Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gah! What is doing this?


  • Please log in to reply
13 replies to this topic

#1 Wolfy87

Wolfy87

  • Members
  • 414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:06:33 AM

Posted 23 February 2009 - 04:20 PM

I dont know what my websites doing but on the About me page there are two freewebs stickers down the bottom, in my server it is all fine but as soon as i open it in a browser this code is added:

<!-- --><script type="text/javascript" src="http://staticthumbs.freewebs.com/i.js"></script><script type="text/javascript">if(typeof(urchinTracker)=='function'){_uacct="UA-230305-2";_udn="none";_uff=false;urchinTracker();}</script> <script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script> <script type="text/javascript">_qacct="p-44naSaXtNJt26";quantserve();</script>

The code apperes at the bottom of my html and makes another and for some reason, on the server i have the normal thing:

<table>
<tr>
<td>
</td>
</tr>
</table

BUT, on the web it is:

<table>
<tbody>
<tr>
<td>
</td>
</tr>
</tbody>
</table>

Its adding in this <tbody> thing, i dont do any of this and it is not there when i look at my real code, its being edited when i open it. Can anyone help =S

Thanks, Wolfy87.

BC AdBot (Login to Remove)

 


#2 Guest_Jay-P VIP_*

Guest_Jay-P VIP_*

  • Guests
  • OFFLINE
  •  

Posted 23 February 2009 - 10:43 PM

Me again buddy! :thumbsup:

I have worked with Webs or should I say former Freewebs in the past. I had to deal with every single one of their advertising techniques thus far.

There is a way to go ahead and disable their script tracker, though. The UrchinTracker, which I believe it is a security risk as it sets cookies in browser, then uses client-side scripting to track your site and your visitors.

I will show you what the code looks like in my page then will tell you how to modify it.

Don't copy the code below, just pay attention to aspects of the code:
<noscript><!-- -->&lt;script type="text/javascript" src="http://staticthumbs.freewebs.com/i.js"></script>&lt;script type="text/javascript">if(typeof(urchinTracker)=='function'){_uacct="UA-230305-2";_udn="none";_uff=false;urchinTracker();}</script>&lt;script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script> &lt;script type="text/javascript">_qacct="p-44naSaXtNJt26";quantserve();</script> </body></html></noscript>

As you see it in the code, I added in the
<noscript>
tag before the
<!-- -->&lt;script type=
tag. I then added the closeout by
</noscript>
tag after the closeout of HTML:
</html>
Try this out according to the code above and please place it in your site and see what it does then let me know, if you will please.

#3 Wolfy87

Wolfy87
  • Topic Starter

  • Members
  • 414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England

Posted 24 February 2009 - 11:33 AM

But the code is not there, when on webs looking at my source...not there...when in my browser and looking at the view sorce function...its there, i just dont get it, i cant put the code in because it is not there :/. I dont get why it is only on one page either?

Anyway, i just got the code form going in my browser and inserted it into my sorce with your part added, it did nothing. It just ignored the noscript part and then added the old part with all the script etc back in, its reluctant to go i can tell you that :/

Thanks, Wolfy87.

Edited by Wolfy87, 24 February 2009 - 11:44 AM.


#4 Guest_Jay-P VIP_*

Guest_Jay-P VIP_*

  • Guests
  • OFFLINE
  •  

Posted 24 February 2009 - 02:42 PM

I am sorry, I was not clear about that.

Do the following for the end of the page after the body section:
<noscript>
tag before the
</html>
tag. I then added the closeout by
</noscript>
tag after the closeout of HTML:
</html>
Try this out according to the code above and please place it in your site and see what it does then let me know, if you will please.

#5 Wolfy87

Wolfy87
  • Topic Starter

  • Members
  • 414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:06:33 AM

Posted 24 February 2009 - 06:14 PM

Right, on my psp atm so cant access it untill tomurro but i think i get it now.

<noscript>
</html>
</noscript>

I think thats it :thumbsup:

Thanks, Wolfy87.

#6 Guest_Jay-P VIP_*

Guest_Jay-P VIP_*

  • Guests
  • OFFLINE
  •  

Posted 24 February 2009 - 09:30 PM

As long as you know this code, you can defeat this vulnerability each time!

#7 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD

Posted 24 February 2009 - 10:11 PM

As long as you know this code, you can defeat this vulnerability each time!


Of course, it likely violates your terms of service, and may result in your website being deleted. You did read the terms of service, right?

#8 Guest_Jay-P VIP_*

Guest_Jay-P VIP_*

  • Guests
  • OFFLINE
  •  

Posted 24 February 2009 - 10:32 PM

Good point Groovicus, however, I have not saw anything denying this action taken to disable the tracker.

The UrchinTracker is a global object implanted to track the website and activity and report it back to Google Analytics. It does not say in the terms of service to accept or deny the UrchinTracker. This software is called Urchin 5 Web Analytics Software. Removing this privacy vulnerability is not rejected by Webs, but Webs do not allude to it anyway.

