Rdirect still happens even without javascript, meta disabled

[Lars]

I've tested with javascript disabled.
network.http.redirection-limit set to 0.

I'm using both adblock plus and noscript

This site is still able to initiate redirect cascade to malware sites.

(NSFW)

Code: Select all

http://www.pics-money.ru/6/65478/1/

Seems to be using php in some way but I can't find the code before it redirects.
Firefox debugger do not have a way to fully pause a webpage.

[barbaz]

Install NoRedirect and configure it to block all redirects?
(Regex: .*, check only "Source"; then maybe remove all builtin entries)

Also please be clearer what you mean by "redirect". Does it actually put you to a different webpage?
And what NoScript version are you running?

[Lars]

Please do not post live links to malware sites.

Sorry. I didn't know that site was considered to be a malware site. When posting links to malware sites should they be in a code tag?

Also please be clearer what you mean by "redirect". Does it actually put you to a different webpage?

Isn't that what a redirect is? I do not know of another term for what is happening.

The site after a few seconds to about a minute goes to another site which immediately in turn takes you to another site.
This hopping continues a few times and stops on some random malicious ad site.

The first redirect also removes the original site from the back/forward history so you can not go back via the back button.

I provided the url so you could observe it for yourself.

Install NoRedirect and configure it to block all redirects?
(Regex: .*, check only "Source"; then maybe remove all builtin entries)

That worked. Thank you.

[therube]

Kind of neat what they do there.

Code: Select all

<meta http-equiv="refresh" content="13; url=http://t i n y url.com/kp28xe9">

NoScript only blocks certain redirects (inside <NOSCRIPT> elements), & that is not.

You could have also set the Pref, accessibility.blockautorefresh, to 'True' but the extension gives you greater control.

[barbaz]

Sorry. I didn't know that site was considered to be a malware site.

Er, what? I made that edit because you yourself said that it was: (I've turned the quote blue)

This site is still able to initiate redirect cascade to malware sites.

Redirect to malware sites, malware site... same thing in my view, even if the redirecting site was "just" hacked.

When posting links to malware sites should they be in a code tag?

Doesn't matter how they're posted as long as they're not clickable hyperlinks. Preferably they'd be broken as well (i.e. httq instead of http) but I think it's not strictly necessary.

Also please be clearer what you mean by "redirect". Does it actually put you to a different webpage?

Isn't that what a redirect is? I do not know of another term for what is happening.

Yep, but there are so many ways to do that, I was hoping you knew which (anyway, therube answered that question).

That worked. Thank you.

You're welcome