All geek questions in one place

Embedding javascript in my html

Very often, I find in the log requests for javascript that are not part of my site.

One such javascript is "showpass-1.5.js", and the error looks like this:

2015/12/06 07:03:27 [error] 14129#0: *54208136 open() "/usr/share/nginx/html/nsl.mapticket.net/sd/apps/showpass/showpass-1.5.js" failed (2: No such file or directory) [...]

I think someone is injecting arbitrary code into the html of my site and trying to collect information about my users. But who and under what circumstances?

I do not have much experience with HTTP protocols. Is this a vulnerability of sites using HTTP (rather than HTTPS), and how to protect your website from these activities?

+5
source share
1 answer

These requests come from the ShowPass script adware - as the commentator above noted, this most likely concerns the computers of your visitors that are infected, not your site. There you can’t do much, but this is not a direct threat to your site or server.

More details: http://www.shouldiremoveit.com/ShowPass-Smartbar-132262-program.aspx

0
source

Source: https://habr.com/ru/post/1237553/

More articles:


All Articles