[niffiwan]

hmmm. NoScript is telling me that "studentexchanges.org.ua" wants to run some javascript on HLP.  How about.... no.

[newman]

Can't even get on hlp without disabling AVG. Firefox on my end. Can also confirmed all the sizes got weird.

[deathspeed]

I'm not seeing any of this stuff, using IE10 (with javascript enabled) and Avast.  BitDefender used to give me fits though.

[CommanderDJ]

Font sizes are weird over here too. Also seeing the same NoScript warning as niffiwan.

EDIT: Firefox here as well.

[NGTM-1R]

Giant text here.

[jg18]

Yeah, giant text here, too, at least for the listing of boards on the main page. FF 19.0.2 on OS X 10.6.

After FF said "Transferring data from studentexchanges.org.ua..." or something similar in the status bar, I instantly got NoScript although I haven't gotten the warning that niffiwan and CommanderDJ did.

[Rodo]

Getting giant text and this warning from ESET: "js/kryptic.aiu troyano" as well.

[MP-Ryan]

Giant text, some unusual things in NoScript, but no security flags - yet.

[Mongoose]

Nothing wrong here, text or otherwise, while running MSE.

[Dark Hunter]

Looks like it's fixed now...


Running FF.

[BritishShivans]

I'm getting similar. Some huge text, and NoScript picks up that studentexchanges.org.ua thing as well. It's probably our possible virus.

[newman]

Sizes are back to normal and AVG stopped throwing tantrums on my end (Windows 7 / ffox)

[Rodo]

Clean now and font issue fixed, good work admins

[Lorric]

Mine said it was a blackhole exploit kit. It's gone now.

[Zacam]

And Lorric would win a gold star, if I felt like handing any out.

So, make sure you have NoScript on yer browsers cause guess what? We're not the only place that's ever been hit with it. And even after cleaning it up, we'll still get hit again.

A solution is being worked on to ultimately address the issue, but it is going to take a while to do.

[An4ximandros]

Thanks for the heads up, installed NoScript. Shame this sort of bull happens though.

[Lorric]

And Lorric would win a gold star, if I felt like handing any out.

So, make sure you have NoScript on yer browsers cause guess what? We're not the only place that's ever been hit with it. And even after cleaning it up, we'll still get hit again.

A solution is being worked on to ultimately address the issue, but it is going to take a while to do.

No, gimme my gold star, damn it! It's mine! 

[Spoon]

I've got avast installed but it never told me anything (I told it to be quiet with the popups though...) nothing in the logs either. Then again ive been running noscript for a while now so maybe thats why.

[Fury]

I've never liked using NoScript or ScriptSafe (Chrome) because they make browsing of websites really difficult at times. The best method is to block only javascript that points to another domain. But even that renders many websites semi-functional or even unusable. You may not even realize important parts of the page have been blocked because NoScript or ScriptSafe is listing domains that have nothing to do with domain of origin.

All browsers these days have their own methods to protect against cross-site scripting attacks. Of course they are not as safe as disabling scripts altogether unless explicitly allowed, but couple browser's native protection with Adblock Plus' Malware Domains subscription and it gets slightly better. But at least this is not as much an exercise in frustration as running NoScript/ScriptSafe is. http://adblockplus.org/en/subscriptions

[Zacam]

While yes, NoScript can be frustrating to set up, you can't get something for nothing.

Some people may not want to be bothered with having to be aware of their own surfing habits or paying attention to what links to where they go. Myself, I can't imagine NOT being as aware of that as I can be.

And while AdBlockPlus is useful (I use it in conjunction with NoScript), it still has to rely on subscriptions outside of a users control. And you would have no idea if a subscription got compromised on you until you got hit with it. Which still leads into the whole user awareness bit. Or you have to start filling in either a whitelist or blacklist yourself, which can be time consuming.

I'd rather have a site only partial load and look funky until I examine the NoScript blocked elements than be surprised by random application or desktop popup "X" suddenly showing up on my machine.

I should also point out, I can only converse on the two above as they relate to FireFox. I don't use Chrome for anything but NetFlix and Hulu and even then, I use the Iron Browser variant.