RedCardinal Posted December 23, 2012 Share Posted December 23, 2012 (edited) Just came to TV page via Google and got redirected to deleted link to bad page Search was http://www.google.co...h hilton phuket Landing page http://www.thaivisa....s-lunch-dinner/ After going back to Google and trying same link got to TV page. Couldn't replicate till cleared cookies. Tried again in clean browser and got redirected again. Could be an ad network on page? Now seeing db errors on same tv page. Sent from my Nexus 7 using Thaivisa Connect App Edited December 23, 2012 by george deleted link to bad page Link to comment Share on other sites More sharing options...
draftvader Posted December 23, 2012 Share Posted December 23, 2012 Please can everybody make sure they have the appropriate security software before clicking on the 1st link. This could cause a problem for your computer. Link to comment Share on other sites More sharing options...
george Posted December 23, 2012 Share Posted December 23, 2012 Nothing in our server logs. I can not reproduce this. Likely a local issue or ISP issue. Have you scanned your device for malware/virus? Moved to Internet forum instead of support forum, as this is not a Thaivisa server issue. Link to comment Share on other sites More sharing options...
draftvader Posted December 23, 2012 Share Posted December 23, 2012 (edited) Me neither. Mind you the OP is using google.com which, locally, will use google.co.th This will allow you to get search results from Thai websites. Hate to tell you this, but this will be more dangerous to your surfing habits. You can use another country's google search engine to clean up your results. I use google.co.uk (I'm English). To use google.com (i.e. USA) use: google.com/ncr --EDIT-- Intentionally not linked so you can see how to use it in your address bar. Edited December 23, 2012 by draftvader Link to comment Share on other sites More sharing options...
andrew Posted December 23, 2012 Share Posted December 23, 2012 Please can everybody make sure they have the appropriate security software before clicking on the 1st link. This could cause a problem for your computer. What on earth are you talking about? You really understand nothing at all. The first link is to GOOGLE. Please, stop posting trash. There's a danger that people (as uneducated as yourself) might take you seriously. Let me stress this point: GOOGLE (whether dot com or dot co dot th) will not "be more dangerous to your surfing habits". Link to comment Share on other sites More sharing options...
nokbird Posted December 23, 2012 Share Posted December 23, 2012 (edited) I had a similar issue this morning coming in from Google using the search term : Thai Visa forum The only time I have ever had that. When I clicked on http://www.thaivisa.com/forum in Google it took me to a website that appear to be in Chinese and red color and appeared to have many ads on it. (I do not see it in the history of Chrome) On my second attempt it took me to //deleted malware link// (I just dragged it out of the history) 3rd attempt I got the TV forum page about 8am BKK time this morning. Using chrome, Win7 via 3BB. I have www.google.com/ncr set to my home page in Chrome that diverts to https://www.google.com/ for the search. Hope that helps someone ! Edited December 23, 2012 by Tywais Removed link due to malware Link to comment Share on other sites More sharing options...
whybother Posted December 23, 2012 Share Posted December 23, 2012 Please can everybody make sure they have the appropriate security software before clicking on the 1st link. This could cause a problem for your computer. What on earth are you talking about? You really understand nothing at all. The first link is to GOOGLE. Please, stop posting trash. There's a danger that people (as uneducated as yourself) might take you seriously. Let me stress this point: GOOGLE (whether dot com or dot co dot th) will not "be more dangerous to your surfing habits". I think he's talking about the link that was deleted: Edited by george, 52 minutes ago. deleted link to bad page Link to comment Share on other sites More sharing options...
whybother Posted December 23, 2012 Share Posted December 23, 2012 (edited) I had a similar issue this morning coming in from Google using the search term : Thai Visa forum The only time I have ever had that. When I clicked on http://www.thaivisa.com/forum in Google it took me to a website that appear to be in Chinese and red color and appeared to have many ads on it. (I do not see it in the history of Chrome) On my second attempt it took me to //deleted bad link// just dragged it out of the history) 3rd attempt I got the TV forum page about 8am BKK time this morning. Using chrome, Win7 via 3BB. I have www.google.com/ncr set to my home page in Chrome that diverts to https://www.google.com/ for the search. Hope that helps someone ! I just did the same search and the first attempt went to the url4short page. Edited December 23, 2012 by Tywais deleted malware link Link to comment Share on other sites More sharing options...
