Hi, there. I’m at a Staybridge Suites this evening, which has wired and wireless internet. I’m on WinXP using FireFox.
When I connect to wireless, I get numerous “this certificate is unknown/bad” etc. messages. Wondering about wireless spoofing, I pull out my trusty ethernet cable, connect using that, disabling wireless.
After seeing the usual “please click OK to use our LAN” screen that every hotel has, I come to the Dope, and I get a big ad across the top, offering to check my credit rating. If I go to a forum, then press the Back button, it doesn’t go back to the previous page, it pops forward to the forum I was in.
On the back-button address stack is 12.105.xxx.xxx/superclick/popup.php/moregoobledygook. If I look up that address, it appears to be inside this motel’s address space.
Does the hotel just have an obnoxious web demon intentionally, or is someone on this LAN doing something underhanded? I’ve stayed at quite a few motel/hotel’s, and the only thing I usually see is that Please Sign Our Agreement screen that permits you on the LAN for one day. I’ve never seen redirects or whack IP addresses when browsing. I’ve also never seen banner ads on the Dope, I assume that this is still the case. Is it?
OK, so on the slashdot thread about this stuff, somebody recommended using openVPN to tunnel through the hotel’s crappy malware. I’ve never used this sort of thing before; doesn’t a VPN imply a remote server somewhere that you connect to (securely)?
Amending my VPN comment, above: I have used the VPN my company requires (and, sadly, I left the secure key deely at home; I could have tunneled into my office and avoided all this). I just don’t know how to set one up in a way that doesn’t require a remote LAN already configured for it.
It sounds like the hotel is redirecting your connection through a proxy server that slaps a banner on everything. I’d be interested to see if the same happens with any secure pages (https://…)
The annoyance of the banner can probably be eliminated by using Firefox and Adblock Plus - and just telling it to block the bits you don’t want to see, but I don’t think I’d be happy to do any web stuff that involved logging in and passwords, etc - seems like it would be fairly easy to skim your personal data with that kind of setup.
It’s annoying as hell. Every single link I click on, it tries to pop-under an ad page, which FireFox blocks. Then I’ll get from 2-5 redirects, before I finally get to my page. The title of the page is missing, replaced with the whacked page this malware has tossed together, and I get a big banner on most pages (including the SDMB forum pages).
That’s the combo I’m using, but it still pops those banners.
Yes, agreed. So I’m here for 3 days and daren’t check my e-mail. Lovely. I guess I can try breaking into several of the locked wireless nets I see nearby (kidding), since I seem to have checked into the Malware Motel. I’m also sure it’s no use complaining to the staff, this seems beyond their expertise. Time for a firm letter to Staybridge corporate, sigh.
When you open the blockable items, is the banner called something different every time? If not, it should be possible to add it manually to the blocked items list.
Even if it’s called something different at the filename level, there is probably a server-level similarity. So if you can find the name of the server that’s serving up the ads (especially the name of the script that’s creating the ad-frame) then you can block it.