# Url4Short Redirects?



## kevkojak (May 14, 2009)

Every day when I try to log on to RLT I get a redirect to a spammy looking page called url4short.info

It only happens with RLT and it just happens the once - anyone else? Not sure what to do about it, Kaspersky doesn't flag it as suspicious but I'm not too happy with it.


----------



## Davey P (Sep 9, 2010)

I can't help with the technical side of things, but I can say that your problem doesn't happen to me, so it's probably not a forum issue.

I use Chrome for my browser, and Avast for anti-virus, if that helps?


----------



## Odo (Mar 22, 2009)

Nothing like that for me. Have you tried clearing your cache, deleting history etc?

And as suggested perhaps try a different browser.


----------



## Mutley (Apr 17, 2007)

I've been getting the same when I login to the forum using an ipad but not from my laptop. Doesn't appear to happen with any other sites!


----------



## kevkojak (May 14, 2009)

I'm on google chrome as my default browser both at home and work - same issue on both computers.

Not a big deal, I'd just prefer it not to pop up as it's not a site I know.


----------



## Beeks (Sep 28, 2013)

I get it too on both computer and iphone


----------



## kevkojak (May 14, 2009)

Beeks said:


> I get it too on both computer and iphone


Just on RLT?

I'm flummoxed because it doesn't seem to affect anything else...


----------



## Beeks (Sep 28, 2013)

kevkojak said:


> Beeks said:
> 
> 
> > I get it too on both computer and iphone
> ...


Yep just on here, very strange


----------



## pugster (Nov 22, 2004)

I also now get this on my ipad only.


----------



## AbingtonLad (Sep 8, 2008)

I'm getting this redirection once every three or four times I try to access RLT. And the last time it automatically took me off to some pathetic site that then made it difficult to reverse out - 'Do you want to leave?' 'Really' 'Are you sure?" etc...

A little frustrating.


----------



## Who. Me? (Jan 12, 2007)

Ditto - get this a lot, especailly when accessing the forum from my tablet.


----------



## Cheeseboy24 (May 4, 2013)

Ditto, get this too. Have done for the last few months. I access the site from an ipad.

No great issues, I just close down and access again and it working. A minor inconvenience, not a major problem.


----------



## luckywatch (Feb 2, 2013)

Me too! :taz: :taz:


----------



## Timez Own (Oct 19, 2013)

I've had it do that also


----------



## DJH584 (Apr 10, 2013)

Get the same problem when searching for answers on Google and one of the links directs me to this site. Click the link and lo and behold URL4Shorts comes up.

Hit the back button click the link again and I end up here.


----------



## Who. Me? (Jan 12, 2007)

Googled it.

If this is right some dodgy code has found its way in to the forum software....

http://peter.upfold.org.uk/blog/2013/01/15/cleaning-up-the-ip-board-url4short-mess/


----------



## Iceblue (Sep 4, 2013)

I get that I go back on the second a temp I get onto the forum ?


----------



## artistmike (May 13, 2006)

I use a direct link from my own web page now after experiencing the same problem. It's been a problem on this forum server for quite a while now but doesn't seem to have been addressed and may put off potential new members. Shouldn't need too much fixing..


----------



## pugster (Nov 22, 2004)

i still get this on my ipad


----------



## Ventura (Nov 27, 2006)

I get this regularly. I go back and click again and then no probs.


----------



## YouCantHaveTooManyWatches (Nov 28, 2010)

Me too.

I'm sure there is something somewhere on the web server that could be tweaked or a box unchecked or an IIS setting changed that would sort this out(?)


----------



## Raptor (May 1, 2010)

I have this too on my PC but not on my ipad. My avast software flags

it as a dangerous page(can't remember exactly what).

As stated above must be some dodgy code injection.


----------



## oversleep (May 6, 2012)

I am getting this too.. I am using Google Chrome and Wins 7


----------



## sehrgut (Apr 22, 2014)

Bumping this. Especially in light of the zero-day in IE 6-11, this needs to be fixed. It makes TWF a perfect delivery vehicle for exploits like the recent IE zero-day.


