For you avid readers, and visitors to Bauer-Power. you may have noticed that since I blogged about how to mitigate clickjacking by using the No-Script Firefox plugin, that there are now weird popups if you visit Bauer-Power.
I assure you that I have not added a pop-up advertising to my list of sponsors. No, this happens after you visit my site for the first time since it was compromised. A cookie drops on your computer showing that you have visited. If you click ANYWHERE on the site, even off on the sides, a new page will pop-up taking you to sweetim.com or some other nonesense.
One thing I am noticing is that the clickjacking opens up to 220.127.116.11:84, then redirects to www.sweetim.com. I highly recommend blocking both of those on your firewalls, and content filtering systems.
A quick Reverse DNS lookup reveals this:
I am working on resolving this issue ASAP. In the meantime, the best way to read Bauer-Power will be via RSS.
[EDIT] - Okay, I figured it out! If you have been reading up on Clickjacking, you know that it is primarily a vulnerability in Adobe Flash. The only Adobe Flash plugin I have added in a while was my Geovisits map. I removed it, and BAM! No more Clickjacking.
Lessons learned: Try to keep flash related plugins out until Adobe can patch flash, and the browsers can be patched as well.
Have anything to add? Hit me up in the comments.