Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have just logged into a user account that hasn't been used in a while and found a folder that I don't recognize under the name heart_files. Inside the folder is the following java script called counter.js. Have I been hacked or is this a tracking cookie? The file has been on there since the first of September.
Code:
Quote:
// Copyright (c)2006 Site Meter, Inc.
// <![CDATA[
var SiteMeter =
{
init:function( sCodeName, sServerName, sSecurityCode )
{
SiteMeter.CodeName = sCodeName;
SiteMeter.ServerName = sServerName;
SiteMeter.SecurityCode = sSecurityCode;
SiteMeter.IP = "80.5.160.4";
SiteMeter.trackingImage = new Image();
if (typeof(g_sLastCodeName) != 'undefined')
if (g_sLastCodeName == sCodeName)
return;
SiteMeter.onPageLoad();
// if (!SiteMeter.addEvent( window, "load", SiteMeter.displayCounter ))
// SiteMeter.onPageLoad();
onPageLoad:function()
{
var newImage = document.createElement("img");
var newHref = document.createElement("a")
var scriptRef = SiteMeter.getScriptElement();
var today=new Date();
var sTZO=(typeof(today.getTimezoneOffset)!='undefined') ? today.getTimezoneOffset() : '';
getReferral:function()
{
var sRef="";
var g_d = document;
if (typeof(g_frames) != "undefined")
if (g_frames)
sRef=top.document.referrer;
if ((sRef == "") || (sRef == "[unknown origin]") || (sRef == "unknown") || (sRef == "undefined"))
if (document["parent"] != null)
if (parent["document"] != null) // ACCESS ERROR HERE!
if (parent.document["referrer"] != null)
if (typeof(parent.document) == "object")
sRef=parent.document.referrer;
if ((sRef == "") || (sRef == "[unknown origin]") || (sRef == "unknown") || (sRef == "undefined"))
if (g_d["referrer"] != null)
sRef = g_d["referrer"];
if ((sRef == "[unknown origin]") || (sRef == "unknown") || (sRef == "undefined"))
sRef = "";
return escape(sRef);
},
getParent:function(e)
{
if (!e)
return null;
else
if (e.parentElement)
return e.parentElement;
else
if (e.parentNode)
return e.parentNode;
else
return null;
},
getTarget:function(e)
{
var targ=null;
if (!e) var e = window.event;
if (e.target)
targ = e.target;
else if (e.srcElement)
targ = e.srcElement;
if (targ.nodeType)
if (targ.nodeType == 3) // Safari bug
targ = targ.parentNode;
return targ;
},
getScriptElement:function()
{
var refScript=null;
refScript = document.getElementById( "SiteMeterScript" );
if (refScript)
return refScript;
var pageScripts = document.getElementsByTagName("script");
for(var i=0;i<pageScripts.length;i++)
{
if (pageScripts[i].src)
{
var sSource = pageScripts[i].src.toLowerCase();
if (sSource.indexOf("site=" + SiteMeter.CodeName) > 0)
return pageScripts[i];
}
}
return null;
},
elementText:function(e)
{
do
{
var sText = (e.text)?e.text:e.innerText;
if (sText) return sText.substr(0,100);
if (e.alt) return e.alt;
if (e.src) return e.src;
e = SiteMeter.getParent(e);
}
while (e);
return "";
},
elementURL:function(e)
{
do
{
if ((e.href) && (e.nodeName.toUpperCase() == 'A')) return e.href;
e = SiteMeter.getParent(e);
}
while (e);
return "";
},
EDIT: I have discovered that the user saved the lyrics to "My Heart Will Go On" from the website allspirit.co.uk at the same time and date! She is unaware of the java script however, so the question still remains, why is that on our box and what is it up to?
Hi Mikie,
I wouldnt relly be too worried. This user hs probly visited site for getting the lyrics of the Celiene Dion song . So apart from the lyrics .. there were probably a load of advertisements on the site as well.
These ds re present primrily to trck who ll lst visited their site..rather the number of visitors to the site. This is for statistical purposes. They do so by setting cookies on your drive...not harmful most of the time.
You mentioned she saved the lyrics..thats the reason the directory got created It does so by default when you save a HTML page. It also saved other junk and scripts on the page hence the javascript file.
In a nutshell..dont worry its not a hack. Post back if you're still confused or I wasnt clear enough.
Cheers
Arvind
p.s... BTW theres an extension for "Firefox" which lets you control what scripts you want to let execute ona particular webpage
Last edited by live_dont_exist; 12-01-2006 at 12:16 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.