NomadJoe Posted December 23, 2012 Share Posted December 23, 2012 (edited) I had a similar issue this morning coming in from Google using the search term : Thai Visa forum The only time I have ever had that. When I clicked on http://www.thaivisa.com/forum in Google it took me to a website that appear to be in Chinese and red color and appeared to have many ads on it. (I do not see it in the history of Chrome) On my second attempt it took me to //deleted// just dragged it out of the history) 3rd attempt I got the TV forum page about 8am BKK time this morning. Using chrome, Win7 via 3BB. I have www.google.com/ncr set to my home page in Chrome that diverts to https://www.google.com/ for the search. Hope that helps someone ! I just did the same search and the first attempt went to the url4short page. Yep, me too. Searching "Thai Visa Forum" in Chrome search box I get these results: Then I click on the top result and get sent here: It only happened on the first attempt. Each subsequent click was successful. Using True Internet. Edited December 23, 2012 by Tywais deleted malware link Link to comment Share on other sites More sharing options...
NomadJoe Posted December 23, 2012 Share Posted December 23, 2012 Please can everybody make sure they have the appropriate security software before clicking on the 1st link. This could cause a problem for your computer. What on earth are you talking about? You really understand nothing at all. The first link is to GOOGLE. Please, stop posting trash. There's a danger that people (as uneducated as yourself) might take you seriously. Let me stress this point: GOOGLE (whether dot com or dot co dot th) will not "be more dangerous to your surfing habits". I think he's talking about the link that was deleted: Edited by george, 52 minutes ago.deleted link to bad page Andrew, it was pretty clear to the average reader that he was talking about the deleted url4short link. Good advise daftvader. 2 Link to comment Share on other sites More sharing options...
nokbird Posted December 23, 2012 Share Posted December 23, 2012 (edited) I just did a Google search on Thai 3G coverage maps, saw a TV thread in the Google SERPS and tried it, I was sent to //deleted malware link// at 7:03PM Sunday BKK time. Win7 - Chrome - 3BB Edited December 23, 2012 by Tywais deleted malware link Link to comment Share on other sites More sharing options...
urandom Posted December 23, 2012 Share Posted December 23, 2012 Please can everybody make sure they have the appropriate security software before clicking on the 1st link. This could cause a problem for your computer. What on earth are you talking about? You really understand nothing at all. The first link is to GOOGLE. Please, stop posting trash. There's a danger that people (as uneducated as yourself) might take you seriously. Let me stress this point: GOOGLE (whether dot com or dot co dot th) will not "be more dangerous to your surfing habits". What on earth are you talking about? You really understand nothing at all. The first link has been deleted. Please, stop posting trash. There's a danger that people (as uneducated as yourself) might take you seriously 1 Link to comment Share on other sites More sharing options...
draftvader Posted December 23, 2012 Share Posted December 23, 2012 Please can everybody make sure they have the appropriate security software before clicking on the 1st link. This could cause a problem for your computer. What on earth are you talking about? You really understand nothing at all. The first link is to GOOGLE. Please, stop posting trash. There's a danger that people (as uneducated as yourself) might take you seriously. Let me stress this point: GOOGLE (whether dot com or dot co dot th) will not "be more dangerous to your surfing habits". The indexing for google.co.th contains a lot of pages that point to sites hosted in Thailand and would favour those over more relevant information as the competitive nature of SEO hasn't really taken hold here for the larger part of the market, particularly for English terms. You would be amazed how many people will click on a search engine result in google without checking the domain they are visiting (is that thaivisa.com or thaivisa.co.th?). The original link had a script injection and this is not uncommon in some of the less competitive Thai sites. Plenty of people using the bootlegged templates that they buy at Panthip. Bootlegged software, scripts and code is one of the prime ways to inject code to allow further software installations to hijack your computer. For your educated comment. I program php, html5, css3 and twitter bootstrap over MySQL databases to serve large content rich sites. My clients depend on my advice to ensure their sites are prominent for their search terms and their potential customers are safe. I also host my clients' sites too and have to ensure that they are safe from script kiddies putting script injection routines into their site to try and damage their image. Thank you to everybody who stood up and supported me, that was most welcome. 1 Link to comment Share on other sites More sharing options...
NomadJoe Posted December 23, 2012 Share Posted December 23, 2012 ^ Interested in andrews response. Link to comment Share on other sites More sharing options...
Tywais Posted December 23, 2012 Share Posted December 23, 2012 Ok guys, I just finished removing all the links (shortners) that lead to malware sites. Be careful and not post the shortners unless in code tags to prevent them from being hot linked. Link to comment Share on other sites More sharing options...
