Sun Sep 10, 2006 1:19 am
Cranberry, is this akin to using something like Privoxy/Tor and other things? I can see how that could be useful but find such a bit burdensome and 'overprotective' in most cases.
Specifically, to access the Internet at all, one must have the 're-routing' application running first. A great filter, but a bit overly-paranoid, in my personal opinion (though I could be overly-naive).
Or more willing to take 'risks' as I am not particularly scared of such. 
One thing is for sure, I have been computing since before spyware/adware/malware/viruses/trojans existed and been protecting myself ever since. The main problem seems with this 'useless' ActiveX (only required by the beloved Trident engine, at least beloved by some).
If the Java exploit might be a concern for other browsers, as allnameswereout suggested, then that is a grand concern, in my opinion.
Most systems/browsers have or use Java and/or JScript. What does this mean for them? For us all? Neopets requires JS for even popping up games and Items to feed our pets. If I can't feed my pets, Neopets is moot or dead to me. They need to fix this or risk all they built so far.
Specifically, to access the Internet at all, one must have the 're-routing' application running first. A great filter, but a bit overly-paranoid, in my personal opinion (though I could be overly-naive).
Or more willing to take 'risks' as I am not particularly scared of such.
One thing is for sure, I have been computing since before spyware/adware/malware/viruses/trojans existed and been protecting myself ever since. The main problem seems with this 'useless' ActiveX (only required by the beloved Trident engine, at least beloved by some).
If the Java exploit might be a concern for other browsers, as allnameswereout suggested, then that is a grand concern, in my opinion.
Most systems/browsers have or use Java and/or JScript. What does this mean for them? For us all? Neopets requires JS for even popping up games and Items to feed our pets. If I can't feed my pets, Neopets is moot or dead to me. They need to fix this or risk all they built so far.
Sun Sep 10, 2006 4:11 am
No, I don't think the HOSTS file is anything like those. There's nothing you have to load up before starting up your browser, no program or anything. It's just a text file on your computer, and when a webpage wants to display an ad, the computer tricks it into thinking the ad is in that text file instead of out there on the Internet. Or something. That's simplifying it a lot (I'm no computer science major 
), but it's like... you don't have to ever think about it aside from updating it every few weeks or so.
), but it's like... you don't have to ever think about it aside from updating it every few weeks or so.
Sun Sep 10, 2006 4:31 am
That sounds more like the simple CSS file on my computer to block the main neopets top banner ad. I am no computer science major either lol but I think what you are referring to does need an application to run it and does need to be run first before the browser is able to access any or all of the Internet (basically like setting up a Proxy which most users won't know how to do).
It is a privacy application and can be useful, but impractical for most users.
And I should hope unnecessary for any user (of any age) to learn to use such just to be playing an online game that has existed for over 6 years.
After all, Neopets is still a game site for kids (and others) and not a course in advanced computing and Internet security.
EDIT: My virtual pets are on a hunger strike because of all this. Sad, huh?
It is a privacy application and can be useful, but impractical for most users.
And I should hope unnecessary for any user (of any age) to learn to use such just to be playing an online game that has existed for over 6 years.
After all, Neopets is still a game site for kids (and others) and not a course in advanced computing and Internet security.
EDIT: My virtual pets are on a hunger strike because of all this. Sad, huh?
Sun Sep 10, 2006 9:08 am
The hosts file is a nice hack (in the good sense of the word; not the malicious one) allowing one to block trillions of hostile websites. Malware, adware, ads, etcetera. It has a few disadvantages, one of them that when you run a local webserver on 127.0.0.1 your browser will access it every time you use your hosts file to block ads (and that happens a lot) -- for most Neopets players that is of no concern though.
I'm using Peerguardian (on BSD) for this purpose using dynamic firewalling. Peerguardian has certain groups such as ads, government, P2P, etcetera which you can block. Its basically a simple firewall (ruleset). It is available for the popular desktop OSes (Windows, MacOSX, Linux, *BSD).
