Recent Topics

1 Nov 19, 2018 15:42    

b2evolution 6.10.3 'stable'

I don't usually promote products in my blog. However since a while back I had this totally voluntary image of a book cover that linked to its author who has a page at fb. It was located in the sidebar of my blog, contained within a 'Free HTML' snippet -- very simple HTML, really:


Spanish Cartel : Cártel Español

<a href="https://www.facebook.com/oriolmallovilaplana/" target="_blank"><img title="Spanish Cartel : Cártel Español" 
alt="Spanish Cartel : Cártel Español" src="path-to-mage/The_Iberian_Cartel.png"></a>

I was surprised today when I realized that hovering the mouse pointer over the image the browser shows the simple link above. Notwithstanding, right-clicking the image and copying the link to subsequently paste at the command line and/or a text editor, this transformation is what I saw (path varied depending on the appropriate blog entry and even included at the administration dashboard path when I am logged in.)

https://redirect.viglink.com/?format=go&jsonp=vglnk_154263253290112&key=0d3176c012db018d69225ad1c36210fa&libId=joobh6r20102kiit000DAd9r1wzz2&subId=662bf311b89bc76c6178682ed367e0b3&cuid=662bf311b89bc76c6178682ed367e0b3&loc=https%3A%2F%2Fmetztli.it%2Fblog%2Findex.php%3Fblog%3D4&v=1&out=https%3A%2F%2Fwww.facebook.com%2Foriolmallovilaplana%2F&ref=https%3A%2F%2Fmetztli.it%2Fblog%2Fblog12.php%3Fdisp%3Dmsgform%26recipient_id%3D1%26redirect_to%3Dhttps%253A%252F%252Fmetztli.it%252Fblog%252Fblog12.php%252Fmexico-tenochtitlan-july-18-1325%253Fdisp%253Dsingle%2526title%253Dmexico-tenochtitlan-july-18-1325%2526more%253D1%2526c%253D1%2526tb%253D1%2526pb%253D1&title=Metztli%20I.%20T.%C2%A0%20Blog&txt=%3Cimg%20title%3D%22Spanish%20Cartel%20%3A%20C%C3%A1rtel%20Espa%C3%B1ol%22%20alt%3D%22Spanish%20Cartel%20%3A%20C%C3%A1rtel%20Espa%C3%B1ol%22%20src%3D%22images%2FEl_Cartel_Iberico.png%22%3E

Of course I deleted the link from the image -- as I don't even know how/when the click hijacker began redirecting the original link.

This is provided as a warning to those who advertise products on their b2evo as someone else may be 'eating their lunch'.

Best Professional Regards.

2 Nov 20, 2018 22:11

In a case like that you should save the current page as HTML (complete web page) in your web browser. This would allow to investigate on a static version of the page and see where the hijaaking script is.
If you just delete it without saving it, it's hard to investigate.

3 Nov 21, 2018 10:36

Thanks for the heads up, @fplanque!

I always pride myself in security of LAMP stack environment for b2evo sites and Linux kernels I build and/or manage --thus I was perplexed by that 'Web' issue. When you mentioned 'script' I was even more concerned about how it 'got there'.

I reverted previous 'Free HTML' content to include the link to fb. And the 'hijacking' link was still there. Thus I saved the file locally, i.e., as you suggested, HTML. Notwithstanding, NoScript in Firefox provided a hint -- as it was blocking that redirection.
Selecting NoScript icon it offers to provide more information about its findings. It revealed the domain text string among other information and I proceeded to search in the local HTML content previously saved for the particular instance snapshot.

Turns out that redirection was being done by Shareaholic. Sometime ago I had subscribed to the service, submitting my site -- although never verified it -- out of curiosity for their set of social icons they provide. I enabled the plugin at the main blog but since I never verified my control of the domain site submitted I did not think it had any effect.

Well, Shareaholic has an analytics -based business model and that's what they were doing with the 'hijacking' redirection.

By disabling the Shareaholic plug in b2evo dashboard the 'hijacking' stopped. I went one step ahead as well and deleted my site from the Shareaholic dashboard. Obviously I forgot that there is no 'free lunch' from big data analytics entities: we are the product!

Thanks again, @fplanque.

Best Professional Regards.

4 Nov 21, 2018 17:41

Interesting. Where you at least able to see the analytics in your own shareaholic control panel?

5 Nov 21, 2018 19:47

Well, that's the snag, i.e., if I never verified with Shareaholic that I was indeed the owner of the site, then they should not have been intruding in that manner. When I logged in this morning to delete my incomplete site submission all the user analytics apps were greyed out. Thus,

Where you at least able to see the analytics in your own shareaholic control panel?

no. Apparently they were just leveraging their business model, regardless, vacuuming up data to be later aggregated and capitalized -- a la Google, Facebook, etc.. And when they are caught red handed, they put the blame on their favorite bogeymen: the Russians ;-D

P.S. By the way, the 'Site ID' which Shareaholic assigned to my site was embedded in the redirection URL with which I opened this thread. It is of no importance now since earlier I had deleted the incomplete (i.e., site not verified) submission at Shareaholic's dashboard.


Form is loading...