Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
12-01-2006, 12:33 PM
|
#1
|
Member
Registered: Apr 2004
Location: Warrington, Cheshire, UK
Distribution: Linux Mint 19.1 Xfce
Posts: 555
Rep:
|
Site Meter, Inc. java script
I have just logged into a user account that hasn't been used in a while and found a folder that I don't recognize under the name heart_files. Inside the folder is the following java script called counter.js. Have I been hacked or is this a tracking cookie? The file has been on there since the first of September.
Code:
Quote:
// Copyright (c)2006 Site Meter, Inc.
// <![CDATA[
var SiteMeter =
{
init:function( sCodeName, sServerName, sSecurityCode )
{
SiteMeter.CodeName = sCodeName;
SiteMeter.ServerName = sServerName;
SiteMeter.SecurityCode = sSecurityCode;
SiteMeter.IP = "80.5.160.4";
SiteMeter.trackingImage = new Image();
if (typeof(g_sLastCodeName) != 'undefined')
if (g_sLastCodeName == sCodeName)
return;
SiteMeter.onPageLoad();
// if (!SiteMeter.addEvent( window, "load", SiteMeter.displayCounter ))
// SiteMeter.onPageLoad();
SiteMeter.addEvent( window, "load", SiteMeter.trackOutClicks );
},
aimInit:function(sCodeName)
{
var sSubDomain = sCodeName.substr(0,3);
SiteMeter.init( sCodeName, sSubDomain + ".sitemeter.com", "");
},
trackOutClicks:function()
{
for(var i=0;i<document.links.length;i++)
{
SiteMeter.addEvent( document.links[i], "click", SiteMeter.onClick );
SiteMeter.addEvent( document.links[i], "contextmenu", SiteMeter.onContextClick );
}
},
onPageLoad:function()
{
var newImage = document.createElement("img");
var newHref = document.createElement("a")
var scriptRef = SiteMeter.getScriptElement();
var today=new Date();
var sTZO=(typeof(today.getTimezoneOffset)!='undefined') ? today.getTimezoneOffset() : '';
newHref.target = "_top";
newHref.href = "http://www.sitemeter.com/stats.asp?site=" + SiteMeter.CodeName;
newHref.id = "idSiteMeterHREF";
newImage.border = "0";
newImage.alt = "Site Meter";
var sImage = "http://" + SiteMeter.ServerName + "/meter.asp?site=" + SiteMeter.CodeName;
sImage += "&refer="+SiteMeter.getReferral();
if (SiteMeter.IP != "")
sImage += "&ip="+SiteMeter.IP;
sImage += "&w="+window.screen.width;
sImage += "&h="+window.screen.height;
sImage += "&clr="+window.screen.colorDepth;
sImage += "&tzo=" + sTZO;
sImage += "&lang="+escape(navigator.language ? navigator.language : navigator.userLanguage);
if (SiteMeter.SecurityCode != "")
sImage += "&sc="+escape(SiteMeter.SecurityCode);
sImage += "&pg="+escape(document.location);
sImage += "&js=1&rnd="+Math.random();
newImage.src = sImage;
newHref.appendChild(newImage);
var parentOfScript = SiteMeter.getParent( scriptRef );
if (parentOfScript)
parentOfScript.insertBefore(newHref,scriptRef);
else
SiteMeter.trackingImage.src = sImage;
},
logEvent:function(sEvent, sText, sURL )
{
if (document.images && !SiteMeter.isLocalURL(sURL))
{
var sImg = "http://" + SiteMeter.ServerName + "/meter.asp?site=" + SiteMeter.CodeName;
sImg += "&e=" + sEvent;
sImg += "&l=" + escape(sURL);
sImg += "&t=" + escape(sText);
sImg += "&pg="+ escape(document.location);
if (SiteMeter.SecurityCode != "") sImg += "&sc="+escape(SiteMeter.SecurityCode);
if (SiteMeter.IP != "") sImg += "&ip="+SiteMeter.IP;
sImg += "&rnd="+Math.random();
if (SiteMeter.trackingImage)
SiteMeter.trackingImage.src = sImg;
}
},
trimFragment:function(sString)
{
return sString.indexOf("#")>0?sString.substring(0, sString.indexOf("#")):sString;
},
isLocalURL:function(sURL)
{
return (SiteMeter.trimFragment(document.location.href) == SiteMeter.trimFragment(sURL));
},
getReferral:function()
{
var sRef="";
var g_d = document;
if (typeof(g_frames) != "undefined")
if (g_frames)
sRef=top.document.referrer;
if ((sRef == "") || (sRef == "[unknown origin]") || (sRef == "unknown") || (sRef == "undefined"))
if (document["parent"] != null)
if (parent["document"] != null) // ACCESS ERROR HERE!
