Jump to content

Recommended Posts

For the past couple of days I have had a message box pop up when I come to this forum site.  It repeatedly pops up every time I go from page to page.

 

...virteq,com is requesting your username and password. WARNING: Your password will not be sent to the website you are currently visiting!

 

Am I the only one getting this?  I was able to circumvent it and log in (which I never logged out of) and am able to post.

 

If no one else has this issue, then I know it's my machine.  Otherwise, has there been a login procedure change?  This looks suspicious, but it only pops up with this website.

Edited by RememberSchiff
Removed link
  • Upvote 1
Link to post
Share on other sites

Looks like a hack of some sort. I am not seeing it when I log in here but you'd have to check a few places to see if this is 1) a server-based hack or 2) a trojan that a few of you have picked up.
 
The company info is here. It does not say what the company does but their old FB page says they are a "forum software skinning and web hosting company."

 

My Guess: The forum software uses one of their skins. There must be a code in the skin that either got hacked or is purposely pulling UID and PW information. Try another skin or theme and see if your problem persists. Above all do not put your information in to that pop up.

Link to post
Share on other sites

Okay, I figured it for some sort of scam.  Now I just have to figure out how to get rid of it.  If it was just me, no problem, but if others were affected, then I wanted everyone to have a head up on it.  DO NOT PUT YOUR ID AND PASSWORD INTO THE POPUP!

  • Upvote 1
Link to post
Share on other sites

Switched to a different browser and the popups go away.  I was using FireFox, so I'm thinking it's got something to do with FireFox.  I can't get to the settings either in Scouter.com or FireFox.  Hacked pretty good.  Scouter.com system icon defaults to Search instead.

Link to post
Share on other sites

Yes, DO NOT TELL STRANGE WINDOWS YOUR PASSWORD.

 

The regular sign-in procedures for the forum still work, so I have to conclude that they have not changed.

 

I have a suspicion that this is a bug as opposed to being malicious, but of course I could be wrong.

 

I have been getting it on my tablet (Safari browser) but not on my laptop (Chrome). I just hit Cancel and it goes away. It is irritating though.

 

I will write to Terry now to see if he can make it go away.

  • Upvote 1
Link to post
Share on other sites

I had forgotten about all this "theme" stuff, but I just found the link again and reset the theme (on my iPad) to IP.Board, and the virteq thing went away.  My theme on Chrome (on my laptop) is still "Bulletin" but it doesn't affect my laptop. 

Link to post
Share on other sites

Spoke too soon.  Actually what happened was the theme on my iPad (Safari) changed itself back to Bulletin without me telling it to, and the virteq thing showed up again.  I am sure there is a reason for this, but I have no idea what it is.

Link to post
Share on other sites

DO NOT supply login info to the virteq popup.

 

I am running firefox, cleared my cache, and still get this. I tried it on chrome and there are no issues.

 

I poked around. Something was hacked. It's not this forum but this forum uses default themes and one of those has been hacked.

 

Try going to the bottom of the page (this forum) and hit the Change Theme button. You'll get some choices. Pick something else. I tried haze. The display will be strange but then try another page. it all gets back to normal and the silly pop up goes away. At least it did in the other window.

 

update: the default theme is bulletin. That one seems to have the problems. I changed it to ip board and that's okay. All the others seem to be okay.

 

another update: Other sites using this sw are having this problem. I found this (for Terry):

 

The site skin has:

  1. http://virteq.com/profile_picture.png

Buried all over the place as a branding of some sort.  Their site is whacked, now asking for authorization to access it, so when the URL is called, you get the authentication dialog.

 

You need to strip that out of all of the CSS to make the dialog disappear, or do a local DNS redirect to dead-end it someplace.

 

I removed the offending code.  Tested on Edge and do not see the popup anymore.

The code was a Javascript for embedding the skin creator's logo and name (for credit).

If anyone sees similar popups anywhere, please respond to this topic and I'll remove it.

I'll be looking through the code to see if I can find it anywhere else, but I only found one place in a global template, which I removed.

 

I'm guessing their site got compromised or they implemented some new authorization scheme that extended to all external references.

Any site using their skins (not just this site, nor just this skin of theirs) will be impacted by whatever they did.

 

Again, just to repeat, the skin was a verified one to use for this software.  There was no hacking of this site.

Edited by MattR
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...