Jump to content



Photo
- - - - -

Login Issues?


  • Please log in to reply
15 replies to this topic

#1 Stosh

Stosh

    BSA Heretic

  • Members
  • 11720 posts

Posted 16 March 2017 - 01:02 PM

For the past couple of days I have had a message box pop up when I come to this forum site.  It repeatedly pops up every time I go from page to page.

 

...virteq,com is requesting your username and password. WARNING: Your password will not be sent to the website you are currently visiting!

 

Am I the only one getting this?  I was able to circumvent it and log in (which I never logged out of) and am able to post.

 

If no one else has this issue, then I know it's my machine.  Otherwise, has there been a login procedure change?  This looks suspicious, but it only pops up with this website.


Edited by RememberSchiff, 16 March 2017 - 02:50 PM.
Removed link

  • 1

Stosh

 

There's a reason why I don't always answer the phone, doorbell or comments on forums.  :)


#2 qwazse

qwazse

    Senior Member

  • Members
  • 6202 posts

Posted 16 March 2017 - 01:48 PM

You're not alone.

I got the same prompt. Skipped it. Logged in the usual way.


  • 0

#3 Col. Flagg

Col. Flagg

    Senior Member

  • Members
  • 724 posts

Posted 16 March 2017 - 02:22 PM

Looks like a hack of some sort. I am not seeing it when I log in here but you'd have to check a few places to see if this is 1) a server-based hack or 2) a trojan that a few of you have picked up.
 
The company info is here. It does not say what the company does but their old FB page says they are a "forum software skinning and web hosting company."

 

My Guess: The forum software uses one of their skins. There must be a code in the skin that either got hacked or is purposely pulling UID and PW information. Try another skin or theme and see if your problem persists. Above all do not put your information in to that pop up.


  • 0

#4 Stosh

Stosh

    BSA Heretic

  • Members
  • 11720 posts

Posted 16 March 2017 - 02:36 PM

Okay, I figured it for some sort of scam.  Now I just have to figure out how to get rid of it.  If it was just me, no problem, but if others were affected, then I wanted everyone to have a head up on it.  DO NOT PUT YOUR ID AND PASSWORD INTO THE POPUP!


  • 1

Stosh

 

There's a reason why I don't always answer the phone, doorbell or comments on forums.  :)


#5 Stosh

Stosh

    BSA Heretic

  • Members
  • 11720 posts

Posted 16 March 2017 - 02:49 PM

Switched to a different browser and the popups go away.  I was using FireFox, so I'm thinking it's got something to do with FireFox.  I can't get to the settings either in Scouter.com or FireFox.  Hacked pretty good.  Scouter.com system icon defaults to Search instead.


  • 0

Stosh

 

There's a reason why I don't always answer the phone, doorbell or comments on forums.  :)


#6 RememberSchiff

RememberSchiff

    Your Friendly Neighborhood ModeratorMan

  • Moderators
  • 2414 posts

Posted 16 March 2017 - 02:57 PM

Still collecting data. I have not seen the problem with Chrome. I have with Firefox sporadically, but only if I am not logged in.

 

As stated, do not enter any info in this pop-up, close it, Log in as usual.


  • 0

#7 Stosh

Stosh

    BSA Heretic

  • Members
  • 11720 posts

Posted 16 March 2017 - 02:58 PM

I am using Avast SafeZone browser and don't see the popup.


  • 1

Stosh

 

There's a reason why I don't always answer the phone, doorbell or comments on forums.  :)


#8 NJCubScouter

NJCubScouter

    Moderator

  • Moderators
  • 5745 posts

Posted 16 March 2017 - 03:11 PM

Yes, DO NOT TELL STRANGE WINDOWS YOUR PASSWORD.

 

The regular sign-in procedures for the forum still work, so I have to conclude that they have not changed.

 

I have a suspicion that this is a bug as opposed to being malicious, but of course I could be wrong.

 

I have been getting it on my tablet (Safari browser) but not on my laptop (Chrome). I just hit Cancel and it goes away. It is irritating though.

 

I will write to Terry now to see if he can make it go away.


