This is the problem I'm having with the blog at the moment; the third column is displaced to the bottom of the page under the other two columns:



I'm running IE 6 in Windows XP Second Edition.

Ian, are you still getting that problem? I don't see it on my browser, and it may have been a temp thing while I fiddled with the code.

__________________
Phil Plait
The Bad Astronomer
http://www.badastronomy.com
badastro@badastronomy.com

Phil, the problem is still there in Internet Explorer, but the page looks absolutely fine in Firefox.

Another screenshot of the front page:



There's something funky going on just above the advert.

While trying to look at Phil's blog in FireFox, the browser suddenly closed down then another opened up with the usual "your system is compromised we can fix it". It looked like Winfix2005.

I had a frantic time shutting them down at the top right corner, avoiding the "close" box. I tried the right click on the application in the start-bar but it would not work.

I then spent nearly an hour running my anti virus which gave a clean response.

I can not remember the pop up ads as I was in a blind panic at the time, but I am now weary of visiting the blog again.

__________________
Moderations in purple

Fame, glory, adventure, a cyber warrior craves not these things.

Phil's site has been really slow recently, and today I can't get on it at all. He must be dong some maintenance.

This morning (European morning, you were still asleep over there) the BAUT-Forum and UniverseToday were unaccessible too.

__________________
"Who does not know anything, must believe everything."
Baroness Marie von Ebner-Eschenbach 1830-1916
our animal welfare board and organisation

I can not seem to get to the BadAstronomy site

__________________
Moderations in purple

Fame, glory, adventure, a cyber warrior craves not these things.

It seems to be down. Possibly for server maintenance or the mentioned move to an own server... ?
I cannot access it since 7:00h CET this morning. Now its 18:38h CET and still the site is inaccessible.

__________________
"Who does not know anything, must believe everything."
Baroness Marie von Ebner-Eschenbach 1830-1916
our animal welfare board and organisation

Universe Today
Bad Astronomy
BAUT Forum

Were all just down for a couple more hours. Now back.

BA Blog: BA Hostiness Issues

__________________
0 1 1 0 1 0 0 1 1 0 0 1 0 1 1 0 1 0 0 1 0 1 1 0 0 1 1 0 1 0 0 1 1 0 0 1 0 1 1 0 0 1 1 0 1 0 0 1 0 1 1 0 1 0 0 1 1 0 0 1 0 1 1 0 ...

(Repeated from another related thread)

Today at work, when I was looking at Phil's blog, on my works PC, which being a civil service PC is supposed to be running top notch security, supported by a professional company, this pop up occured again.

This time I looked at the name before I went through the emergency kill procedures, and it is call Error Safe

Info from Symantec

Info from Yahoo Answers

The Symantec site has given me details of what to look for in terms of folders, which I plan to look at tonight when I get home.

Incidentally when I replied to a comment about not clicking on ads, that reply went to waiting for moderation - what happened here

__________________
Moderations in purple

Fame, glory, adventure, a cyber warrior craves not these things.

Someone else has had this problem on Phil's blog

BTW I have now checked using the instructions on the Symantec site and there is still no evidence that Error Safe has planted itself.

__________________
Moderations in purple

Fame, glory, adventure, a cyber warrior craves not these things.

I hate to be a pain here, but has there been any progress in investigating how this Error Safe hijacks the blog, given that it is not just me that encountered it?

Is it part of Burst adverts?

__________________
Moderations in purple

Fame, glory, adventure, a cyber warrior craves not these things.

I don't get from your tale how it hijacked the BA Blog. It's an ad. If you agree to its offer, bad things may happen. And I think you didn't click on it, right? You had protective software installed that even prevented it, as I recall.

So, what's your claim? That the ad was offered up by the BA Blog and it should not have been? Is there evidence for that? Did it come certainly from the BA site? Is the BA site policy never to offer up such an ad?

In the meantime, I'm having trouble bringing my concern up to your level. I go to the BA Blog several times a day, and I don't recall seeing the ad. I don't do much to block ads, but I do block pop-ups. I know I've never accepted the Error Safe offer. I don't click on ads.

__________________
0 1 1 0 1 0 0 1 1 0 0 1 0 1 1 0 1 0 0 1 0 1 1 0 0 1 1 0 1 0 0 1 1 0 0 1 0 1 1 0 0 1 1 0 1 0 0 1 0 1 1 0 1 0 0 1 1 0 0 1 0 1 1 0 ...

When it must have appeared, it closed down the browser and opened up what appeared to be one disguised as an alert dialog box, and another browser window under that. I did not even click on an advert, I was just trying to navigate through the blog clicking either the previous or next link or just to see the comments.

Plus I am not the only one this has happened to


From the other guy's comment, which corroborates my experience, when we clicked the Next link, whilst navigating the blog, that was when it struck. With me it has struck twice, once on my home PC and once from my PC at work. Sofar I can find no evidence that it was on my system prior or on my works PC, which given that it is run by a professional company for the UK Civil service, has top notch security

I do not click the ads either, but this one somehow hijacked the browser and closed it and started opening other browser windows. Maybe you have been lucky and have not yet had this happen to you, but at least two of us have had this happen. (Me twice on two different machines), and the only time so far it has shown up, was on Phil's blog

__________________
Moderations in purple

Fame, glory, adventure, a cyber warrior craves not these things.

I don't know for sure, but that sounds like action your protective software took when it recognized the ad. I think it's clear the ad was offered up by something.

It's not clear to me why you think the BA Blog site is "hijacked". What does hijacking mean to you?

Again, did the BA Blog offer up the ad? Nothing else could have? Is it the policy of the BA Blog to never offer up such an ad? Let's get your claim clear, please.