Jayman Posted December 23, 2012 Share Posted December 23, 2012 I had a similar issue this morning coming in from Google using the search term : Thai Visa forum The only time I have ever had that. When I clicked on http://www.thaivisa.com/forum in Google it took me to a website that appear to be in Chinese and red color and appeared to have many ads on it. (I do not see it in the history of Chrome) On my second attempt it took me to //deleted// just dragged it out of the history) 3rd attempt I got the TV forum page about 8am BKK time this morning. Using chrome, Win7 via 3BB. I have www.google.com/ncr set to my home page in Chrome that diverts to https://www.google.com/ for the search. Hope that helps someone ! I just did the same search and the first attempt went to the url4short page. Yep, me too. Searching "Thai Visa Forum" in Chrome search box I get these results: Then I click on the top result and get sent here: It only happened on the first attempt. Each subsequent click was successful. Using True Internet. I reproduced this using chrome on True cable and google.com (not co.th). It took me to the url shortener site and I then had the page scanned.. the results of which are here http://app.webinspector.com/public/reports/8003234 Link to comment Share on other sites More sharing options...
fasteddie Posted December 23, 2012 Share Posted December 23, 2012 I had a similar issue this morning coming in from Google using the search term : Thai Visa forum The only time I have ever had that. When I clicked on http://www.thaivisa.com/forum in Google it took me to a website that appear to be in Chinese and red color and appeared to have many ads on it. (I do not see it in the history of Chrome) On my second attempt it took me to //deleted// just dragged it out of the history) 3rd attempt I got the TV forum page about 8am BKK time this morning. Using chrome, Win7 via 3BB. I have www.google.com/ncr set to my home page in Chrome that diverts to https://www.google.com/ for the search. Hope that helps someone ! I just did the same search and the first attempt went to the url4short page. Yep, me too. Searching "Thai Visa Forum" in Chrome search box I get these results: Then I click on the top result and get sent here: It only happened on the first attempt. Each subsequent click was successful. Using True Internet. I reproduced this using chrome on True cable and google.com (not co.th). It took me to the url shortener site and I then had the page scanned.. the results of which are here http://app.webinspec...reports/8003234 I've got that url page a few times when clicking links on tv, second attempts are ok. I'm on firefox and in the uk right now. Link to comment Share on other sites More sharing options...
Jayman Posted December 23, 2012 Share Posted December 23, 2012 so the url4short folks have pulled the malicious content. Resource is missing File with specified ID not found. It may have been removed for breaking the rules. 2 Link to comment Share on other sites More sharing options...
george Posted December 23, 2012 Share Posted December 23, 2012 so the url4short folks have pulled the malicious content. Resource is missing File with specified ID not found. It may have been removed for breaking the rules. Thanks for your feedback Link to comment Share on other sites More sharing options...
ozzydom Posted December 24, 2012 Share Posted December 24, 2012 I am getting a Trojan Horse Detected notice when I use the first Google link but not on link 3 Link to comment Share on other sites More sharing options...
Jayman Posted December 24, 2012 Share Posted December 24, 2012 I am getting a Trojan Horse Detected notice when I use the first Google link but not on link 3 Would you please scan the link here and post the results page http://app.webinspector.com/online_scan Link to comment Share on other sites More sharing options...
