FAQ  •  Register  •  Login

Survey Spam

<<

Combat Jack

Streaming enthusiast

Posts: 26

Joined: Fri Nov 07, 2014 10:34 pm

Post Fri Feb 17, 2017 4:08 am

Survey Spam

Twice now after googling Serviio's website and clicking the link I get a spam survey that tries to pretend it is connected with my ISP.

If this is an advertisement revenue stream for this website I want to suggest that it cheapens your hard work done on Serviio.
<<

DenyAll

DLNA master

Posts: 2009

Joined: Fri Mar 08, 2013 11:16 pm

Location: Adelaide, Australia

Post Fri Feb 17, 2017 4:35 am

Re: Survey Spam

Somebody else complained of something similar, but it's not associated with the Serviio web site.
I googled Serviio and no problems here. The only thing I can suggest is to check your PC for malware.
DenyAll
Panasonic Viera CS610A | Panasonic Viera V20A | Sony PS4 | Sony PS3 | Panasonic DMP-BD79 | Yamaha RX-V500D | iPad | Windows 7 | Serviio 1.8 Pro
WinHelper | MediaInfo

Beta Tester, Moderator
Please do not PM me for support as any solution cannot be shared with others.
<<

mariad

Serviio newbie

Posts: 18

Joined: Fri Feb 17, 2017 10:42 am

Post Wed Feb 22, 2017 12:41 pm

Re: Survey Spam

have not been to such problem, may be since am a newbie here and have googled the forum a couple of times only.
<<

Combat Jack

Streaming enthusiast

Posts: 26

Joined: Fri Nov 07, 2014 10:34 pm

Post Wed Feb 22, 2017 1:45 pm

Re: Survey Spam

DenyAll wrote:The only thing I can suggest is to check your PC for malware.


Negative. It isn't my machine. I have anti-virus always up to date and running and regularly scan it with Malwarebytes Anti-Malware. It only happens when I Google the Serviio website and I click the link. It never happens on any other website when I Google and/or visit via a bookmark.

I repeat, it only happens on the Serviio site.
<<

atc98092

User avatar

DLNA master

Posts: 1972

Joined: Fri Aug 17, 2012 10:22 pm

Location: Washington (the state)

Post Wed Feb 22, 2017 4:41 pm

Re: Survey Spam

Jack, not doubting you are having an issue. It just doesn't seem to happen with others. I just tried using Google and clicking the link that came up and the Serviio web site appeared with no issues.
Dan

Panasonic ST30 Plasma, Samsung JU7100 4K TV, Samsung UN24H4500 TV, Sony BDP-S3500, Insignia Roku TV, Roku 2 XS, 4, Ultra and Stick, Yamaha RX-V679 AVR.
Primary server: Intel i5-6400, 8 gig ram, Windows 10 Pro, 18 TB hard drive space | Test server Windows 7 Home Premium, AMD Phenom II X4 965, 8 gig ram

Enable debug logging
<<

DenyAll

DLNA master

Posts: 2009

Joined: Fri Mar 08, 2013 11:16 pm

Location: Adelaide, Australia

Post Wed Feb 22, 2017 8:55 pm

Re: Survey Spam

Try from another device - preferably a tablet or phone, but if not available, another PC.
DenyAll
Panasonic Viera CS610A | Panasonic Viera V20A | Sony PS4 | Sony PS3 | Panasonic DMP-BD79 | Yamaha RX-V500D | iPad | Windows 7 | Serviio 1.8 Pro
WinHelper | MediaInfo

Beta Tester, Moderator
Please do not PM me for support as any solution cannot be shared with others.
<<

Combat Jack

Streaming enthusiast

Posts: 26

Joined: Fri Nov 07, 2014 10:34 pm

Post Mon Feb 27, 2017 9:55 pm

Re: Survey Spam

atc98092 wrote:It just doesn't seem to happen with others.


Well that is not exactly true. If you scroll up there is another report of this happening.

Somebody else complained of something similar


This only happens when I Google the Serviio website. Immediately after clicking the results I get the spam survey. There is a new and much worse scam saying that I need to contact Microsoft to unlock my computer. You have to use task manager to shut down Firefox get shut the damn script off.

Most of you probably have the Serviio website bookmarked so you don't use google to search for it each time.

As mentioned before the redirect doesn't happen every time.

I would agree that this could be my end if it happened on other websites to me. It only happens when I visit the Serviio site. This fact is very telling, don't you think?
<<

atc98092

User avatar

DLNA master

Posts: 1972

Joined: Fri Aug 17, 2012 10:22 pm

Location: Washington (the state)

Post Mon Feb 27, 2017 11:35 pm

Re: Survey Spam

I would consider it telling that there might be a DNS server having issues. I just tried it again, I this time I got the Microsoft warning. So you are right, something out on the web is hijacking requests from Google to reach Serviio.