TOS Webs:

5. SECURITY
You are responsible for maintaining the security of your account and website, and you are fully responsible for all activities that occur under the account and any other actions taken in connection with the website. You agree to immediately notify Webs in writing of any unauthorized uses of the account or any other breaches of security. Webs cannot and will not be liable for any loss or damage from your failure to comply with this security obligation. You acknowledge and agree that under no circumstances will Webs be liable, in any way, for any acts or omissions by a Member or Guest, including any damages of any kind incurred as a result of such acts or omissions.

Webs does not control the Content posted via the Services and, as such, does not guarantee the accuracy, integrity or quality of such Content. In no way and under no circumstances will Webs be liable for any Content. You are responsible for all risks associated with use of any Content. By your use and viewing of Content, you understand that Webs does not review Content but that Webs has complete rights to remove, alter, replace, or reproduce all Content.

Source

#9 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:06:33 AM

Posted 25 February 2009 - 06:36 AM

By your use and viewing of Content, you understand that Webs does not review Content but that Webs has complete rights to remove, alter, replace, or reproduce all Content.


By disabling the tracker, you are denying their right to alter the content as they see fit. I'm not saying that they will cancel the account, but if it were me, and I had added the tracker to freely hosted pages, as is my right by the TOS, I would terminate any accounts that attempted to bypass anything that I needed to do to protect my business model.

#10 Guest_Jay-P VIP_*

Guest_Jay-P VIP_*

  • Guests
  • OFFLINE
  •  

Posted 26 February 2009 - 12:13 AM

Wolfy, please do not make changes to code yet!

Here is the Chrome Inspect report for my page for example:

<noscript><!-- -->&lt;<script type="text/javascript" src="http://staticthumbs.freewebs.com/i.js"></script><script type="text/javascript">if(typeof(urchinTracker)=='function'){_uacct="UA-230305-2";_udn="none";_uff=false;urchinTracker();}</script> <script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script> <script type="text/javascript">_qacct="p-44naSaXtNJt26";quantserve();</script></noscript> 
<!-- --><script type="text/javascript" src="http://staticthumbs.freewebs.com/i.js"></script><script type="text/javascript">if(typeof(urchinTracker)=='function'){_uacct="UA-230305-2";_udn="none";_uff=false;urchinTracker();}</script> <script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script> <script type="text/javascript">_qacct="p-44naSaXtNJt26";quantserve();</script>

The code shown is two UrchinTracker levels. The first one is under NOSCRIPT tag. The second one is missing the NOSCRIPT tag. The tag was closed early, as there should not be two buttons on the page. Which means that the UrchinTracker activity is over-displaying/overflow buffering the page by accident.
This is the vulnerability that I spoke of. As you can see, I helped to secure the whole UrchinTracker set to try to remove the vulnerability and remove the extra button from Wolfy's page.

I will contact Webs about this vulnerability and see if I can get the issue resolved. I see some of this type of issue on other Webs.com pages.

#11 Guest_Jay-P VIP_*

Guest_Jay-P VIP_*

  • Guests
  • OFFLINE
  •  

Posted 26 February 2009 - 12:14 AM

Also, notice that Freewebs is the stickers on the page. Freewebs is the former name of Webs.com

#12 Guest_Jay-P VIP_*

Guest_Jay-P VIP_*

  • Guests
  • OFFLINE
  •  

Posted 26 February 2009 - 12:57 AM

Okay. I was unsuccessful to contacting them. You have to submit a ticket to the bug crew.

Wolfy, please navigate to this page, click Submit a Ticket, and paste the text below (quote box) in to the details box. Summary: Two freewebs stickers on my page
Type of issue: Having Trouble with (errors) Having Trouble with: error while viewing my site

DOMAIN: http://www.occode.webs.com/aboutme.html


ISSUE: BUG SHOWING TWO FREEWEBS STICKERS, POTENTIAL VULNERABILITY
DESCRIPTION: AFTER REVIEWING THE SITE'S CODE I NOTICED TWO CODES REFERRING TO URCHINTRACKER.
SOLUTION: EDIT THIS AREA TO REMOVE THE ONE EXTRA STICKER
SITE OWNER: UNKNOWN

EXAMPLE CODE:
http://img13.imageshack.us/img13/737/buggypage.jpg


Edited by Jay-P VIP, 26 February 2009 - 12:58 AM.


#13 Wolfy87

Wolfy87
  • Topic Starter

  • Members
  • 414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England

Posted 28 February 2009 - 02:06 PM

Alright, i dont want to go breaking TOS etc so i am looking at a real hosting company (not a free one) no ads and things and i think it is the best way around it and also no risk of running out of memory etc, thankyou for all of your help but i might not need it...now i feel bad lol

Thanks so much, Wolfy87.

#14 Guest_Jay-P VIP_*

Guest_Jay-P VIP_*

  • Guests
  • OFFLINE
  •  

Posted 28 February 2009 - 04:49 PM

That sounds much better, my friend!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users