important psa for anyone that has used rentry in the past
this was something discovered whilst i was trying to edit my (now defunct) rentry page. of course, things may vary, some other platforms are handled differently, but for general measure, even if you have good adblocker and/or other content blockers, it's still possible for random redirecting to occur. i do not exactly know how long this has been going on for regarding rentry stuff, though it's better to be safe than sorry.
more information's provided below. if you don't have the time to read it, just know that rentry isn't as safe as it once was to use, even with good protection measures enforced.
if you're reading this and have more info, or would like to correct me on things i might've not gotten right, feel free to comment
if you're not familiar with what rentry is, it's a small-size website you can host text on. think pastebin but you've got formatting options. the URL rentry pages use is rentry dot co, followed by a path that is either some set of characters ranging [a-zA-Z0-9] (if you're not regex-savvy, this is all 26 letters, both upper and lower case, plus all 10 digits). you can also choose to change the path name to something cool, provided the name's not in use. once you're done making the page and want to publish and save for later, you can make an edit-code for that path. this can be anything you want so long as you can memorise it.
going back to why i made this post, there is a chance that even clicking the proper Edit button on the page, or other actions may instead redirect you places with adverts and such. i encountered this on iOS, and this is even with safari's built-in content and pop-up blocker. i went to edit my page, then the website changed colour, and i was swiftly taken to the actual apple app store which displayed a fantasy sports betting application which i really do not care about.
i didn't know it was something that needed to be ensbled, and i wish i'd enabled sooner knowing how useful app privacy report is on apple ecosystem and it telling you which apps contacted what domains and any debice sensors or permissions used, so i sadly can't see where it's all coming from as i don't want to do this again. i then did the usual checks of clearing caches, history, etc.
(if you're also in the apple ecosystem and/or have a spare apple ecosystem device not tied to anything important that can USE app privacy report, you could use that to see what's happening if you're morbidly curious)
usually, most devices such as apple's ecosystem of iOS, iPadOS, macOS etc. and some newer versions of android (i cannot speak for windows as i am not as knowledgeable, nor linux as there are one too many distros) have some method of application sandboxing in which information within an app is tightly contained within itself, and cannot adjust data outside its own enclosure. other cool fancy stuff happens behind the scenes too such as ASLR (randomises content placement in RAM), execute never (memory is always marked not executable unless the app needs a highly-restricted piece), to name a few.
as things are indeed sandboxed, and provided the device is on the newest publicly-released OS, and NOT jailbroken, there's a minimal chance that this redirect will interfere with anything if at all. i would still be wary about it, as sudden redirects like these are signs of potential malicious activity on websites trying to interfere. just because it's well sandboxed doesn't mean it's impossible to be hacked by something.
this means that for most everyday people, whilst it's slim chance that this occurs with devices that are secured in this fashion, the chances of getting attacked even with such is NEVER zero.
specific people may be more at-risk such as journalists, celebrities, activists, other notable figures, or other specific targets. if you belong in any of these categories, you likely know about options such as lockdown mode for increased protection. you're also more vulnerable if your device and apps are outdated, are on a beta-release OS, jailbroken device, or older hardware
so, if you HAVE viewed or interacted with a rentry page, and this or something similar has happened to you, PLEASE check for the following changes and activities on your device regardless of platform:
- repeated requests to add a device you do not own
- repeated attempts to log into various accounts or password reset alerts, or suddenly being kicked out of everything
- strange activity from your bank
- calls, texts and messages you didn't make
- a VPN or device management profile suddenly being added to the device
- calendar application suddenly being flooded with junk
- other strange device behaviour such as apps opening on their own, unusual sluggishness, unusual warmth and battery consumption
- the redirecting happens on more sites than just rentry
- unusual content in device analytics logs
- unusual domains contacted by appa on the device
if any of these (or more not listed here) are happening to your device, please do the following
- clear out ALL caches, cookies, browsing histories
- if you can, find and remove any offending settings, apps, or files that may have been installed
- check your devices analytics and privacy logs for suspicious activities for the following hours to days. if these logs were present before finding this post and you've visited a rentry page in that timefrsme, check these log contents to make sure the offending connections or sensor activities aren't still being made long after you stopped visiting
- on another device that isn't the potentially compromised one, change any and all log-in information, and kick-out any and all unknown devices, including the potentially compromised one
- if you haven't already done so, set up multi-factor authentication. consider a reputable authenticator app or physical FIDO2-compliant keyfob
- if you can do it on the affected device, check for viruses and malware usibg a trusted scanner. disable all network connections before doing so
- as a super super last resort, erase all contents from the device, and restore it from a backup point in which the device wasn't affected. depending on the severity, this may not be enough, and you'll need a brand new device.