Privoxy is a "filtering" proxy protecting private data from your browswer. It runs local on your computer can do something similar to this (and much more). Tor is an anonymizer you don't need that to play Neopets. In fact, you do not want to use an anonymizer network to send data containing passwords (your Neopets login) since one of the endnodes may sniff it. Don't use Tor for such purposes its not suitable. The same is true for a proxy except that such is usually not anonymous at all, or at best only anonymous for protecting against the website knowing who you are (Tor is useful against sniffing governments, RIAA, etcetera, as well) so using a proxy the person who runs it can get your Neopets cookie/password. Do you know them? Trust them? So neither Tor nor a proxy is useful for this purpose. Ofcourse, Privoxy runs on your computer and you trust yourself (so does Tor but it uses an anonymizing P2P network with extensive routing and encryption).
This all has nothing to do with CSS. Although one could use CSS to block ads as well (Greasemonkey for FF there is sth like that for IE as well i forgot the name. GreasemonkIEperhaps? Could be various versions).
The most simple way is IMO either the hosts file way (although not cleanest) or PG (PeerGuardian). PeerGuardian also allows you to block malicious people on P2P network such as people who use P2P from RIAA IPs (why would they do that? ). Privoxy and Greasemonkey are a bit harder to get set up but would do the job too.
I'm not a CS major either. CS major says nothing about computer security at all. Usually, its rather people who know their OS well such as (some) programmers or people who secure computers for a living who know about security. A programmer may have a CS degree, or not. There are some who claim to know so much about computer security but are essentially clueless (hello Steve Gibson!).
Hope that was useful to someone...
PS: Anjuna, ActiveX is very useful for Trident-based browsers as it allows one to use plugins in a Trident-based browser. Plugins such as Java, Flash, Shockwave, Quicktime, Acrobat Reader, etcetera. Now, if you don't need those plugins, you can disable ActiveX indeed, but you basically do need Flash to play Neopets. Also, some settings may be changed to make ActiveX slightly more secure.
I'm using Peerguardian (on BSD) for this purpose using dynamic firewalling. Peerguardian has certain groups such as ads, government, P2P, etcetera which you can block. Its basically a simple firewall (ruleset). It is available for the popular desktop OSes (Windows, MacOSX, Linux, *BSD).
Privoxy is a "filtering" proxy protecting private data from your browswer. It runs local on your computer can do something similar to this (and much more). Tor is an anonymizer you don't need that to play Neopets. In fact, you do not want to use an anonymizer network to send data containing passwords (your Neopets login) since one of the endnodes may sniff it. Don't use Tor for such purposes its not suitable. The same is true for a proxy except that such is usually not anonymous at all, or at best only anonymous for protecting against the website knowing who you are (Tor is useful against sniffing governments, RIAA, etcetera, as well) so using a proxy the person who runs it can get your Neopets cookie/password. Do you know them? Trust them? So neither Tor nor a proxy is useful for this purpose. Ofcourse, Privoxy runs on your computer and you trust yourself (so does Tor but it uses an anonymizing P2P network with extensive routing and encryption).
This all has nothing to do with CSS. Although one could use CSS to block ads as well (Greasemonkey for FF there is sth like that for IE as well i forgot the name. GreasemonkIEperhaps? Could be various versions).
The most simple way is IMO either the hosts file way (although not cleanest) or PG (PeerGuardian). PeerGuardian also allows you to block malicious people on P2P network such as people who use P2P from RIAA IPs (why would they do that?
). Privoxy and Greasemonkey are a bit harder to get set up but would do the job too.
I'm not a CS major either. CS major says nothing about computer security at all. Usually, its rather people who know their OS well such as (some) programmers or people who secure computers for a living who know about security. A programmer may have a CS degree, or not. There are some who claim to know so much about computer security but are essentially clueless (hello Steve Gibson!).
Hope that was useful to someone...
