Gnutella Forums  

Go Back   Gnutella Forums > Gnutella News and Gnutelliums Forums > General Gnutella / Gnutella Network Discussion
Register FAQ The Twelve Commandments Members List Calendar Arcade Find the Best VPN Today's Posts

General Gnutella / Gnutella Network Discussion For general discussion about Gnutella and the Gnutella network.
For discussion about a specific Gnutella client program, please post in one of the client forums above.


Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old May 17th, 2002
Unregistered
Guest
 
Posts: n/a
Exclamation Spyware/Ad/Popup code discovered in Kayaman Java Chat pg used by MusicCity. & Xolox?

<P>Ever go to the Music City Morpheus chat and get barraged by popup ads? Well, it happens there was popup ad code embedded into the Java Chat. Turns out it was put in there by a user named--> Kayaman. lol. And all this time he was getting ad clicks. <P>

Here's the info: <P>

You know how when you went to http://chat.musiccity.com that all these annoying popup ads came up in your face? For things like cellphones and whatnot...<P>

Well upon tracking the source of these ads, it turns out that the chat page opened several session connections to the IP of www.popuptraffic.com, also media.popuptraffic.com. This turns out to be a notorious popup ad/spam site that is on many spam 'BlackLists' including anti-spam sites that supply lists of sites to block out in your HOSTS file. (see <a href="http://www.smartin-designs.com" target="_blank">http://www.smartin-designs.com</a> for how to block ad/popup/spam sites ) <P>

So ok, I thought musiccity morpheus was doing it. Nope.<P>

MusicCity's Morpheus chat was admin'd by a person named Kayaman who recently also started a competing chat server called p2pchat.org. p2pchat.org was supposed to be the spillover chat where people could chat about various p2p clients and touted as being against spyware. It is also home of chat rooms for p2p clients such as xolox, a simple gnutella p2p program. And is populated by many ops from the Morpheus chat.<P>

Well, The music city chat server has been rumored to be shutting down for a while now, but a few hours ago it just happened. <P>

The morpheus chat just changed, morpheus chat is now gone, and users are now routed to p2pchat.org. That's how the spyware in the java chat revealed itself. Here's how...<P>

For the switchover, the Webmaster ConferenceRoom java chat was replaced by Kayaman's own JAVA CHAT. Inspecting the code put there, revealed it. Right clicking on the page you can VIEW the SOURCE CODE. And hidden in the source code of the page was this:<P>

&lt;SCRIPT LANGUAGE="JavaScript" src="http://www.popuptraffic.com/assign.php?l=kayaman&mode=behind"&gt;<P>

&lt;SCRIPT LANGUAGE="JavaScript" src="http://www.popuptraffic.com/assign.php?l=kayaman"&gt;&lt;/script&gt;<P>

If you don't know what that means, that is the code that spews those cellphone popup ads from popuptraffic.com in your face when you go to morpheus chat. But look at the end... Notice it doesn't say MusicCity at the end. It says 'l=kayaman'. It turns out that Kayaman put *himself* as the affiliate. --So all this time, while touting NoSpyware and ad free systems, he was secretly getting ad impression credits from you. LOL.<P>

By the way, I looked for the user and tried to contact them in the chat server, but upon getting no answer I posted the spyware info into the chat rooms to tell everyone. Upon Kayaman seeing it in the chat room, I was killed off the server with the following message:<P>

*** You were killed by KayaMan (irc2!netadmin.p2pchat.org!KayaMan (learn the difference between a popup and spyware))<P>

LOL.<P>

-Notice that it doesn't say "No. There's nothing there." but rather he seems to be admitting it and just arguing whether or not it's popups or spyware. In any case, you can argue over definitions if you like, but I'd say anything that is hidden code and is embedded secretly, pops up ads at you, and directs revenue credits to someone is not too good no matter what term you want to use for it. <P>

By the way, Kayaman says he is NOT an employee of music city. Although he does administer their chat and have the keys to edit and manipulate their website to add his own name in there for revenue credits, and direct people to his new p2pchat server. <P>

Whether or not someone deserves or does not deserve ad revenue, the fact that it was hidden and designed to launch popup ads by someone who at all other times was vocal against such things is a little questionable. <P>

As soon as I revealed the popup ad code and that the credit was going to Kayaman, the site was quickly edited to prohibit RIGHT-CLICKING to view the source code, and the ad code was edited out. LOL!<P>

