12:32 PM
Paul B
For you avid readers, and visitors to Bauer-Power. you may have noticed that since I blogged about how to mitigate clickjacking by using the No-Script Firefox plugin, that there are now weird popups if you visit Bauer-Power.
I assure you that I have not added a pop-up advertising to my list of sponsors. No, this happens after you visit my site for the first time since it was compromised. A cookie drops on your computer showing that you have visited. If you click ANYWHERE on the site, even off on the sides, a new page will pop-up taking you to sweetim.com or some other nonesense.
One thing I am noticing is that the clickjacking opens up to 91.121.16.4:84, then redirects to www.sweetim.com. I highly recommend blocking both of those on your firewalls, and content filtering systems.
A quick Reverse DNS lookup reveals this:
I am working on resolving this issue ASAP. In the meantime, the best way to read Bauer-Power will be via RSS.
[EDIT] - Okay, I figured it out! If you have been reading up on Clickjacking, you know that it is primarily a vulnerability in Adobe Flash. The only Adobe Flash plugin I have added in a while was my Geovisits map. I removed it, and BAM! No more Clickjacking.
Lessons learned: Try to keep flash related plugins out until Adobe can patch flash, and the browsers can be patched as well.
Have anything to add? Hit me up in the comments.
Posted in: 