PS: Anjuna, ActiveX is very useful for Trident-based browsers as it allows one to use plugins in a Trident-based browser. Plugins such as Java, Flash, Shockwave, Quicktime, Acrobat Reader, etcetera. Now, if you don't need those plugins, you can disable ActiveX indeed, but you basically do need Flash to play Neopets. Also, some settings may be changed to make ActiveX slightly more secure.
Sun Sep 10, 2006 3:55 pm
anjuna wrote:That sounds more like the simple CSS file on my computer to block the main neopets top banner ad. I am no computer science major either lol but I think what you are referring to does need an application to run it and does need to be run first before the browser is able to access any or all of the Internet (basically like setting up a Proxy which most users won't know how to do).
It is a privacy application and can be useful, but impractical for most users.
No, it doesn't need any kind of application to load up before the Internet. I use a HOSTS file and it's just... there. If I use hijack this, there's no entry. It's just a file in the Windows folder. It's a very simple way to add some extra security (it shouldn't take the place of virus protection, but it can work with it to block tons and tons of bad sites -- not to mention the annoying flashing ads themselves). The webpage I linked explains it pretty simply; you should read that.
See, I'm not a computery person at all; I didn't even know that CS majors might not know about security.
I can keep my computer pretty safe and fix it if it gets a problem, and that's about it. No programming or anything for me!
Sun Sep 10, 2006 5:44 pm
Thank you! Anjuna, Cranberry and Allnameswereout. I have found all of your comments and links quite helpful. 
Edited to say: Oooh! Look at the precious. I just noticed, and am now officially welcoming myself to Stardom.
Edited to say: Oooh! Look at the precious. I just noticed, and am now officially welcoming myself to Stardom.
Virus in Neopets FastClick Ad
Sun Sep 10, 2006 10:39 pm
Awesome, Cranberry! 
I even added some names to the HOSTS file from your link after viewing my Temporary Internet Files folder while browsing Neopets only. I will list what I added so far, and if many more come up I might edit this post.
I then came up with a successful search on the question we all wonder most: Is this caused by an ad in Neopets.com? And the answer is .. drumroll .. YES! Sadly. But glad to have finally found this out. Sigh.
Specifically a FastClick ad, most likely an Xbox ad.
You can read about it here:
(Links broken for a reason. Do not attempt explore the above, for safety's sake.)
My evidence (from Temporary Internet Files):
EDIT: Bah, ImageShack hates me too. Rather I suspect I am not doing something right. Anyway here is a direct link to the real sized image but a bit too large to post on the forum. Sorries.
In summary, I advise all users to block fastclick ads in specific, however they can. Cranberry's suggestion of a HOSTS file and adding to it seems like something any user can do quite easily. Now to just pray to the meepits that TNT takes notice, cares, and removes the ad completely!
I even added some names to the HOSTS file from your link after viewing my Temporary Internet Files folder while browsing Neopets only. I will list what I added so far, and if many more come up I might edit this post.
# [Neopets Ads]
127.0.0.1 servedby.advertising.com
127.0.0.1 pagead2.googlesyndication.com
127.0.0.1 anrtx.tacoda.net
127.0.0.1 ad.doubleclick.net
127.0.0.1 network.realmedia.com
127.0.0.1 rmd.atdmt.com
127.0.0.1 a.tribalfusion.com
127.0.0.1 m1.2mdn.net
127.0.0.1 an.tacoda.net
127.0.0.1 t.pointroll.com
127.0.0.1 media.fastclick.net #[adrun]
127.0.0.1 searchplain.com
127.0.0.1 tag.context.web
127.0.0.1 us.a2.yimg.com
127.0.0.1 view.atdmt.com
127.0.0.1 media.adrevolver.com
I then came up with a successful search on the question we all wonder most: Is this caused by an ad in Neopets.com? And the answer is .. drumroll .. YES! Sadly. But glad to have finally found this out. Sigh.
Specifically a FastClick ad, most likely an Xbox ad.
You can read about it here:
fatale wrote:There's a virus/spyware being served from one of FastClick/ValueClicky ad campaigns.
