Minimally Invasive

///////////////////////////////////////

missing-e:

For anyone with these problems, here’s how to deal with it!
cutlerish:

Why isn’t Tumblr doing anything about this?
Please note that this attack has absolutely nothing to do with the Missing e browser extension!
A while back there was a serious problem with a lot of blogs posting fake “staff” posts about Starbucks coupons or other spam-related things. That problem is still going on.
I’m pretty sure it is linked to what you see in the above photo. Quite a few Tumblr blogs that have been compromised (had their password stolen) have had a few lines of JavaScript added to their themes that cause a pretty big FAKE Tumblr login screen to show up, insisting that the blog you are viewing is somehow 18+ and you have to enter your login to continue.
~ Why is this a problem? ~
This is pretty bad, considering many people on Tumblr are not exceeding tech-savvy. I mean, the thing looks legitimate. I wouldn’t be surprised if quite a few people have just given their passwords away because of this thing. Then, their blog theme is itself changed to continue propagating this phishing attack.
To be clear, you should never enter your password into any page that is not a secure Tumblr page. Here’s a staff post on how to recognize a secure page.
~ What should Tumblr be doing? ~
The script actually loads from a server in China (IP: 222.47.112.220), but beyond that I can’t really work out anything about who is behind it.
The real question I have is why Tumblr hasn’t done anything about this. Other than posting [helpful information on recognizing secure Tumblr pages]((http://staff.tumblr.com/post/15260097735/ev-cert), they don’t seem to be doing very much! I would expect that it would be possible for Tumblr to prevent this script from actually running on themed blog pages, considering it can be traced directly to a malicious server.
I’m thinking about adding something into Missing e to get rid of these fake login boxes, but that doesn’t solve the problem by a long shot!
~ What to do if your account is a victim ~
If your blog is posting spam or your themed blog shows the fake login screen, you can fix it!
First things first, change your password! When you do so, make sure the page you are on is a secure Tumblr page (how to recognize one)
Second, if your blog has the fake login screen, you need to reset your blog’s theme!
If that isn’t possible, you can go in and remove the offending code. It is a couple of lines near the bottom of your theme code that start and end with <script> tags and has a bunch of code with seemingly random numbers and letters

For anyone with these problems, here’s how to deal with it!

cutlerish:

Why isn’t Tumblr doing anything about this?

Please note that this attack has absolutely nothing to do with the Missing e browser extension!

A while back there was a serious problem with a lot of blogs posting fake “staff” posts about Starbucks coupons or other spam-related things. That problem is still going on.

I’m pretty sure it is linked to what you see in the above photo. Quite a few Tumblr blogs that have been compromised (had their password stolen) have had a few lines of JavaScript added to their themes that cause a pretty big FAKE Tumblr login screen to show up, insisting that the blog you are viewing is somehow 18+ and you have to enter your login to continue.

~ Why is this a problem? ~

This is pretty bad, considering many people on Tumblr are not exceeding tech-savvy. I mean, the thing looks legitimate. I wouldn’t be surprised if quite a few people have just given their passwords away because of this thing. Then, their blog theme is itself changed to continue propagating this phishing attack.

To be clear, you should never enter your password into any page that is not a secure Tumblr page. Here’s a staff post on how to recognize a secure page.

~ What should Tumblr be doing? ~

The script actually loads from a server in China (IP: 222.47.112.220), but beyond that I can’t really work out anything about who is behind it.

The real question I have is why Tumblr hasn’t done anything about this. Other than posting [helpful information on recognizing secure Tumblr pages]((http://staff.tumblr.com/post/15260097735/ev-cert), they don’t seem to be doing very much! I would expect that it would be possible for Tumblr to prevent this script from actually running on themed blog pages, considering it can be traced directly to a malicious server.

I’m thinking about adding something into Missing e to get rid of these fake login boxes, but that doesn’t solve the problem by a long shot!

~ What to do if your account is a victim ~

If your blog is posting spam or your themed blog shows the fake login screen, you can fix it!

First things first, change your password! When you do so, make sure the page you are on is a secure Tumblr page (how to recognize one)

Second, if your blog has the fake login screen, you need to reset your blog’s theme!
If that isn’t possible, you can go in and remove the offending code. It is a couple of lines near the bottom of your theme code that start and end with <script> tags and has a bunch of code with seemingly random numbers and letters