Follow TV Tropes

Following

Advertising and Computer Security Issues on TV Tropes

Go To

We occasionally get reports of ads that trigger antivirus warnings or infect computers that are browsing the wiki. This FAQ is an attempt to consolidate all the information about such things into one thread. Please read the below before reporting any incidents.

This thread may also be used to report ads that violate our policies in other ways, such as being too "adult" or NSFW, automatically playing audio/video, etc.


    open/close all folders 
    The basics 
  • TV Tropes, as a site, does not contain malware. We are a text-and-image wiki; viruses and malware cannot be uploaded to or embedded in the articles. As always, however, beware of any external link that you don't recognize, since we cannot automatically screen edits or posts for malicious links.
  • 99.99% of the time, any suspected malware will be related to the wiki advertising.
  • TV Tropes does not directly control the ads that are displayed. We use third-party ad providers and we determine things like the size and placement.
    • We instruct our providers not to serve ads that redirect your browser, take control of the screen from you, forcibly scroll your screen, play audio without being clicked on, install malware, "pop up" or "pop over" your screen, or in any other way interfere with your browsing experience.
    • We have custom software designed to detect ads that do these things and automatically block them.
    • Malicious entities are constantly trying to sneak ads through the providers' networks in violation of these instructions. As providers have little incentive to proactively detect and block them, it's up to websites to report these sorts of problems.
    • We rely on our users to report ads that get through these measures.
  • Just because you see a particular ad doesn't mean everyone else sees it. Ads are customized by the ad providers to your location (by IP address), the content of the page you're viewing, and your browsing profile, which is tracking data accumulated by third parties over the course of all your internet browsing.
  • Just because you get a malware warning or infection that seems related to an ad on TV Tropes does not necessarily mean that it is caused by one of our ads. Pre-existing malware on your computer can intercept ads and replace them with malicious ones.

    What can be reported to our provider 
  • Ads containing malware, obviously.
  • Misbehaving ads, such as ones that load a pop-up or pop-under, redirect your browser to another page, hijack your screen or automatically scroll it.
  • "Adult" or NSFW ads. Scantily clad women alone may or may not qualify, depending on context, but we want this site to be work-safe.
  • Ads that automatically play audio — that is, the audio starts without you clicking on the ad first. Video ads are acceptable.
  • Note: Political content is not grounds for rejecting an ad. However, an ad that contains or implies hate speech, disinformation, or outright falsehoods may be objectionable enough to be blocked.

    How to protect yourself 
  • First and foremost, maintain current, updated antivirus software, and keep your operating system and browser up to date with all patches offered by the software vendors. This includes Adobe Flash, Java, and other rich media plug-ins. Turn on your software's automatic updates if they are not already on and act immediately when prompted to install them.
  • Never click on pop-ups purporting to have detected a virus, offering to "tune up" your PC, or otherwise inducing you to click on a link that you were not expecting. Any genuine message of this nature would come from your antivirus software and not from a web page.
  • Be careful clicking on external links. These are identified with a small icon next to them. Example: Google. TV Tropes does not endorse or control the content of external links and you open them at your own risk.
  • Never respond to any email or web page that asks for personal or financial information, including passwords, unless you have verified its identity. No reputable company will ever ask you for your password(s), other than to log in.
  • You may choose to opt out of having tracking information collected by ad providers. This does not stop malware but helps you maintain your online privacy. See here for additional information.
  • TV Tropes requests that you do not use ad blocking software while visiting us, as this site depends on advertising revenue to operate. If you do run an ad blocker, please add tvtropes.org to its exception list, or consider donating to the site to have certain ads removed.

