Related
There seems to be a virus in the ads for xda, Kaspersky picks it up whenever i load any of the xda pages:
4/24/2010 9:00:29 AM Denied: HEUR:Trojan.Script.Iframer //tag.admeld.com/ad/iframe/219/xdadevelopers/728x90/ros?t=1272114028927&tz=240&hu=&ht=js&hp=0&url=http%3A%2F%2Fforum.xda-developers.com%2Fforumdisplay.php%3Ff%3D263&refer=Firefox
It could be a false postive but I'm just letting you know what it shows.
chumatha87 said:
There seems to be a virus in the ads for xda, Kaspersky picks it up whenever i load any of the xda pages:
4/24/2010 9:00:29 AM Denied: HEUR:Trojan.Script.Iframer //tag.admeld.com/ad/iframe/219/xdadevelopers/728x90/ros?t=1272114028927&tz=240&hu=&ht=js&hp=0&url=http%3A%2F%2Fforum.xda-developers.com%2Fforumdisplay.php%3Ff%3D263&refer=Firefox
It could be a false postive but I'm just letting you know what it shows.
Click to expand...
Click to collapse
ok, checked this myself as have a few other mods and we get no such warnings. I suspect it must be something else you have
not necessarily, depends on the distribution algorithm of the ads you have...
Fallen Spartan said:
ok, checked this myself as have a few other mods and we get no such warnings. I suspect it must be something else you have
Click to expand...
Click to collapse
Same here no such issues also if was XDA side with 8000 people on @ time would expect more than one user with the issue mentioned since Kaspersky is a well used AV product "mind you not my flavour"
OP scan computer, also worth running malwarebytes it's free.
Make that 2 users ... saw it myself last night and had to clean it. Then it was gone. Suggest purging site cache once just to make sure. Not sure if it was an add or one of the forum pages.
ROCOAFZ said:
Make that 2 users ... saw it myself last night and had to clean it. Then it was gone. Suggest purging site cache once just to make sure. Not sure if it was an add or one of the forum pages.
Click to expand...
Click to collapse
Can you remember which ad you clicked on or give us any more info so we can investigate?
PPCGeeks has been having a similar issue reported by some users.
Sometimes IE will report it as unsafe and sometimes their A/V will come up with a warning.
Seems to be an issue with some of the AdSense ads. Hopefully Google will fix it soon.
I still think it's humorous that my Kaspersky Internet Security 2010 blocks all of the Mobile Speed Test signatures, because it thinks the Mobile Speed Test website is a huge fail or something.
Hey guys
I've been noticing this over the last few weeks, and thought I'd throw it out there.
Whenever I visit a forum/thread on xda-developers.com, the page never loads completely. It just sits there reading data from somewhere (Not static, changes.)
Some of the sites I've seen it reading from are:
media.xda-developers.com
ping.crowdscience.com
cdn.eyewonder.com
Looks like it's something to do with ads. Not much of a problem, but thought you might like to be made aware.
The stop button on the browser isn't there for nothing
Herpderp Galaxy Ace.
Never had this problem
Try with an adblock?
Max. (From my Galaxy 2)
EmoBoiix3: This is what I'm doing. It's obviously something that is incorrect on the site though, and thought the admins would like to be advised so they can address it.
Jinsuke32: Which Browser do you use? I get it with Firefox both at home and work, so it can't be just my PC.
MacaronyMax: I have it installed but xda is on the list of exclusions. Support those who support you and what not
Can't say I have seen this either running FF on windows 7 ultimate.
There's nothing they can do about the ad content. If it takes forever to load then it takes forever to load, and that's it I'm afraid.
I recently added some social media links to a bunch of commercial websites and they all started doing the same thing. As soon as I removed the social media links the sites worked fine, so I've stopped using 3rd party stuff as much as possible.
Other than blocking the ads there's no answer to this, unless XDA removes the advertising
No ad blocking for me, running chrome, and I do not have this 'feature'/'issue'.
Hi - My internet browser is Firefox, and I have been using NoScript for years.
There is only one website that causes me constant problems when browsing: XDA Developers.
I use NoScript constantly with a lot of stuff disabled by default: Everything Facebook is always disabled, along with doubleclick and a bunch of other tracking websites.