----------



## Rotundus (May 7, 2012)

win 7 and chrome here - never had it.


----------



## sehrgut (Apr 22, 2014)

Rotundus, have you ever accessed pages on the site through search engine results? The malware installed specifically targets sessions initiated through a Google referral.


----------



## trackrat (Jan 23, 2012)

Linux Mint & Opera, never had a problem.


----------



## Raptor (May 1, 2010)

Getting the redirect on my ipad now when clicking from a

google search so it's still there.


----------



## sehrgut (Apr 22, 2014)

To those who haven't seen the issue, you'll never see it unless your first visit to the site for a given session (by default 24 hours, though the admins here can set it to whatever they like) is from a Google search.


----------



## PC-Magician (Apr 29, 2013)

I think some people are missing the point, the problem is on the server not locally on a forum members PC


----------



## brooksy (Nov 26, 2008)

Still suffering this annoying problem. Is there any appetite to fix it?


----------



## Silver Hawk (Dec 2, 2003)

brooksy said:


> Still suffering this annoying problem. Is there any appetite to fix it?


Doesn't appear to be...which is a real shame for this Forum.


----------



## sehrgut (Apr 22, 2014)

I'm in the States, so it would be an international call for me, but some of you in the UK could try calling RLT and letting whoever answers the phone know they need to stop ignoring it, perhaps?

http://rltwatches.co.uk/opencart/index.php?route=information/contact

Phone: 07762569999


----------



## Silver Hawk (Dec 2, 2003)

sehrgut said:


> I'm in the States, so it would be an international call for me, but some of you in the UK could try calling RLT and letting whoever answers the phone know they need to stop ignoring it, perhaps?
> 
> http://rltwatches.co...rmation/contact
> 
> Phone: 07762569999


Steady!

Many of us have known Roy for many years....he's a busy man, and Jason has already made him aware of the problem,

So.....


----------



## Mutley (Apr 17, 2007)

The only thing that puzzles me is why sehrgut has no real interest in this forum other than relating to this particular issue :huh:


----------



## sehrgut (Apr 22, 2014)

I discovered the issue because forum posts here show up quite often in my search results for watch-related research. I'm a software engineer, so I have an interest in security vulnerabilities being closed.

But it's really great how you tried to make my trying to get people interested in fixing a two-year-old security exploit sound sinister.


----------



## sehrgut (Apr 22, 2014)

Silver Hawk said:


> Steady!
> 
> Many of us have known Roy for many years....he's a busy man, and Jason has already made him aware of the problem,
> 
> So.....


Well, the issue is nearly two years old, and even this thread is six months old. It's not a difficult fix, and it has direct bearing on the security of the site and of the computers of the site's users. Heck, I'd be willing to fix it myself, just to have the satisfaction of it being fixed.

I know I come across as an impatient 'Murican, but a year and a half is a long time to wait on a gaping security hole, no matter how patient you want to be.


----------



## brooksy (Nov 26, 2008)

sehrgut said:


> Silver Hawk said:
> 
> 
> > Steady!
> ...


I realise there may be a financial reason why it is not being addressed, however we seem to have a willing volunteer to solve the problem. Can the Mods consider this please?

Cheers


----------



## William_Wilson (May 21, 2007)

If I am correctly interpreting the point to this thread, I wonder why it is essential that people continuously access RLT via Google searches?

Later,

William


----------



## Stan (Aug 7, 2003)

Has IP Board made a patch available to work around this vulnerability? Roy pays for this software and he should get some support from the vendor.


----------



## sehrgut (Apr 22, 2014)

The patch has been available since a week or so after the vulnerability that allowed the attack became known, a year and a half ago. However, the attack made permanent modifications to the "theme" (site design and layout) files which need to be reversed. If the software is updated, new attacks by that means will not be possible; however, the existing modifications (including a backdoor for further attacks) are still present in the code of the site.