    What to do if you suspect a malicious ad 
  • We (or the ad provider) place a "Report advertisement" link next to most advertising frames. Clicking on this will generate an automatic report and is the best way to do so. If you cannot click on this link or do not see it, continue for more advice.
  • Try to identify the source URL of the suspect ad (see below). You can also use the target URL (if you are redirected), but note that this may be intentionally obfuscated by the ad provider to hide the source.
  • Identify the ad provider. Some ads have a small area that links to the ad provider's page (like Google or AOL). In other cases, you can tell from the referral URL or you can look it up in a search.
  • Go to the ad provider's contact/abuse page and fill out their form. Below are some links to common providers' abuse pages:
  • Scan your computer for viruses. If your antivirus software will not operate (many malicious programs attempt to disable your antivirus software), you can download a scanning tool on a known clean system and run it on your infected machine from a read-only CD-R or flash drive.
  • If you suspect that you've been tricked into divulging personal information to a phishing attempt or other fraud, change your passwords to affected sites immediately and contact your bank, credit card companies, and the credit bureaus to request a fraud alert.
  • Please note that TV Tropes cannot assist you with the specifics of maintaining your computer. That's your responsibility. You may request general help in the appropriate forums, but please don't post new threads in the forums dedicated to wiki operation (Wiki Talk, Frequently Asked Questions, etc.).
  • Sometimes, the wiki administration can get better results from the ad providers in dealing with malicious ads. If you can identify a malicious ad by referral URL, you can post the link in this thread, but please omit the "http" component so it doesn't create a hyperlink that someone might click on inadvertently.

    Identifying the source of an ad 
  • For image ads, right-clicking (or a long tap on mobile devices) should give you the option to view and copy the URL that clicking on it will send you to.
  • For Flash, Java, or HTML 5.0 ads, it may be difficult to identify the source or the URL by right-clicking. In these cases, you need to view the page source to identify the ad so we can report it.
  • In Internet Explorer, you can right-click in a blank or text area of any web page, and choose View Source from the context menu. Firefox also has this option. In Chrome, you can use the Inspect Element menu option, which interactively highlights the portion of the page whose code you are hovering over. You can use this to identify the ad frame and its source URL.
  • For embedded ads, there will be a "frame" element with a "src" parameter. Drill down until you get to the lowest level. All we need to identify the ad is the "src" URL from that frame.

Edited by Fighteer on Nov 19th 2018 at 11:12:46 AM

Fighteer MOD Geronimo! from the Time Vortex Relationship Status: Dancing with Captain Jack Harkness
Geronimo!
Nov 26th 2011 at 9:10:12 PM

We occasionally get reports of ads that trigger antivirus warnings or infect computers that are browsing the wiki. This FAQ is an attempt to consolidate all the information about such things into one thread. Please read the below before reporting any incidents.

This thread may also be used to report ads that violate our policies in other ways, such as being too "adult" or NSFW, automatically playing audio/video, etc.


    open/close all folders 
    The basics 
  • TV Tropes, as a site, does not contain malware. We are a text-and-image wiki; viruses and malware cannot be uploaded to or embedded in the articles. As always, however, beware of any external link that you don't recognize, since we cannot automatically screen edits or posts for malicious links.
  • 99.99% of the time, any suspected malware will be related to the wiki advertising.
  • TV Tropes does not directly control the ads that are displayed. We use third-party ad providers and we determine things like the size and placement.
    • We instruct our providers not to serve ads that redirect your browser, take control of the screen from you, forcibly scroll your screen, play audio without being clicked on, install malware, "pop up" or "pop over" your screen, or in any other way interfere with your browsing experience.
    • We have custom software designed to detect ads that do these things and automatically block them.
    • Malicious entities are constantly trying to sneak ads through the providers' networks in violation of these instructions. As providers have little incentive to proactively detect and block them, it's up to websites to report these sorts of problems.
    • We rely on our users to report ads that get through these measures.
  • Just because you see a particular ad doesn't mean everyone else sees it. Ads are customized by the ad providers to your location (by IP address), the content of the page you're viewing, and your browsing profile, which is tracking data accumulated by third parties over the course of all your internet browsing.
  • Just because you get a malware warning or infection that seems related to an ad on TV Tropes does not necessarily mean that it is caused by one of our ads. Pre-existing malware on your computer can intercept ads and replace them with malicious ones.

    What can be reported to our provider 
  • Ads containing malware, obviously.
  • Misbehaving ads, such as ones that load a pop-up or pop-under, redirect your browser to another page, hijack your screen or automatically scroll it.
  • "Adult" or NSFW ads. Scantily clad women alone may or may not qualify, depending on context, but we want this site to be work-safe.
  • Ads that automatically play audio — that is, the audio starts without you clicking on the ad first. Video ads are acceptable.
  • Note: Political content is not grounds for rejecting an ad. However, an ad that contains or implies hate speech, disinformation, or outright falsehoods may be objectionable enough to be blocked.

