It ain't just you. Just posted my own thread about it, but since no one can see it on the front page... yeah. I'll tag yeaGO in this one too.

happens to me too, but only on chrome. If I use internet explorer it works just fine :|

Some fucker is posting HTML links that force it to redirect. Fuck you vgrooves

Glad was not the only one. Thought I had some virus....

We know what the problem is, we know who is causing the problem. Now we just kind of wait for a fix, I suppose.

The rest of the site works swimmingly. Just not the front page (which will cause some issues with deckcycling, but that's alright) and that specific guy's page (which why would you go there?). Just gotta go through a link that's not the front page.

If people want to try to outspam this dude so people don't have issues, here's SPAM REMOVAL... I'll look into anti redirect scripting in a second.

I'm confused with how that helps, Defpotec?

Ehh, keeps the feed clean of his comments. All he's doing is using an onload redirect through a script. I think I found something anyway. :/ It's hacky, but we'll see if it works.

It removes the posts from the front page that is causing the redirection.

Don't worry, the peeps at Just Chatting will normally clear it up easily enough :D

Ehh, he's posting too fast for either method to work... And apparently they're using something I've never seen before. Back to the interwebs.

I've linked epoch and yeago to his profile page.

Fuck now there's another. Now going by megagroves. Can we please ban the IP address?

I figured I wouldn't tag them so they don't get a nice red notification that we're onto them

I already tagged yeago/epoch/chief on both of their profiles to delete their accounts.

Uh guys, this is serious. There are a lot more users than we have thought. One of them has been on here for 20 hours and has made 3000 decks of nothing but movie advertisements.

Found something that might work. shrug

They haven't posted in a while.

Have they been posting on other people's decks?

One of them did. Mostly they haven't though

No, they've been making their own decks and posting on them. There's probably about 4000 decks of nothing but movie spam in our database now. Here's a list of the offending users I've found.

• User
• User
• User
• User
• User

Ok, here's something that you can do on your end. ehow disabling redirect

I'm working on finding something that basically removes their code when mine is there, but I don't know much about iframes.

I can't find anything that hijacks their hijack. :( Everybody is talking about doing things on the server side... I suppose this doesn't happen much. Here's the most interesting page I found about what they're doing. Apparently your browser doesn't know better than to just redirect you without warning.

Can I get any sort of viruses, if I get redirected to another site?

I haven't looked at the redirect page's code, but yeah, it's a possibility. My computer is a hypochondriac and it didn't yell at me, so I think it's fine. Either way, I'd say run a scan just to be safe.

I had success by blocking the new site on my browser via a chrome add-on.

getsetgone and rohitkumar are new ones.

I feel like I said something about how easy it would be to hack this site a couple weeks ago...

and this is why adding your own code to the site is always a bad idea. Even though it gives users lots of nice possibilities, it also makes this site very vulnerable. I think it should atleast be restricted and be one of the perks like custom nick when you have bought the package.

This could be prevented if they sanitized our input better... I don't think we should have access to anything more than bb codes they define.

There's more than just those two.

I know. I was just pointing out a couple that just started up... I'm sure there will be more, but I'm sure it'll help whoever ends up being on cleanup if they know as many of the names as we can give them.

Limit customization to upgraded users only. Perhaps actually do tiered upgrading? Where you have to pay another $5 to be granted access to utilize coding to this site.

I suppose something like that would work, but it would be a lot easier for them to just shut things off for everybody. It looks like they tried some simple protection, like preventing us from using script tags, but there's only so much they can do without doing a lot.

Like I said, they could do is use bb codes and it would work great. Kind of like the buttons above the text bar. Do we need more than that for comments, really?

Ah for comments, definitely not. We don't need anything else but bb code for comments.

Some stuff has happened that has made it ok.

I implemented a temporary fix. Still waiting on an actual one.

Ehh... They're still around.

This is just getting worse...

Well, Defpotec it's a bit of funny for my part because I actually tested some of that meta injections that can be found in your link some months ago, and to my big surprise some of them worked. But I only tested on myself and no the whole page ofc. Well the thing is that you can't really remove it unless the content either disappears from the comment flow or by somebody deleting it. The easiest solution for now would be to delete the users and their decks, and then set a filter on meta tags, which is totally insane that they have allowed so far.

I was hoping that I could simply hide the elements or find some js to negate their script. :/

An ounce of prevention...

You know what I think the worst part of this is? I REALLLLLLLLLY want to watch Age of Ultron. But it doesn't come out till Friday. They're taunting me.

Oh sorry my bad, they are not using meta tags, instead they are using this --> . Anyways I think I found a solution to remove this (by js). Will test it soon.

I don't know if anybody has resolved this, or I'm just not having the problem, but I can get to the homepage just fine.

fixes coming. thanks all.

nice, hmm jus a thought - if i added a script that executed the following before their stuff executed, wouldn't that thus prevent the redirection?

For that one movie, yes... I think... But there were different sources as well. There were at least three different scripts they were using.

hellsing, its not really an effective countermeasure :P

It's what I was looking for last night, though. :3 Something I could use to bail the boat while I waited.

yeaGO yes, but it was only supposed to be a specific temporary fix. I could of course have written some more complex thing to ensure no redirects, but that would probably be waste of time because working on server side is soooo much easier when fixing things like this, instead of trying to handle the thing with js from the user side.

Out of curiosity, which other ways did they redirect the site on, Defpotec?

I'm honestly not great with js. It took a fair deal of research just to figure out what they were doing. I really can't say.