|
Hello guys!
I've noticed that NoScript (Mozilla addon) had caught the following attempt of XSS injection:
[NoScript InjectionChecker] JavaScript Injection in (function anonymous() {
tab=active$0;sttr=46
DUMMY_EXPR
})
Can you check it?
|
|
|
|
|
Looks like a 3rd party ad tag. I don't see any XSS in there but I'll certainly check it out.
cheers
Chris Maunder
|
|
|
|
|
Thank you, Chris.
I checked it twice on my 2 laptops and 1 desktop before i posted this message. All machines all regularly checked for viruses, trojans, etc.
I do believe that you did something, because XSS warnings have gone today. Note that i did nothing.
Thank you.
Cheers,
Maciej
It get back.
As to my observation, XSS warnings are not displayed till ads on top are being unloaded.
modified 8-Jan-16 2:30am.
|
|
|
|
|
I had it yesterday morning too and also now again.
If it helps:
The ads shown when this occurres are about Softlayer with clickable link [EDIT: inserted line breaks]
https://adclick.g.doubleclick.net/pcs/click
?xai=AKAOjstY4fXEO4wJ5mlIjfuN_skjkxLFyqpFzI8a_InDaAhZBLHih-wvMgVElXhFEwfTWrMyMe23Q8y2xD6aoQHO2DBIfjrXk45ihdcoL1STGA
&sig=Cg0ArKJSzKxeBTfNyIZf
&urlfix=1
&adurl=http://www.softlayer.com/info/break-boundaries-compute
%3Futm_source%3Ddeveloper_media
%26utm_medium%3Dbanner
%26utm_content%3DBreak_Boundaries_White%7CTargeting%7C728x90%7CJPG
%26utm_campaign%3DEU_-_EU_-_English_-_Region_-_Media_Buy_-_Developer_Media_-_SL_Branding
[UPDATE]
This happens only on the QA list page. I just had the same ad on a single QA page, in the lounge, and here while posting this message without a NoScript message.
[UPDATE 2]
The clickable link on other pages where the NoScript message does not occurr is different. Example:
https://adclick.g.doubleclick.net/pcs/click
?xai=AKAOjstRD0PGvv1wmRpZNqwnXp_s-duTli__SPigzXfolLWTn_eFoae153yDWcCXRc0cOWeP69d0f-Vw-CbiWXKKU2Yd65HFxpGtKlrZ0o3v1A
&sig=Cg0ArKJSzD_ewl2D4Df8
&urlfix=1
&adurl=https://adclick.g.doubleclick.net/aclk
%3Fsa%3DL
%26ai%3DBEE_uY2yPVufTO46fboTbr9AItrK3sQgAAAAQASAAOABYxqXCkdUCYJWCgIC4B4IBF2NhLXB1Yi00MjcxODYyMzI1NzY4ODI5sgETd3d3LmNvZGVwcm9qZWN0LmNvbboBCWdmcF9pbWFnZcgBCdoBZmh0dHA6Ly93d3cuY29kZXByb2plY3QuY29tL1F1ZXN0aW9ucy8xMDcwMTU4L0hvdy13b3VsZC1JLWdvLWFib3V0LW1ha2luZy1hLXJlYWxpc3RpYy1Tbm9va2VyLWdhP2Fybj00M5gC2DbAAgLgAgDqAh4vNjgzOS9scW0uY29kZXByb2plY3Quc2l0ZS9yb3P4AoHSHpADjAaYA6QDqAMB4AQBkAYBoAYW2AcA
%26num%3D0
%26cid%3D5GiltA
%26sig%3DAOD64_2DNkVrGZTJ7XNL4DEBMIwi1h0M6w
%26client%3Dca-pub-4271862325768829
%26adurl%3Dhttp://www.softlayer.com/info/break-boundaries-compute
%253Futm_source%253Ddeveloper_media
%2526utm_medium%253Dbanner
%2526utm_content%253DBreak_Boundaries_White%257CTargeting%257C728x90%257CJPG
%2526utm_campaign%253DEU_-_EU_-_English_-_Region_-_Media_Buy_-_Developer_Media_-_SL_Branding
modified 8-Jan-16 3:33am.
|
|
|
|
|
Thank you, Jochen.
It's very interesting, because it happens only on QA forum.
I looked up into NoScript event log and this is what i see now:
Using //@ to indicate sourceURL pragmas is deprecated. Use //# instead rs=AGLTcCMOOHjdJMiEtHjnzYTwiQsW8U1Mwg:1245:0
about:blank : Unable to run script because scripts are blocked internally. <nieznane>
[NoScript InjectionChecker] JavaScript Injection in ///ddm/adi/N233401.1392339DEVELOPERMEDIA.CO/B9333835.127053310;dc_ver=21.55;sz=728x90;dc_rdid=;dc_adk=2036841227;ord=iiek3h;click=<a href="https://adclick.g.doubleclick.net/aclk?sa=L&ai=BXdBq-GiPVujKG6LuyAOlzIyQB7ayt7EIAAAAEAEgADgAWMalwpHVAmDp5MmF2BqCARdjYS1wdWItNDI3MTg2MjMyNTc2ODgyObIBE3d3dy5jb2RlcHJvamVjdC5jb226AQlnZnBfaW1hZ2XIAQnaAT5odHRwOi8vd3d3LmNvZGVwcm9qZWN0LmNvbS9zY3JpcHQvQW5zd2Vycy9MaXN0LmFzcHg_dGFiPWFjdGl2ZZgC2DbAAgLgAgDqAh4vNjgzOS9scW0uY29kZXByb2plY3Quc2l0ZS9yb3P4AoHSHpADjAaYA6QDqAMB4AQBkAYBoAYW2AcA&num=0&cid=5Ghu-BSkg09H5pKF61d2Ztj-&sig=AOD64_3w9DAxpaqaE3_R2CWF5xHjTWGHRQ&client=ca-pub-4271862325768829&adurl=;dc_rfl=1,http://www.codeproject.com/script/Answers/List.aspx?tab=active">https://adclick.g.doubleclick.net/aclk?sa=L&ai=BXdBq-GiPVujKG6LuyAOlzIyQB7ayt7EIAAAAEAEgADgAWMalwpHVAmDp5MmF2BqCARdjYS1wdWItNDI3MTg2MjMyNTc2ODgyObIBE3d3dy5jb2RlcHJvamVjdC5jb226AQlnZnBfaW1hZ2XIAQnaAT5odHRwOi8vd3d3LmNvZGVwcm9qZWN0LmNvbS9zY3JpcHQvQW5zd2Vycy9MaXN0LmFzcHg_dGFiPWFjdGl2ZZgC2DbAAgLgAgDqAh4vNjgzOS9scW0uY29kZXByb2plY3Quc2l0ZS9yb3P4AoHSHpADjAaYA6QDqAMB4AQBkAYBoAYW2AcA&num=0&cid=5Ghu-BSkg09H5pKF61d2Ztj-&sig=AOD64_3w9DAxpaqaE3_R2CWF5xHjTWGHRQ&client=ca-pub-4271862325768829&adurl=;dc_rfl=1,http://www.codeproject.com/script/Answers/List.aspx?tab=active</a>$0;sttr=31?
