem.
 
Switches things on and off again
Joined 2000
Paid Member
Ok, here are the exact steps I took to try and replicate the problem:

1) I burnt the latest Puppy 5.4 ISO to DVD, ran it directly from DVD, set up Wifi.
2) Tried www.diyaudio.com using Seamonkey, no problems.
3) Downloaded the latest Linux version of Firefox (16), visited diyaudio, no problems.
4) Downloaded Linux Firefox 11.0, visited diyaudio, again no problems.
5) Using Firefox 11.0, refreshed the front page 20 times, moved around the site, still nothing..

This is certainly a very odd issue. Are you doing anything differently to me? The only difference I can think of would be my physical location (I note you guys are in UK / US, I am currently in the Philippines), and my DNS server (from my ISP).
 
Oh FYI - Chrome Version 22.0.1229.94 on Mac OSX 10.7.4 no issues :)

jason sounds like an ISP issue ; stale (or poison) DNS causing a redirect. if user tries multiple OS and same issue - try 3G or another WIFI point using a different ISP where possible eg: try it at home and then try it at work :)
 
Switches things on and off again
Joined 2000
Paid Member
Oh FYI - Chrome Version 22.0.1229.94 on Mac OSX 10.7.4 no issues :)

jason sounds like an ISP issue ; stale (or poison) DNS causing a redirect. if user tries multiple OS and same issue - try 3G or another WIFI point using a different ISP where possible eg: try it at home and then try it at work :)

Yeah I agree at this point in time. People that are experiencing this issue, what DNS servers are you using, with what ISP? Can you try using Google DNS (8.8.8.8), rebooting, and see if the problem still occurs?

Considering there are people in the UK and US that get it, I'm also thinking there may be something that is only rendering the code if the visitor is coming from a high paying country, so I'll have to try using proxies in various countries to replicate that scenario.
 
Hmmm, my DNS where I normally am is 192.168.0.35 but I don't think that will help you much dude :D

I forward to 61.9.133.193 and 61.9.134.49 - Tel$tra DNS servers here in Vic.

From where I am at the moment ;

Psyolents-MacBook-Pro:~ Psyolent$ dig @61.9.133.193 diyaudio.com

; <<>> DiG 9.7.3-P3 <<>> @61.9.133.193 diyaudio.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22449
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;diyaudio.com. IN A

;; ANSWER SECTION:
diyaudio.com. 3513 IN A 209.59.179.1

;; Query time: 19 msec
;; SERVER: 61.9.133.193#53(61.9.133.193)
;; WHEN: Mon Oct 29 07:59:08 2012
;; MSG SIZE rcvd: 46

Psyolents-MacBook-Pro:~ Psyolent$ dig @61.9.134.49 diyaudio.com

; <<>> DiG 9.7.3-P3 <<>> @61.9.134.49 diyaudio.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62117
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;diyaudio.com. IN A

;; ANSWER SECTION:
diyaudio.com. 3601 IN A 209.59.179.1

;; Query time: 313 msec
;; SERVER: 61.9.134.49#53(61.9.134.49)
;; WHEN: Mon Oct 29 07:59:24 2012
;; MSG SIZE rcvd: 46

would be good to run the same query on users DNS servers - if folks can get to a command prompt, and run ipconfig /all and advise on the primary and secondary DNS servers can have a quick looksee...
 
Switches things on and off again
Joined 2000
Paid Member
I have not had the problem re-occur in the last week. I could not find any reference to jasmin of any kind in my history either.

Interesting. I upgraded our ad server (OpenX) last week (Oct 22) to the latest version (I hadn't updated it in a while). I guess we'll see if XoC did that test on linux before that time.
 
Disabled Account
Joined 2004
I have not had the problem re-occur in the last week. I could not find any reference to jasmin of any kind in my history either.

Second that, the livejasmin thing is the worst invasion I've ever had. The IT guys could not fix it at first pass. The latest Forefront had to scan all 1,100,000+ files on my machine and still I get one history cookie everyday.
 
Status
Not open for further replies.