But here is what it was:<P>


&lt;HTML&gt;&lt;HEAD&gt;<BR>
&lttitle&gt;. . MusicCity - Java Client . .&lt;/title&gt<BR>
&;ymeta http-equiv="content-type" content="text/html; charset=iso-8859-1" /zzzzzzzzzzzzzzzzzzzz&gt;<BR>
&gt;meta http-equiv="Content-Language" content="en-us" /&gt;<BR>
&gt;meta name="robots" content="none" /&lt;<P>

&gt;SCRIPT LANGUAGE="JavaScript" <BR>
src="http://www.popuptraffic.com/assign.php?l=kayaman&mode=behind"&gt;<BR>
&lt;/script&gt;<BR>
&lt;SCRIPT LANGUAGE="JavaScript" src="http://www.popuptraffic.com/assign.php?l=kayaman">&lt;/script&gt;<P>

&lt;/HEAD&gt; <p>


&lt;body class=background bgcolor="#FFFFFF" text="#828282" <BR>
link="#669999" vlink="#669999" topmargin="1" &gt;<BR>
&lt;script language=JavaScript&gt;<BR>
&lt;!--
var message="";
/////////////////////////////////// <BR>
function clickIE() {if (document.all) {(message);return false;}} <BR>
function clickNS(e) {if <BR>
(document.layers||(document.getElementById&&!docum ent.all)) { <BR>
if (e.which==2||e.which==3) {(message);return false;}}} <BR>
if (document.layers)<BR>
{document.captureEvents <BR>(Event.MOUSEDOWN);document.onmousedown=clickNS ;}<BR>
else{document.onmouseup=clickNS;document.oncontext menu=clickIE;} <BR>

document.oncontextmenu=new Function("return false")<BR>
// --&gt;<BR>
&lt;/script&gt;<BR>
&lt;center&gt;<BR>
&lt;****** border=0 height=450 FRAMEBORDER="0" width=665 <BR>
MARGINHEIGHT=0 MARGINWIDTH=0 SCROLLING=Yes <BR>
NORESIZE scrolling=no src="http://www.p2pchat.org/mchat.htm"&gt;&lt;/******&gt<BR>
&lt;center&gt;<BR>
&lt;/body&gt;<BR>
&lt;/html&gt;<BR>
<P>
<P>

And here's how the code appears on the chat page...<P>

****

Hmmm, Kayaman also has XOLOX using his java chat code. I wonder what kind of stuff is in now embedded in XOLOX chat... ?<P>

-Helen Brocke<P>

[edit note: this post contained HTML code which caused pop ups, this is a sort of spamming]

Last edited by Morgwen; May 24th, 2002 at 03:39 PM.
Reply With Quote
  #2 (permalink)  
Old May 17th, 2002
filesharing-retard
 
Join Date: April 13th, 2002
Location: The Zoo
Posts: 346
KayaMan is flying high
Default Oh Brocke, so Childish

Brocke,
You spend your days spamming IRC channels and we allowed you to, for I also agreed the current Morpheus dropped the ball. But to come in and accuse me of spyware? Please, grow up and make the arguement with me rather then try to make a name for yourself spamming rooms where of course, you would get killed if you egg on people enough.
It comes with the territory , the rumors. So im not surprised one bit to see this post.
Reply With Quote
  #3 (permalink)  
Old May 17th, 2002
filesharing-retard
 
Join Date: April 13th, 2002
Location: The Zoo
Posts: 346
KayaMan is flying high
Default re:

I didnt even read your full post, so I will completely answer it. The disable right click has always been there, for over a year to avoid people taking the code - no biggie.
Secondly , I never go around claiming what you say, so please don't put words in my mouth. Its a known fact clients make money through ad revenue which isn't a problem - I have and always will be against spyware and installing of software without user's knowledge.
We have debated and discussed in the past, funny you would take your quarrels to this. So basically if you go in bad mouthing a network and trolling it to see who you can p.i.s.s off and get disconnected you can come to a forum to make the person look bad. Its quite alright , I'll take a step back and let those that know me decide for themselves.

Lastly ( because that was a long post he/she posted )

You are talking about a popup ad , this site itself poped up 3 to 4 ads so now gnutellaforums is a bad place?

"I wonder what kind of stuff is in now embedded in XOLOX chat... ?"

I think the people using it are clever enough to not fall for your attempt at a personal attack on me to think XoloX has anything or ever would to do with that. Just because someone helps keep chat up, doesn't mean they are an employee of your much hated Morpheus; which you spend half your day spamming about how awful it is. Right on , but please don't confuse the 2.

Last edited by KayaMan; May 17th, 2002 at 05:24 AM.
Reply With Quote
  #4 (permalink)  
Old May 17th, 2002
XoloX Developer
 
Join Date: September 7th, 2001
Posts: 6
BoyNamedSue is flying high
Default XoloX is Spyware free

Dear XoloX and forum users,

Unlike what the posting suggests, XoloX is absolutely Spyware free! The trust of our users is priceless and we would never do anything to jeopardize it.

If any one chooses to fight vendettas, please pick a different arena.

Team XoloX
Reply With Quote
  #5 (permalink)  
Old May 17th, 2002
Gnutella Aficionado
 
Join Date: March 13th, 2002
Location: Aachen
Posts: 832
Taliban is flying high
Default

And you suggest we should just believe you, sweet Susie?
Reply With Quote
  #6 (permalink)  
Old May 17th, 2002
Morgwen's Avatar
lazy dragon - retired mod
 
Join Date: October 14th, 2001
Location: Germany
Posts: 2,927
Morgwen is flying high
Default

Quote:
Originally posted by Taliban
And you suggest we should just believe you, sweet Susie?
Yes you should, until you have an official release and can prove that he is lying! The betas are clean!

Note that the unregistered is talking about music city not Xolox!

Morgwen
Reply With Quote
  #7 (permalink)  
Old May 19th, 2002
Stig
Guest
 
Posts: n/a
Thumbs down chat@xolox.nl installed spyware on my computer

After I activated the "chat" link at the xolox.nl page I startet getting popups. I even got popups visiting this forum, and that has never happened before. So, as I always do when I suspect some page has installed spyware on my computer - I ran Ad-aware from lavasoft (as I do automatically every day, the latest is six hours before this happened).
Anyways, the result was that it found two spyware components, "Gator" and "Aureate". They are now deleted and I am not getting popups at gnutellaforums.

I think you guys should take a look at this chat link (http://www.p2pchat.org/xchatstart.htm). Does it or does it not install spyware?

Stig Eide (stigeide@yahoo.com)
Hope Im not spreading false rumours, dont think so.
Reply With Quote
  #8 (permalink)  
Old May 19th, 2002
Unregistered
Guest
 
Posts: n/a
Default

Actually this forum is not run by XoloX so no control over the pop-ups it loads. Yes this forum does load popups to support it, it does for all the clients sadly.

The 'gator' and other traces you have must be from other installed programs. That page you posted was clean as a whistle. I recommend you run ad-aware because the fact is those compenents will cause things to load on you even when visiting a site that does not have any form up ads.
Reply With Quote
  #9 (permalink)  
Old May 19th, 2002
Morgwen's Avatar
lazy dragon - retired mod
 
Join Date: October 14th, 2001
Location: Germany
Posts: 2,927
Morgwen is flying high
Default

You can also use an IRC client.

Pop ups are NO spyware!

You will find several websides with pop ups they need to pay their bills with advertisement!

Gator and aureate is sure Spyware but sure not installed through this IRC chat...

Morgwen

Last edited by Morgwen; May 19th, 2002 at 05:17 AM.
Reply With Quote
  #10 (permalink)  
Old May 19th, 2002
Unregistered
Guest
 
Posts: n/a
Default Re: chat@xolox.nl installed spyware on my computer

Quote:
Originally posted by Stig
Hope Im not spreading false rumours, dont think so.
yes U did, kid. clean your computer, most fileharing programs come with spyware. Xolox and the Xolox chat is spyware-free.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
After uninstallation i get a Java popup.. soundshock General Windows Support 6 September 20th, 2006 05:28 PM
How do I STOP Xolox from downloading ActiveX code? courry Support: Howto's 0 September 28th, 2003 10:23 AM
Please Release The Source Code For Xolox!!!!! Unregistered User Experience 7 June 23rd, 2002 02:05 PM
All developers, code up! XoloX is back Unregistered General Gnutella / Gnutella Network Discussion 47 April 22nd, 2002 06:32 AM
Developers!!!! Please Release The Source Code For Xolox Unregistered Support: General 4 November 30th, 2001 04:26 AM


All times are GMT -7. The time now is 12:20 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.

Copyright © 2020 Gnutella Forums.
All Rights Reserved.