    How to protect yourself 
  • First and foremost, maintain current, updated antivirus software, and keep your operating system and browser up to date with all patches offered by the software vendors. This includes Adobe Flash, Java, and other rich media plug-ins. Turn on your software's automatic updates if they are not already on and act immediately when prompted to install them.
  • Never click on pop-ups purporting to have detected a virus, offering to "tune up" your PC, or otherwise inducing you to click on a link that you were not expecting. Any genuine message of this nature would come from your antivirus software and not from a web page.
  • Be careful clicking on external links. These are identified with a small icon next to them. Example: Google. TV Tropes does not endorse or control the content of external links and you open them at your own risk.
  • Never respond to any email or web page that asks for personal or financial information, including passwords, unless you have verified its identity. No reputable company will ever ask you for your password(s), other than to log in.
  • You may choose to opt out of having tracking information collected by ad providers. This does not stop malware but helps you maintain your online privacy. See here for additional information.
  • TV Tropes requests that you do not use ad blocking software while visiting us, as this site depends on advertising revenue to operate. If you do run an ad blocker, please add tvtropes.org to its exception list, or consider donating to the site to have certain ads removed.

    What to do if you suspect a malicious ad 
  • We (or the ad provider) place a "Report advertisement" link next to most advertising frames. Clicking on this will generate an automatic report and is the best way to do so. If you cannot click on this link or do not see it, continue for more advice.
  • Try to identify the source URL of the suspect ad (see below). You can also use the target URL (if you are redirected), but note that this may be intentionally obfuscated by the ad provider to hide the source.
  • Identify the ad provider. Some ads have a small area that links to the ad provider's page (like Google or AOL). In other cases, you can tell from the referral URL or you can look it up in a search.
  • Go to the ad provider's contact/abuse page and fill out their form. Below are some links to common providers' abuse pages:
  • Scan your computer for viruses. If your antivirus software will not operate (many malicious programs attempt to disable your antivirus software), you can download a scanning tool on a known clean system and run it on your infected machine from a read-only CD-R or flash drive.
  • If you suspect that you've been tricked into divulging personal information to a phishing attempt or other fraud, change your passwords to affected sites immediately and contact your bank, credit card companies, and the credit bureaus to request a fraud alert.
  • Please note that TV Tropes cannot assist you with the specifics of maintaining your computer. That's your responsibility. You may request general help in the appropriate forums, but please don't post new threads in the forums dedicated to wiki operation (Wiki Talk, Frequently Asked Questions, etc.).
  • Sometimes, the wiki administration can get better results from the ad providers in dealing with malicious ads. If you can identify a malicious ad by referral URL, you can post the link in this thread, but please omit the "http" component so it doesn't create a hyperlink that someone might click on inadvertently.

    Identifying the source of an ad 
  • For image ads, right-clicking (or a long tap on mobile devices) should give you the option to view and copy the URL that clicking on it will send you to.
  • For Flash, Java, or HTML 5.0 ads, it may be difficult to identify the source or the URL by right-clicking. In these cases, you need to view the page source to identify the ad so we can report it.
  • In Internet Explorer, you can right-click in a blank or text area of any web page, and choose View Source from the context menu. Firefox also has this option. In Chrome, you can use the Inspect Element menu option, which interactively highlights the portion of the page whose code you are hovering over. You can use this to identify the ad frame and its source URL.
  • For embedded ads, there will be a "frame" element with a "src" parameter. Drill down until you get to the lowest level. All we need to identify the ad is the "src" URL from that frame.

Edited by Fighteer on Nov 19th 2018 at 11:12:46 AM

Please join the namespace configuration project!
0dd1 Just awesome like that from Nowhere Land
Just awesome like that
Dec 11th 2011 at 12:52:29 AM

Well, regarding that last point you said, there's one that keeps recurring for me that triggers the Microsoft Smart Screen filter on my Internet Explorer. Here's what IE keeps saying:

Content on this website has been reported as unsafe
0bp65a.com
Hosted by: tvtropes.org

We recommend that you do not continue to this website.

This website has been reported to Microsoft for containing threats to your computer that might reveal personal or financial information.

