+2
Under review

Anyone else getting spam redirects on mobile devices?

Nick 7 years ago in BLOX CMS updated by W. Rags. 6 years ago 19

We've had several people call about spam redirects on our website in the past couple of weeks. And we've already had three in the past hour. I submitted a ticket to TownNews and they said it isn't coming from our website. They said it comes from insecure websites and apps.


I think it's coming from Outbrain. When I load a story page with Outbrain enabled the page doesn't load securely on my phone and I get redirects. I disabled Outbrain and the pages then load securely. I also stopped getting the spam redirects.


So I decided to turn Outbrain back on. The page stopped loading securely and I started getting the redirects. Turned it off again, no redirects.


If this isn't originating from our website why does disabling Outbrain stop the redirects? And if this isn't originating from our website why do we have a noticeable influx of complaints?

Is your site using HTTPS only? We changed over a few months back and even some of the Google ones that would get through have stopped.


Could your issue be related to this from yesterday? https://townnews.status.io/pages/incident/580a2a0e38015eaf1900122b/5aa973ddee49d004e07e258c

Our site is HTTPS. We aren't having problems with people spamming our sign-up. It's just redirects to spam websites.

+1

I want to set the record straight on this in case someone has similar problems in the future and reads this. Our problem wasn't Outbrain. We had rogue code that was inserted into head of the page. I'm still not sure how it got there as TownNews didn't insert it and we sure didn't. Once I removed that code the problem stopped.

Nick, We've been wrestling with this for a week. What kind of code should I be looking for? 


Thanks!

I'm pretty sure mine came from an ad that was on our page but wasn't supposed to be there. It had the text "Insticator" on it. I'd never heard that so I searched our source code and found specific ad code. It was right before the <head> closed. When I deleted that the Insticator ad went away and the redirects stopped. What's your website?




Where was the code? In UTL, a block?, or somewhere else?

The code was right before the closing head tag. It was in the templates FLEX>Components>_Site>macros>option.head.utl. It loaded a script from cloudfront.net. There are other instances of scripts from cloudfront.net but I think it's actually a legitimate host. But the code from this Insticator company was bogus.

I looked there and didn't see anything out of place, but we've had this happen to us as well. Any suggestions as to where else it could be?

That seems to have worked! Thanks!

Did you have an Insticator ad on your website? That may be something TownNews wants to take a look at. If two of their websites have the same problem, there may be more.

We've had the same issues on our site from time to time. I'll check this out.

It seemed to help a bit, but they're still popping up. We're using Facebook Instant Article as a workaround, but its not a fix.

+2
Under review

I just wanted to post something really quickly to update you that we have been investigating the details on this and found that the Insticator code was part of a beta test through our paid recommendations program. It has been disabled as we look at whether or not it was involved and so forth. I will have more info in the morning!

+2

Hi everyone!


As I said in my previous post, we investigated this issue and found that the "Insticator" code was part of a beta test for the paid recommendations program and was implemented on a handful of sites. This code has been removed from these sites for now, while we ask the vendor to look into the issue and while we perform some further investigating ourselves. We actually do not have any confirmation that there was a bad ad on their network, nonetheless they have blocked the URL in question.


Also, prior to placing this code on these beta sites, someone at the site, usually on the advertising side, was notified and provided permission to move forward with the test.  


Viruses, malware, and "bad ads" that cause mobile redirects and other situations are rare, but they can unfortunately happen and are usually very hard to track down.


We are also looking into other techniques and technologies that may be useful to help reduce these types of issues.


If you see this happening in the future, and you can reproduce it, please submit a ticket to our Customer Support staff with the URL of the page where it happened, the resulting landing page URL and any information you have about the ad (such as a screenshot, HTML source code, etc.) and we will see if we can reproduce it locally. If we are able to determine further where the redirect source might be, we can notify our partners of the URL so the issue can be addressed.


As a side note, Greg, are you still having issues? 

I haven't had the popups appear personally since yesterday afternoon, but I have to stress this hasn't been rare. It has been frequent in the past two weeks. We've had dozens of complaints from readers and could go around the newsroom and have it happen on 3 of 3 devices at any given time. I've forwarded examples to TN support and can do so again.


We switched to Facebook Instant to avoid issues there. I'm going to try to let posts run without Instant Article today and see what kind of response we get from readers. Thanks!

UPDATE: No reports of pop-ups today! Not sure what the magic was, but THANK YOU!

Amazon re-direct spam on phones is back. We haven't made any changes to our code. Anything on the TownNews side? Anyone else hearing from readers?

It’s probably a bad ad. Have you tried the site using adblocker or contacting whoever handles ads?

So far, all of the ads we have seen have been on iOS for us.  One of them have included potential malware (no idea if it would work on iOS, AV caught it first).  This needs looked into with haste please!