STFU, Conservatives
missing-e:

For anyone with these problems, here’s how to deal with it!
cutlerish:

Why isn’t Tumblr doing anything about this?
Please note that this attack has absolutely nothing to do with the Missing e browser extension!
A while back there was a serious problem with a lot of blogs posting fake “staff” posts about Starbucks coupons or other spam-related things. That problem is still going on.
I’m pretty sure it is linked to what you see in the above photo. Quite a few Tumblr blogs that have been compromised (had their password stolen) have had a few lines of JavaScript added to their themes that cause a pretty big FAKE Tumblr login screen to show up, insisting that the blog you are viewing is somehow 18+ and you have to enter your login to continue.
~ Why is this a problem? ~
This is pretty bad, considering many people on Tumblr are not exceeding tech-savvy. I mean, the thing looks legitimate. I wouldn’t be surprised if quite a few people have just given their passwords away because of this thing. Then, their blog theme is itself changed to continue propagating this phishing attack.
To be clear, you should never enter your password into any page that is not a secure Tumblr page. Here’s a staff post on how to recognize a secure page.
~ What should Tumblr be doing? ~
The script actually loads from a server in China (IP: 222.47.112.220), but beyond that I can’t really work out anything about who is behind it.
The real question I have is why Tumblr hasn’t done anything about this. Other than posting helpful information on recognizing secure Tumblr pages], they don’t seem to be doing very much! I would expect that it would be possible for Tumblr to prevent this script from actually running on themed blog pages, considering it can be traced directly to a malicious server.
I’m thinking about adding something into Missing e to get rid of these fake login boxes, but that doesn’t solve the problem by a long shot!
~ What to do if your account is a victim ~
If your blog is posting spam or your themed blog shows the fake login screen, you can fix it!
First things first, change your password! When you do so, make sure the page you are on is a secure Tumblr page (how to recognize one)
Second, if your blog has the fake login screen, you need to reset your blog’s theme!    
If that isn’t possible, you can go in and remove the offending code. It is a couple of lines near the bottom of your theme code that start and end with <script> tags and has a bunch of code with seemingly random numbers and letters



I tried to send someone an Ask today and this popped up, so I’m posting it for my readers. Have a friend visit your page and see if this happens. And change your password regularly!
-Jess

missing-e:

For anyone with these problems, here’s how to deal with it!

cutlerish:

Why isn’t Tumblr doing anything about this?

Please note that this attack has absolutely nothing to do with the Missing e browser extension!

A while back there was a serious problem with a lot of blogs posting fake “staff” posts about Starbucks coupons or other spam-related things. That problem is still going on.

I’m pretty sure it is linked to what you see in the above photo. Quite a few Tumblr blogs that have been compromised (had their password stolen) have had a few lines of JavaScript added to their themes that cause a pretty big FAKE Tumblr login screen to show up, insisting that the blog you are viewing is somehow 18+ and you have to enter your login to continue.

~ Why is this a problem? ~

This is pretty bad, considering many people on Tumblr are not exceeding tech-savvy. I mean, the thing looks legitimate. I wouldn’t be surprised if quite a few people have just given their passwords away because of this thing. Then, their blog theme is itself changed to continue propagating this phishing attack.

To be clear, you should never enter your password into any page that is not a secure Tumblr page. Here’s a staff post on how to recognize a secure page.

~ What should Tumblr be doing? ~

The script actually loads from a server in China (IP: 222.47.112.220), but beyond that I can’t really work out anything about who is behind it.

The real question I have is why Tumblr hasn’t done anything about this. Other than posting helpful information on recognizing secure Tumblr pages], they don’t seem to be doing very much! I would expect that it would be possible for Tumblr to prevent this script from actually running on themed blog pages, considering it can be traced directly to a malicious server.

I’m thinking about adding something into Missing e to get rid of these fake login boxes, but that doesn’t solve the problem by a long shot!


~ What to do if your account is a victim ~

If your blog is posting spam or your themed blog shows the fake login screen, you can fix it!

  • First things first, change your password! When you do so, make sure the page you are on is a secure Tumblr page (how to recognize one)
  • Second, if your blog has the fake login screen, you need to reset your blog’s theme!
    • If that isn’t possible, you can go in and remove the offending code. It is a couple of lines near the bottom of your theme code that start and end with <script> tags and has a bunch of code with seemingly random numbers and letters

I tried to send someone an Ask today and this popped up, so I’m posting it for my readers. Have a friend visit your page and see if this happens. And change your password regularly!

-Jess

  1. oxbonkus reblogged this from anatsuno
  2. ghostcali reblogged this from spliffy-
  3. thebadcat reblogged this from thegeekmaster
  4. thegeekmaster reblogged this from reality-breaker
  5. theeviltrumpeter reblogged this from reality-breaker
  6. padapiomenos reblogged this from reality-breaker
  7. reality-breaker reblogged this from spliffy-
  8. suspendedmind reblogged this from shamelesswhore
  9. shamelesswhore reblogged this from spliffy-
  10. spliffy- reblogged this from cutlerish
  11. jackingymboy reblogged this from kente
  12. baconrice reblogged this from ohshesvain
  13. ohshesvain reblogged this from uncrazes
  14. uncrazes reblogged this from ms-pufferfish
  15. yeahicanfly reblogged this from codexofcorruption
  16. amizzled reblogged this from cutlerish
  17. codexofcorruption reblogged this from cutlerish and added:
    Don’t get fooled! There...phishing scam that’s in...does not...
  18. melimelo85 answered: ????? what is this
  19. sorion reblogged this from motifsky
  20. tellyousomeday reblogged this from cutlerish
  21. ke7in reblogged this from do-not-open-til-christmas
  22. marvous reblogged this from motifsky
  23. motifsky reblogged this from morbidfashion
  24. paulsimonon reblogged this from deucecourtesans
  25. enoughformetolove reblogged this from lifewasted
  26. deucecourtesans reblogged this from lifewasted
  27. shelephant reblogged this from rhaenysmartell and added:
    Ugh. I’ve had some followers message me these things. :| It’s a shame. Always blocked and deleted the messages. Hope...
  28. kente reblogged this from sanderspig
  29. theportraitofdoriancharcoal reblogged this from jakesmonstersnake
  30. jakesmonstersnake reblogged this from cubnc
  31. cubnc reblogged this from bobsroadhouse
  32. honeybeeshepherd reblogged this from stfuconservatives
  33. witchpirate reblogged this from sailor-ramiel
blog comments powered by Disqus