With NoScript on, the XDA screen is constantly jumping around, with various websites constantly trying to refresh about twice a second. It is so jumpy with embedded websites continuously refreshing, that I can't even control NoScript well enough to enable whatever disabled website(s) are causing the problem.
I wouldn't be frustrated if this happened to me all the time, but XDA is the only website I see this problem on. I would expect a high-tech developer website like XDA to have less problems instead of more problems.
Sigh. I wish somebody at XDA could fix this.
¿GJ?
NoScript has a whitelist feature. If you don't want to use it, you can't expect it to be "fixed" (actually, modified to fit your needs would be a better choice of words) anytime soon, as the forums (and many other forums, in general) rely rather heavily on scripts.
I personally have XDA added to my whitelist.
As for the refreshes, did you make sure it's not another add-on that's conflicting? Start FF in safe mode and check if the issue persists.
Don't know if this helps, but I just tested XDA with NoScript without any issues.
That being said, a lot of features rely on JavaScript, so no guarantee what would happen if you only turned on some of them.
Huh.. I use NS on FF, and have seen no issues. To be sure it is NS, have you told it to temporarily allow all, and see if that fixes it? It could certainly be another issue..
What he could be speaking of is the portal constant refreshing (not on the forum), which also occurs on my differents computers with NS (with xda on whitelist).
For me, everytime I scroll on the portal main page, it refresh itself.
It's weird - Something changed between yesterday and today. Yesterday, this page wouldn't sit still until I was able to do enough "Temporarily allow all this page" button presses (about 5 or 6) to get the page finally stabilized.
Now, everything was stable when I entered XDA with the same "allow" list I had yesterday.
I'm not a big fan of "White List"ing sites, since so many sites have Facebook embedded in them (amongst many other tracking sites I don't like). Ever since Facebook violated my privacy and sucked up my personal contact information without my explicit approval, I ... ...
... well, let's just say I won't "Like" Facebook.
I appreciate the feedback from y'all, and I wish I knew what changed.
Thanks!
¿GJ?
bitpushr said:
Don't know if this helps, but I just tested XDA with NoScript without any issues.
That being said, a lot of features rely on JavaScript, so no guarantee what would happen if you only turned on some of them.
Click to expand...
Click to collapse
Divine_Madcat said:
Huh.. I use NS on FF, and have seen no issues. To be sure it is NS, have you told it to temporarily allow all, and see if that fixes it? It could certainly be another issue..
Click to expand...
Click to collapse
Some forum features won't work: dropdown menus (e.g. "Go to Page" next to the page numbers, "Quick Links", "Rate thread") search boxes not being cleared automatically when you click them, username/device completion in search boxes or using the new mention feature, share buttons (they won't show how many times X got shared), etc. The WIYIWYG editor obviously doesn't work as well.
The portal's layout is a bit messed up, too.
It's all fixed by adding xda-developers.com to the whitelist. I think you both already have it added (I removed it for testing), which is what you're supposed to do for websites you trust anyway.
---------- Post added at 12:01 PM ---------- Previous post was at 11:53 AM ----------
¿GotJazz? said:
It's weird - Something changed between yesterday and today. Yesterday, this page wouldn't sit still until I was able to do enough "Temporarily allow all this page" button presses (about 5 or 6) to get the page finally stabilized.
Now, everything was stable when I entered XDA with the same "allow" list I had yesterday.
I'm not a big fan of "White List"ing sites, since so many sites have Facebook embedded in them (amongst many other tracking sites I don't like). Ever since Facebook violated my privacy and sucked up my personal contact information without my explicit approval, I ... ...
... well, let's just say I won't "Like" Facebook.
I appreciate the feedback from y'all, and I wish I knew what changed.
Thanks!
¿GJ?
Click to expand...
Click to collapse
I would suggest using something that will block them on all websites, then. You can probably do it using NoScript's advanced filtering options, but I personally already use AdBlock Plus, and there's a neat list you can subscribe to that will block all those buttons. Get the "Annoyance Block List" from here.
¿GotJazz? said:
It's weird - Something changed between yesterday and today. Yesterday, this page wouldn't sit still until I was able to do enough "Temporarily allow all this page" button presses (about 5 or 6) to get the page finally stabilized.