I backed the warning page up and attempted to use the Serviio link again, and this time it went through to Serviio.org. This computer is using the Google DNS servers, so it appears to me that Google has a problem, either with their search page or their DNS servers. But I am confident that the problem isn't with the Serviio site itself.
Dan

Panasonic ST30 Plasma, Samsung JU7100 4K TV, Samsung UN24H4500 TV, Sony BDP-S3500, Insignia Roku TV, Roku 2 XS, 4, Ultra and Stick, Yamaha RX-V679 AVR.
Primary server: Intel i5-6400, 8 gig ram, Windows 10 Pro, 18 TB hard drive space | Test server Windows 7 Home Premium, AMD Phenom II X4 965, 8 gig ram

Enable debug logging
<<

DenyAll

DLNA master

Posts: 2009

Joined: Fri Mar 08, 2013 11:16 pm

Location: Adelaide, Australia

Post Tue Feb 28, 2017 12:01 pm

Re: Survey Spam

Going to leave to zip to follow up on, but I was able to emulate this (doesn't always occur, so I suspect it may be inconsistent across google caches) by:

  • In Chrome type "google serviio" in the Chrome Address Bar
  • The first entry in the list is:
      Code:
    Apps - Serviio
    serviio.org/apps
    Serviio has a growing ecosystem of related applications. These are maintained mostly by third-party developers and are in no way related to Serviio, other that ...
  • This first entry causes the problem (I didn't try them all but the later entry that refers to serviio.org/ works fine).
I suspect it is the serviio.org/apps listing [page/dns/google cache] that has been hijacked rather than the serviio.org/ site, which would explain why its not being felt universally. Combat Jack and atc98092 - did you notice whether the hijacked listing in google was referring to serviio.org/apps as I experienced.
DenyAll
Panasonic Viera CS610A | Panasonic Viera V20A | Sony PS4 | Sony PS3 | Panasonic DMP-BD79 | Yamaha RX-V500D | iPad | Windows 7 | Serviio 1.8 Pro
WinHelper | MediaInfo

Beta Tester, Moderator
Please do not PM me for support as any solution cannot be shared with others.
<<

atc98092

User avatar

DLNA master

Posts: 1972

Joined: Fri Aug 17, 2012 10:22 pm

Location: Washington (the state)

Post Tue Feb 28, 2017 1:57 pm

Re: Survey Spam

I didn't pay attention to the URL, so can't say. I just tried Google again and it went to the Serviio home page. Definitely strange. I won't say in public what I'd like to happen to these hackers... :evil:
Dan

Panasonic ST30 Plasma, Samsung JU7100 4K TV, Samsung UN24H4500 TV, Sony BDP-S3500, Insignia Roku TV, Roku 2 XS, 4, Ultra and Stick, Yamaha RX-V679 AVR.
Primary server: Intel i5-6400, 8 gig ram, Windows 10 Pro, 18 TB hard drive space | Test server Windows 7 Home Premium, AMD Phenom II X4 965, 8 gig ram

Enable debug logging
<<

Combat Jack

Streaming enthusiast

Posts: 26

Joined: Fri Nov 07, 2014 10:34 pm

Post Wed Mar 01, 2017 5:13 am

Re: Survey Spam

From what I recall I never saw that Serviio APP that you got. I just googled the way you mentioned with "google serviio" in both Firefox and Chrome and that is when I got same result as you.

Normally I get the results shown in the attached image and when I click the "Serviio media server" link I would sometimes get the redirect. Over the next few days I will pay more attention and test it out for you guys. For some reason though I seem to recall a link to the Forums in that list. I see in the screenshot it doesn't have it this time. Odd.



The DNS thing makes sense. It certainly seems to be a middle man thing between Google Searches and when the site is loading.

I used to have Google DNS set up in my router but right now I am using my ISP's DNS servers.

As mentioned before it almost seemed random when you would get redirected. Some days perfectly fine. Sometimes not.
Attachments
Serviio.png
Serviio.png (15.93 KiB) Viewed 350 times
<<

atc98092

User avatar

DLNA master

Posts: 1972

Joined: Fri Aug 17, 2012 10:22 pm

Location: Washington (the state)

Post Wed Mar 01, 2017 2:28 pm

Re: Survey Spam

I have a bookmark to the forums, and even if I need to go to the main Serviio page I just type it in. That's most likely why I've never seen it before. Certainly is being hijacked between Google and the web site.
Dan

Panasonic ST30 Plasma, Samsung JU7100 4K TV, Samsung UN24H4500 TV, Sony BDP-S3500, Insignia Roku TV, Roku 2 XS, 4, Ultra and Stick, Yamaha RX-V679 AVR.
Primary server: Intel i5-6400, 8 gig ram, Windows 10 Pro, 18 TB hard drive space | Test server Windows 7 Home Premium, AMD Phenom II X4 965, 8 gig ram

