PDA

View Full Version : Viewing this forum


Chris2707
November 1st, 2004, 10:33 AM
Has a change been made - I bookmarked this forum (directly to members/forums) which pops up the username password box. It's always worked, but now it shows the forum then redirects to the photopost.com homepage. It's really annoying - the only way is for me to navigate back to here. Maybe it's just me! I'm using Firefox.

Regs
November 1st, 2004, 11:48 AM
Annoying is right :D

Same thing here using IE 6... started happening on Friday I think it was.

Cheers,

~Regs.

Chris2707
November 1st, 2004, 12:04 PM
It appears to be visiting hitbox and something else and getting redirected back so it's probably one of those pathetic "I'm number one in the list" type services that hacker and warez sites usually use.

I hope it's fixed because it's annoying enough to keep me from visiting every day - I'll just visit when there's a new version to download.

Michael P
November 1st, 2004, 02:04 PM
I've noticed it, too; trying to figure out what is doing it. I don't know of any third-party calls for anything on this site, so not sure where a hitbox link would be coming from.

Chuck S
November 1st, 2004, 04:51 PM
Yeah its annoying in that I cant even get to my PM's

Michael P
November 1st, 2004, 04:57 PM
I passed it onto Scott and we're looking into it.

Chuck S
November 1st, 2004, 04:59 PM
Yeah I found if I am fast enough I can click STOP on the browser window and stay where I need to be.

Michael P
November 1st, 2004, 07:39 PM
Okay - I made some changes, but this is a tricky one. Is it fixed or still doing it?

Chris2707
November 1st, 2004, 08:04 PM
It's still doing it!

mjm
November 1st, 2004, 08:18 PM
Funny thing is when you all started to post about this, it stopped doing that for me. (going back to PP homepage)

I have it bookmarked as pp....com/members/forum

...and I don't get asked for my password anymore

...which I used to if I hadn't been here for a day...

Mark

Michael P
November 2nd, 2004, 08:07 AM
Very annoying. It suggests something to do with hitbox in one of the fetching URLs, yet we dont have any reference to that in our code or templates.

Chris2707
November 2nd, 2004, 10:42 AM
A little searching around the internet suggests the DNS servers may have been hijacked - so when it looks up photopost.com it gets directed to hitbox and that redirects it back to the original domain's ip (but not the full URL which is why we end up at the root). I'm still looking but there's a mention of Los Angeles DNS servers being part of a hijack.

Chris2707
November 2nd, 2004, 10:44 AM
By the way, I apologise for accusing you earlier in this thread of purposely hiking up website rank tables by using hitbox - I should have checked first. Sorry!

Michael P
November 2nd, 2004, 11:30 AM
interesting - no worries, let me know what you find.

Regs
November 5th, 2004, 09:49 AM
OK, is there a fix coming soon or not?

This is too fricken frustrating :mad:

~Regs.

Michael P
November 5th, 2004, 09:52 AM
If I could find the problem, I would fix it.

Chris2707
November 5th, 2004, 12:25 PM
I couldn't find anything else out about the DNS hijack. If you haven't already done so, it might be worth checking with your server provider to see if it's a problem elsewhere.

Also, have you had a look through any weblogs to see if your server is connecting to hitbox or hitbox is connecting in?

I've had a few strange things happening on my server in the past, and this would be worrying me. Hopefully you'll track down the problem soon.

Regs
November 5th, 2004, 12:40 PM
The thing I'm now starting to worry about is what info is being collected if the server has been hacked? Is my photopost membership username & password being collected?

Who knows. I understand your hands are probably tied MP and have no idea if the owner here is taking this seriously?

Cheers,

~Regs.

Michael P
November 5th, 2004, 01:05 PM
Actually, I have full access to the server and have spent hours going over everything - searching scripts, searching templates, you name it. So far I haven't found anything; but that doesn't mean I'm not doing anything.

Near as I can tell, it only happens on the index page and I am persuing some ideas.

Regs
November 5th, 2004, 02:11 PM
There is hitbox code on the index page for photopost.com

Michael P
November 5th, 2004, 02:24 PM
I'm waiting to hear about that; however, that code is not on these pages. The problem is that the forum index page is somehow being forwarded to the main photopost.com page - the only predictible behavior I can duplicate is that it happens only if I leave the site for some period of time.

I believe the reason you see it appear was the use of mod_gzip to compress pages; so it wasn't the link that was causing the problem, it was the use on the index page being report prior to the index page being displayed.

I'm trying to track down a POST which may be causing a problem when the page tries to load:

[05/Nov/2004:14:31:57 -0600] "POST /profile.php HTTP/1.1" 302 216 "http://www.photopost.com/forum/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1"

Seems the path is all wrong and I'm trying to figure out where its coming from (and why it suddenly became a problem)

Regs
November 5th, 2004, 02:58 PM
hmmm... I just came in here again and was not kicked back out to the front page... it did indicate though that my DST settings were being updated/changed

interesting.

Michael P
November 5th, 2004, 03:17 PM
What I found was that the vb footer code contains a section on:

<!-- auto DST correction code -->

and it was this code that was being executed. However, it was trying to post to a script in the wrong location which was producing a 404 error and redirecting to the main index page.

Appears to be some code which is executed once for a time change (which we just had) and it only kicked in after daylight savings took effect.

Chris2707
November 5th, 2004, 05:42 PM
But that doesn't explain the hitbox stuff that you're not using - or is the dst code using it?

Michael P
November 5th, 2004, 06:47 PM
No, Scott had added it onto the non-forum side; but it's been removed.