Are advertisements being injected into the Discourse page headers?

DanRathbun · May 29, 2015, 11:32am

That is one crazy runon sentence makes absolutely no sense to me dontcha know wish I had a million dollars and could read minds.

sam · May 29, 2015, 11:36am

Sorry Friday night.

I have an an email filter that ships all my messages from meta into a folder, but it was mistakenly picking up these. So I am slow to respond.

I pushed the latest version of our code here.

I disabled Google tag manager temporarily in case it was the cause ( @tt_su )

We definitely do not push any ads on any of our customers, sounds like a terrible bug.

Let me know if it is resolved now.

tt_su · May 29, 2015, 11:57am

@AlexB ping. I don’t deal with much of the back end stuff. Don’t know what the tag manager is.

sam · May 29, 2015, 12:10pm

The thing I find super confusing is that we don’t even host http://community.p2pu.org/ is not even a site we host.

I worry this somehow leaked in via that google tag manager script that was included in the site customisation, no other way I can explain it.

DanRathbun · May 29, 2015, 12:37pm

Not a “man-in-the-middle” attack ?

SketchUpTeam · May 29, 2015, 2:47pm

IS everyone still seeing it? I can’t

I have deleted everything in the Css and HTML and header areas…except there is still a google tag manager tag. Not sure if I should remove that since we use that to track with analytics?

Sam – can you explain what the new tag manager is?

DanRathbun · May 29, 2015, 2:50pm

I have not seen it in a couple of hours.

eviltrout · May 29, 2015, 5:52pm

That’s good. I assume it was related to the tag manager then?

sam · May 29, 2015, 8:50pm

In admin → customize, css/html you were including

<!-- Google Tag Manager -->
<noscript><iframe src="//www.googletagmanager.com/ns.html?id=GTM-K4DKH2"
height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
'//www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','GTM-K4DKH2');</script>
<!-- End Google Tag Manager -->

in the top of every page.

I wonder if the code was wrong or something. not sure what that script even does or why it is used.

sam · May 29, 2015, 9:29pm

@AlexB I actually have another theory… was somebody copy-and-pasting https://meta.discourse.org/t/pimp-my-discourse/29153/4?u=sam into sketchup to try stuff out and then disabling?

We may have had a cache expiry bug.

SketchUpTeam · May 29, 2015, 9:41pm

Yes- that’s it!! I did test it out, but I removed it right away - and effects were still seen days/a week after.

DanRathbun · May 30, 2015, 3:34pm

(Hamster is the closest emoticon I can find to a Guinea Pig.)

tt_su · June 1, 2015, 9:10am

Giphy to the rescue!