The actual exploit/virus is being detected in the following file:
_http://64.34.181.44 /adrun/exp.wmf
Which tries to load a number of different files that try to exploit various Windows vulnerabilities:
_http://64.34.181.44 /adrun/c.html
_http://64.34.181.44 /adrun/index2.html
_http://64.34.166.182 /webnetcounters/pps.html
_http://64.34.181.44 /adrun/in.html
_http://64.34.166.182 /webnetcounters/pl_load.js
_http://64.34.181.44 /adrun/ct.html
The IP addresses above all resolve to searchplain.com servers.
Needless to say I removed all FastClick banners from our site until this can be resolved.
I found the ad campaign that seems to be responsible for this -- it's titled "Emanace - Free Xbox". I was taking a closer look at all 468x60 campaigns and noticed that one of them wasn't clickable. Very odd, I thought -- who ever heard of a banner advertiser not interested in users clicking on their ad?? When I right-clicked on the picture in the ad to get the location of where it is served from, I saw something very familiar:
_http://www.searchplain.com /ADSAdClient37/GetAd /J43/TF=_NEW/1011/SC=LG/LOC=R /ID=0006BFFD968BB8AD/
I guess they are using the referer string to load a clean ad when viewed in the FastClick publisher interface and a virus carrying version for the rest of websites.
(Links broken for a reason. Do not attempt explore the above, for safety's sake.)
My evidence (from Temporary Internet Files):
EDIT: Bah, ImageShack hates me too. Rather I suspect I am not doing something right. Anyway here is a direct link to the real sized image but a bit too large to post on the forum. Sorries.
In summary, I advise all users to block fastclick ads in specific, however they can. Cranberry's suggestion of a HOSTS file and adding to it seems like something any user can do quite easily. Now to just pray to the meepits that TNT takes notice, cares, and removes the ad completely!
Last edited by anjuna on Mon Sep 11, 2006 12:19 am, edited 4 times in total.
Sun Sep 10, 2006 11:27 pm
i use FF with Adblock and i dotn viruses from it
Sun Sep 10, 2006 11:43 pm
I followed Cranberry's advice, but the website she linked to warned that it can slow down Win 2000 and XP computers; it's definitely slowing mine down (I have XP), though it's only really bad when an ad is being blocked on Neopets. If I were a restocker, the HOSTS fix wouldn't work so well for me. But since I stink at restocking, I'll keep it until Neopets can get itself fixed.
Sun Sep 10, 2006 11:46 pm
sx6deep2k2: I know. Firefox and Orca use the Gecko engine so do not use ActiveX. Please read through the rest of the thread. This has been addressed.
Block all the other ads you want, great. I am pointing out FastClick's virus to protect the 70%-80% market share that represents IE/other users.
Siniri: I used the exact same HOSTS file Cranberry linked to, added the extras I listed above and everything on neopets loads super-fast now. (And I also have XP with SP2 but absolutely nothing "updated" tee hee.)
Possibly reboot your computer and/or check for other infections. Or find a HOSTS file that uses 0.0.0.0 instead of 127.0.0.1 which is claimed to be faster, but I found that slowed me more (although the file was very large).
And, why would a HOSTS file interfere with restocking?
Block all the other ads you want, great. I am pointing out FastClick's virus to protect the 70%-80% market share that represents IE/other users.
Siniri: I used the exact same HOSTS file Cranberry linked to, added the extras I listed above and everything on neopets loads super-fast now. (And I also have XP with SP2 but absolutely nothing "updated" tee hee.)
Possibly reboot your computer and/or check for other infections. Or find a HOSTS file that uses 0.0.0.0 instead of 127.0.0.1 which is claimed to be faster, but I found that slowed me more (although the file was very large).
And, why would a HOSTS file interfere with restocking?
Last edited by anjuna on Mon Sep 11, 2006 12:13 am, edited 1 time in total.
Mon Sep 11, 2006 12:05 am
Siniri: I used the exact same HOST file Cranberry linked to, added the extras I listed above and everything on neopets loads super-fast now. (And I also have XP with SP2 but absolutely nothing "updated" tee hee.)
