LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-01-2006, 12:33 PM   #1
mikieboy
Member
 
Registered: Apr 2004
Location: Warrington, Cheshire, UK
Distribution: Linux Mint 19.1 Xfce
Posts: 555

Rep: Reputation: 33
Site Meter, Inc. java script


I have just logged into a user account that hasn't been used in a while and found a folder that I don't recognize under the name heart_files. Inside the folder is the following java script called counter.js. Have I been hacked or is this a tracking cookie? The file has been on there since the first of September.

Code:
Quote:
// Copyright (c)2006 Site Meter, Inc.
// <![CDATA[
var SiteMeter =
{
init:function( sCodeName, sServerName, sSecurityCode )
{
SiteMeter.CodeName = sCodeName;
SiteMeter.ServerName = sServerName;
SiteMeter.SecurityCode = sSecurityCode;
SiteMeter.IP = "80.5.160.4";
SiteMeter.trackingImage = new Image();

if (typeof(g_sLastCodeName) != 'undefined')
if (g_sLastCodeName == sCodeName)
return;

SiteMeter.onPageLoad();
// if (!SiteMeter.addEvent( window, "load", SiteMeter.displayCounter ))
// SiteMeter.onPageLoad();

SiteMeter.addEvent( window, "load", SiteMeter.trackOutClicks );
},

aimInit:function(sCodeName)
{
var sSubDomain = sCodeName.substr(0,3);
SiteMeter.init( sCodeName, sSubDomain + ".sitemeter.com", "");
},

trackOutClicks:function()
{
for(var i=0;i<document.links.length;i++)
{
SiteMeter.addEvent( document.links[i], "click", SiteMeter.onClick );
SiteMeter.addEvent( document.links[i], "contextmenu", SiteMeter.onContextClick );
}

},

onPageLoad:function()
{
var newImage = document.createElement("img");
var newHref = document.createElement("a")
var scriptRef = SiteMeter.getScriptElement();

var today=new Date();
var sTZO=(typeof(today.getTimezoneOffset)!='undefined') ? today.getTimezoneOffset() : '';

newHref.target = "_top";
newHref.href = "http://www.sitemeter.com/stats.asp?site=" + SiteMeter.CodeName;
newHref.id = "idSiteMeterHREF";

newImage.border = "0";
newImage.alt = "Site Meter";

var sImage = "http://" + SiteMeter.ServerName + "/meter.asp?site=" + SiteMeter.CodeName;
sImage += "&refer="+SiteMeter.getReferral();
if (SiteMeter.IP != "")
sImage += "&ip="+SiteMeter.IP;
sImage += "&w="+window.screen.width;
sImage += "&h="+window.screen.height;
sImage += "&clr="+window.screen.colorDepth;
sImage += "&tzo=" + sTZO;
sImage += "&lang="+escape(navigator.language ? navigator.language : navigator.userLanguage);
if (SiteMeter.SecurityCode != "")
sImage += "&sc="+escape(SiteMeter.SecurityCode);
sImage += "&pg="+escape(document.location);
sImage += "&js=1&rnd="+Math.random();

newImage.src = sImage;
newHref.appendChild(newImage);
var parentOfScript = SiteMeter.getParent( scriptRef );

if (parentOfScript)
parentOfScript.insertBefore(newHref,scriptRef);
else
SiteMeter.trackingImage.src = sImage;
},

logEvent:function(sEvent, sText, sURL )
{
if (document.images && !SiteMeter.isLocalURL(sURL))
{
var sImg = "http://" + SiteMeter.ServerName + "/meter.asp?site=" + SiteMeter.CodeName;
sImg += "&e=" + sEvent;
sImg += "&l=" + escape(sURL);
sImg += "&t=" + escape(sText);
sImg += "&pg="+ escape(document.location);
if (SiteMeter.SecurityCode != "") sImg += "&sc="+escape(SiteMeter.SecurityCode);
if (SiteMeter.IP != "") sImg += "&ip="+SiteMeter.IP;
sImg += "&rnd="+Math.random();
if (SiteMeter.trackingImage)
SiteMeter.trackingImage.src = sImg;
}
},

trimFragment:function(sString)
{
return sString.indexOf("#")>0?sString.substring(0, sString.indexOf("#")):sString;
},

isLocalURL:function(sURL)
{
return (SiteMeter.trimFragment(document.location.href) == SiteMeter.trimFragment(sURL));
},

