<P>Ever go to the Music City Morpheus chat and get barraged by popup ads? Well, it happens there was popup ad code embedded into the Java Chat. Turns out it was put in there by a user named--> Kayaman. lol. And all this time he was getting ad clicks. <P>

Here's the info: <P>

You know how when you went to http://chat.musiccity.com that all these annoying popup ads came up in your face? For things like cellphones and whatnot...<P>

Well upon tracking the source of these ads, it turns out that the chat page opened several session connections to the IP of www.popuptraffic.com, also media.popuptraffic.com. This turns out to be a notorious popup ad/spam site that is on many spam 'BlackLists' including anti-spam sites that supply lists of sites to block out in your HOSTS file. (see <a href="http://www.smartin-designs.com" target="_blank">http://www.smartin-designs.com</a> for how to block ad/popup/spam sites ) <P>

So ok, I thought musiccity morpheus was doing it. Nope.<P>

MusicCity's Morpheus chat was admin'd by a person named Kayaman who recently also started a competing chat server called p2pchat.org. p2pchat.org was supposed to be the spillover chat where people could chat about various p2p clients and touted as being against spyware. It is also home of chat rooms for p2p clients such as xolox, a simple gnutella p2p program. And is populated by many ops from the Morpheus chat.<P>

Well, The music city chat server has been rumored to be shutting down for a while now, but a few hours ago it just happened. <P>

The morpheus chat just changed, morpheus chat is now gone, and users are now routed to p2pchat.org. That's how the spyware in the java chat revealed itself. Here's how...<P>

For the switchover, the Webmaster ConferenceRoom java chat was replaced by Kayaman's own JAVA CHAT. Inspecting the code put there, revealed it. Right clicking on the page you can VIEW the SOURCE CODE. And hidden in the source code of the page was this:<P>

&lt;SCRIPT LANGUAGE="JavaScript" src="http://www.popuptraffic.com/assign.php?l=kayaman&mode=behind"&gt;<P>

&lt;SCRIPT LANGUAGE="JavaScript" src="http://www.popuptraffic.com/assign.php?l=kayaman"&gt;&lt;/script&gt;<P>

If you don't know what that means, that is the code that spews those cellphone popup ads from popuptraffic.com in your face when you go to morpheus chat. But look at the end... Notice it doesn't say MusicCity at the end. It says 'l=kayaman'. It turns out that Kayaman put *himself* as the affiliate. --So all this time, while touting NoSpyware and ad free systems, he was secretly getting ad impression credits from you. LOL.<P>

By the way, I looked for the user and tried to contact them in the chat server, but upon getting no answer I posted the spyware info into the chat rooms to tell everyone. Upon Kayaman seeing it in the chat room, I was killed off the server with the following message:<P>

*** You were killed by KayaMan (irc2!netadmin.p2pchat.org!KayaMan (learn the difference between a popup and spyware))<P>

LOL.<P>

-Notice that it doesn't say "No. There's nothing there." but rather he seems to be admitting it and just arguing whether or not it's popups or spyware. In any case, you can argue over definitions if you like, but I'd say anything that is hidden code and is embedded secretly, pops up ads at you, and directs revenue credits to someone is not too good no matter what term you want to use for it. <P>

By the way, Kayaman says he is NOT an employee of music city. Although he does administer their chat and have the keys to edit and manipulate their website to add his own name in there for revenue credits, and direct people to his new p2pchat server. <P>

Whether or not someone deserves or does not deserve ad revenue, the fact that it was hidden and designed to launch popup ads by someone who at all other times was vocal against such things is a little questionable. <P>

As soon as I revealed the popup ad code and that the credit was going to Kayaman, the site was quickly edited to prohibit RIGHT-CLICKING to view the source code, and the ad code was edited out. LOL!<P>

But here is what it was:<P>


&lt;HTML&gt;&lt;HEAD&gt;<BR>
&lttitle&gt;. . MusicCity - Java Client . .&lt;/title&gt<BR>
&;ymeta http-equiv="content-type" content="text/html; charset=iso-8859-1" /zzzzzzzzzzzzzzzzzzzz&gt;<BR>
&gt;meta http-equiv="Content-Language" content="en-us" /&gt;<BR>
&gt;meta name="robots" content="none" /&lt;<P>

&gt;SCRIPT LANGUAGE="JavaScript" <BR>
src="http://www.popuptraffic.com/assign.php?l=kayaman&mode=behind"&gt;<BR>
&lt;/script&gt;<BR>
&lt;SCRIPT LANGUAGE="JavaScript" src="http://www.popuptraffic.com/assign.php?l=kayaman">&lt;/script&gt;<P>

