Problem

J

Jayc

i (N) monsters
Joined
Dec 7, 2008
Messages
244
Reaction score
0
Don't really know why, but Bulbapedia has just begun to act funny on my computer. As soon as the page loads, Firefox gets redirected to

[noparse]http://fannyniger.com/dol/pdf?f=all[/noparse]

And Firefox promptly crashes, causing my computer to lag enormously until I somehow manage to get Task Manager on to forcibly terminate it.

Doesn't happen on IE though. How weird.
 
Last edited:
does it display a line or two of code about something called a "memcache error"? if so, it's not just firefox.
 
That sounds like an issue with spyware on your computer (best case scenario), or a really really nasty thing that's somehow got into our ad banner rotation (worst case scenario). If you're logged in over there though, it couldn't be the latter.

If anyone else gets this error, let us know. So long as no one else gets this, the problem is most likely with the software on your computer somehow. If it spreads...well, aside from the potential problem with an ad, there's always the possibility someone's tried to insert some nasty code onto a wiki page, but that's much easier for us to deal with.
 
I use Firefox and just visited ten completely randomized pages.

No problems whatsoever.
 
Hm, well, mine seems to be working just fine, so maybe Ben and Jay are having Spyware troubles?
 
If visiting the page crashed your firefox session, chances are you got hit by an Adobe PDF exploit (Check your process list for "nfra.exe").

I checked the bulpabedia page, and it does indeed redirect to the mentioned site which immediatley runs an exploit (The hack site is slow to respond, presumably due to the amount of redirects its getting from the net).

Might be a good idea to run a few spyware checks with Spybot and Ad-aware.
 
I just registered to the forum because of this topic. I've encountered the same problem. It seems to work just like an ActiveX attack. I would put the chances of it being from a banner ad at about %300.

The only banner ad I recognize as being there in each bad page is the AT&T FREE Icy Blue phone advertisement.

Please, someone take care of this, it could be potentially nasty, and I don't have time right now to investigate exactly what it does. Could be harmless, could take your identity.
 
I also just registered to report the same problem.
A couple hours ago I browsed the Magikarp article of bulbapedia (unregistered guest) and suddenly he redirected me to that same page beginning with fannyniger.com
It opened an pdf, where the first page contained nothing but the line "orklF2jytUtKvW". It loaded and slowed down my computer extremely. I coulnd't even open the task manager. When the error message appeared that my antivir was failing to work I pulled the plug...

I now have let antivir, spybot sd and hijack this running over my system, none of them found anything, but I still feel queasy about this incident and thought it would be nice to let you know...
 
Damnit. Not the thing one wants to wake up to when you're already in bed from the flu.

Alright, I've let the ad company know about the issue. Given it's a weekend for them still (Monday morning for me now), I don't know how long they'll take to respond.

In the meanwhile, I'd suggest all our Firefox using visitors install the Adblock plugin, and make sure it's properly enabled while browsing Bulbapedia for the next few days. Other users have mentioned this has blocked them from seeing the offending issues. I would ask that you add us to your ad whitelists after we've resolved this problem however. One does have to pay for the servers. ^^;;
 
Just registered to say I also had this problem. I'm using version 3.0.6 of Firefox and I don't use Adobe to view PDFs, but a program called Foxit instead. I ran a quickscan with Windows Live OneCare and it found nothing. Going to try with some other programs, now.
 
I don't have a problem because I can seem to get on Bulbapedia very fine and easily. Sorry if it crashes on anyone else's internet or computer. Have any of you tried clearing cookies before before attempting to go back onto Bulbapedia or what have you?
 
This issue is now resolved. Our people located a hack into the ad script, and have removed the code and have made changes to the ad tags. We are currently looking into how we can prevent such a hack from happening again. If there's any recurrence of this issue, please do not hesitate to start another thread, and to also PM myself, evkl, Kasumi, or one of the other admins about the issue, just in case we don't see the thread.
 
Were you able to find out what sort of potentially harmful effects the hack had? None of the anti-virus or spyware programs I ran could find a problem, but I'd still like to know. Thanks for resolving this.
 
When I yesterday googled "fannyniger" I had no hits (except for a Youtube comment that coincidentally contained the two words). Today, google has four hits, one of them being Norton Safe Web, who have checked the site and state that it is infected by a trojan called Trojan.Adclicker
The other two hits are this thread and another thread about the same issue (also caused by bulbapedia... :sweat: ) and, unfortunately, the infected page itself.

But I'm happy to read that the problem has been solved and say thank you to the Admins for the immediate response :)
 
Thordain said:
Were you able to find out what sort of potentially harmful effects the hack had? None of the anti-virus or spyware programs I ran could find a problem, but I'd still like to know. Thanks for resolving this.
Click to expand...

I'm afraid not. This Trojan/Hack seem to be fairly recent. Apart from the info on Norton Safe Web, there's nothing further I could tell you.
 
I just visited a Bulbapedia page and got redirected to fannyniger.com/dol/pdf.php?f=all. The page was not cached—I’m on a computer running DeepFreeze.
 
Please note: The thread is from 17 years ago.
Please take the age of this thread into consideration in writing your reply. Depending on what exactly you wanted to say, you may want to consider if it would be better to post a new thread instead.
Back
Top Bottom