if (parent.document["referrer"] != null)
if (typeof(parent.document) == "object")
sRef=parent.document.referrer;
if ((sRef == "") || (sRef == "[unknown origin]") || (sRef == "unknown") || (sRef == "undefined"))
if (g_d["referrer"] != null)
sRef = g_d["referrer"];
if ((sRef == "[unknown origin]") || (sRef == "unknown") || (sRef == "undefined"))
sRef = "";
return escape(sRef);
},
getParent:function(e)
{
if (!e)
return null;
else
if (e.parentElement)
return e.parentElement;
else
if (e.parentNode)
return e.parentNode;
else
return null;
},
getTarget:function(e)
{
var targ=null;
if (!e) var e = window.event;
if (e.target)
targ = e.target;
else if (e.srcElement)
targ = e.srcElement;
if (targ.nodeType)
if (targ.nodeType == 3) // Safari bug
targ = targ.parentNode;
return targ;
},
getScriptElement:function()
{
var refScript=null;
refScript = document.getElementById( "SiteMeterScript" );
if (refScript)
return refScript;
var pageScripts = document.getElementsByTagName("script");
for(var i=0;i<pageScripts.length;i++)
{
if (pageScripts[i].src)
{
var sSource = pageScripts[i].src.toLowerCase();
if (sSource.indexOf("site=" + SiteMeter.CodeName) > 0)
return pageScripts[i];
}
}
return null;
},
elementText:function(e)
{
do
{
var sText = (e.text)?e.text:e.innerText;
if (sText) return sText.substr(0,100);
if (e.alt) return e.alt;
if (e.src) return e.src;
e = SiteMeter.getParent(e);
}
while (e);
return "";
},
elementURL:function(e)
{
do
{
if ((e.href) && (e.nodeName.toUpperCase() == 'A')) return e.href;
e = SiteMeter.getParent(e);
}
while (e);
return "";
},
onClick:function(e)
{
var target = SiteMeter.getTarget(e);
SiteMeter.logEvent( "click", SiteMeter.elementText(target), SiteMeter.elementURL(target) );
},
onContextClick:function(e)
{
var target = SiteMeter.getTarget(e);
SiteMeter.logEvent( "context", SiteMeter.elementText(target), SiteMeter.elementURL(target) );
},
addEvent:function( obj, sEvent, func )
{
if (obj.addEventListener)
obj.addEventListener(sEvent, func, false);
else
if (obj.attachEvent)
obj.attachEvent( "on"+sEvent, func );
else
return false;
return true;
}
}
SiteMeter.init('sm5allspirit', 'sm5.sitemeter.com', '');
var g_sLastCodeName = 'sm5allspirit';
// ]]>
|
EDIT: I have discovered that the user saved the lyrics to "My Heart Will Go On" from the website allspirit.co.uk at the same time and date! She is unaware of the java script however, so the question still remains, why is that on our box and what is it up to?
Last edited by mikieboy; 12-01-2006 at 01:03 PM.
|
|
|
12-01-2006, 01:13 PM
|
#2
|
Member
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257
Rep:
|
Hi Mikie,
I wouldnt relly be too worried. This user hs probly visited site for getting the lyrics of the Celiene Dion song . So apart from the lyrics .. there were probably a load of advertisements on the site as well.
These ds re present primrily to trck who ll lst visited their site..rather the number of visitors to the site. This is for statistical purposes. They do so by setting cookies on your drive...not harmful most of the time.
You mentioned she saved the lyrics..thats the reason the directory got created It does so by default when you save a HTML page. It also saved other junk and scripts on the page hence the javascript file.
In a nutshell..dont worry its not a hack. Post back if you're still confused or I wasnt clear enough.
Cheers
Arvind
p.s... BTW theres an extension for "Firefox" which lets you control what scripts you want to let execute ona particular webpage
Last edited by live_dont_exist; 12-01-2006 at 01:16 PM.
|
|
|
12-01-2006, 02:45 PM
|
#3
|
Member
Registered: Apr 2004
Location: Warrington, Cheshire, UK
Distribution: Linux Mint 19.1 Xfce
Posts: 555
Original Poster
Rep:
|
Thanks for the reassurance . I'll just delete it and forget about it
Mikie
|
|
|
All times are GMT -5. The time now is 09:46 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|