This website has been reported to contain the following threats: Malicious software threat: This site contains links to viruses or other software programs that can reveal personal information stored or typed on your computer to malicious persons.

Insert witty and clever quip here. My page, as the database hates my handle. My music.
Fighteer Geronimo! from the Time Vortex Relationship Status: Dancing with Captain Jack Harkness
Geronimo!
Dec 11th 2011 at 8:30:58 AM

According to this article, there should be a link on the SmartScreen filter report allowing you to report TV Tropes as a safe site.

However, I just tried loading tvtropes.org in IE9 and checked its SmartScreen rating, and it reported no threats. That other site is definitely a malware site but a quick search revealed no useful information about it.

We have yet to get anyone reporting a site-related infection who can give us any details about where it came from. That's the only way any of these issues will get resolved.

edited 13th Dec '11 4:41:32 PM by Fighteer

Please join the namespace configuration project!
arks Boiled and Mashed Relationship Status: Mu
Boiled and Mashed
Dec 13th 2011 at 1:38:34 AM

Here's one that set off my antivirus: mlleld.com/xmltree.jar|[end angle bracket]xmltree[slash. the actual punctuation mark refuses to show up on these forums.]kondar.class

edited 13th Dec '11 1:41:53 AM by arks

Video Game Census. Please contribute.
Dec 13th 2011 at 4:53:07 AM

I've gotten The Windows XP Antivirus 2012 virus from the site thrice recently, but I wasn't able to pin it to a specific ad or address.

Avast!Antivirus blocked an attack on my computer the first time I went to the site's homepage after installing it. Unfortunately, I don't remember the address it gave. I'll see if I can look through logs to find it. If I do, I'll post it.

Zyffyr from Portland, Oregon Relationship Status: Complex: I'm real, they are imaginary
Dec 13th 2011 at 3:31:12 PM

Address of the advertisement itself : media2.rubricgroup.com/?fhVEAw4RFgJdCloCEmgDVgMDdjIlVwlBQlULFwdDEhtaW1QkQVQcGycnOx1QAgULQFRfAFFABFxN

Warning message from my Antivirus : murouk.com/xmltree.jar|>xmltreekondar.jar

I've had others, but I didn't think to get the info.

edited 13th Dec '11 3:32:42 PM by Zyffyr

Dec 13th 2011 at 4:40:18 PM

Thanks. I've forwarded these to our ad provider to see what action we can get.

Goal: Clear, Concise and Witty
Dec 14th 2011 at 9:57:22 AM

Update from the ad provider:

On Wed, Dec 14, 2011 at 11:50 AM, Bethany Patterson <bpatterson@rubiconproject.com> wrote:

Hi Eddie.

I did some digging in our Site Scout technology this morning and was able to confirm that the information you provided us was linked to an issue that we flagged and resolved yesterday morning. We found this issue coming through three different networks (Banner Connect, Meta Network, Redux Media) Monday night/Tuesday morning. This problem was stemming from a specific advertiser within App Nexus. We reached out internally to App Nexus yesterday morning and helped them remove the advertiser. We have not seen the issue on our end since it was resolved.

Goal: Clear, Concise and Witty
Madrugada Zzzzzzzzzz Relationship Status: In season
Zzzzzzzzzz
Dec 14th 2011 at 10:08:21 AM

Hey, cool. An actual response from an actual person. Is that allowed?tongue

edited 14th Dec '11 10:09:21 AM by Madrugada

...if you don’t love you’re dead, and if you do, they’ll kill you for it.
Nohbody "In distress", my ass. from Somewhere in Dixie Relationship Status: Mu
"In distress", my ass.
Dec 14th 2011 at 10:30:51 AM

Maddy: It is allowed now that we have a service between us and Google. Google is not in the human-to-publisher support business in any way you might notice.

edited 14th Dec '11 10:32:21 AM by FastEddie

Goal: Clear, Concise and Witty
Dec 14th 2011 at 2:18:32 PM

Got one today a few minutes ago from http://nisivy.com/xmltree.jar|&gt;xmltree/kondar.class. At least that's the URL given by Avast.