&lt;/HEAD&gt; <p>


&lt;body class=background bgcolor="#FFFFFF" text="#828282" <BR>
link="#669999" vlink="#669999" topmargin="1" &gt;<BR>
&lt;script language=JavaScript&gt;<BR>
&lt;!--
var message="";
/////////////////////////////////// <BR>
function clickIE() {if (document.all) {(message);return false;}} <BR>
function clickNS(e) {if <BR>
(document.layers||(document.getElementById&&!docum ent.all)) { <BR>
if (e.which==2||e.which==3) {(message);return false;}}} <BR>
if (document.layers)<BR>
{document.captureEvents <BR>(Event.MOUSEDOWN);document.onmousedown=clickNS ;}<BR>
else{document.onmouseup=clickNS;document.oncontext menu=clickIE;} <BR>

document.oncontextmenu=new Function("return false")<BR>
// --&gt;<BR>
&lt;/script&gt;<BR>
&lt;center&gt;<BR>
&lt;****** border=0 height=450 FRAMEBORDER="0" width=665 <BR>
MARGINHEIGHT=0 MARGINWIDTH=0 SCROLLING=Yes <BR>
NORESIZE scrolling=no src="http://www.p2pchat.org/mchat.htm"&gt;&lt;/******&gt<BR>
&lt;center&gt;<BR>
&lt;/body&gt;<BR>
&lt;/html&gt;<BR>
<P>
<P>

And here's how the code appears on the chat page...<P>

****

Hmmm, Kayaman also has XOLOX using his java chat code. I wonder what kind of stuff is in now embedded in XOLOX chat... ?<P>

-Helen Brocke<P>

[edit note: this post contained HTML code which caused pop ups, this is a sort of spamming]

Brocke,
You spend your days spamming IRC channels and we allowed you to, for I also agreed the current Morpheus dropped the ball. But to come in and accuse me of spyware? Please, grow up and make the arguement with me rather then try to make a name for yourself spamming rooms where of course, you would get killed if you egg on people enough.
It comes with the territory , the rumors. So im not surprised one bit to see this post.

I didnt even read your full post, so I will completely answer it. The disable right click has always been there, for over a year to avoid people taking the code - no biggie.
Secondly , I never go around claiming what you say, so please don't put words in my mouth. Its a known fact clients make money through ad revenue which isn't a problem - I have and always will be against spyware and installing of software without user's knowledge.
We have debated and discussed in the past, funny you would take your quarrels to this. So basically if you go in bad mouthing a network and trolling it to see who you can p.i.s.s off and get disconnected you can come to a forum to make the person look bad. Its quite alright , I'll take a step back and let those that know me decide for themselves.

Lastly ( because that was a long post he/she posted )

You are talking about a popup ad , this site itself poped up 3 to 4 ads so now gnutellaforums is a bad place?

"I wonder what kind of stuff is in now embedded in XOLOX chat... ?"

I think the people using it are clever enough to not fall for your attempt at a personal attack on me to think XoloX has anything or ever would to do with that. Just because someone helps keep chat up, doesn't mean they are an employee of your much hated Morpheus; which you spend half your day spamming about how awful it is. Right on , but please don't confuse the 2.

Dear XoloX and forum users,

Unlike what the posting suggests, XoloX is absolutely Spyware free! The trust of our users is priceless and we would never do anything to jeopardize it.

If any one chooses to fight vendettas, please pick a different arena.

Team XoloX

And you suggest we should just believe you, sweet Susie?

Yes you should, until you have an official release and can prove that he is lying! The betas are clean!

Note that the unregistered is talking about music city not Xolox!

Morgwen

After I activated the "chat" link at the xolox.nl page I startet getting popups. I even got popups visiting this forum, and that has never happened before. So, as I always do when I suspect some page has installed spyware on my computer - I ran Ad-aware from lavasoft (as I do automatically every day, the latest is six hours before this happened).
Anyways, the result was that it found two spyware components, "Gator" and "Aureate". They are now deleted and I am not getting popups at gnutellaforums.

I think you guys should take a look at this chat link (http://www.p2pchat.org/xchatstart.htm). Does it or does it not install spyware?

Stig Eide (stigeide@yahoo.com)
Hope Im not spreading false rumours, dont think so.

Actually this forum is not run by XoloX so no control over the pop-ups it loads. Yes this forum does load popups to support it, it does for all the clients sadly.

The 'gator' and other traces you have must be from other installed programs. That page you posted was clean as a whistle. I recommend you run ad-aware because the fact is those compenents will cause things to load on you even when visiting a site that does not have any form up ads.

You can also use an IRC client.

Pop ups are NO spyware!

You will find several websides with pop ups they need to pay their bills with advertisement!

Gator and aureate is sure Spyware but sure not installed through this IRC chat...

Morgwen

yes U did, kid. clean your computer, most fileharing programs come with spyware. Xolox and the Xolox chat is spyware-free.