  • 1

#9 Col. Flagg

Col. Flagg

    Senior Member

  • Members
  • 724 posts

Posted 16 March 2017 - 03:22 PM

I'd be interested to see which "skins" or themes people are using when they see this. I have yet to see it on either iPad, iPhone, Galaxy, Chrome or IE.

 

I am using the theme IP.Board if that helps.


  • 1

#10 RememberSchiff

RememberSchiff

    Your Friendly Neighborhood ModeratorMan

  • Moderators
  • 2414 posts

Posted 16 March 2017 - 03:33 PM

On Firefox, I use the default appearance and have seen this popup.


  • 0

#11 RememberSchiff

RememberSchiff

    Your Friendly Neighborhood ModeratorMan

  • Moderators
  • 2414 posts

Posted 16 March 2017 - 03:39 PM

It is server side js, please inform Terry

 

homepage references window.IPBoard as Col. Flag mentioned.

 

view-source:http://scouter.com/p...etin/ips.mcr.js


Edited by RememberSchiff, 16 March 2017 - 03:42 PM.

  • 1

#12 NJCubScouter

NJCubScouter

    Moderator

  • Moderators
  • 5745 posts

Posted 16 March 2017 - 04:49 PM

I had forgotten about all this "theme" stuff, but I just found the link again and reset the theme (on my iPad) to IP.Board, and the virteq thing went away.  My theme on Chrome (on my laptop) is still "Bulletin" but it doesn't affect my laptop. 


  • 0

#13 NJCubScouter

NJCubScouter

    Moderator

  • Moderators
  • 5745 posts

Posted 16 March 2017 - 05:12 PM

Spoke too soon.  Actually what happened was the theme on my iPad (Safari) changed itself back to Bulletin without me telling it to, and the virteq thing showed up again.  I am sure there is a reason for this, but I have no idea what it is.


  • 0

#14 Back Pack

Back Pack

    Senior Member

  • Members
  • 381 posts

Posted 16 March 2017 - 06:25 PM

Cache.
  • 0

#15 MattR

MattR

    Member

  • Members
  • 887 posts

Posted 16 March 2017 - 09:25 PM

DO NOT supply login info to the virteq popup.

 

I am running firefox, cleared my cache, and still get this. I tried it on chrome and there are no issues.

 

I poked around. Something was hacked. It's not this forum but this forum uses default themes and one of those has been hacked.

 

Try going to the bottom of the page (this forum) and hit the Change Theme button. You'll get some choices. Pick something else. I tried haze. The display will be strange but then try another page. it all gets back to normal and the silly pop up goes away. At least it did in the other window.

 

update: the default theme is bulletin. That one seems to have the problems. I changed it to ip board and that's okay. All the others seem to be okay.

 

another update: Other sites using this sw are having this problem. I found this (for Terry):

 

The site skin has:

  1. http://virteq.com/profile_picture.png

Buried all over the place as a branding of some sort.  Their site is whacked, now asking for authorization to access it, so when the URL is called, you get the authentication dialog.

 

You need to strip that out of all of the CSS to make the dialog disappear, or do a local DNS redirect to dead-end it someplace.

 

I removed the offending code.  Tested on Edge and do not see the popup anymore.

The code was a Javascript for embedding the skin creator's logo and name (for credit).

If anyone sees similar popups anywhere, please respond to this topic and I'll remove it.

I'll be looking through the code to see if I can find it anywhere else, but I only found one place in a global template, which I removed.

 

I'm guessing their site got compromised or they implemented some new authorization scheme that extended to all external references.

Any site using their skins (not just this site, nor just this skin of theirs) will be impacted by whatever they did.

 

Again, just to repeat, the skin was a verified one to use for this software.  There was no hacking of this site.


Edited by MattR, 16 March 2017 - 09:40 PM.

  • 0

#16 Col. Flagg

Col. Flagg

    Senior Member

  • Members
  • 724 posts

Posted 17 March 2017 - 09:44 AM

Again, just to repeat, the skin was a verified one to use for this software.  There was no hacking of this site.

 

Yup. That's what I said above. The skin got hacked as well as the js.


  • 0




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


IPB Skin By Virteq