Popup ads from www.questionmarket.com?

[MatthewG]

Someone reported ads that popup on our forum that come from www.questionmarket.com.

Has anyone else seen anything like this? It has only been reported once, by one user, at the moment. I am seeing if anyone else has experienced the same issue. The person reported it runs a Mac - so odds of it being malware are very low. We run version 3.6.7 ... and I don't see any critical updates that were needed. Please let me know... sounds fishy, I thought I'd post here.


Thanks -

[Marco van Herwaarden]

Please provide a link to the page (and if needed a test login) where this popup is showing.

[SDB]

Hi Matt

We've just dissabled all external ad networks (apart from adsense) due to this being reported, and no matter what we did, we couldn't stop it.

I would be very interested in any information regarding this.

Simon

[MatthewG]

This is very strange ...

SDB,

What version are you on?

FYI, I did have more reports of other users seeing this. Very very weird, and partly bothersome.

I'm going to do some more investigating. Meanwhile, please let me know if you find anything else... and if anyone can provide some insight into this, it would be greatly appreciated.

Thanks everyone -

I did a database dump and searched for the two types of ads that were reported... I found this:

INSERT INTO `vb3_word` VALUES...(568422,'questionmarket'),(568423,'questi onmarket.com'),

And, INSERT INTO `vb3_word` VALUES ...(568015,'slide-in'),(568016,'&quotsurvey&quot'),(568017,'safecoun t'),(568018,'safecount.net')

The latter, safecount, says it's a survey and it's a slidein ...

Anyone know anything about this vb3_word table? I grepped the code for it and I am trying to see how it's used... it may simply be that people mentioned these words in a post (which they did)... I'm kind of leaning towards that. And two cents appreciated.

I did just confirm vb3_words is the table to assist with searches ... so, I guess that's no insight on what I found. Still looking. Thanks

[Marco van Herwaarden]

To get help on this, you might start by answering the question in post #2.

[SDB]

Marco

This isn't appearing on specific pages from what I can tell.

Matthew

What ad agency code are you using?

We've been using :
valueclick / vcmedia
tribal fusion
adsense
burst

it may be that its one of them spawning a pop up, although we religiously dissable popups in the various control panels.

Any more news?

[MatthewG]

SBD, I'm sorry... I was just told people saw them at http://linuxforums.org/forum/ ... but, I haven't seen them myself. Then it dawned I have adblock ... and even after browsing forums for 30 minutes in Opera, I still didn't see anything.

Thanks!

[SDB]

Matthew

Do you run any of the above ad networks?

I have just dissabled them all apart from adsense.

Simon

[MatthewG]

Hm, where in the admin panel would I see that? Someone else admins this board as well, and I'm not too sure.

I know we don't manually have the slide in ads that we're seeing, so it may be some javascript from something else... if I could only grab the page source when I see it.

Thanks

[SDB]

What I mean is.

Are you serving banner advertising from any of the above ad networks, apart from google adsense?

It may be that this is just malware, which it appears it may be.. but why people on our site should suddenly start reporting it (and many saying it only appears on our site) is confusing.