Now, everything was stable when I entered XDA with the same "allow" list I had yesterday.
I'm not a big fan of "White List"ing sites, since so many sites have Facebook embedded in them (amongst many other tracking sites I don't like). Ever since Facebook violated my privacy and sucked up my personal contact information without my explicit approval, I ... ...
... well, let's just say I won't "Like" Facebook.
I appreciate the feedback from y'all, and I wish I knew what changed.
Thanks!
¿GJ?
Click to expand...
Click to collapse
I have the opposite problem it seems, in that if I white-list the site then quite often one of the scripts goes haywire
and refreshes the page repeatedly for several refreshes or until the server complains with an error message about being overloaded.
It has been suggested to me that this may be a 2013 theme problem, so I'm trying the 2010 one for a few days to see if that fixes it.
Nameless One said:
I have the opposite problem it seems, in that if I white-list the site then quite often one of the scripts goes haywire
and refreshes the page repeatedly for several refreshes or until the server complains with an error message about being overloaded.
It has been suggested to me that this may be a 2013 theme problem, so I'm trying the 2010 one for a few days to see if that fixes it.
Click to expand...
Click to collapse
@Nameless One: Yes, I've been seeing the "Server Overloaded" error message as well. I wasn't sure if it was NoScript related, though I was beginning to suspect it. I would open the same XDA pages in IE or Chrome without any problem, but see the "Overloaded" error only with Firefox. Usually (but, not always), temporarily enabling all sites fixed that problem for me.
¿GJ?
I have the same constant refresh problem.
The site only works if I set noscript to allow everything globally or if I use IE (ouch).
It feels to me this site is overburdened with ad/tracking scripts and blocking them forces the site to break (admins anti block?).
I will try the 2010 theme idea and report back, also I do have the main domain whitelisted.
--edit--
2010 theme fixes it, so I guess a 2013 theme issue.
Yep - Dumped the 2013 Theme and went back to 2010 Theme.
Everything's groovy now.
¿GJ?
¿GotJazz? said:
Yep - Dumped the 2013 Theme and went back to 2010 Theme.
Everything's groovy now.
¿GJ?
Click to expand...
Click to collapse
2013 relies heavily on javascript so I imagine that is why you are having some issues. 2010 uses it much less but you may still see some issues relating to Javascript being blocked, such as menus not working and that sort of thing.
xda-developers.com is listed as one of the sites affected by the heartbleed bug, but testing tool now shows no vulnerability. A quick search shows no
Why aren't you bragging about patching this bug and how awesome you are at protecting our data?
At the very least, a notice about what's being done to protect xda and how it affects users would be much appreciated.
dstarfire said:
xda-developers.com is listed as one of the sites affected by the heartbleed bug, but testing tool now shows no vulnerability. A quick search shows no
Why aren't you bragging about patching this bug and how awesome you are at protecting our data?
At the very least, a notice about what's being done to protect xda and how it affects users would be much appreciated.
Click to expand...
Click to collapse
I'm curious what site it was listed on?
Just for anyone who is interested...
As soon as the severity of the flaw was clear, we began updating our machines. Some services use pre-built packages and others use custom-compiled software (using the flawed openssl version). We updated all of our services within 30 minutes or so.
The forum.xda-developers.com hostname uses a 3rd party service who was still vulnerable to heartbeat after we patched our internal services. We opened a ticket with them - I'm sure by that point they were aware of the issue and a fix was already in the works. About an hour after that they had patched their services.
This is definitely one of the worst security flaws in the history of the internet - you pretty much have to assume that any communications thought protected by https have been compromised unless there were other protections in addition to SSL.
https://github.com/musalbas/heartbleed-masstest/blob/master/top1000.txt
please patch asap
Isriam said:
https://github.com/musalbas/heartbleed-masstest/blob/master/top1000.txt
please patch asap
Click to expand...
Click to collapse
That list is old... see my statement above.
thats fine, but just so you know that link is posted on front page msn.com under heartbleed headlines.
Isriam said:
thats fine, but just so you know that link is posted on front page msn.com under heartbleed headlines.