Enable debug logging
<<

Combat Jack

Streaming enthusiast

Posts: 26

Joined: Fri Nov 07, 2014 10:34 pm

Post Sun Mar 05, 2017 12:00 am

Re: Survey Spam

Just a quick update. Haven't been re-directed for a while now.
<<

chupo_cro

User avatar

Serviio newbie

Posts: 9

Joined: Thu Jan 05, 2017 2:50 pm

Location: Hrvatska

Post Sun Mar 26, 2017 1:08 am

Re: Survey Spam

Combat Jack wrote:
atc98092 wrote:It just doesn't seem to happen with others.


Well that is not exactly true. If you scroll up there is another report of this happening.

Somebody else complained of something similar


This only happens when I Google the Serviio website. Immediately after clicking the results I get the spam survey. There is a new and much worse scam saying that I need to contact Microsoft to unlock my computer. You have to use task manager to shut down Firefox get shut the damn script off.

Most of you probably have the Serviio website bookmarked so you don't use google to search for it each time.

As mentioned before the redirect doesn't happen every time.

I would agree that this could be my end if it happened on other websites to me. It only happens when I visit the Serviio site. This fact is very telling, don't you think?

I can confirm exactly the same. That happaned to me once quite a while ago and today it happened to me again on another computer. When it happened for the first time I searched Google to see if others have the same problem with serviio.org URL and I did find people mentioning the same (I am not sure if it was here on this forum or I found it somewhere else). That happens only when searching Google (my search string was serviio) and then clicking the search result. After closing the malicious site which opens instead of serviio.org and repeating the procedure (search Google for serviio) the next time everything is OK.

I cannot locate the URL where I found the data when it happened to me for the first time but I remember the problem was only with serviio.org and there was even the explanation of the redirection mechanism - someone posted the malicious PHP code responsible for doing the redirection. It was Base64 encoded malicious PHP script checking the $_SERVER['HTTP_REFERER'] and comparing it to the various search engines and URL shortening services so the code does not affect bookmarks. The script also checks for the type of the browser and it checks the cookie so it is not triggered every time but only occasionally. The script and the mechanism was almost exactly the same as described here and according to people who analysed the problem the script was located on serviio.org. Of course, the script can check more parameters so it might be triggered based on the location of the visitor or something else.

I think site administrator(s) should search the server side code for malicious Base64 encoded PHP script that is redirecting visitors arriving from the search engines and forum members might periodically try to open the serviio.org URL by typing serviio in some of the search engines and then clicking on the result - and reporting the redirection details (when it happens).

BTW, by searching for serviio.org infected I got this result (as the third one) which might scare new serviio users.

Furthermore, serviio.org is on the list among 19 hacked sites affected by the malicious script that redirects visitors. Here is the list of those sites. The list was created on May 17, 2016 and I think that was about when I was redirected for the first time.

One more detail - the site to which my browser was redirected a few hours ago was fortunately blocked by my antivirus software. When redirection happened to me for the first time (other PC and other antivirus SW) the site was not blocked.

EDIT:
I just tried the above mentioned procedure (Google --> serviio.org) using the smartphone and I got redirected to some site offering me to install some scam. Then I closed the browser & repeated the procedure and (as expected) on second visit the site opened as it should.
Chupo_cro
<<

zip

User avatar

Serviio developer / Site Admin

Posts: 16254

Joined: Sat Oct 24, 2009 12:24 pm

Location: London, UK

Post Sun Mar 26, 2017 8:07 pm

Re: Survey Spam

Thanks, it should now be cleaned.
<<

chupo_cro

User avatar

Serviio newbie

Posts: 9

Joined: Thu Jan 05, 2017 2:50 pm

Location: Hrvatska

Post Sat Apr 01, 2017 6:38 pm

Re: Survey Spam

zip wrote:Thanks, it should now be cleaned.

Unfortunately the redirection is still happening (or is happening again). I checked an hour ago and after the browser was redirected I mailed a few friends to do the test and two of them already confirmed they were redirected.

I was redirected to best.prizedeal2.info/... URL as described here in this article. As I said, two of my friends already confirmed the redirection happened to them as well - so the cause is not infection of my system.

Just removing the malicious script obvioulsy wasn't enough. There is a possibility some other code regenereates the script or someone (or some process) uses a security hole which was used to upload the script for the first time. If the only action was to just delete the redirecting code then there is nothing to prevent inserting the same code again using the same way as before.
Chupo_cro

Return to General discussion

Who is online

Users browsing this forum: No registered users and 4 guests

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by ST Software for PTF.