(function anonymous() {
tab=active$0;sttr=31 /* COMMENT_TERMINATOR */
DUMMY_EXPR
})
and
TypeError: this._recipeManager is null
and
getPreventDefault() method is obsolete. Use defaultPrevented instead.
And one more observation. Till Reply (to the comment) widget isn't used, XSS warning are not displayed.
|
|
|
|
|
I have just updated my post to indicate that it only happens in the QA list.
The message seems to be the same as yesterday (I still have the console with today's warning open).
I did not have the TypeError.
The getPreventDefault() message is not related to the problem. It is sourced by an Ajax JQuery script used by many sites.
|
|
|
|
|
Hello. I've noticed that the reputation points are not added in my profile and I'd like to know the reason why ?!?!
|
|
|
|
|
It would be nice for Admins if you can explain in detail which reputation points you are talking about. On a side note, reputation point means nothing,really.
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning
|
|
|
|
|
I've actually stopped to receive reputation points for example approving articles, voting for the articles published by others, articles bookmarking, etc.
Thanks.
|
|
|
|
|
Stop worrying about rep points; you can't exchange them for food.
|
|
|
|
|
Thanks. Obviously that.
|
|
|
|
|
Unsubscribe me. I have tried it 1000 times. I dont want a single mail of you guys there.
|
|
|
|
|
I doubt very much that you have tried it 1000 times. It is a simple matter to close your account from your Settings page[^].
|
|
|
|
|
|
I've moved it into the Hardware review section
cheers
Chris Maunder
|
|
|
|
|
|
What help would you like?
The voting system is designed to allow people (multiple) to provide feedback on your contributions. As far as I can tell, and with all due respect, the system is working.
cheers
Chris Maunder
|
|
|
|
|
If the same person is down-voting, then action needs to be taken against the spammer.
Update: Please see Midi_Mick's comment in the same thread.
modified 6-Jan-16 1:39am.
|
|
|
|
|
a) It's not the same person
b) What action should I take if it were? People are allowed to have their view and 3 votes isn't abuse. Not allowing someone to say "I don't agree with this" is not nice.
I get that it's disappointing, and I get that there are spurious votes, but we've put a lot of work into making the system resilient to (potentially) poor votes and the benefits of free expression absolutely outweigh the slings and arrows of a downvote.
cheers
Chris Maunder
|
|
|
|
|
Let me tell you its more than 3.
I just put three links in here.
|
|
|
|
|
I think Chris is suggesting that it's within the expected confines of his voting system for someone to go through a member's posts/answers and down vote those that he/she feels to be sub-par (which is always a subjective thing). There's no way around it really. I guess the trick is to only respond when you are absolutely sure of your answer. Or if someone responds with a better one, delete yours before someone can down vote it.
|
|
|
|
|
Mass down-voting of a single user's answers is not "spamming". Please stop mis-using that word.
If a single user is and down-voting everything you post, you might be able to argue that it's abusive behaviour. However, it could also be argued that it's a perfectly valid use of the voting system, where users get to express their opinion of the content you've posted, whether or not you agree with that opinion.
If you had picked up a serial down-voting stalker, I'd expect to see a lot more down-voting activity than five votes in three days!
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Richard Deeming wrote: whether or not you agree with that opinion
Well I don't.
While there is nothing wrong with the voting system, I don't believe a 'platinum' member should down-vote without providing a reason.
Its quite ridiculous.
|
|
|
|
|
And yet, when we were required to provide reasons for down-votes, we ended up with very few people down-voting, even for exceptionally poor content. Chris explained the problem[^] last February.
There's no perfect solution. If you allow comment-less down-votes, then you don't get any feedback as to why your content has been down-voted. But if you require comments, you discourage members from down-voting poor content, in case the author decides to start a down-voting war.
If you suspect someone is abusing the voting system, then raise it with the hamsters. They're the only people who can see who is down-voting your content.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
I'd like to say: each of you is right.
We all know that perfect voting system doesn't exist!
I think that Abhinav can live with all those downvotes, but he's probably wonder why someone downvoted his answer. When the downvote comes from platinum member and that member doesn't wrote a bit of explanation, it hurts.
We should respect few simple rules. The most important (in this aspect) is: write the reason of downvote to give a chance for person who posted an answer to improve it.
Cheers,
Maciej
|
|
|
|