It was business as usual when blogger Igor Kromin noticed he was having issues with his site's admin interface. He took a look under the hood and did a little digging around.
After going over his site with a fine tooth comb he noticed something out of the ordinary, something he didn't recall seeing before, something that would let him know someone or something had been there.
This is what he found:
After going over his site with a fine tooth comb he noticed something out of the ordinary, something he didn't recall seeing before, something that would let him know someone or something had been there.
This is what he found:
<script>'undefined'=== typeof _trfq || (window._trfq = []);'undefined'=== typeof _trfd && (window._trfd=[]),_trfd.push({'tccl.baseHost':'secureserver.net'}),_trfd.push({'ap':'cpsh'},{'server':'xxxxxxxx0000'}) // Monitoring performance to make your website faster. If you want to opt-out, please contact web hosting support.</script><script src='https://img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js'></script>A tiny bit of mysterious Javascript he didn't recognize. If he didn't place the code in his pages who did? Was it some hacker in a dimly lit room seeking to wreak havoc on his site? Nope. The culprit was actually his web hosting service -- GoDaddy. You're probably wondering (like I did) why would a web hosting service covertly inject JavaScript into their client's web pages?
According to remarks found in the code its purpose is to monitor performance to make your website faster. Well that sounds good, right? Not so fast! Everyone wants a faster website and monitoring performance is nothing out of the ordinary so no problem there. The actual problem is that the inclusion of the code was done right under GoDaddy's clients' noses. Now that's a huge problem and on top of that, the code as in Igor's case caused problems.
In all fairness, there is an option to opt-out from having this code used on your site, but shouldn't they have allowed clients to opt-in in the first place. Check out Igor's blog for more details and for steps to turn the code off ... that is if you plan to keep using the GoDaddy's hosting service. You can get to Igor's blog here.
No comments:
Post a Comment