Forced redirects

Guys, it seems that arround 30 minutes ago, something dropped a redirect script in the headers of our page, and people has been getting redirected to ad pages every time they click a link. I myself noticed this and started to run some checks in order to find if the server had been compromised.

Long story short, the server seems ok, and the files seem ok. No traces of any injected code. The problem is that WW runs on multiple levels of cache. That includes mobile browsers, that tend to store thing in cache regardless of the response of the server.

I’ve cleared everything, from wordpress cache, to our CDN’s content cache. Bad news is that the people that got the code in their mobile devices are going to keep being redirected until they clear the cache in their phones.

TO GET RID OF THE PROBLEM, CLEAR THE CACHE OF YOUR BROWSERS.

http://www.wikihow.com/Clear-Your-Browser’s-Cache-on-an-Android
http://www.wikihow.com/Clear-Your-Browser%27s-Cache-on-an-iPhone

I’m really sorry for the inconvenience.

EDIT – Holy f*ck!  This is a scary thing to wake up to.  Big thumbs up to Yn5an3 for catching this (while I was sleeping, no less!) – RWX

Posted by Yn5an3

61 thoughts on “Forced redirects” - NO SPOILERS

    1. 😛 that’s when you move your laptop cache to your phone… and realise that you watch way more twisted stuff on your laptop and you never ever realised…

      1. it could bypass it cause it was a injected redirect script into the header [from what i understand] its not a tangible add to block but a “open in new tab on click of any link”

        1. Well, ad block should have been able to block the content of the script that caused the redirect before the code was loaded. The same thing it does with normal advertisers or trackers.

        2. On my phone it was redirect even without any click. Even simply accessing WW homepage got redirected. And it was the same tab not a new tab, so you have to see ads but not the real content. What if FBT brought forth a tsunami and I couldn’t read it?? That is a torture!!

  1. Sorry but that redirect thing has been an issue for a long while with this site. It’s why I installed addblock on my mobile devices. Also the adds tear through my data plan…

    1. Yes, the ads consume a ton of bandwith… Ren has tried to find a way to get better ads for a long time, and he made some progress lately. Sadly, this episode has destroyed in 30 minutes all the effort he has put into that cause during the last couple of months.

          1. A few months actually. Been getting redirected for the past 2 months at least and gave up when it kept coming back

    2. He meant a forced redirect from links meant within site
      not the forced ad popup that replaces the intended page after few sec (which even ppl working on site knows)

  2. Hi,

    Thanks, this helped with redirects on my mobile. But on my iPad, I still have redirects, especially when I scroll down fast, or when I zoom in, or when I launch the site from Google search.
    Is this also a cache problem? I use private browsing recently for wuxiaworld, so that no cache, cookies etc is formed. Please let me know if you also encounter it/have a solution already.

    Cheers,
    A patient reader !

    1. It may not be a cache problem. Clearing the cache only replaces the contents stored in your device with the last content from the site. In this case clearing the cache helped because the cause of the problem wasn’t on the code of the page anymore.

      That said, some of the advertisers in wuxiaworld have ‘bad ads’ that redirect the users to external pages. Ren has been working in order to find better ads, but it’s difficult. We do not have enough traffic to get direct advertising, so we are forced to rely on resellers. That means it’s not possible to have direct control of the ads being displayed. I don’t know how long will it take us to sort things out.

      Just to clarify, I’m not Ren, and the problem you mention is a little different from the issue this post talks about.

      Anyways, thanks for your patience and understanding.

      1. Great, thanks for the explanation.

        Sorry about the name..I have created kind of like a template, which is hard to change immediately in ipad(I get redirected by an ad, of course!!).

        If it helps anyone else:I have a short “hack” or “not clean” solution.when the page loads, before it has a chance to redirect, I switch of the Internet in phone/iPad so I can read, but it Doesnot have a chance to redirect.

        Cultivation (practise) helps in being faster than a redirect, LOL.

  3. Hey guys I got the same problem with my Iphone for some time. Just download the adblocker-ap and run it instead of safari, so you won’t get directed to this pages. I know ad blocker is not fair to the webpage runner, but I just keep it on my Iphone because when i want to read it mobile, I ALWAYS get directed to these pages D: (and I can’t come on wuxia though…)

    1. I heard google has started punishing websites that have invasive ads like these also several months ago. Specifically ads that popup and won’t let you return using the back button on mobile. So I have no idea why these SEO plugins would do that, since Google has taken steps to downgrade your rank on search results if it finds out (which they will).

    2. We don’t have a SEO plugin. Only a sitemap generator. Those plugins fill the database with trash. Clearing some options from an old SEO plugin, reduced the database transfer arround 20%. I don’t want to know what did that thing do behind the scenes.

