kit
kit copied to clipboard
sveltejs
Hacked link in docs
Describe the bug
Hello,
When reading the readme on this page https://github.com/sveltejs/kit/tree/master/packages/adapter-static I went directly to a porn page when clicking on "more often than you probably think".
Load the linked url ( https://kryogenix.org/code/browser/everyonehasjs.html ) in your browser and reload the page a couple times, and tell me if it happens to you too.
I tried random other urls on my computer and nothing happend, so I guess I do not have a virus or something alike.
Reproduction
Load https://kryogenix.org/code/browser/everyonehasjs.html multiple times.
Logs
No response
System Info
Windows 10, No VPN, standard french ISP
Severity
serious, but I can work around it
Additional Information
No response
Weird, I was just able to. After a few refreshes I got a 302 to http://46.4.68.136/H8BfdGPh?DOM=kryogenix.org&URI=%2fcode%2fbrowser%2feveryonehasjs.html which redirected me to ... porn.
alright, another maintainer just saw it as well. i guess it's time to cc @stuartlangridge!
I appreciate the CC here, thank you!
I can't replicate this, and I've tried a bunch. The page text itself doesn't seem to contain anything dodgy, having checked on the server. I may have missed something, but my current best guess is that this is a dodgy ad; the page does contain Google ads (because it gets referenced a lot and so having a small income from it is nice, although it doesn't bring in a lot; maybe I need a sponsor programme or something :-)), and perhaps there is an ad in the rotation which is hijacking users to a porn site? This is obviously bad, even if there's nothing much I can do about it; I can't get it to happen to me, no matter how much I try. I'm open to suggestions for how I might fix this -- if there's no obvious fix, then I'll kill the ads on the page, because this is obviously a bad thing to happen to people viewing the page and it needs to be stopped.
Weird, I was just able to. After a few refreshes I got a 302 to http://46.4.68.136/H8BfdGPh?DOM=kryogenix.org&URI=%2fcode%2fbrowser%2feveryonehasjs.html which redirected me to ... porn.
And that site closes when the referrer is github and we click on this link, but copying and pasting it generates a 302 for a porn.
The difficulty now will be to find this possible xss on the report link
OK. For the moment, then, I am going to assume that this is an issue with a bad ad that someone managed to get into Google Ads, and that ad has since been identified and killed from Google's side. However, if anyone manages to see the same thing happen again after this, do please let me know, and if that happens I'll kill the ads; it's certainly not worth it if there's a risk that people are being hijacked to bad places!
Also, I should say: thank you very much for getting this info to me so fast and helping to test for it. I appreciate it. Everyone knows that svelte is super fast, but I didn't realise that that also applied to the community's response as well :-)
The ad redirect thing doesn't make a ton of sense to me because, according to my network tab, I got an actual 302 from your server - I hope my browser wasn't lying to me, and I hope it wasn't actually a client-side redirect from a bad ad getting helpfully normalized in some way to a 302. But that also means the issue is a lot more mysterious. I haven't been able to get it to happen again after the two times I saw it in fairly quick succession.
Alright :)
Though I suggest to check in a few days because @524c got a "302", so I assume a header before the page even loaded, and I have ublock origin running so I can't see any ad on your page.
(edit: was in reply to @stuartlangridge )
OK. For the moment, then, I am going to assume that this is an issue with a bad ad that someone managed to get into Google Ads, and that ad has since been identified and killed from Google's side. However, if anyone manages to see the same thing happen again after this, do please let me know, and if that happens I'll kill the ads; it's certainly not worth it if there's a risk that people are being hijacked to bad places!
Also, I should say: thank you very much for getting this info to me so fast and helping to test for it. I appreciate it. Everyone knows that svelte is super fast, but I didn't realise that that also applied to the community's response as well :-)
I'll try to reproduce in the next few days, if I can, I'll let you know.
I got an actual 302 from your server
That's certainly worrying. I can't work out how that might have happened; I've checked htaccess stuff, and the page itself is plain HTML, and there doesn't seem to be any content in it that might cause a problem. But as mentioned I'm certainly happy to look further into this if it's still happening! This is strange stuff, and I definitely want to fix it if there's something my end that's causing it.
Alright :)
Though I suggest to check in a few days because @524c got a "302", so I assume a header before the page even loaded, and I have ublock origin running so I can't see any ad on your page.
(edit: was in reply to @stuartlangridge )
Just for clarify: Copying the malicious link and putting it in the address bar generates a 302 to a porn site. Direct clicking on the link here does not redirect. That's all I wanted to say. I couldn't reproduce from the link https://kryogenix.org/code/browser/everyonehasjs.html
OK, an update. This seems to be a problem at GoDaddy, who apparently own my hosting company. https://community.cloudflare.com/t/redirecting-to-unwanted-sites/445551 describes this problem and gives a GoDaddy incident ID of INC-5492776. My apologies for all this. I have temporarily redirected my whole site to a maintenance page until this is fixed. Thank you all for the alert on this.
Now that we know the cause, I think we can safely close this issue — thanks!
And just to confirm, I have now migrated (or am in the process of migrating) my website to new (better) hosting, so this problem should not recur. Thank you all, and hopefully I don't cause you trouble again.