----------



## Silver Hawk (Dec 2, 2003)

William_Wilson said:


> If I am correctly interpreting the point to this thread, I wonder why it is essential that people continuously access RLT via Google searches?
> 
> Later,
> 
> William


William, I think you have missed the point. I often do Google searches for watches, movements, etc and I often get hits from this Forum...which I would like to follow. This issue prevents that. Likewise, potential new members would not be able to reach the Forum after doing a Google search and following a hit.


----------



## artistmike (May 13, 2006)

William_Wilson said:


> If I am correctly interpreting the point to this thread, I wonder why it is essential that people continuously access RLT via Google searches?


It's the insecurity of the site that is the issue and I hope that no-one is using the same password for this site as they do for any that may be more important to them....


----------



## Silver Hawk (Dec 2, 2003)

artistmike said:


> William_Wilson said:
> 
> 
> > If I am correctly interpreting the point to this thread, I wonder why it is essential that people continuously access RLT via Google searches?
> ...


Mike, I don't think that is correct. There are no security issues with the Url4Shorts issues; it is just an annoying redirection problem. Maybe you're thinking of the recent Heartbleed vulnerability....


----------



## artistmike (May 13, 2006)

Silver Hawk said:


> Mike, I don't think that is correct. There are no security issues with the Url4Shorts issues; it is just an annoying redirection problem.


No that's not true, the problem is a security issue with a vulnerability in the forum software that has allowed this situation to arise and may allow other attacks to take place. It's a blatant advert that this forum is insecure...


----------



## William_Wilson (May 21, 2007)

Silver Hawk said:


> William_Wilson said:
> 
> 
> > If I am correctly interpreting the point to this thread, I wonder why it is essential that people continuously access RLT via Google searches?
> ...


Yes, I see. The indolent nature of the forum's search facility sometimes requires me to use Google (try searching for Cyrillic text ) but in my case the redirection is manageable. I click on the search result and go astray, hit the back arrow and return to Google, then I hit the forward arrow and I come to the forum.

Later,

William


----------



## sehrgut (Apr 22, 2014)

artistmike said:


> It's the insecurity of the site that is the issue and I hope that no-one is using the same password for this site as they do for any that may be more important to them....





Silver Hawk said:


> Mike, I don't think that is correct. There are no security issues with the Url4Shorts issues; it is just an annoying redirection problem. Maybe you're thinking of the recent Heartbleed vulnerability....





artistmike said:


> No that's not true, the problem is a security issue with a vulnerability in the forum software that has allowed this situation to arise and may allow other attacks to take place. It's a blatant advert that this forum is insecure...


It's a little more complicated than that. There was a security vulnerability that allowed the URL4SHORT attack. InvisionPower (the vendor) released a fix for that vulnerability shortly thereafter, which may or may not have been installed here; so artistmike is possibly correct about that.

However, even if that vulnerability has been patched here, Silver Hawk is still incorrect that there are no security issues. The URL4SHORT exploit creates a backdoor (a new, intentional vulnerability that is not fixed by upgrading the forum software) when it modifies the "skin" or "theme" files. Without manually removing the URL4SHORT exploit code from these files, the redirects and the backdoor are still present.


----------



## artistmike (May 13, 2006)

sehrgut said:


> It's a little more complicated than that. There was a security vulnerability that allowed the URL4SHORT attack. InvisionPower (the vendor) released a fix for that vulnerability shortly thereafter, which may or may not have been installed here; so artistmike is possibly correct about that.
> 
> However, even if that vulnerability has been patched here, Silver Hawk is still incorrect that there are no security issues. The URL4SHORT exploit creates a backdoor (a new, intentional vulnerability that is not fixed by upgrading the forum software) when it modifies the "skin" or "theme" files. Without manually removing the URL4SHORT exploit code from these files, the redirects and the backdoor are still present.


Very concise,  the point is ... IT NEEDS FIXING!


----------



## Silver Hawk (Dec 2, 2003)

Totally agree it needs fixing.

Sehrgut, how about now posting something about watches?


----------

