Thread replies: 15
Thread images: 4
Anonymous
Ad Situation Guide
2016-03-13 18:32:42 Post No. 466891
[Report]
Image search:
[Google]
Ad Situation Guide
Anonymous
2016-03-13 18:32:42
Post No. 466891
[Report]
1. Information
>What is happening?
Our admin is testing new ad services on the homepage, related pages and archived threads. Some users reported redirects to malicious websites.
>Facts
- The ads in question are served from hxxp://ecpmrocks.com, which allows injecting its own Javascript and is able to redirect and hijack browsers. The script tries to read HTML5 localstorage cookies. The official ad host is Epom Market LTD.
- Traditional ads are served by hxxp://zkcdn.net, which only serves images.
>Unconfirmed rumors
- ECPM may be a legit ad hosting service. However, a simple Google search leads to questionable results, since hackers can inject and distribute malicious scripts.
- Board ads may be infected. The distributor is not injecting scripts, it should be harmless.
- Infected downloads are happening.
>Current Situation
Servers are sometimes changing; the frontpage may serve ads from hxxp://bnhtml.com. Said ads are still running scripts.
2. Prevention/Security
>Browsers/Extensions
- For enhanced security, it's generally recommended to use a browser that supports extensions. Examples include: Firefox, Chrome.
>Competent ad/script blocking extensions:
- uBlock Origin: https://github.com/gorhill/uBlock#installation
An ad blocker that uses a simple point-and-click firewall. You can decide what gets blocked or what goes through. https://github.com/gorhill/uBlock/wiki/Dynamic-filtering:-quick-guide
You may want to whitelist the following: @@||4chan.org @@||4cdn.org
- uMatrix: https://github.com/gorhill/uMatrix#umatrix
Matrix filter. Block scripts, frames and more. https://github.com/gorhill/uMatrix/wiki
- NoScript, ScriptSafe: Scriptblockers.
>Software
You should always use antivirus software.
If you are infected: Look for tools like MalwarebytesAntiMalware. Ask for help on malware support forums.
3. Actions
>Contact the administration
https://www.4chan.org/feedback
>Inform others
If you know any users that post on 4chan, please link them to this thread.