Edit: There's some gibberish-text that doesn't display properly between "jar" and "xmltree". It's |>. Hopefully it doesn't affect the report Eddie.[down]

edited 14th Dec '11 5:58:59 PM by Darkaros

Dec 14th 2011 at 4:46:13 PM

Thanks. Will report.

Goal: Clear, Concise and Witty
Dec 15th 2011 at 8:04:33 AM

[up][up] That looks like what Avast blocked for me, too.

Mine also said that it had to do with "java" and "Email.Trojan," if that's any help.

Ramidel Relationship Status: Above such petty unnecessities
Dec 17th 2011 at 8:28:30 PM

As a related question:

Sometimes, when I right-click a flash ad, it grayscales the "Settings" option. How do I find that ad's URL?

Fiat justitia ruat caelum.
Dec 18th 2011 at 1:42:19 AM

If you run Firefox or Chrome, install Firebug, then use the 'inspect element' feature.

Goal: Clear, Concise and Witty
Dec 19th 2011 at 4:42:11 PM

I just caught the exploit, which Avast! blocked.

It's: peteic.com/xmltree.jar|>xmltree\spager.class

Dec 19th 2011 at 4:50:19 PM

Thanks!

Goal: Clear, Concise and Witty
Dec 19th 2011 at 4:54:40 PM

Request from ad server folks:

Do you have any additional information about who saw it, where it served, what time of day, geographic location, advertiser name, ad size, ANYTHING else would be helpful

Goal: Clear, Concise and Witty
Zyffyr from Portland, Oregon Relationship Status: Complex: I'm real, they are imaginary
Dec 19th 2011 at 6:10:38 PM

I just got the one from peteic.com, URL of the ad was :

d3.purebluemedia.com/?Qg Qc UQIGQ Bt QU 1 YBEGIH Xgc S Mjko Dg VCSVQE Fw FUQVMPR 1 Qg C 0 Ec Qycn Yld GB Rcf R 09 C Fxo NCF 4=

No clue on the content, as my AV blocked it. West Coast USA, ~2 minutes ago. Ad was served on the Excessive Categorization thread (Wiki Talk), top ad.

Joaqs Técnico Electromecánico from Argentina
Técnico Electromecánico
Dec 19th 2011 at 7:35:08 PM

Internet explorer has being activating site filtering script (xss)*

to the add left side off forum now, the URL is:

ib. adnxs. com / if?enc=exSuR-F6h D 97 FK 5 H 4 Xq E Pw AAAOB Ru M 4_ exSuR-F6h D 97 FK 5 H 4 Xq EP 3 NZC Mib-9FcR1TLCvo0i0u9_u9OAAAAAJ2lCgA2AQAANgEAAAIAAABQTw0AkdgAAAEAAABVU0QAVVNEAKAAWAKdMQAARRIAAgQCAQUAAIIAoySR7wAAAAA.&udj=uf%28%27a%27%2C+35986%2C+1324351165%29%3Buf%28%27r%27%2C+872272%2C+1324351165%29%3B&cnd=!GCNPK Qjh2gs Q 0 J 41 GA Agkb EDMA A4ne MEQAR Itg J Qncsq WA Bglw Jo AHCEC Hg Cg AGM C4g B Ap ABA Zg B Aa AB Aag BALABA Lk Bex Su R-F6h D_BAXsUrkfheoQ_yQGkmZmZmZm5P9kBAAAAAAAA8D_gAQA.&ccd=! Aw Vl Kwjh2gs Q 0 J 41 GJ Gx Ay AE&vpid=47&referrer= htt p: // optimized-by.rubiconproject. com/ a/8777/ 14415/29991-9.html%3F&media_subtypes=1

Region South America (Argentina), no idea what it was about, time, around this hour.

edited 19th Dec '11 7:35:50 PM by Joaqs

Dec 19th 2011 at 11:01:43 PM

Fantastic information. Will forward to ad provider.

Goal: Clear, Concise and Witty
Dec 21st 2011 at 5:30:54 AM

Here's my timestamp (I took a screenshot):

7:39 PM Eastern Time (4:39 Pacific), on the Writer's Block forum. Pennsylvania, USA.

Dec 21st 2011 at 5:36:42 AM

Ooh! That screen shot would be handy.

Goal: Clear, Concise and Witty

Top