Lately, I've been getting warnings from my browser and/or firewall about malware being distributed by the CastBoolits.Gunloads.Com site. Especially when I click on a Google search link that ends up here, ofttimes (not always) it will end up redirecting me to a URL such as http://myfilestore.com/download.php?id=2b5c7c20 which appears to be a site trying to lure the user into downloading a "update" to a browser extension. Clicking on the link takes one through a series of full-screen ad websites that require multiple Alt-F4 strikes to eliminate.

Anyone else noticing these? I don't think it's my computer, because I'm on Linux, which has few if any viruses. Also my firewall checks incoming websites for malware and viruses. And this site is the only one that's been acting like this -- none of the other websites I frequent have this issue. I suspect something is wrong with the web hosting of the forum. Or perhaps one of the in-line advertisers is having problems? Would seem to explain why it doesn't happen on every link click.

I am getting it and I don't come here from Google...it had stopped...but, it has started, again.

I'm not getting anything like that, happened once last week but not since. Running Linux with Palemoon as a browser. Also using the NoScript extension to prevent any surprise scripts on sites.

I'm not getting anything like that, happened once last week but not since. Running Linux with Palemoon as a browser. Also using the NoScript extension to prevent any surprise scripts on sites.

Yeah, but you did get it.

Yeah, but you did get it.


Yes, but if there were a problem with this site, I would expect to keep seeing problems. I made no changes to anything. I think the problem lays elsewhere.

Yes, but if there were a problem with this site, I would expect to keep seeing problems. I made no changes to anything. I think the problem lays elsewhere.

I agree...I don't think the problem is on his site, either.

I have seen nothing like that since the Late Unpleasantness. Apple iMac 10.9.5 and Safari.

Yes this is a problem and have to shut down and reboot to get rid of this. then the next time when I click on cast boolits it will work just fine. This site seams to be getting hacked!

I use Chrome or Firefox and XP. No problems here since the nonsense last week.

It is not the site, it is google flagging us...

Went away with my linux box when I installed firefox exension popup blocker ultimate.
Haven't seen it since.

Rich

We work hard keeping this place hack free. I did get the warnings a couple weeks ago but after updating all the forum software the issue was resolved. I am not currently getting any warnings and with the exception of just a few members we are getting no complaints which leads us to believe the issues being experienced by those members is not related to the site however we will look into it again.

R.

There is not a problem with this site. The problem is your computer. Clear the cookies and storred files and run a scan.

Cometjo: That was exactly what was happening to me last week with a re-direct to the same sight you mentioned. Since then I have run a scan on my comp (found nothing) and set my browser to automatically clear history and cookies when it closes. This has solved the problem and I've gotten nothing since.

As a reminder to everyone NEVER CLICK ON A RANDOM LINK OR OPEN ANY ATTACHMENT YOU DO NOT RECOGNIZE. IF YOU GET A WARNING TO UPDATE SOMETHING GO DIRECTLY TO THE WEBSITE ITSELF LIKE ADOBE AND CHECK YOURSELF

Worst I had when that was going on was the site would not display. Using an IPad.

It's not my computer. To verify, I browsed to this forum today on a different computer that I hardly ever use, a linux laptop running a brand new install of Opera. I also am on a completely different network today. I think it's Opera's adware/malware protection filter system kicking in. The red Opera warning page shows that this forum was reported by yandex.com, a Russian (ahem) Internet company, as having malware issues. I am sure Google Chrome has a similar malware/adware warning system, too.

And yeah, I rarelyclick on/open strange file downloads and such, unless I'm trying to test. Most threats are for Windows anyway, which I stopped using a few years ago, except for my gaming PC which also runs Quickload.

Interesting to see that I'm not the only user experiencing this issue, though.

I click on a photo link on one of the posts yesterday and things went bad. Bogus pop ups say to click on OK to acknowledge from Microsoft? Had to shutdown to get rid of it and then do a clean up.

I click on a photo link on one of the posts yesterday and things went bad. Bogus pop ups say to click on OK to acknowledge from Microsoft? Had to shutdown to get rid of it and then do a clean up.Which post/photo? Sometimes pic hosting sites such as photobucket have popup ads which are frustrating but harmless, while some may host adware that can be harmful such as those that warn your computer may be infected etc.

It's not my computer. To verify, I browsed to this forum today on a different computer that I hardly ever use, a linux laptop running a brand new install of Opera. I also am on a completely different network today. I think it's Opera's adware/malware protection filter system kicking in. The red Opera warning page shows that this forum was reported by yandex.com, a Russian (ahem) Internet company, as having malware issues. I am sure Google Chrome has a similar malware/adware warning system, too.

And yeah, I rarelyclick on/open strange file downloads and such, unless I'm trying to test. Most threats are for Windows anyway, which I stopped using a few years ago, except for my gaming PC which also runs Quickload.

Interesting to see that I'm not the only user experiencing this issue, though.



Ya, I just tried a fresh install of Opera and I'm getting the same warning. I did a fresh install of four different versions of Firefox and got nothing. I have no idea why Firefox or Palemoon is not picking it up.

i was getting the same redirect , i cleared my cookies and cache and the problem went away .

the google search page shows cast boolits as a hacked site

When you do a google search for cast boolits there is a " this site is hacked", it is not my computer but something with the site. You do get redirected when you click on cast boolits.

If you use firefox I strongly suggest installing ad block plus and ghostery to kill ads. It traps out 99.99% of the malware that pops up too. It can cause headaches with some types of videos/twitter feeds but those can be added to allow.

I had a redirect on my work iPhone today. This was using Safari and from a Google search. Something still seems to be wrong. I've never attempted to visit the site from that phone before. I hit the back button, clicked the same link and this site loaded properly.

ad block plus and ghostery Even Hodgdon has google trackers. One of my banks has several trackers also. Yando.com appears to be a google knockoff in russia, appears to be a 'safe' site. Wife tried to go to Fandango and couldn't even see the movie selection screen for all the ads. Ipad gets all the junk too. I just note the ads and don't do business with them. They get $ each time your screen shows the ad, whether you click on it or not. Internet is getting 'sucky' now. Like having a steady stream of door-to door sales people at your door.

Which post/photo? Sometimes pic hosting sites such as photobucket have popup ads which are frustrating but harmless, while some may host adware that can be harmful such as those that warn your computer may be infected etc.

I was on Reloading bench pics. Sundoggy

I've been having the same issue using multiple browsers.

Clear your browser history. Clear all cookies. Set you browser to block pop up ads.
Still persists run Malware bytes and Hitman pro.

Sometimes the the pop up malware downloads piggy backed as bundled software.

I have yet to have a pop up add or a redirect on Cast Boolits.

I get the same redirect from different devices. iPhone iPad and iMac.

The problem is with the castboolits server side code. There something crept in.

It's quite simple, I can duplicate this every time. Simply clear out your cookies and temp internet files in either Chrome or IE and then do a google search for something that will pull up castboolits.

In my scenario, I searched for "Accurate Mold 9mm"

It then redirects me to myfilestore.com

But, I ran a fiddler session to ensure I did first hit castboolits, here are the results. You'll see I clicked the link from google, which then takes me to castboolits which then, after loading a bunch of scripts it hits line 24 and redirects to myfilestore.com

184747

One other thing to note, this is the header received from castboolits for the redirect:

GET http://myfilestore.com/download.php?id=2b5c7c20 HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Referer: http://castboolits.gunloads.com/showthread.php?253491-Heavy-9mm-mold-from-Accurate-Molds
Accept-Language: en-US,en;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
DNT: 1
Host: myfilestore.com
Connection: Keep-Alive

You'll notice the referrer is castboolits. This is being initiated from the server side.

So, for anyone concerned that it's something local, don't be. This is purely and definitively coming from the server side.

I've pulled down and searched thru the script files being downloaded and I've not found anything that would cause the redirect locally. I was thinking it could have been a javascript issue, but that would have most likely triggered a cross sight scripting error. So that helped lead me to determine it's a redirect issued from the server and to track it down as such.

Looks like a known issue:
https://www.vbulletin.com/forum/forum/vbulletin-4/vbulletin-4-questions-problems-and-troubleshooting/4035217-how-to-solve-the-redirection-to-myfilestore-com

Wish I could help more. I'm a .NET/SQL guy so my knowledge is limited in this area.

I keep getting the myfilestore thing too, only happens with this site. Happens about 5-10% of the time I follow a google link to a post on this site and has only been happening the last 3 weeks or so.

Page first goes to google java lib, then continues to CB. About 1 in 3 pages I get a delay from google before page loads. Other sites that use vbulletin SW don't have this problem.

I still get this redirect and have seen a different page before opening C.B