No announcement yet. users security probs

  • Filter
  • Time
  • Show
Clear All
new posts

  • users security probs

    Hi I have a few users (this is some weird internet accelerator software for any internet user, obviously a caching proxy server) are complaining that they log in as some other member sometimes.

    I keep telling them to use the main index.php file that allows for no-cache in the meta tags but still, (they have cookies on) they are complaining.

    I did a scan on their proxy servers they use to accelerate internet speed for users, some of them being

    They seem to be using IIS web server. Don't know what proxy they use.

    Could someone at vB please contact their tech folks and see if this problem can be fixed at their end? Or is it a vB issue?

  • #2
    Right now I think I am going to ban all this crappy proxy site's IP's as we cannot deal this site specific complain

    The prob here is that a malicious user can use this proxy's services and bet that he/she will log in sometimes as a valid normal member using the same service.
    Last edited by ubbuser; Mon 15 Apr '02, 12:19am.


    • #3
      I have noticed the same problem a few days ago on my board with two users who shared the same IP from, but I don't think they can post as another user. It is just the welcome message they get with a wrong username.



      • #4
        Thanks for the feedback, yes I will check with our members who use (or are forced) to use this spyware. I really do not think the members know they are using this as it is just a software that redirects all web browser requests to their proxy servers


        • #5
          I will ask them again if they downloaded that software or not.
          I just remember one of them was using AOL and it was also the first time I heard of that problem on my board.



          • #6
            What would be cool is if there were a software to remove this spyware software that I could point to some of our members.


            • #7
              I have the same problem, as reported here:


              Are you sure it's only the welcome message?

              One of my mods, hit the CP link, and was sent to another member's CP.

              For this reason, I have removed their mod priviliges, until we can get to the bottom of this.
              vB Drupal Community Plumbing | vB Survey | vBusy | vB Spell | vBouncer


              • #8
                An immediate fix is if someone could find a way to delete the software from member's PC's. The way I understand it is that it is a piece of software that re-directs normal users requests to web sites to its own proxy/caching site.

                It is not needed as it is spyware BS.


                • #9
                  Originally posted by ubbuser
                  An immediate fix is if someone could find a way to delete the software from member's PC's.
                  But only the user may be able to do that, and it's not straight forward, as it requires logging in to MarketScore.

                  I'm thinking of writing an Apache REWRITE directive, to redirect all members coming from the marketscore IP's, to a page letting them know why they can no longer access the forum, with instructions and links to Ad-aware download page to remove NetSetter/MarketScore software.
                  vB Drupal Community Plumbing | vB Survey | vBusy | vB Spell | vBouncer


                  • #10
                    Hmm, Adaware removes Marketscore junk?


                    • #11
                      Ya, I have the same problem. First I thought it's a user with several nicknames but then I realized that it's not just one user.

                      I have 13 users that share the IP-numbers. Some of them are using this marketscore and some are

                      Now I understand the point about the marketscore users but what's with all this other users?

                      Could that be providers where the users get the same IPs? And how "high" is the possibility that I get 13 of this users? I am just really wondering if I have double-users or "just" an IP-problem here ...


                      • #12
                        Originally posted by ubbuser
                        Hmm, Adaware removes Marketscore junk?
                        I thought it did.

                        But not sure if the component is one of those:
                        Adware, Alexa 1.0-5.0, Aureate v1.0,2.0 + 3.0, Comet Cursor v1.0 and v2.0, Cydoor, Doubleclick, DSSAgent, EverAd, eZula, Expedioware, Flyswat, Gator, Hotbar 1+2, OnFlow, TimeSink v1.0,v2.0 and v5.0, Web3000, Webhancer, Transponder,Wnad,
                        ZapSpot and more... (updated regulary)
                        vB Drupal Community Plumbing | vB Survey | vBusy | vB Spell | vBouncer


                        • #13
                          This problem happened again on my board and it was again with a member on marketscore's proxy according to her IP.
                          I told her to read where they tell how to remove that spyware manually.

                          PestPatrol can remove it. From

                          "Summary: NetSetter (MarketScore) is a proxy service which claims to increase the speed of your internet connection. It runs at startup to ensure all your web connections are routed through NetSetter's proxies. (You will not observe any significant speedup from using the service.)
                          Netsetter has changed its name to Marketscore and is no longer operating under or using the name Netsetter.

                          Category: Adware/Trackware.

                          Aliases: Netsetter (previous name), ossproxy (program name), MarketScore (current name).

                          Distribution: Is installed through ActiveX at MarketScore's site, promoted by MarketScore affiliates.

                          Advertising? No.

                          Privacy Violation? Yes. Every web connection you make, including 'secure' connections, goes through the proxies and is logged and analysed on behalf of MarketScore's customer companies.

                          Security Issues? Unconfirmed. There is a 'required update' feature, but it is unknown whether this happens without consent from the user.

                          Stability Problems? Won't work if you have to use a different proxy. Will kill your internet connection if you try to delete the csloa.dll component manually.

                          Privacy Policy: Privacy policy.
                          Vendor: MarketScore official distribution site
                          ComScore sell the information to other companies

                          Detection: PestPatrol detects this pest.

                          Removal: PestPatrol removes this pest.

                          Manual Removal: There is a hidden uninstall feature. Open a command window and enter (for Windows 95/98/Me):

                          "%WinDir%\SYSTEM\NSCheck.exe" /uninstall
                          Or for Windows NT/2000/XP just:

                          NSCheck /uninstall


                          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.