Log in

No account? Create an account
No Opt In, No Ads
Fueling the resistance
Hijacking affiliate links 
4th-Mar-2010 02:32 pm - Hijacking affiliate links
Skittish Eclipse
I've been given a heads up that has done some excellent sleuthing and investigation into hijacked LJ affiliate links:

What is LJ doing to my links?
What is LJ doing to my links? Part 2
What is LJ doing to my links? Part 3

Expect this post to be update through the day as I find out more and come up with a good summary.

ETA: No good summary, but I feel like I should say code got taken down, etc etc, business as usual.
5th-Mar-2010 12:03 am (UTC)
Chances are it wasn't serving on SSL pages--anywhere that LJ would have somebody enter a credit card number would be on an SSL page. So, skimming credit card numbers is not likely--well, nobody should be entering credit card numbers anywhere else, anyway. (It takes extra work to have something serve over SSL, and there wouldn't be any reason to make this run on those pages.)
5th-Mar-2010 12:07 am (UTC)
Let's assume they weren't dumb enough to just blanket insert this code blob.

Passwords however, can be entered into from any LJ page.
5th-Mar-2010 12:35 am (UTC)
You might want to suggest to your friends that they log in on the SSL version of the login page:


That's the best advice I can give on that one.
5th-Mar-2010 12:19 am (UTC)
I just checked. The script shows up on every page in the store, but does not show up on the page where you enter your credit card number.

Which surprises me, given that it shows up on almost every other single page of LJ - front page, profiles, support requests, FAQs, etc. Other than the checkout page, the only other place I didn't find it was in Scrapbook and its management.
5th-Mar-2010 12:25 am (UTC)
None of those other pages are taken care of on the SSL server!

This page was loaded Apr 21st 2018, 9:04 pm GMT.