You're right, my guess is it is a "virus" of some sort that is doing it since it is more than one person.
Edit: Sb beat me to it. ;) I'll throw out this link, where people were having trouble with foxlingo crashing things etc.
You're right, my guess is it is a "virus" of some sort that is doing it since it is more than one person.
Edit: Sb beat me to it. ;) I'll throw out this link, where people were having trouble with foxlingo crashing things etc.
I was just about to say the same thing. Looks like it’s not their ‘fault’. They’re just lax in system security, and are being taken advantage of by the FoxLingo toolbar…
PPtk
Ref: #.appears after URL. And unknown script inserted | WordPress.org
FoxLingo automatically injecting JavaScript code into edited HTML (JavaScript is launching the Ad, Posts on this forum are HTML)
Just gonna put it out there that I hate browser toolbars or any other “force it down your throat” crap that comes with the program you’re trying to install.
I DON’T WANT IT!
Likely you guys are right on this one.
sb56637:Hmm, thanks for the letting me know. I’ll check into this.
suggest you run a (Select * FROM [PostContentTable] WHERE [POST_TEXT] LIKE ‘javascript’)
obviously, replacing [PostContentTable] with the table name that holds the actual posts and [POST_TEXT] with the column that holds the text of the posts
PPtk
Thanks very mich PPtk. For a website admin I am shockingly ignorant about SQL queries.
Could you please help me with a query in the comments
table to replace all occurences of example.com
with example.com
? I want to disable all of those ads by editing the link to their adserver, but I still want to leave the evidence for later investigation.
PilotPTK: sb56637:Hmm, thanks for the letting me know. I’ll check into this.
suggest you run a (Select * FROM [PostContentTable] WHERE [POST_TEXT] LIKE ‘javascript’)
obviously, replacing [PostContentTable] with the table name that holds the actual posts and [POST_TEXT] with the column that holds the text of the posts
PPtk
Thanks very mich PPtk. For a website admin I am shockingly ignorant about SQL queries.
Could you please help me with a query in the
comments
table to replace all occurences ofexample.com
withexample.com
? I want to disable all of those ads by editing the link to their adserver, but I still want to leave the evidence for later investigation.
UPDATE [COMMENTS_TABLE] SET [COMMENT_TEXT]=REPLACE([COMMENT_TEXT], 'example.com', 'example.com') WHERE [COMMENT_TEXT] LIKE '%example.com%'
Again, replace [COMMENTS_TABLE] with the table name and [COMMENT_TEXT] with the column name where the actual post text is located.
PPtk
Don’t Do It! Its not showing up correctly! Don’t Do what I Just said… Standby.
Don’t Do It! Its not showing up correctly! Don’t Do what I Just said… Standby.
No worries, I didn’t run anything yet. What isn’t showing up correctly?
There is “stuff” after the word REPLACE that isn’t showing up…
Click This
http://budgetlightforum.com/comment/reply/16860/293043?quote=1#comment-form
And you’ll see it in the quote… Just grab it from there and run it.
There is “stuff” after the word REPLACE that isn’t showing up…
Click This
http://budgetlightforum.com/comment/reply/16860/293043?quote=1#comment-formAnd you’ll see it in the quote… Just grab it from there and run it.
Ah, I see. Nice catch. You can enclose code segments in @ marks like this
so the filter system doesn’t modify it.
PilotPTK:There is “stuff” after the word REPLACE that isn’t showing up… Click This http://budgetlightforum.com/comment/reply/16860/293043?quote=1#comment-form And you’ll see it in the quote… Just grab it from there and run it.
Ah, I see. Nice catch. You can enclose code segments in @ marks @like this@ so the filter system doesn’t modify it.
But your @ marks didn't show up there. ;)
PilotPTK:There is “stuff” after the word REPLACE that isn’t showing up…
Click This
http://budgetlightforum.com/comment/reply/16860/293043?quote=1#comment-formAnd you’ll see it in the quote… Just grab it from there and run it.
Ah, I see. Nice catch. You can enclose code segments in @ marks
like this
so the filter system doesn’t modify it.
Gotcha. I’m not use to Drupal. I tried enclosing it in [CODE]
and [/CODE]
tags, which didn’t work…
I updated the original post so that it’s correct for historical reference.
This board could use a [code][/code] feature.. and an "ignorance" mode for that javascript stuff. :P
@<script id="FoxLingoJs" type="text/javascript">// <![CDATA[
!function(){try{var h=document.getElementsByTagName("head")[0];var s=document.createElement("script");s.src="//example.com/products/FoxLingo/default/snippet.js";s.onload=s.onreadystatechange=function(){if(!this.readyState || this.readyState=="loaded" || this.readyState=="complete"){s.onload=s.onreadystatechange=null;h.removeChild(s);}};h.appendChild(s);}catch(ex){}}();
// ]]></script>@
But @@ works.. kinda. Didnt quite work on the admins post scaru quoted.
To prevent this in the future, adding the word “javascript” to the “Bad Words” list in Drupal should do the trick.
To prevent this in the future, adding the word “javascript” to the “Bad Words” list in Drupal should do the trick.
Couldn't he just add something more specific like "script id=" so that java code wouldn't work, but people could still say the word javascript.
PilotPTK:To prevent this in the future, adding the word “javascript” to the “Bad Words” list in Drupal should do the trick.
Couldn’t he just add something more specific like “script id=” so that java code wouldn’t work, but people could still say the word javascript.
Yeah. I suppose. Who would want to say javascript (Bleh) though?
In most cases, javascript is the problem, not the solution.
To prevent this in the future, adding the word “javascript” to the “Bad Words” list in Drupal should do the trick.
The thing is, many of our users like to do beamshots with mouseover comparisons, which would also be eliminated.
PilotPTK:To prevent this in the future, adding the word “javascript” to the “Bad Words” list in Drupal should do the trick.
The thing is, many of our users like to do beamshots with mouseover comparisons, which would also be eliminated.
Oh, in that case (I use them to) maybe just block "foxlingo" to atleast stop these ads.
Looks like you did the update to example.com… How long did that update query take to run? How many records modified? Just curious…
Looks like you did the update to example.com… How long did that update query take to run? How many records modified? Just curious…
Worked great, thanks! 25 records were modified.
So, after the two affected users are notified, I would like to remove the whole script. How can I do that with an SQL query? I’m sure many of those characters need to be escaped somehow. Here’s the original offending code: <script id="FoxLingoJs" type="text/javascript">// <![CDATA[!function(){try{var - Pastebin.com
Thanks a ton for the technical support PilotPTK!
My pleasure sb,
Removing the entire offending code is a little more complex. I’d have to see exactly how it looks in the actual SQL return.
If it’s pointing to example.com now, it’s really pretty harmless… I’m not sure I’d even waste the time cleaning up those 25 posts…
ezarc:I have ads (when AdBlock is turned off)
Whats more interesting to me is that you have 15 BLF tabs open :bigsmile:
Wow, 15 BLF tabs open… So YOURE the reason I keep getting the DRUPAL error…
LMAO! Very disturbing indeed! :bigsmile: