Stosh 3451 Posted March 16, 2017 Share Posted March 16, 2017 (edited) For the past couple of days I have had a message box pop up when I come to this forum site. It repeatedly pops up every time I go from page to page. ...virteq,com is requesting your username and password. WARNING: Your password will not be sent to the website you are currently visiting! Am I the only one getting this? I was able to circumvent it and log in (which I never logged out of) and am able to post. If no one else has this issue, then I know it's my machine. Otherwise, has there been a login procedure change? This looks suspicious, but it only pops up with this website. Edited March 16, 2017 by RememberSchiff Removed link 1 Link to post Share on other sites
qwazse 4302 Posted March 16, 2017 Share Posted March 16, 2017 You're not alone. I got the same prompt. Skipped it. Logged in the usual way. Link to post Share on other sites
Col. Flagg 909 Posted March 16, 2017 Share Posted March 16, 2017 Looks like a hack of some sort. I am not seeing it when I log in here but you'd have to check a few places to see if this is 1) a server-based hack or 2) a trojan that a few of you have picked up. The company info is here. It does not say what the company does but their old FB page says they are a "forum software skinning and web hosting company." My Guess: The forum software uses one of their skins. There must be a code in the skin that either got hacked or is purposely pulling UID and PW information. Try another skin or theme and see if your problem persists. Above all do not put your information in to that pop up. Link to post Share on other sites
Stosh 3451 Posted March 16, 2017 Author Share Posted March 16, 2017 Okay, I figured it for some sort of scam. Now I just have to figure out how to get rid of it. If it was just me, no problem, but if others were affected, then I wanted everyone to have a head up on it. DO NOT PUT YOUR ID AND PASSWORD INTO THE POPUP! 1 Link to post Share on other sites
Stosh 3451 Posted March 16, 2017 Author Share Posted March 16, 2017 Switched to a different browser and the popups go away. I was using FireFox, so I'm thinking it's got something to do with FireFox. I can't get to the settings either in Scouter.com or FireFox. Hacked pretty good. Scouter.com system icon defaults to Search instead. Link to post Share on other sites
RememberSchiff 3489 Posted March 16, 2017 Share Posted March 16, 2017 Still collecting data. I have not seen the problem with Chrome. I have with Firefox sporadically, but only if I am not logged in. As stated, do not enter any info in this pop-up, close it, Log in as usual. Link to post Share on other sites
Stosh 3451 Posted March 16, 2017 Author Share Posted March 16, 2017 I am using Avast SafeZone browser and don't see the popup. 1 Link to post Share on other sites
NJCubScouter 1389 Posted March 16, 2017 Share Posted March 16, 2017 Yes, DO NOT TELL STRANGE WINDOWS YOUR PASSWORD. The regular sign-in procedures for the forum still work, so I have to conclude that they have not changed. I have a suspicion that this is a bug as opposed to being malicious, but of course I could be wrong. I have been getting it on my tablet (Safari browser) but not on my laptop (Chrome). I just hit Cancel and it goes away. It is irritating though. I will write to Terry now to see if he can make it go away. 1 Link to post Share on other sites
Col. Flagg 909 Posted March 16, 2017 Share Posted March 16, 2017 I'd be interested to see which "skins" or themes people are using when they see this. I have yet to see it on either iPad, iPhone, Galaxy, Chrome or IE. I am using the theme IP.Board if that helps. 1 Link to post Share on other sites
RememberSchiff 3489 Posted March 16, 2017 Share Posted March 16, 2017 On Firefox, I use the default appearance and have seen this popup. Link to post Share on other sites
RememberSchiff 3489 Posted March 16, 2017 Share Posted March 16, 2017 (edited) It is server side js, please inform Terry homepage references window.IPBoard as Col. Flag mentioned. view-source:http://scouter.com/public/style_images/bulletin/ips.mcr.js Edited March 16, 2017 by RememberSchiff 1 Link to post Share on other sites
NJCubScouter 1389 Posted March 16, 2017 Share Posted March 16, 2017 I had forgotten about all this "theme" stuff, but I just found the link again and reset the theme (on my iPad) to IP.Board, and the virteq thing went away. My theme on Chrome (on my laptop) is still "Bulletin" but it doesn't affect my laptop. Link to post Share on other sites
NJCubScouter 1389 Posted March 16, 2017 Share Posted March 16, 2017 Spoke too soon. Actually what happened was the theme on my iPad (Safari) changed itself back to Bulletin without me telling it to, and the virteq thing showed up again. I am sure there is a reason for this, but I have no idea what it is. Link to post Share on other sites
Back Pack 431 Posted March 17, 2017 Share Posted March 17, 2017 Cache. Link to post Share on other sites
MattR 2654 Posted March 17, 2017 Share Posted March 17, 2017 (edited) DO NOT supply login info to the virteq popup. I am running firefox, cleared my cache, and still get this. I tried it on chrome and there are no issues. I poked around. Something was hacked. It's not this forum but this forum uses default themes and one of those has been hacked. Try going to the bottom of the page (this forum) and hit the Change Theme button. You'll get some choices. Pick something else. I tried haze. The display will be strange but then try another page. it all gets back to normal and the silly pop up goes away. At least it did in the other window. update: the default theme is bulletin. That one seems to have the problems. I changed it to ip board and that's okay. All the others seem to be okay. another update: Other sites using this sw are having this problem. I found this (for Terry): The site skin has: http://virteq.com/profile_picture.png Buried all over the place as a branding of some sort. Their site is whacked, now asking for authorization to access it, so when the URL is called, you get the authentication dialog. You need to strip that out of all of the CSS to make the dialog disappear, or do a local DNS redirect to dead-end it someplace. I removed the offending code. Tested on Edge and do not see the popup anymore. The code was a Javascript for embedding the skin creator's logo and name (for credit). If anyone sees similar popups anywhere, please respond to this topic and I'll remove it. I'll be looking through the code to see if I can find it anywhere else, but I only found one place in a global template, which I removed. I'm guessing their site got compromised or they implemented some new authorization scheme that extended to all external references. Any site using their skins (not just this site, nor just this skin of theirs) will be impacted by whatever they did. Again, just to repeat, the skin was a verified one to use for this software. There was no hacking of this site. Edited March 17, 2017 by MattR Link to post Share on other sites
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now