Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Hacked link in docs #8187

Closed
lud opened this issue Dec 15, 2022 · 19 comments
Closed

Hacked link in docs #8187

lud opened this issue Dec 15, 2022 · 19 comments

Comments

@lud
Copy link

lud commented Dec 15, 2022

Describe the bug

Hello,

When reading the readme on this page https://github.com/sveltejs/kit/tree/master/packages/adapter-static I went directly to a porn page when clicking on "more often than you probably think".

Load the linked url ( https://kryogenix.org/code/browser/everyonehasjs.html ) in your browser and reload the page a couple times, and tell me if it happens to you too.

I tried random other urls on my computer and nothing happend, so I guess I do not have a virus or something alike.

Reproduction

Load https://kryogenix.org/code/browser/everyonehasjs.html multiple times.

Logs

No response

System Info

Windows 10, No VPN, standard french ISP

Severity

serious, but I can work around it

Additional Information

No response

@Rich-Harris
Copy link
Member

I... cannot reproduce this 😆

@Conduitry
Copy link
Member

Weird, I was just able to. After a few refreshes I got a 302 to http://46.4.68.136/H8BfdGPh?DOM=kryogenix.org&URI=%2fcode%2fbrowser%2feveryonehasjs.html which redirected me to ... porn.

@lud
Copy link
Author

lud commented Dec 15, 2022

Weird, I was just able to.

Well, I will not hide that it is a relief to me ...

@Rich-Harris
Copy link
Member

alright, another maintainer just saw it as well. i guess it's time to cc @stuartlangridge!

@stuartlangridge
Copy link

I appreciate the CC here, thank you!

I can't replicate this, and I've tried a bunch. The page text itself doesn't seem to contain anything dodgy, having checked on the server. I may have missed something, but my current best guess is that this is a dodgy ad; the page does contain Google ads (because it gets referenced a lot and so having a small income from it is nice, although it doesn't bring in a lot; maybe I need a sponsor programme or something :-)), and perhaps there is an ad in the rotation which is hijacking users to a porn site? This is obviously bad, even if there's nothing much I can do about it; I can't get it to happen to me, no matter how much I try. I'm open to suggestions for how I might fix this -- if there's no obvious fix, then I'll kill the ads on the page, because this is obviously a bad thing to happen to people viewing the page and it needs to be stopped.

@524c
Copy link
Contributor

524c commented Dec 15, 2022

Weird, I was just able to. After a few refreshes I got a 302 to http://46.4.68.136/H8BfdGPh?DOM=kryogenix.org&URI=%2fcode%2fbrowser%2feveryonehasjs.html which redirected me to ... porn.

And that site closes when the referrer is github and we click on this link, but copying and pasting it generates a 302 for a porn.

The difficulty now will be to find this possible xss on the report link

@lud
Copy link
Author

lud commented Dec 15, 2022

I can't reproduce anymore, even when loading directly from the address bar.

@stuartlangridge
Copy link

OK. For the moment, then, I am going to assume that this is an issue with a bad ad that someone managed to get into Google Ads, and that ad has since been identified and killed from Google's side. However, if anyone manages to see the same thing happen again after this, do please let me know, and if that happens I'll kill the ads; it's certainly not worth it if there's a risk that people are being hijacked to bad places!

Also, I should say: thank you very much for getting this info to me so fast and helping to test for it. I appreciate it. Everyone knows that svelte is super fast, but I didn't realise that that also applied to the community's response as well :-)

@Conduitry
Copy link
Member

The ad redirect thing doesn't make a ton of sense to me because, according to my network tab, I got an actual 302 from your server - I hope my browser wasn't lying to me, and I hope it wasn't actually a client-side redirect from a bad ad getting helpfully normalized in some way to a 302. But that also means the issue is a lot more mysterious. I haven't been able to get it to happen again after the two times I saw it in fairly quick succession.

@lud
Copy link
Author

lud commented Dec 15, 2022

Alright :)

Though I suggest to check in a few days because @524c got a "302", so I assume a header before the page even loaded, and I have ublock origin running so I can't see any ad on your page.

(edit: was in reply to @stuartlangridge )

@524c
Copy link
Contributor

524c commented Dec 15, 2022

OK. For the moment, then, I am going to assume that this is an issue with a bad ad that someone managed to get into Google Ads, and that ad has since been identified and killed from Google's side. However, if anyone manages to see the same thing happen again after this, do please let me know, and if that happens I'll kill the ads; it's certainly not worth it if there's a risk that people are being hijacked to bad places!

Also, I should say: thank you very much for getting this info to me so fast and helping to test for it. I appreciate it. Everyone knows that svelte is super fast, but I didn't realise that that also applied to the community's response as well :-)

I'll try to reproduce in the next few days, if I can, I'll let you know.

@stuartlangridge
Copy link

I got an actual 302 from your server

That's certainly worrying. I can't work out how that might have happened; I've checked htaccess stuff, and the page itself is plain HTML, and there doesn't seem to be any content in it that might cause a problem. But as mentioned I'm certainly happy to look further into this if it's still happening! This is strange stuff, and I definitely want to fix it if there's something my end that's causing it.

@524c
Copy link
Contributor

524c commented Dec 16, 2022

Alright :)

Though I suggest to check in a few days because @524c got a "302", so I assume a header before the page even loaded, and I have ublock origin running so I can't see any ad on your page.

(edit: was in reply to @stuartlangridge )

Just for clarify:
Copying the malicious link and putting it in the address bar generates a 302 to a porn site. Direct clicking on the link here does not redirect. That's all I wanted to say.
I couldn't reproduce from the link https://kryogenix.org/code/browser/everyonehasjs.html

@arackaf
Copy link

arackaf commented Dec 16, 2022

Next time ping me on bugs like this so I can help reproduce

@NormandoHall
Copy link

Well, SK slogan claims "You will enjoy developing with sveltekit" 🤭

@stuartlangridge
Copy link

OK, an update. This seems to be a problem at GoDaddy, who apparently own my hosting company.
https://community.cloudflare.com/t/redirecting-to-unwanted-sites/445551 describes this problem and gives a GoDaddy incident ID of INC-5492776.
My apologies for all this. I have temporarily redirected my whole site to a maintenance page until this is fixed.
Thank you all for the alert on this.

@Conduitry
Copy link
Member

Well that is truly bizarre. Thank you for the update! And good luck!

@Rich-Harris
Copy link
Member

Now that we know the cause, I think we can safely close this issue — thanks!

@stuartlangridge
Copy link

And just to confirm, I have now migrated (or am in the process of migrating) my website to new (better) hosting, so this problem should not recur. Thank you all, and hopefully I don't cause you trouble again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

7 participants