Lumifer comments on Open Thread, November 15-22, 2013 - Less Wrong

3 Post author: drethelin 16 November 2013 01:36AM

You are viewing a comment permalink. View the original post to see all comments and the full post content.

Article Navigation

Comments (257)
Tags: open_thread

Comments (257)

You are viewing a single comment's thread. Show more comments above.

Comment author: Lumifer 22 November 2013 05:13:49PM *  2 points [-]

My usual browsers are pretty much locked down all the time, but I dug out IE and looked at some LW pages. Didn't see any ads, video or not.

I would suspect malware, but it's also possible that other browser tabs (e.g. Facebook) are playing games...

P.S. Oh, a plug-in I have says there are three "requests" on this page from SpecificMedia (http://specificmedia.com/) and it does seem to specialize in video advertising.

Comment author: Pfft 22 November 2013 09:18:02PM 2 points [-]

I'm leaning towards it being part of the website. The video doesn't seem to play very often, but every time the page loads, there is a script tag from "vindicosuite.com" at the bottom, which contains links to specificmedia.com. Both of these domains are related to video advertisement.

To see the tag, I load the page in Chrome, rightclick->Inspect Element, and scroll to the bottom of the HTML view.

I see this both under Firefox on my laptop and Chrome on my office computer, it seems unlikely that they would both have the same malware at the same time.

Comment author: Lumifer 22 November 2013 09:52:06PM *  7 points [-]

there is a script tag from "vindicosuite.com" at the bottom, which contains links to specificmedia.com.

Um. That doesn't look nice.

I am also suspicious because the vindicosuite code is very clearly appended to the end of the page, just stuck onto the end. It's not integrated with the page in any way.

YO, ADMINS!! Are you quite sure lesswrong.com hasn't been pwned?

Comment author: gwern 23 November 2013 12:13:34AM *  1 point [-]

I just loaded http://lesswrong.com/ in both my Iceweasel and Chromium (Debian testing), and C-u, C-f 'suite', 'specific' - I see nothing? Nothing in curl either.

Comment author: Pfft 23 November 2013 06:50:58AM 3 points [-]

You will not see it with View Source (C-u). Try right-clicking on the page and selecting Inspect Element (in either Firefox or Chrome). (The tag is added by some Javascript, so it's only present in the DOM, not in the original source).

Comment author: Pfft 23 November 2013 07:07:33AM *  4 points [-]

Ok, it seems the culprit is this fragment

 <!-- Site Meter -->
<script type="text/javascript" src="<http://s18.sitemeter.com/js/counter.js?site=s18lesswrong>"> </script>
<noscript>
<a href="<http://s18.sitemeter.com/stats.asp?site=s18lesswrong>" target="_top">
<img src="<http://s18.sitemeter.com/meter.asp?site=s18lesswrong>" alt="Site Meter" border="0"/></a>
</noscript>
<!-- Copyright (c)2009 Site Meter -->

Commenting it out will get rid of the vindicosuite stuff. So I guess this is sitemeter.com gone rogue.

Some Googling found at least one other person who noticed the same problem.

Comment author: fubarobfusco 23 November 2013 07:44:02AM 1 point [-]

There are a few other blogs complaining about this.

AdBlock can handle it with this pattern:

||s18.sitemeter.com$domain=lesswrong.com
Comment author: Lumifer 23 November 2013 12:43:27AM *  2 points [-]

Interesting. I just looked on an entirely different computer and there's nothing.

Since the connection is http (and not https) I wonder whether there's some code injection going on...

But on the computer I used during the day there was a call to x.vindicosuite.com with a bunch of parameters. It was at the very end of the page, right before the closing </html> tag.

Powered by Reddit Powered by Reddit