Click to expand...
Click to collapse
Sure, but not too much I can do about old information.
The link loriam posted is the one I found xda mentioned on. However, before I posted, I also checked a live testing website that showed xda as safe.
If anybody is interested, the url for that site is filippo.io/Heartbleed/
Unless there is updated information that I was unable to see, your SSL certificate is showing as being from 7 months ago. Shouldn't it be updated since that was part of the information that was vulnerable to Heartbleed?
Are there any plans to replace and revoke the SSL certificates that were on the vulnerable servers? Since there are no logs it is impossible to know if anyone was able to obtain the private key for these certificates, and until revoked xda remains vulnerable to stealth MITM attacks.
wto605 said:
Are there any plans to replace and revoke the SSL certificates that were on the vulnerable servers? Since there are no logs it is impossible to know if anyone was able to obtain the private key for these certificates, and until revoked xda remains vulnerable to stealth MITM attacks.
Click to expand...
Click to collapse
New certs are in process... the CA's are a bit backlogged.
We are vulnerable to stealth MITM attacks only if someone has recorder/intercepted our traffic, and also if someone was able to decode our private key. Of which both are unlikely (but possible). So while we do work to replace our certs, the priority is "hey, we are doing this" and not "hey, let's shut down our ssl services."
bitpushr said:
New certs are in process... the CA's are a bit backlogged.
We are vulnerable to stealth MITM attacks only if someone has recorder/intercepted our traffic, and also if someone was able to decode our private key. Of which both are unlikely (but possible). So while we do work to replace our certs, the priority is "hey, we are doing this" and not "hey, let's shut down our ssl services."
Click to expand...
Click to collapse
I totally agree (and believe me I'm hating this crap as much as I'm sure you guys are)... I just wanted to make sure it was in progress as I'm waiting to change my password until then.
Well, I'm glad that you guys are taking the necessary steps to keep your and your users information safe. I feel bad for whoever would try and hack XDA-Developers, because they would probably receive a huge backlash.
Probably bad enough to melt their computer.
Sent from my dictionary.
Some progress in updating androids vulnerable openssl 1.0.1e ? Heartbleed is disabled (for me) but somehow i imagine unwanted changes like from apps etc
Sent from my GT-I9505 using xda app-developers app
GrammarNazi said:
Well, I'm glad that you guys are taking the necessary steps to keep your and your users information safe. I feel bad for whoever would try and hack XDA-Developers, because they would probably receive a huge backlash.
Probably bad enough to melt their computer.
Sent from my dictionary.
Click to expand...
Click to collapse
We would blow up all mobiles they own. Mwahahahah!
Sent from my HTC Explorer A310e using XDA Premium 4 mobile app
Our new SSL certificates are in place.
Glad to hear were safe. Maybe XDA should force all users to change their passwords?? In the security world it's just better off and safer to assume everything was compromised.
Sent from my Galaxy S4 using Tapatalk
bitpushr said:
Our new SSL certificates are in place.
Click to expand...
Click to collapse
Hi bitpushr,
How to use the secured connection when logging in and/or changing password in this forum? I haven't noticed any ssl connection when logging in and/or changing password from the control panel.
Online test for Heartbleed
There are sites that will test for it.
What is wrong with xda-developers.com?
It taskes like more than 15 seconds to load pages.
The delay occured when xda switched to https (At least for me)
Try changing your theme or browser, see if that makes a difference
kuromusha38 said:
What is wrong with xda-developers.com? It taskes like more than 15 seconds to load pages.
Click to expand...
Click to collapse
DSA said:
The delay occured when xda switched to https (At least for me). Try changing your theme or browser, see if that makes a difference
Click to expand...
Click to collapse
I can't state for sure but, in addition to what @DSA had stated...
I think that it does stem from the XDA Server switching to Https but, the advertising as well as other items that the web page loads may be via Http.
If so, then this is what's called "Mixed Content/Mixed Domains" whereas the website loads content not only from the XDA Server but, content from other, outside the XDA Server, URL's using both the Https, Http, and possibly others.
Maybe @bitpushr, @Wood Man or @MikeChannon (or another Admin) can confirm, deny or just state that I've won the "XDA Official Nut Case Award"... LMAO!
