Welcome to Laser Pointer Forums - discuss green laser pointers, blue laser pointers, and all types of lasers

LPF Donation via Stripe | LPF Donation - Other Methods

Links below open in new window

ArcticMyst Security by Avery

LPF is harassing my downloads

Joined
Dec 11, 2015
Messages
1,628
Points
113
Hopefully it's not just me and I really doubt it is, as it's happened to me on two different networks with two different computers, one on each. Worst would be it's my account I guess.

Problem is, every time I navigate to a page on LPF or refresh, I get a download. It doesn't ask me, it just goes about it's business and instantly puts the file in my downloads. This file is named "csmnx.php" and it can really only be opened through notepad, and just has a bunch of crap in it. It's all html code or something similar, and really nothing readable besides functions variables etc. I now have 18 of these files and luckily they take up no space and can be deleted all at once instantly, but it doesn't stop the downloads. If anyone knows anything else about this let me know :thinking:
 





Joined
Sep 5, 2013
Messages
8,549
Points
113
Hopefully it's not just me and I really doubt it is, as it's happened to me on two different networks with two different computers, one on each. Worst would be it's my account I guess.

Problem is, every time I navigate to a page on LPF or refresh, I get a download. It doesn't ask me, it just goes about it's business and instantly puts the file in my downloads. This file is named "csmnx.php" and it can really only be opened through notepad, and just has a bunch of crap in it. It's all html code or something similar, and really nothing readable besides functions variables etc. I now have 18 of these files and luckily they take up no space and can be deleted all at once instantly, but it doesn't stop the downloads. If anyone knows anything else about this let me know :thinking:

Looks like I was having that exact problem a few days ago! I reinstalled Windows and still had it as I thought I might of had a virus or something. Fortunately, it stopped on its own yesterday :)

-Alex
 
Joined
Dec 11, 2015
Messages
1,628
Points
113
Thanks guys, good to hear it's not just me :p Good link Grix, pretty useful information there on the matter. Maybe c0ld will be able to find the problem.
 

diachi

0
Joined
Feb 22, 2008
Messages
9,700
Points
113
Hasn't been an issue for me ... perhaps because I run AdBlock on everything. :whistle:
 

Rivem

0
Joined
Feb 16, 2016
Messages
1,214
Points
83
Out of curiosity, what browsers are you guys using? I haven't encountered this issue at all using Chrome without any blocking adins.

c0ldshadow has definitely been tweaking the ads on the site recently though, so maybe it was a configuration error on the site end.
 

diachi

0
Joined
Feb 22, 2008
Messages
9,700
Points
113
Out of curiosity, what browsers are you guys using? I haven't encountered this issue at all using Chrome without any blocking adins.

c0ldshadow has definitely been tweaking the ads on the site recently though, so maybe it was a configuration error on the site end.

Chrome and Firefox for me - though mostly Chrome (For a change) over the last couple of days. AdBlock+ on both.
 
Joined
Sep 5, 2013
Messages
8,549
Points
113
Out of curiosity, what browsers are you guys using? I haven't encountered this issue at all using Chrome without any blocking adins.

c0ldshadow has definitely been tweaking the ads on the site recently though, so maybe it was a configuration error on the site end.

I've been using Chrome along with AdBlock. Very strange indeed :/

-Alex
 
Joined
Dec 10, 2013
Messages
1,343
Points
83
I'm on a Mac with Safari (at least let me finish my drink before burning me at the stake!) which has a tendency to start downloads automatically and quietly. Just checked my folder and haven't had this; been pretty active here too.
 

c0ldshadow

LPF Founder / Admin
Staff member
LPF Site Supporter
Joined
Mar 17, 2006
Messages
2,862
Points
113
Hi Guys,

I am not able to replicate the issue. I am doubting this is related to LPF ads because the ad networks I am using do not show dynamic Flash banner ads which is where this problem typically can happen. Some link ads may be dynamic but for an action to occur it would require clicking, unless the external server hosting the JavaScript was compromised.

A browser hijack or malware on your local PC could also cause this problem. Might want to check for malicious / rogue browser plugins.

If the issue is still occurring, please provide an exact screenshot of whatever is downloaded. A network packet capture (e.g. with Wireshark) while visiting LPF when this occurs would be ideal.

If this is related to an ad network, need as much technical information as possible so when I report the problem I have somewhere to start. E.g. what was the exact file (perhaps upload to virustotal.com), where did browser say it came from, what browser/OS was being used, etc.

Thanks again for reporting this, I am going to keep checking things on my end to make sure server is OK / etc.

Best Regards,

-Avery
 
Joined
Dec 11, 2015
Messages
1,628
Points
113
"csmnx.php"
Type: PHP
Size: 2.41 KB
Full edit permissions, opens with notepad

This is the file opened with notepad and with word wrapping on:

35k0sp1.png


The issue doesn't happen anymore, but I still had the files. 18 of them were downloaded but ironically once I made this thread the issue had ceased to exist. All of the files are the same including their contents and sizes.

I scanned for malware and found none, no other browser plugins besides adblock are installed. Running on Chrome, on Windows 10. Thanks c0ld :thanks:
 

c0ldshadow

LPF Founder / Admin
Staff member
LPF Site Supporter
Joined
Mar 17, 2006
Messages
2,862
Points
113
Thanks ElectricPlasma. The link Grix had posted, security - Browser downloaded this unobfuscated PHP script. What is it doing? - Stack Overflow , appears to be accurate.

This looks like an ad network external server misconfiguration.

I'm guessing by now Microsoft has fixed this problem. Whoever made this config error probably got fired.

Sorry for any scare caused by the download. Please do let me know if any similar problems continue. If so, I'll remove the javascript for that ad network entirely.

Best Regards,

-Avery
 

Pman

0
Joined
Nov 28, 2012
Messages
4,447
Points
113
Am I stupid for not understanding any of what that notepad stuff means? :)
 




Top