referrer inserts Javascript into processed logs

Forum Moderators: DixonJones

Message Too Old, No Replies

referrer inserts Javascript into processed logs

user-agent declaration in processed logs forces unwanted redirect

stapel

6:06 pm on Aug 13, 2006 (gmt 0)

When I recently attempted to review the user-agent listing in my processed logs, I was redirected from my local HTML file to the [example.com] web site. Upon closer examination, I discovered that the user-agent declaration included a Javascript snippet:

<SCRIPT>window.location='http://www.example.com'</script>

I had to edit the HTML to get the logging information to display correctly.

Has anybody else seen this sort of behavior? Is this a common thing that I just hadn't noticed before? Is this exclusive to this site (a "search engine" I'd never heard of before)?

Thank you.

Eliz.

[edited by: Receptional at 2:57 pm (utc) on Aug. 14, 2006]
[edit reason]
[1][edit reason] I had to take the specific URL out [/edit] [/edit][/1]

Receptional

3:03 pm on Aug 14, 2006 (gmt 0)

This sounds like an attempt at "log spam". Not necessarily "spam" in this case, assuming you don't have thousands of entries like this, but a welcome (in the eyes of the search engine owner) side effect of log files. What happens is that many people have their log files unprotected and actually visible to web users. People therefore put links in their referrer data so that if the referrer gets rendered in an HTML page, a link is created which might then be picked up by OTHER search bots and count towards a site's link popularity. It also had the effect of making YOU click on the search engine, so there's proof positive that it works as a way of generating real human traffic. (Also why I took the URL out of you post - I don't want MORE publicity given to them!)

Hope that helps.

Dixon.

stapel

3:56 pm on Aug 14, 2006 (gmt 0)

I'm familiar with log spam. Fake referrers are inserted into the logs, in hopes that people will try to track back (to the non-existant referring links) and thereby expose themselves to whatever the spammer has waiting for them.

This is not a link in the logs. It is a Javascript snippet which prevents viewing of those logs. When I attempted to view the pages in question (inside the processed log results), I was automatically redirected to the other site. This wasn't a link; it was a redirect.

I guess we're not allowed to discuss search engines by name. (Sticky me privately for the URL.) But I think we're allowed to discuss if we've seen this Javascript-hijack behavior. I would like to know if this is a rare thing, or a common thing I just hadn't encountered before, and if there is any proposed solution.

Thank you.

Eliz.

Receptional

5:21 pm on Aug 14, 2006 (gmt 0)

Ah! I get it now. Sorry for being thick first time round.

I've never seen that before.

That's a bit naughty isn't it! I wonder how many log anaylzers that will corrupt. I also wonder if it is merely destructive in intent or whether there is a genuine reason to do something like that?

lasko

9:25 am on Aug 18, 2006 (gmt 0)

I've had the same problem for the past few days.

I've inserted into my .htaccess ban list.

Even though its banned it will still attempt to visit pages and be logged.

I now have to view log files with JS disabled.