|
Security issue?
|
Lately when I've come on the forum Firefox displays a banner across the top saying it's blocked a cross-site XSS(?) script and to check the console for more info.
Anyone else have this happen to 'em and is it anything to worry about? --Rod.H 
We know that Yuku uses some kind of intermediary script for all outbound links, apparently to track eyes and where they're going to -- the NoScript add-on fore Firefox eliminates that, though. You shouldn't be seeing ads of any sort, so you shouldn't be getting any links off of those. Can you check the console and see what it says? Maybe the URL, if it's listed there, will clue us in.
-- Bob --------- Then the horns kicked in... ...and my shoes began to squeak. 
In this same vein, Yuku snuck a pop-up ad through Firefox (I'm running Adblock Plus, but not NoScript) the other day. I was so irritated that a popup had hit me that I closed it before I thought about its possible vector. The only site I had loaded at the time was this board, though.
It hasn't happened since, but I think we can assume the folks behind the scenes at Yuku are tweaking things again. --sofaspud --"Listening to your kid is the audio equivalent of a Salvador Dali painting, Spud." --OpMegs
The Firefox error console on one system which had that message pop-up is implying it's a embedded javascript error thing, could just be that system.
*shrug* The things it had issues with are: quantserve, GA_googleFetchAds, GA_googleFillSlot, GA_googleAddAtt, GS_googleAddAdSenseService
Quantserve is an advertisting/tracking thingie from an outfit called QuantCast. The rest are Google Ads stuff, obviously. Of these, I suspect it's Quantserve; it seems more likely based on some of the comments and queries I've seen about it on other fora.
The thing is, you shouldn't see any ad stuff at all because I (and others) pay to have them not be here. If the problem persists, I suggest perhaps NoScript and/or AdBlock. -- Bob --------- Then the horns kicked in... ...and my shoes began to squeak.
I should add that Quantserve.com puts a tracking cookie on your system. You might want to block it, maybe that'll help, too.
-- Bob --------- Then the horns kicked in... ...and my shoes began to squeak.
I all ready run Noscript & adblock - I done that on all systems I can do that to - and I've never seen an ad, to the best of my memory, on here.
Here's an example of what's throwing currently an error atm minus the "
Are you still getting that cross-site error?
-- Bob --------- Then the horns kicked in... ...and my shoes began to squeak. 
This is rather odd. Twice today, the first time I load this page (and only this page) I get a long string of code, and nothing else.
(Same bit as line 8 of Rod's code) I'm not running either adblock or noscript, but it takes a force refresh to clear that line and load the proper page. --- The Master said: "It is all in vain! I have never yet seen a man who can perceive his own faults and bring the charge home against himself." >Analects: Book V, Chaper XXVI
Weird. I wish it were happening to me, so I could get a better sense of what's going on...
-- Bob --------- Then the horns kicked in... ...and my shoes began to squeak.
Slight update: False alarm o.o
Apparently since the line is so long, the page loads scrolled off to the far right, and that code is the only thing running that far over. *Looks in mirror for new blonde strands* It does bear mention, however, to avoid distortion of the forum width, we ought use [ spoiler=(title) ] tags. They'll load as collapsed and not blow the size out of proportion. (See above) --- The Master said: "It is all in vain! I have never yet seen a man who can perceive his own faults and bring the charge home against himself." >Analects: Book V, Chaper XXVI
Ah, okay.
-- Bob --------- Then the horns kicked in... ...and my shoes began to squeak.
I've received just one since then, the only differences is that I checked the error console straight after it happening. The previous errors are still present but now I've got a Firefox add-on complaining: Tab Mix Plus. Possible source? If it is what is it about here that triggers it.
The wiki page that tries to explain how to all the fancy stuff with text's borked too, for me.
What's Tab Mix Plus? I've never heard of it.
-- Bob --------- Then the horns kicked in... ...and my shoes began to squeak.
It's an add-on which lets you do some additional stuff with the tabs in Firefox like trigger a tab with a 3rd mouse button click on links, move tabs around.
But then I'm slowly tracking down the error, now I was even faster checking the error and while the ad ones were still there, a new one appeared related with the PDF Download add-on. --Rod.H
Ah even more illumination! I was looking in the wrong error console filter.
The following is the problem code Out of all a that code points to me that there something hinting worse than Denmark with exelator.com Edit: According to http://support.yuku.com/topic/16339/t/l ... alert.html what's at exelator.com is some analytics programs yuku uses. --Rod.H
Okay, then, where does that leave you? Still with a problem or no?
-- Bob --------- Then the horns kicked in... ...and my shoes began to squeak.
At the moment it's at no problem, just concerns. Mainly along the lines of "Oh, that possibly why the forum appears to disappear for me, from time to time" or "Gee, why is the page so slow to load." which is probably due to that cross-site script, or high net traffic.
Note that NoScripts anti-XSS rules are pretty paranoid. So I wouldn't take that on it's own as a sign that there's something malicious about exelator.
Though I do wonder why you're getting this problem and I'm not, since it sound like we might be running fairly similar configurations. -Morgan.
Just in case your were wondering about XSS.
Thanks!
-- Bob --------- Then the horns kicked in... ...and my shoes began to squeak. |
|
« Next Oldest | Next Newest »
|
![[+]](/images/collapse_collapsed.png "[+]")
Spoiler