I'd ask the same of that person.

What does "on your system" mean? The ad was presented to you -- on your system? Or you accepted their offer and it installed software -- on your system? Presenting ads is OK. Keep on not clicking.

What does "hijack" mean in this usage? Different from the BA Blog site being hijacked? Are you sure your own protective software didn't shut down your browser? Are you sure a bug in your browser didn't cause it to shut down when presenting the ad? If your browser shut down, how did the ad open other browser windows? Your description doesn't make sense.

I'm sorry, but your evidence that the BA Blog is doing something wrong is very slim.

__________________
0 1 1 0 1 0 0 1 1 0 0 1 0 1 1 0 1 0 0 1 0 1 1 0 0 1 1 0 1 0 0 1 1 0 0 1 0 1 1 0 0 1 1 0 1 0 0 1 0 1 1 0 1 0 0 1 1 0 0 1 0 1 1 0 ...

By hijacking mean, I was no longer on the BA Blog, What ever advert that had turned up on the blog was shutting down the browser I was using to view the blog and then opening up it's own browser windows without me clicking on any advert.

My system, means my home desktop PC. I did not get a choice as to whether I accepted or rejected the ad, it just closed the browser I was using down and opened up new browser windows.

As to a bug in the Browser, on my Desktop at home I was using the latest edition of firefox, at work we have internet explorer, so this was capable of controlling two different browsers.

From my experience of Javascript it is possible to code a webpage to open up a new browser window and change its shape and deny the ability to resize the new window and it is possible to code a webpage so that it can close down. In different pages I have used such coding, legitimately. To get the effect I describe I suppose all you do is run your new window opening code followed by your existing window closing code.

__________________
Moderations in purple

Fame, glory, adventure, a cyber warrior craves not these things.

So it didn't shut down or take over your browser. It closed some windows and opened some others. That's a lot less than the impression I first received. That's a good deal less than hijacking, in my book. You haven't lost control. You have no damages.

I wouldn't want an ad to do that, but it's certainly far from being worrisome. It would be a nuisance for sure if an advertiser did that. One would hope the BA Blog would not provide such ads.

Does it? I don't know. Do you know? For sure?

What do you want us to do? Anything?

What do you want the BA to do?

Should he accuse his ad server of providing such an ad? How would he convince them that they did? Should he just pick a different ad server? Should he stop advertising?

__________________
0 1 1 0 1 0 0 1 1 0 0 1 0 1 1 0 1 0 0 1 0 1 1 0 0 1 1 0 1 0 0 1 1 0 0 1 0 1 1 0 0 1 1 0 1 0 0 1 0 1 1 0 1 0 0 1 1 0 0 1 0 1 1 0 ...

Me and the other guy were both trying the view the blog when it happened, so it looks suspiciously like something in the blog or the advertisements carried on it.

One was hoping that there was some way they could be blocked, either by Phil or getting the advertising company to do it, or at least make them aware of this rouge advert.

__________________
Moderations in purple

Fame, glory, adventure, a cyber warrior craves not these things.

There are ads called "layers" that can redirect users. This may be what confused your browser. I have disallowed them, and so they should be gone now. I think they're evil anyway.

__________________
Phil Plait
The Bad Astronomer
http://www.badastronomy.com
badastro@badastronomy.com

What the other guy said on the Blog if you do not want to risk visiting it

__________________
Moderations in purple

Fame, glory, adventure, a cyber warrior craves not these things.

Wow we were posting almost simultaneously

I am so glad that something has been done now

It brought back awful memories of 2 years ago when my home PC got infected

__________________
Moderations in purple

Fame, glory, adventure, a cyber warrior craves not these things.

Now why is it when I try and post to the blog now I am getting

What am I doing wrong?

__________________
Moderations in purple

Fame, glory, adventure, a cyber warrior craves not these things.

I don't know if it is something to do with our servers here at work, but all I am getting now of the blog is the blog title and the Digg logo. I am not seeing the text of the blogg

__________________
Moderations in purple

Fame, glory, adventure, a cyber warrior craves not these things.

I managed to get it now

But yet again my response has been classed as spam

__________________
Moderations in purple

Fame, glory, adventure, a cyber warrior craves not these things.

Welcome to the group. I'm now considered to be a spammer too. Neat trick for someone who adds blog comments at the rate of about once every two months.

__________________
A person's name, or a mark representing it, as signed personally or by deputy, as in subscribing a letter or other document.

We will now have to wait until Phill gets back from his cruise before our posts will be released, by which time everyone has moved on so they will not be read, so you might as well post random letters and numbers

e.g. "dskjfesjhrwiufhr8347765fcngew76h57fwehfebr87btv34 q2c "

it will be just as read.

__________________
Moderations in purple

Fame, glory, adventure, a cyber warrior craves not these things.

Well, you make up for it here

Why don't you start your own blog, and ban yourself from the comments (and Sticks...you know you can't trust him!)

Pete

__________________
PJE

There's so much I don't know about astrophysics. I wish I had read that book by that wheelchair guy.

Good idea!

Blog started.

Everyone excluded.

Not only from commenting but also from reading.

Now I can say what I want to say.

He, he.

__________________
A person's name, or a mark representing it, as signed personally or by deputy, as in subscribing a letter or other document.

Same here too...

MY ISP merges four DSL connections to get us into the public network.
Every connection has a fixed IP-Address, and every single one of those is flagged as sending SPAM-Mails (no idea why) on all major spamblock-lists.

__________________
"Who does not know anything, must believe everything."
Baroness Marie von Ebner-Eschenbach 1830-1916
our animal welfare board and organisation