Comments | lirion: Oh FFS Livejournal

lirion

Oh FFS Livejournal

Apr 24, 2010 12:07

Please to be stopping the bullshit already.

Wake up and smell the BO of the people fleeing your shady business practices.

Return of the linkjack code"The way it does this is an enormous security risk. What the script does is wait until you mouse over a link. Then, it activates and sends information about that URL to a company called outboundlink. ( Read more... )

Comments 8

moons_storm April 24 2010, 02:10:56 UTC

Yeah. I'm checking my flist over here and replying to people's journals here who don't use Dreamwidth, but I'm blogging over at Dreamwidth permanently now and just cross-posting to LJ.

lirion April 24 2010, 02:17:11 UTC

This is the first entry I haven't posted from DW in awhile - not that I post much at the moment though I'm hoping that will change.

I need to get into the habit of reading my DW friends page and commenting there.

elder_goddess April 24 2010, 05:41:01 UTC

Thankee for the heads-up :-)

lirion April 24 2010, 06:28:14 UTC

Welcome, such as it is...

Also, we have not caught up in forever...

kowari April 24 2010, 09:56:35 UTC

What exactly does that mean?

lirion April 24 2010, 10:09:11 UTC

From here

"A quick dig into the code shows that it does this:

1. Wake up and get a list of every single link on the page.

2. Send this list to http://outboundlink.me/anxo/dr_ta_1/dr_rwl_v2.php

3. Get back a list of which URLs need to be fuzzled with.

4. Attach code to every single link; upon pressing 'return' or clicking the mouse on the link, check if it's in the list in step 3, and change it.

It also seems to be repeatedly asking outboundlink.me for this data at random intervals. Oh, no, I see: when you roll over a link it'll query outboundlink.me as to what should be done with it. Sneaky sneaky sneaky."

So basically, every link posted is sent to outboundlink when someone hovers over it, and then if it's a domain on their checklist, that link is fiddled with.

kowari April 24 2010, 11:17:50 UTC

What on earth for?
Why would you BOTHER with such bollocks? Seems stupid to me.

lirion April 24 2010, 11:31:29 UTC

Well last time they did it it was to add their own affiliate codes to site such as amazon. So if you post a link to Amazon without your won affiliate code and someone then buys the item you've linked to, from that link, they get money.

The problem was last time they were actually replacing existing affiliate codes with their own. This doesn't seem to be the case this time (given the huge outcry last time I'm not surprised), so they may just be adding a code to a link which doesn't have one. However, doing so still means they are modifying your content without knowledge or consent.