    1. Yes. On Android the simple solution was installing Firefox and then installing uBlock Origin. It also made the website a lot faster. The ads kept getting worse and worse. This is the only website I am forced to use Firefox instead of chrome for just due to the ads on Android.

  4. This is a really nasty ad. Ads that use someone’s cache to redirect is as best annoying, but ads that attack the very server is no longer advertising attempt, this is a web hijacking, an attack by a cracker to our beloved Wuxia World!!! 🙁

  5. Not going to lie, once the text loads on my mobile I force-stop the page by turning off my Wi-Fi or Mobile Data. If I time it right, most of the site adds still load, but the redirect doesn’t get a chance to act.

    Sadly, this is really tricky to do on Gravity’s mobile site. They have some weird programming that loads the text in chunks, so force-stopping the page will more than likely cause you to lose a significant amount of text.

  6. I got this problem for almost 2 months now. First i get a message like this: http://imgur.com/cutrLLT (the german is like bad google translate) and then i get redirected to another site: http://imgur.com/HcUKgZO

    The site i get directed to sometimes change but they all have the characteristic that they don’t let me leave. Because of some other circumstances i did reset my mobile phone yesterday and until now i fear to visit this site again because i might get a virus/malware or smth.

    Are the shown pictures the same one which you saw? Please tell me its safe now…. I don’t wanna copy the text to a word document anymore just to read it while on the train^^

    Sry if my english isn’t the best!

  7. Another thing to take note of:

    Just today, I’ve been plagued with AUTOPLAYING ADS WITH SOUND, which is weird since I’ve set extensions (flash/java/etc) to play on user prompt.

    Obviously, a malicious script is being employed if its able to circumvent browser settings.

    Weird thing is, if I hover my mouse on the ad itself, it’ll then revert back to the supposed “puzzle” icon for the click to play thing.

    1. Hey, can you do this? If you are on Chrome, open the dev console (F12), click on the magnifying glass to do an ‘inspect elements’, then click on the offending ad. Copy the entire code and email it to me at rwxwuxiaworld(a)gmail.com.

  8. i hate to break it to you but your site is riddled with redirect ads. i was actually forced to start using an adblocking browser on my phone when i use this site. this is not something new either its been going on for months, i have posted in your forums asking for something to be done but apparently no one checks those.

    1. Yup, a minority of readers have problems with redirect ads. I’ve gone through six different mobile agencies, with varying levels of success. The thing is, for a site our size, all ads are non-direct, which means they are routed through networks, which routes through agencies. There are always bad ads (we serve millions of them), and unfortunately, if your ‘profile’ just so happens to fit what the bad ads wants, you might get them repeatedly, in which case, do exactly what you did; just adblock us and be happy 🙂

  9. funniest thing i’ve seen feom the ads network is an anti virus ad that forces a redirect.
    there’s no way i’d ever get that app. but i’ll consider firefox.

  10. I have disabled Javascript for this website on my mobile devices specifically because of this issue continually occuring. The only downside to this is that your navigation menu ceases to function (as it has no <noscript/> alternative).

    One thing I would suggest looking into is adding listeners to your link clicks (through jQuery/Javascript) to confirm whether or not these links have been hijacked… Worst case, depending on how your Ads load, you could precache all pagelinks using jquery, and then reconfirm that they haven’t been changed when a user clicks the links…

    Something like (Loaded above/before the ads are loaded):

    <script>
    $(function(){
    $(‘a’).each(function(){
    $(this).data(‘link’,$(this).attr(‘href’));
    });
    $(‘a’).on(‘click’,function(e){
    if( $(this).data(‘link’) != $(this).attr(‘href’) ){
    //The link has been hijacked/changed by something on the page.
    e.preventDefault(); //Stops any action from occurring when the link is clicked…
    // Hard redirect?: window.location.href = $(this).data(‘link’);
    }
    });
    });
    </script>

    Just as an example (Not entirely ideal, but hey – if you can’t fix the issue any other way, why not cripple the injections?)… All depends on if the redirect is being done by hijacking the “click” event, if it is creating a new element with an onclick that replaces your “a” tags, or if it is directly changing the “href” attribure within your links. I think one of the ads even binds the $(document).click(); which means that it can fire a redirect when a user even clicks within the window…

    I haven’t really bothered to check what form of injection is happening when the redirects occur, it annoys me, so I turn it off entirely. However, if this issue continues to persist I can forsee problems happening with this website that I love, if you need help with anything (combing over javascript/jquery/etc. that displays the ads, looking over the malicious code from the ads for ways to circumvent its circumvention, etc) let me know.

    – Magnanix.

    Edit: HTML tags are removed from comments… changed them…

Leave a Reply