draftvader Posted December 24, 2012 Share Posted December 24, 2012 (edited) I have just replicated the error. Once you have come through that link once the error goes away. I am now performing a DEEP scan with Malwarebytes and have made sure my AV is up to date. I don't think that I have an infection, but need to elimate any potential local issue first. The link indexed by google for the main forum page is http://www.thaivisa....E668ctPOWEQt3Sw Avast! provides the following alert on that initial visit, but the information is far from informative. http://www.avast.com/lp-fr-virus-alert?p_ext=&utm_campaign=Virus_alert&utm_source=prg_fav_70_0 &utm_medium=prg_systray&utm_content=.%2Ffa%2Fen-ww%2Fvirus-alert-default&p_vir=HTML:RedirDL-inf%20[Trj]&p_prc= C:\Applications\Mozilla%20Firefox\firefox.exe&p_obj= http://www.thaivisa.com/forum/index.php?ipbv=fb1e456bf3ebbbe8ca294c236beceaf2%26g=js| {gzip}&p_var=.%2Ffa%2Fen-ww%2Fvirus-alert-default&p_pro=0&p_vep=7&p_ves=0&p_lqa=0&p_lsu=24 &p_lst=0&p_lex=115&p_lng=en&p_lid=en-ww&p_elm=7&p_vbd=1474 (intentionally NOT a hyperlink and broken up to stop the page getting VERY wide) I have scanned the link here http://zulu.zscaler....46a9-1356315583 and here http://www.avgthreat...in/thaivisa.com Both view this site as safe. So, we are led to believe that this issue happens somewhere between google sending us to the site and data starting to arrive at our computer. Once your computer acknowledges the issue it knows to ignore it, hence the lack of repeating. This makes me think that it isn't a glitch on one of the nodes. I have just done a tracert that sees a clean route between my computer and www.thaivisa/forum at 175.41.131.133 As you can see this starts to time-out at the amazonaws server. This is not surprising as they really don't want me pinging their server unannounced. Apart from that I don't see a single node that I wouldn't expect...in Thailand. I have no idea about the Singapore nodes as I don't tracert them every day like I do the connections to the UK. So, it could be something that has changed on one of the many scripts used by ThaiVisa in serving the site to us (i.e. wibiya, whos.among.us, googleapis, etc) and our security software is just a little behind (happens quite regularly). This could simply be a cookie being served by one of these tools producing this issue. Right now this is all I have got. I don't have the time, the spare environment or access to the admin section of ThaiVisa to risk testing the link unprotected to see where the redirect wants to take us. Remember this could be as simple as a redirect within the thaivisa website setup, a fairly standard procedure within website management. Either way, with Avast! in place, I get to the site safely. I have to go out now as Christmas calls and the family need to go shopping (one of the moments when I am eternally grateful for living in Thailand....last minute Christmas shopping...it really is all in the mind here!). At the moment my Malwarebytes is coming back clean, so I think that ThaiVisa might want to check this out. Remember to clear your browser first (btw I only checked this using FF) to replicate the issue as once you have followed that link once it doesn't reproduce. Edited December 24, 2012 by draftvader Link to comment Share on other sites More sharing options...
george Posted December 24, 2012 Share Posted December 24, 2012 Our server is clean. Double confirmed. Link to comment Share on other sites More sharing options...
canman Posted December 24, 2012 Share Posted December 24, 2012 Same issue on an Ipad over the weekend in Singapore Link to comment Share on other sites More sharing options...
Tywais Posted December 24, 2012 Share Posted December 24, 2012 Just tested and found the same thing. Ran Google search for Thaivisa and clicked on a result link and Avast warning popped up. Link to comment Share on other sites More sharing options...
chantsurfer Posted December 24, 2012 Share Posted December 24, 2012 (edited) I see I Am not the only one, I got this link when come in from Google http://url4short.info/bc675f2f Edited December 24, 2012 by Tywais Delinked trojan link Link to comment Share on other sites More sharing options...
Tywais Posted December 24, 2012 Share Posted December 24, 2012 Please don't post these URL shortner links as they direct to malware/trojan site. I put the link into code tags to prevent being able to click on it. Link to comment Share on other sites More sharing options...
Jayman Posted December 24, 2012 Share Posted December 24, 2012 I have scanned all these redirect links and find no actual malware. If you are finding actual malware on these sites.. report them to google http://www.google.com/safebrowsing/report_phish/ obviously, you are getting to these pages via links from google. They have the power to remove them ASAP. I have reported all the links I have been redirected to even if no malware was found because there is obviously some sort of redir hijack going on here than needs to be stopped. Link to comment Share on other sites More sharing options...
RedCardinal Posted December 24, 2012 Author Share Posted December 24, 2012 (edited) Just to follow up, I came across something similar before and it turned out to be the ISP. After telling some of the Google security folk I believe they had a few choice words with the ISP in question. But being honest this looks like something on your side. What proxies/cdns do you use if any? Do you use any ad networks apart from tier 1 providers? Edit: just remembered that it was True who were caught injecting their own ads into YouTube pages. It may well be that True are again doing this on TV and using lower grade ad networks. Wouldn't surprise me in the least. Sent from my Nexus 7 using Thaivisa Connect App Edited December 24, 2012 by RedCardinal Link to comment Share on other sites More sharing options...
Tywais Posted December 24, 2012 Share Posted December 24, 2012 I have scanned all these redirect links and find no actual malware. I understand that it may be a false positive but I prefer not taking chances in order to protect members so will remove any URL shortners or any links that do get an alert. I left one above in code tags for those who wish to evaluate it further. Now I just activated my US VPN connection in the US and connected to google thailand, searched for Thaivisa and I also get the warning when clicking on the search links. Connected to Google.com and not an issue. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now