Login Issues?

[Stosh 3451]

For the past couple of days I have had a message box pop up when I come to this forum site.  It repeatedly pops up every time I go from page to page.

 

...virteq,com is requesting your username and password. WARNING: Your password will not be sent to the website you are currently visiting!

 

Am I the only one getting this?  I was able to circumvent it and log in (which I never logged out of) and am able to post.

 

If no one else has this issue, then I know it's my machine.  Otherwise, has there been a login procedure change?  This looks suspicious, but it only pops up with this website.

Edited March 16, 2017 by RememberSchiff
Removed link

[qwazse 4302]

You're not alone.

I got the same prompt. Skipped it. Logged in the usual way.

[Col. Flagg 909]

Looks like a hack of some sort. I am not seeing it when I log in here but you'd have to check a few places to see if this is 1) a server-based hack or 2) a trojan that a few of you have picked up.
 
The company info is here. It does not say what the company does but their old FB page says they are a "forum software skinning and web hosting company."

 

My Guess: The forum software uses one of their skins. There must be a code in the skin that either got hacked or is purposely pulling UID and PW information. Try another skin or theme and see if your problem persists. Above all do not put your information in to that pop up.

[Stosh 3451]

Okay, I figured it for some sort of scam.  Now I just have to figure out how to get rid of it.  If it was just me, no problem, but if others were affected, then I wanted everyone to have a head up on it.  DO NOT PUT YOUR ID AND PASSWORD INTO THE POPUP!

[Stosh 3451]

Switched to a different browser and the popups go away.  I was using FireFox, so I'm thinking it's got something to do with FireFox.  I can't get to the settings either in Scouter.com or FireFox.  Hacked pretty good.  Scouter.com system icon defaults to Search instead.

[RememberSchiff 3489]

Still collecting data. I have not seen the problem with Chrome. I have with Firefox sporadically, but only if I am not logged in.

 

As stated, do not enter any info in this pop-up, close it, Log in as usual.

[Stosh 3451]

I am using Avast SafeZone browser and don't see the popup.

[NJCubScouter 1389]

Yes, DO NOT TELL STRANGE WINDOWS YOUR PASSWORD.

 

The regular sign-in procedures for the forum still work, so I have to conclude that they have not changed.

 

I have a suspicion that this is a bug as opposed to being malicious, but of course I could be wrong.

 

I have been getting it on my tablet (Safari browser) but not on my laptop (Chrome). I just hit Cancel and it goes away. It is irritating though.

 

I will write to Terry now to see if he can make it go away.

[Col. Flagg 909]

I'd be interested to see which "skins" or themes people are using when they see this. I have yet to see it on either iPad, iPhone, Galaxy, Chrome or IE.

 

I am using the theme IP.Board if that helps.

[RememberSchiff 3489]

On Firefox, I use the default appearance and have seen this popup.

[RememberSchiff 3489]

It is server side js, please inform Terry

 

homepage references window.IPBoard as Col. Flag mentioned.

 

view-source:http://scouter.com/public/style_images/bulletin/ips.mcr.js

Edited March 16, 2017 by RememberSchiff

[NJCubScouter 1389]

I had forgotten about all this "theme" stuff, but I just found the link again and reset the theme (on my iPad) to IP.Board, and the virteq thing went away.  My theme on Chrome (on my laptop) is still "Bulletin" but it doesn't affect my laptop. 

[NJCubScouter 1389]

Spoke too soon.  Actually what happened was the theme on my iPad (Safari) changed itself back to Bulletin without me telling it to, and the virteq thing showed up again.  I am sure there is a reason for this, but I have no idea what it is.

[Back Pack 431]

Cache.

[MattR 2654]

DO NOT supply login info to the virteq popup.

 

I am running firefox, cleared my cache, and still get this. I tried it on chrome and there are no issues.

 

I poked around. Something was hacked. It's not this forum but this forum uses default themes and one of those has been hacked.

 

Try going to the bottom of the page (this forum) and hit the Change Theme button. You'll get some choices. Pick something else. I tried haze. The display will be strange but then try another page. it all gets back to normal and the silly pop up goes away. At least it did in the other window.

 

update: the default theme is bulletin. That one seems to have the problems. I changed it to ip board and that's okay. All the others seem to be okay.

 

another update: Other sites using this sw are having this problem. I found this (for Terry):

 

The site skin has:

1. http://virteq.com/profile_picture.png

Buried all over the place as a branding of some sort.  Their site is whacked, now asking for authorization to access it, so when the URL is called, you get the authentication dialog.

 

You need to strip that out of all of the CSS to make the dialog disappear, or do a local DNS redirect to dead-end it someplace.

 

I removed the offending code.  Tested on Edge and do not see the popup anymore.

The code was a Javascript for embedding the skin creator's logo and name (for credit).

If anyone sees similar popups anywhere, please respond to this topic and I'll remove it.

I'll be looking through the code to see if I can find it anywhere else, but I only found one place in a global template, which I removed.

 

I'm guessing their site got compromised or they implemented some new authorization scheme that extended to all external references.

Any site using their skins (not just this site, nor just this skin of theirs) will be impacted by whatever they did.

 

Again, just to repeat, the skin was a verified one to use for this software.  There was no hacking of this site.

Edited March 17, 2017 by MattR