"malicious" JS on haskell site
Hello cafe, Maybe malicious isn't the right word but there is a JS based web counter on http://www.haskell.org/complex/why_does_haskell_matter.html which likes to show pop up adverts. They must have switched over from counting visitors to showing adverts at some point since the web page was created. I'm sure this is something we want removed... It would probably be good to grep the whole server to make sure that this counter doesn't show up on some other page too. Sorry if this is a simple oversight on my part but I don't know who I should be contacting about this kind of thing. It would be great if there was some kind of webmaster@haskell.org address that was advertised or some form that we could submit for issues like this. -keith -- keithsheppard.name
On 10-09-09 05:30 PM, Keith Sheppard wrote:
Maybe malicious isn't the right word but there is a JS based web counter on http://www.haskell.org/complex/why_does_haskell_matter.html which likes to show pop up adverts. They must have switched over from counting visitors to showing adverts at some point since the web page was created.
The web counter is obtained from <script language="JavaScript" src="http://m1.nedstatbasic.net/basic.js"></script> Instead of doing static analysis on the javascript code, I decided to exploit society instead. Googling "nedstatbasic", I found this (though not 1st hit): http://www.nedstat.com/nedstat-news-archive/129-nedstat-sells-nedstat-basic-... Looks like the free web counter was sold to an advertiser as few years ago.
"Albert Y. C. Lai"
Looks like the free web counter was sold to an advertiser as few years ago.
I've seen this happen before, and it's just a strategy - first provide some cross-site neat function, wait around for a while, then replace it with some ad-serving crap. Take home lesson: only serve JS that you host yourself. -k -- If I haven't seen further, it is by standing in the footprints of giants
Popup advertising is still being hosted on haskell.org. What is the
right way to deal with this? Is there a person or process to fix this?
Deleting some nedstatbasic javascript at the bottom should fix the
problem. I'm sorry for sending this to such a large list but I don't
know who the is the right contact and it seems like a pretty bad way
to start off with people who are trying to figure out what haskell
offers.
Thanks, Keith
On Thu, Sep 9, 2010 at 5:30 PM, Keith Sheppard
Hello cafe,
Maybe malicious isn't the right word but there is a JS based web counter on http://www.haskell.org/complex/why_does_haskell_matter.html which likes to show pop up adverts. They must have switched over from counting visitors to showing adverts at some point since the web page was created. I'm sure this is something we want removed... It would probably be good to grep the whole server to make sure that this counter doesn't show up on some other page too.
Sorry if this is a simple oversight on my part but I don't know who I should be contacting about this kind of thing. It would be great if there was some kind of webmaster@haskell.org address that was advertised or some form that we could submit for issues like this.
-keith
participants (3)
-
Albert Y. C. Lai -
Keith Sheppard -
Ketil Malde