Possibly reboot your computer and/or check for other infections. Or find a HOST file that uses 0.0.0.0 instead of 127.0.0.1 which is claimed to be faster, but I found that slowed me more (although the file was very large).
And, why would a HOST file interfere with restocking?
My computer's clean; I have a very redundant antivirus system. I bought a relatively small (RAM, harddrive space) computer to begin with. It's not perceptibly slower unless I'm running a ton of things at once (I'm a multitasker), but Neopets pages do seem to load slowly. But that happened before the HOST file sometimes, too, so maybe it's just Neopets being slow. It's not unbearably slow, but if I were restocking the good stuff would be gone by the time the page finished loading. But maybe that has nothing to do with the HOST -- I posted the message after dinner, having tried playing Neopets before dinner and it being very slow (5-10 sec for a page to load) then. But I just went back on and it's loading a little faster now (though there's still a 3-sec lag for a page to load with DSL)... I guess I should have double-checked how it was loading now before posting earlier. Sorry.
Mon Sep 11, 2006 12:06 am
There is a workaround you can try if it slows down your computer (it's on the page); maybe it'd be faster if you tried that. I haven't had any problems, so I'm afraid I can't give any more help than that.
Mon Sep 11, 2006 12:11 am
Siniri: You could also just try using a smaller HOSTS file overall, though less ads will be blocked. Maybe make a backup of your original HOSTS file (keep it somewhere safe, unaltered) then copy that to somewhere temporary and convenient (rename to .txt to edit in Notepad) and add to it just the main neopets ones listed above? Then un-rename it back and replace in your 'etc' folder (after renaming your original in that directory to .old or .bak of course)? Just an idea for a smaller, slower computer. Good luck finding a middle ground.
Last edited by anjuna on Mon Sep 11, 2006 12:23 am, edited 1 time in total.
Mon Sep 11, 2006 12:21 am
Thanks for the suggestions, Cranberry and Anjuna. Really, it doesn't bother me that much -- I cruise e-mail, PPT and Neopets all at the same time, so I normally just go somewhere else while the page is loading. It has no effect on games. I just wanted to let other people know that it could slow their computer down if they've got a small system like mine. And now they know how to fix it, thanks to you guys (where I come from, that's a gender-neutral term). So thanks again.
Mon Sep 11, 2006 1:46 am
I am not sure how small and slow your computer is, but a German friend of mine is running a computer older than the sand his silicon is made of (lol) and tested the HOSTS file from Cranberry's link with my added few "Neopets only" ads and he claimed his computer loads Neopets pages about 3 times as fast (as a mark, even on DSL on his old/slow computer usually takes about "half a dozen" or 6 seconds in his words, and with the new HOSTS file a page loads in about 2 seconds! 
EDIT: His computer is approximately 400 Mhz CPU with 192 MB RAM.
And still alive! 
Woot!
So, again if it is a persistant problem I am not sure exactly what it could be due to other than an even slower system, a different system, or simply too large a HOST file for your system. For instance if one does not view 'questionable' sites, they should have no need to block adware common to such, etc. so if it becomes a persistant problem, and you don't usually go anywhere other than Neopets.com and a few other secure places (to check your mail, PPT and so forth), you could simple take the original HOSTS file that comes with Windows (which includes nothing heh) and add the dozen or so I listed above common to Neopets only. That might help.
EDIT: His computer is approximately 400 Mhz CPU with 192 MB RAM.
And still alive! Woot!
So, again if it is a persistant problem I am not sure exactly what it could be due to other than an even slower system, a different system, or simply too large a HOST file for your system. For instance if one does not view 'questionable' sites, they should have no need to block adware common to such, etc. so if it becomes a persistant problem, and you don't usually go anywhere other than Neopets.com and a few other secure places (to check your mail, PPT and so forth), you could simple take the original HOSTS file that comes with Windows (which includes nothing heh) and add the dozen or so I listed above common to Neopets only. That might help.