[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Noscript found a couple of scripts I didn't write.

Subject: [ale] Noscript found a couple of scripts I didn't write.
From: meuon at geeklabs.com (Mike Harrison)
Date: Wed, 15 Apr 2009 13:22:28 -0400 (EDT)
In-reply-to: <[email protected]>
References: <[email protected]>

> I did a search of my code and I find no references to them.  By what
> magic did they get involved in my site?

Via an advert/embed or your site has been "owned".

It looks like 'imaclk.com' is involved in semi-legit or legit adverts
and behavior tracking.

Welcome to XSS. Cross Site Scripting. ;)

I'd clear browser cache/cookies/etc..

start: sniffit -s @
in an empty directory, go surf the site again
and then examine your sniff files...
ie:

  grep imiclk.com *

Note that you may not find it, it could be by IP address,
or obfuscated in the code. I've seen a lot of big weird strings
and a decrypt and execute command.

References:
- [ale] Noscript found a couple of scripts I didn't write.
  - From: ale_nospam at fayettedigital.com (Jim Lynch)

Prev by Date: [ale] Noscript found a couple of scripts I didn't write.
Next by Date: [ale] Noscript found a couple of scripts I didn't write.
Previous by thread: [ale] Noscript found a couple of scripts I didn't write.
Next by thread: [ale] Noscript found a couple of scripts I didn't write.
Index(es):
- Date
- Thread