~~~~~~~~~~~~~~~
I DO NOT provide support via PM unless asked/requested by myself. PLEASE keep it in the threads where everyone can share.
Ibuprophen said:
I can't state for sure but, in addition to what @DSA had stated...
I think that it does stem from the XDA Server switching to Https but, the advertising as well as other items that the web page loads may be via Http.
If so, then this is what's called "Mixed Content/Mixed Domains" whereas the website loads content not only from the XDA Server but, content from other, outside the XDA Server, URL's using both the Https, Http, and possibly others.
Maybe @bitpushr, @Wood Man or @MikeChannon (or another Admin) can confirm, deny or just state that I've won the "XDA Official Nut Case Award"... LMAO!
~~~~~~~~~~~~~~~
I DO NOT provide support via PM unless asked/requested by myself. PLEASE keep it in the threads where everyone can share.
Click to expand...
Click to collapse
Yup, there are multiple reasons including the ones you mention, but add to that the high volume of Users we have and the ever increasing size of our databases and a highly customized version of vBulletin. We have been aware of load times and it is always a focus for the Server Admins. The site has evolved and been added to with many non standard additions and we're at the limits of vBulletin, but like I say we do always have plans and have done things over time to improve things.
Mike
We monitor load times constantly, usually based on our metrics pages should be loading within 1 or 2 seconds - with the ads there is sometimes a delay of up to 15s for a 'full' page load. Those external assets are mainly out of our control and can be removed by purchasing XDA ad free.
Regarding https - we made this switch over a year ago - there is no noticeable difference in load time based on switching to https. Actually, right after the move to https we were able to upgrade to http2 which allows the browser to load multiple assets in parallel faster and should actually have sped up the site for most people.
As @MikeChannon stated XDA is based on older forum software. At our size it slows down noticably, and in particular if you have a lot of threads/posts, subscriptions and that sort of thing. For logged out users we already cache a ton of things, making the site very fast. We are in the process of rewriting the backend to make this faster for everyone. At present, the first time you load the page after a while we need to cache some user-specific items and this can delay page loading a few seconds.
@bitpushr & @MikeChannon, how does the the loading of XDA via the PC/Android Browser affected when the XDA server is accessed by way of other methods like the Tapatalk website as well as the various Apps too?
I mean the load on the Server Accessing the XDA Server using other methods besides using the traditional xda-developers URL from a browser.
~~~~~~~~~~~~~~~
I DO NOT provide support via PM unless asked/requested by myself. PLEASE keep it in the threads where everyone can share.
Ibuprophen said:
@bitpushr & @MikeChannon, how does the the loading of XDA via the PC/Android Browser affected when the XDA server is accessed by way of other methods like the Tapatalk website as well as the various Apps too?
I mean the load on the Server Accessing the XDA Server using other methods besides using the traditional xda-developers URL from a browser.
~~~~~~~~~~~~~~~
I DO NOT provide support via PM unless asked/requested by myself. PLEASE keep it in the threads where everyone can share.
Click to expand...
Click to collapse
Overall there is no impact, but each method has its own benefits/drawbacks. For example, I know when Tapatalk is first loaded - it loads all forums and is very slow to load.
bitpushr said:
Overall there is no impact, but each method has its own benefits/drawbacks. For example, I know when Tapatalk is first loaded - it loads all forums and is very slow to load.
Click to expand...
Click to collapse
I see...
I wasn't sure of the impact on the server between the Apps and other sources and the typical browser access.
I've got a feeling that a percentage of members/guests accessing the forum via the browser is getting smaller and smaller as more and more members/guests are using Apps and other sources like the Tapatalk website.
Or is this percentage not something that has been looked at much?
~~~~~~~~~~~~~~~
I DO NOT provide support via PM unless asked/requested by myself. PLEASE keep it in the threads where everyone can share.
bitpushr said:
- with the ads there is sometimes a delay of up to 15s for a 'full' page load. Those external assets are mainly out of our control and can be removed by purchasing XDA ad free.
Click to expand...
Click to collapse
So unless we buy ad free, long load times are a thing..
Yeah but I have Ublock installed, so ad shouldn't be an issue then. Still slow