getReferral:function()
{
var sRef="";
var g_d = document;
if (typeof(g_frames) != "undefined")
if (g_frames)
sRef=top.document.referrer;
if ((sRef == "") || (sRef == "[unknown origin]") || (sRef == "unknown") || (sRef == "undefined"))
if (document["parent"] != null)
if (parent["document"] != null) // ACCESS ERROR HERE!
if (parent.document["referrer"] != null)
if (typeof(parent.document) == "object")
sRef=parent.document.referrer;
if ((sRef == "") || (sRef == "[unknown origin]") || (sRef == "unknown") || (sRef == "undefined"))
if (g_d["referrer"] != null)
sRef = g_d["referrer"];
if ((sRef == "[unknown origin]") || (sRef == "unknown") || (sRef == "undefined"))
sRef = "";

return escape(sRef);
},

getParent:function(e)
{
if (!e)
return null;
else
if (e.parentElement)
return e.parentElement;
else
if (e.parentNode)
return e.parentNode;
else
return null;
},

getTarget:function(e)
{
var targ=null;
if (!e) var e = window.event;
if (e.target)
targ = e.target;
else if (e.srcElement)
targ = e.srcElement;
if (targ.nodeType)
if (targ.nodeType == 3) // Safari bug
targ = targ.parentNode;
return targ;
},

getScriptElement:function()
{
var refScript=null;
refScript = document.getElementById( "SiteMeterScript" );
if (refScript)
return refScript;

var pageScripts = document.getElementsByTagName("script");
for(var i=0;i<pageScripts.length;i++)
{
if (pageScripts[i].src)
{
var sSource = pageScripts[i].src.toLowerCase();
if (sSource.indexOf("site=" + SiteMeter.CodeName) > 0)
return pageScripts[i];
}
}

return null;
},

elementText:function(e)
{
do
{
var sText = (e.text)?e.text:e.innerText;
if (sText) return sText.substr(0,100);
if (e.alt) return e.alt;
if (e.src) return e.src;
e = SiteMeter.getParent(e);
}
while (e);
return "";
},

elementURL:function(e)
{
do
{
if ((e.href) && (e.nodeName.toUpperCase() == 'A')) return e.href;
e = SiteMeter.getParent(e);
}
while (e);
return "";
},

onClick:function(e)
{
var target = SiteMeter.getTarget(e);
SiteMeter.logEvent( "click", SiteMeter.elementText(target), SiteMeter.elementURL(target) );
},

onContextClick:function(e)
{
var target = SiteMeter.getTarget(e);
SiteMeter.logEvent( "context", SiteMeter.elementText(target), SiteMeter.elementURL(target) );
},

addEvent:function( obj, sEvent, func )
{
if (obj.addEventListener)
obj.addEventListener(sEvent, func, false);
else
if (obj.attachEvent)
obj.attachEvent( "on"+sEvent, func );
else
return false;
return true;
}

}

SiteMeter.init('sm5allspirit', 'sm5.sitemeter.com', '');

var g_sLastCodeName = 'sm5allspirit';
// ]]>
EDIT: I have discovered that the user saved the lyrics to "My Heart Will Go On" from the website allspirit.co.uk at the same time and date! She is unaware of the java script however, so the question still remains, why is that on our box and what is it up to?

Last edited by mikieboy; 12-01-2006 at 01:03 PM.
 
Old 12-01-2006, 01:13 PM   #2
live_dont_exist
Member
 
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257

Rep: Reputation: 30
Hi Mikie,
I wouldnt relly be too worried. This user hs probly visited site for getting the lyrics of the Celiene Dion song . So apart from the lyrics .. there were probably a load of advertisements on the site as well.

These ds re present primrily to trck who ll lst visited their site..rather the number of visitors to the site. This is for statistical purposes. They do so by setting cookies on your drive...not harmful most of the time.

You mentioned she saved the lyrics..thats the reason the directory got created It does so by default when you save a HTML page. It also saved other junk and scripts on the page hence the javascript file.

In a nutshell..dont worry its not a hack. Post back if you're still confused or I wasnt clear enough.

Cheers
Arvind
p.s... BTW theres an extension for "Firefox" which lets you control what scripts you want to let execute ona particular webpage

Last edited by live_dont_exist; 12-01-2006 at 01:16 PM.
 
Old 12-01-2006, 02:45 PM   #3
mikieboy
Member
 
Registered: Apr 2004
Location: Warrington, Cheshire, UK
Distribution: Linux Mint 19.1 Xfce
Posts: 555

Original Poster
Rep: Reputation: 33
Thanks for the reassurance . I'll just delete it and forget about it

Mikie
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Protecting site content with java script Gogul Programming 15 02-28-2006 01:28 PM
Java Desktop Powertips (Sun web site) tadelste JDS 0 10-21-2004 11:16 PM
show me a site:Java alaios Programming 3 06-15-2004 07:21 AM
Netscape crashes loading java site mooreted Linux - Software 2 03-21-2004 11:00 AM
linux 9 and java script error - premature end of script header sibil Linux - Newbie 0 01-06-2004 05:21 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:46 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration