1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tumblr Blogs Infected

Discussion in 'Tumblr' started by sviedinys, Feb 21, 2016.

  1. sviedinys

    sviedinys Jr. VIP Jr. VIP

    Joined:
    Apr 18, 2010
    Messages:
    527
    Likes Received:
    73
    1 day ago I started using tumblingjazz software, created 14 accounts manually with 14 HQ private proxies that are not cheap

    Edited all accounts with tumblingjazz, followed about 200, rebloged about 50 posts (most of them had links or html codes like ahref to url, because they was from specific adult niche and promote aff links) posted about 50 posts too(descriptions was with landing pages that promote cams NO REDIRECTS) and likes about 50 posts.

    I thought that I should check how everything looks on mobile devices, tested on 2 phones. After visiting most of my blogs, they all was redirecting to strange links like "fix your android phone" and auto downloading some kind of apk files for adults into my phone. Even redirecting to crakrevenue offers. Checked blogs on my desktop and on click there was popups appearing with ads too. It is default tumblr theme Optica for all blogs.

    None could edit something in blogs, except me, which I didnt.

    Can anyone explain what is happening?
     
  2. Dilettante

    Dilettante Power Member

    Joined:
    Jan 9, 2014
    Messages:
    746
    Likes Received:
    292
    Do you mean:

    1) URLs of your tumblr blogs redirected directly to other sites?

    2) when you go on your Tumblr blogs, pop-ads appear and when you click on them, you are redirected?

    Could you give the URL of one of your infected blogs?
     
  3. sviedinys

    sviedinys Jr. VIP Jr. VIP

    Joined:
    Apr 18, 2010
    Messages:
    527
    Likes Received:
    73
    Yes, they was redirecting from blogname.tumblr.com directly, but on mobile only.

    Just when you clicked anywhere popups appeared with some random ads, mostly adult related.

    Actually yesterday I tryed to change all blogs to custom html themes that found on google from these Optica themes and it stoped all these ads, but it looked really bad, not mobile optimized. Today I got back them all by loging manually to each and changing to optica themes again and it looks ads stoped for now. Checked over 5+ blogs right now. But what could it be...
     
  4. Dilettante

    Dilettante Power Member

    Joined:
    Jan 9, 2014
    Messages:
    746
    Likes Received:
    292
    So it was in the theme...

    I have an idea, but it would be tricky ...

    Someone edited your theme (I don't know who, but for the how, it's simple: this people has your logins). When you edit html theme, you can add things like ads: I know it, I do it for my tumblr blogs. You can add a redirection too, I guess (after all, it's only html code).

    If I was you, I would change my logins and my passwords for my recovery emails (if you have recovery emails).


    If you still have an infected blog, I would like to take a look.
     
  5. sviedinys

    sviedinys Jr. VIP Jr. VIP

    Joined:
    Apr 18, 2010
    Messages:
    527
    Likes Received:
    73
    I understand this that my theme was edited somehow,its very easy to inject codes like that, there is no other way this could happen, but how it could happen just in 24 hours after I started using it? You see, I created all my accounts and emails on my own pc manually, I am 100% sure none knew these accounts logins, especially so fast like in half day. I have one theory, but I dont want to say it here and blame someone when everything is not clear and I didnt got the answer yet.
     
    Last edited: Feb 21, 2016
  6. sviedinys

    sviedinys Jr. VIP Jr. VIP

    Joined:
    Apr 18, 2010
    Messages:
    527
    Likes Received:
    73
    Tryed to edit profile with tumblingjazz for a test and profile working perfectly. Not sure what happened that time. I will let you know if it reappears.
     
  7. Dilettante

    Dilettante Power Member

    Joined:
    Jan 9, 2014
    Messages:
    746
    Likes Received:
    292
    You didn't buy your accounts, right?
     
  8. sviedinys

    sviedinys Jr. VIP Jr. VIP

    Joined:
    Apr 18, 2010
    Messages:
    527
    Likes Received:
    73
    No, I made them myself, I already mentioned that. Even emails made myself and on my private proxies and my own pc browser.
     
  9. sviedinys

    sviedinys Jr. VIP Jr. VIP

    Joined:
    Apr 18, 2010
    Messages:
    527
    Likes Received:
    73
    No, I said I tested on 2 different phones. Also tested on desktop too. Even on my VPS browser and I was getting popups.
     
  10. rootjazz

    rootjazz Jr. VIP Jr. VIP

    Joined:
    Dec 21, 2012
    Messages:
    684
    Likes Received:
    326
    Occupation:
    Developer
    Location:
    UK
    Home Page:
    Hi, I am the developer of Tumbling jazz.

    Your situation does sound strange. Are you using a legitimate version of the software or a cracked? If a cracked version, lets stop out investigation here as we have found the answer...

    If you purchased the software, I can assure you the software does not do this - however you'll have to take that with a grain of salt, if the software did I would say the same. But you can check the BST and nothing is reported:
    http://www.blackhatworld.com/blackh...-profesional-tumblr-bot-affordable-price.html

    also the tumjaz support forum:
    https://rootjazz.com/forum/viewforum.php?f=12

    nothing reported.


    So we are looking at
    1) the theme. but you say it was the default theme. so unlikely there.
    2) tumblr has been hacked and a worm of some kind is adding this code to themes - very doubtful without this being known almost instantly
    3) your machine is hacked and your tumblr details are pulled from the HTTP comms between tumjazz and tumblr. Possible, but a virus to watch for tumblr? Doesn't sound very plausible.


    1, 2 can be ruled out. Which leaves 3. This could be proved by creating more accounts on this machine and another machine. Does the same thing happen.
     
  11. sviedinys

    sviedinys Jr. VIP Jr. VIP

    Joined:
    Apr 18, 2010
    Messages:
    527
    Likes Received:
    73
    Hello,

    Yes, I am using TumblingJazz from official site. I wouldnt believe that this could happen by your software, this is the last thing I would think of, because I trust you and this bot is with good reputation.

    I am currently preparing 100 new tumblr accounts for new project and will let you know if something wrong happens again.
     
  12. blackiesap

    blackiesap Power Member

    Joined:
    Aug 2, 2013
    Messages:
    551
    Likes Received:
    216
    Location:
    Infront of my Laptop
    wow..this sounds kinda creepy..Looking forward to see your results with new set of tumblers.
     
  13. sviedinys

    sviedinys Jr. VIP Jr. VIP

    Joined:
    Apr 18, 2010
    Messages:
    527
    Likes Received:
    73
    Not every blog had this redirect, but most of them, all was in same niche so maybe rebloged same posts.Another theory is that reblogs caused that, I rebloged 50 in each accounts and all of them had some links/htmls, so maybe there is some exploit in tumblr, if someone other reblogs your post, that post redirects somehow to his links, it means it cause whole blog to redirect. But I cant believe it would be possible.
     
  14. sviedinys

    sviedinys Jr. VIP Jr. VIP

    Joined:
    Apr 18, 2010
    Messages:
    527
    Likes Received:
    73
    By the way, I am almost completed to mass edit all blogs titles/avatars with tumblingjazz it does very good job and blogs working perfectly.
     
  15. blackiesap

    blackiesap Power Member

    Joined:
    Aug 2, 2013
    Messages:
    551
    Likes Received:
    216
    Location:
    Infront of my Laptop
    Your blogs are all in the NSFW niche?
    How many are you following, re-blogging , posting, liking per day?
     
  16. sviedinys

    sviedinys Jr. VIP Jr. VIP

    Joined:
    Apr 18, 2010
    Messages:
    527
    Likes Received:
    73
    Yes.
    I want to test slower at first days and see what results I will get, 10 image posts,10 likes, 10 reblogs, 180~ follows, all actions at random times in like 6 hours, I try to make everything look more natural. I think everyone would like to see a journey from this. :D
     
  17. blackiesap

    blackiesap Power Member

    Joined:
    Aug 2, 2013
    Messages:
    551
    Likes Received:
    216
    Location:
    Infront of my Laptop
    Yes, That would be awesome to see a journey!! :)

    Did you make 100 tumblers using 100 different proxies?
     
  18. Des_cartes

    Des_cartes Junior Member

    Joined:
    Jan 19, 2012
    Messages:
    160
    Likes Received:
    64
    You should take a few minutes and run a full computer scan with MalwareBytes (https://malwarebytes.org) but this sounds stange.

    And where did you get your proxies? If the proxy provider was not legit or if his servers are compromised someone could have logged your passwords and made the changes.
     
  19. sviedinys

    sviedinys Jr. VIP Jr. VIP

    Joined:
    Apr 18, 2010
    Messages:
    527
    Likes Received:
    73
    I bought 100 accounts from BHW provider. Not worth to waste time to make so much manually if they going to die in the end.

    Bought 50 shared proxies, 1 proxy for 2 accounts.

    Hope they dont burn in few days because of shared proxies and 2 accounts on each proxy. Safest would be 1 proxy for 1 account for sure.

    But it doesnt matter if they burn in 2 weeks, I just want to get back my expenses and make profit. I will reinvest to more if they stay longer.
     
    • Thanks Thanks x 1
  20. sviedinys

    sviedinys Jr. VIP Jr. VIP

    Joined:
    Apr 18, 2010
    Messages:
    527
    Likes Received:
    73
    All my proxy providers from BHW.