SPAM Redirect from WordAds unit

alexplive · Member · Mar 23, 2018 at 12:48 am
Copy link

Add topic to favorites
Hi,
I am writing to report a very serious security problem with your ad units that create a redirect to suspicious sites (this only happens in the “mobile” version of the website).

Since it is also an HTTP link (and not HTTPS like all the contents of the two websites) Firefox and Chrome browser (for mobile) indicate that the website is not secure … and in fact browsing the pages of the website from smartphones, appear these automatic redirects towards suspicious sites.

The problem disappears by disabling the plugin and WordAds ad units and reappears as soon as the ad units return online.

They are fraudulent links in your ad units. Are there security checks on your ad units?

Here a screenshot of the page in which you are redirected > https://imgur.com/a/beX6R

One of the destination links is this:
http://h6n.win/lp/f07e6f68-cf74-48f1-a929-4440d4783d8e/?country=Italy&os=Android&uid=3&city=&isp=Telecom+Italia+Mobile&ip=176.200.80.216&parm2=0&parm5=www.mvnonews.com&parm3=pubmatic_bidder_EU&parm4=109449524&code=IT&cid=540&model=Smartphone&brand=Generic&aclid=&clk=204789585&language=it&fid=2717&pid=167&parm1=liquidm#T

Please solve this great security problem that I found on two of my websites and also in others that are not owned by me but that use your advertising units.

If a solution is not found, I will be forced to disable the plugin and ad units on all the websites that i manage. I hope in your feedback … thanks

The blog I need help with is: (visible only to logged in users)
alexplive · Member · Mar 23, 2018 at 9:40 am
Copy link
More information:

– the problem occurs only on smartphones and only with mobile connection (with WiFi the problem does not appear), probably to activate unsolicited services with your telephone provider (as happened to two users)
– the problem don’t appear on pc/desktop
– the problem don’t appear browsing from iPhone (iPhone 6S – latest version of iOS) with Safari or Firefox
– Firefox and Chrome browser for Android when the problem appears, they report the website as not totally safe

I continue to reiterate that this is a serious problem with WordAds and for which you should take action as soon as possible…
htmacao · Member · Mar 23, 2018 at 11:01 am
Copy link
I have the same problem. It happens only with mobile traffic and not every cellphone or provider. Is it possible to do something about it?
raptorpersecutionscotland · Member · Mar 23, 2018 at 12:17 pm
Copy link
I have the same problem. Blog readers complaining of pop-up ads linking to suspicious sites.

Anything you can do, please?

My blog: https://raptorpersecutionscotland.wordpress.com/
staff-zinnia · Staff · Mar 23, 2018 at 5:11 pm
Copy link
Hi Everyone –

I’m following up on the Modlook tag here. Please share the following details in your next replies so I can try to investigate further.

1. Screen shot of ads in question

2. Which browsers are in use

3. What the ads are for

4. If it occurs on mobile or on computer
alexplive · Member · Mar 23, 2018 at 5:42 pm
Copy link
All information already reported in my previous post:

1. Screenshot ads > https://imgur.com/a/OtJGy
Attention: the redirect starts without clicking on any banner/ads, but simply browsing the website

2. Mobile browser tested: Firefox – Chrome – EDGE on Android.
When the problem occurs, Firefox and Chrome report “unsafe connection” (even if the website is in HTTPS).

3. One of the destination links is this:
http://h6n.win/lp/f07e6f68-cf74-48f1-a929-4440d4783d8e/?country=Italy&os=Android&uid=3&city=&isp=Telecom+Italia+Mobile&ip=176.200.80.216&parm2=0&parm5=www.mvnonews.com&parm3=pubmatic_bidder_EU&parm4=109449524&code=IT&cid=540&model=Smartphone&brand=Generic&aclid=&clk=204789585&language=it&fid=2717&pid=167&parm1=liquidm#T

Screenshot: https://imgur.com/a/beX6R

4. Only on smartphones and only with mobile connection (with WiFi the problem does not appear), probably to activate unsolicited services with your telephone provider.

Some of your advertisers are probably playing dirty … inserting malicious code in the ads unit.
alexplive · Member · Mar 25, 2018 at 8:14 pm
Copy link
No update ??
timethief · Member · Mar 25, 2018 at 8:22 pm
Copy link
Not as yet. Please be patient while waiting.
alexplive · Member · Mar 25, 2018 at 8:53 pm
Copy link
Thanks Timethief.

I also report this warning from the support forum of AdControl plugin (WordAds). Even in the past, the problem it had been reported from other users

1. https://wordpress.org/support/topic/insecure-content-on-https-sites/
2. https://wordpress.org/support/topic/contain-malware/

We hope you can resolve as soon as possible.
jeherve · Staff · Mar 26, 2018 at 10:18 am
Copy link
Hi everyone!

Good news, we found the provider that added those ads. The ads have now been removed from WordAds. This should not happen again.

Thank you all for the reports!

If you do see other malicious ads again in the future, don’t hesitate to let us know, by providing us with the following details:
1. Screen shot of ads in question
2. Which browsers are in use
3. What the ads are for
4. If it occurs on mobile or on computer
Thank you.
alexplive · Member · Mar 26, 2018 at 10:33 am
Copy link
Thank you very much!
htmacao · Member · Mar 26, 2018 at 10:48 am
Copy link
my websistes also seem to be ok now, and the https lock appears also on mobile whilst it happened on desktop only before. Well done.

NOw we will vigil in order not to see it happen again
alexplive · Member · Mar 27, 2018 at 5:37 pm
Copy link
The problem has recurred on the same websites…

Sure that you have intervened on the advertiser? Because the problem is the same. All this is really disheartening.

Please resolve this problem or I have to disable the plugin and Wordads
htmacao · Member · Mar 27, 2018 at 6:35 pm
Copy link
same for me, and the curious thing is that the malicoius ad seems absolutely identical to the previous one
jeherve · Staff · Mar 28, 2018 at 8:53 am
Copy link
Thank you both for letting me know. I’ll let our Ads team know, and we’ll see about getting this fixed again.

I’ll let you know as soon as I have some news!
alexplive · Member · Mar 28, 2018 at 11:28 am
Copy link
Thank you Jeherve,
we await your updating and we hope the final resolution of the problem.
alexplive · Member · Mar 28, 2018 at 11:31 am
Copy link
p.s. these are the links that are generated (the first redirect to the second…)

1. http://w4-tracking.com/go/?aclid=&cid=519&pid=0&parm5=www.mvnonews.com&parm4=109449524&parm3=pubmatic_bidder_EU&parm2=0&parm1=liquidm

2. http://h6n.win/lp/f07e6f68-cf74-48f1-a929-4440d4783d8e/?fid=2617&parm1=liquidm&aclid=&model=Smartphone&country=Italy&parm3=pubmatic_bidder_EU&parm4=109449524&clk=225868568&cid=519&city=San+Martino&brand=Generic&isp=Vodafone+Omnitel+B.V.&pid=167&uid=3&code=IT&os=Android&parm5=www.mvnonews.com&parm2=0&ip=5.90.47.214&language=it#T
alexplive · Member · Mar 31, 2018 at 2:36 pm
Copy link
No update?
staff-zinnia · Staff · Mar 31, 2018 at 4:47 pm
Copy link
Hi –

I’m following up for Jeremy here. We haven’t heard back from the Ads team yet, but once we do I will be in touch. Thanks in advance for your patience.
alexplive · Member · Apr 11, 2018 at 10:39 pm
Copy link
The problem persists and many people are reporting redirects to malicious sites again. This is a very serious problem, is it possible that you can not solve it?

No items found.