I have been updating our website so that it will comply with full conversion of https:// and SSL requirements that are pending with Google's upcoming Chrome release. I think it's silly to force sites to use expensive SSL certificates that have no need for privacy of traffic, but what are ya gonna do at this point? The market winds have shifted.
And in the process, I have discovered that you can view the security of a page by right-clicking on it, and hitting "Inspect" from the menu. There is a "Security" tab. You probably will have to refresh the page to get the Inspector to show the secure and insecure elements.
Well, there is this mystery code that's been popping up on our site that looks like this:
The http:// is what's keeping our site from validating as secure.
I went searching for information about this tracking site, and there is hardly anything listed on Google about it, and nothing on Bing. There are less than 10 sites that mention "positiverefreshment" at all.
So, I tried to sort through all of the code in WordPress and the Theme we use, and nothing seemed to reference this "positiverefreshment" site.
I thought it might be coming from AdSense or some other third party plug-in -- nothing.
I searched our Ubuntu server for any reference -- nothing.
I went back to the browser and noticed that this line is not in the HTML code. It only shows up in the Elements when you use the Inspect option.
It is being spontaneously inserted!
Okay, hmmm. That's really weird.
So, I duplicated one of the pages from WordPress, and chunk by chunk removed elements until I had isolated the culprit. What you see above is the minimum amount of code I had on the page (that would still invoke the mysterious insertion) -- just the JQuery source reference. That's it, nothing else.
So, I downloaded that version of JQuery and replaced it in WordPress with new code. Problem is still there.
If I remove the JQuery, the positiverefreshment reference disappears. SO VERY WEIRD.
I saved it as a .php and a .html page to see if it is being inserted on the server level somehow -- nope, no difference.
Hmmm.
I switched browsers -- to Firefox. And darnit! There it is again.
I switched computers. And it's not there. Not in any of the browsers.
Tried a Mac. Nope, it's not there.
I switched back to the original computer and opened it in MS Edge and Opera. The code is not there in the elements.
So, Chrome and Firefox are both Mozilla and it only shows up in those browsers.
I think I have an interloper -- spyware or a virus.
I edited the HOSTS file and added a line to block any outgoing reference to "track.positiverefreshement.org."
I turned the computer off and switched it with a drive I had been using a month ago. The code is not there -- not in any of the browsers.
So, it must be a fairly recent infection of the Mozilla browsers. Hmmm. Must have gone to some site that I should not have.
I run a MalwareBytes scan and it's still there.
I download Avast and run a full scan. It's still there.
I can't get rid of it. OK, I give up.
And suddenly, as I write this.... It's gone. It's not showing up.
Seriously, it was there a couple of hours ago, still saying our pages were not secure.
And now it's not showing up. The pages are green-locked secure.
Hmmm. This is getting to be very strange indeed. I think I will collect all of my emails and other files from the last month and go back to the old drive; and wipe this new drive. Something is not right here.
To the spyware thieves -- probably Russians, I say: "прощай сука."
I went searching for information about this tracking site, and there is hardly anything listed on Google about it, and nothing on Bing. There are less than 10 sites that mention "positiverefreshment" at all.
So, I tried to sort through all of the code in WordPress and the Theme we use, and nothing seemed to reference this "positiverefreshment" site.
I thought it might be coming from AdSense or some other third party plug-in -- nothing.
I searched our Ubuntu server for any reference -- nothing.
I went back to the browser and noticed that this line is not in the HTML code. It only shows up in the Elements when you use the Inspect option.
It is being spontaneously inserted!
Okay, hmmm. That's really weird.
So, I duplicated one of the pages from WordPress, and chunk by chunk removed elements until I had isolated the culprit. What you see above is the minimum amount of code I had on the page (that would still invoke the mysterious insertion) -- just the JQuery source reference. That's it, nothing else.
So, I downloaded that version of JQuery and replaced it in WordPress with new code. Problem is still there.
If I remove the JQuery, the positiverefreshment reference disappears. SO VERY WEIRD.
I saved it as a .php and a .html page to see if it is being inserted on the server level somehow -- nope, no difference.
Hmmm.
I switched browsers -- to Firefox. And darnit! There it is again.
I switched computers. And it's not there. Not in any of the browsers.
Tried a Mac. Nope, it's not there.
I switched back to the original computer and opened it in MS Edge and Opera. The code is not there in the elements.
So, Chrome and Firefox are both Mozilla and it only shows up in those browsers.
I think I have an interloper -- spyware or a virus.
I edited the HOSTS file and added a line to block any outgoing reference to "track.positiverefreshement.org."
I turned the computer off and switched it with a drive I had been using a month ago. The code is not there -- not in any of the browsers.
So, it must be a fairly recent infection of the Mozilla browsers. Hmmm. Must have gone to some site that I should not have.
I run a MalwareBytes scan and it's still there.
I download Avast and run a full scan. It's still there.
I can't get rid of it. OK, I give up.
And suddenly, as I write this.... It's gone. It's not showing up.
Seriously, it was there a couple of hours ago, still saying our pages were not secure.
And now it's not showing up. The pages are green-locked secure.
Hmmm. This is getting to be very strange indeed. I think I will collect all of my emails and other files from the last month and go back to the old drive; and wipe this new drive. Something is not right here.
To the spyware thieves -- probably Russians, I say: "прощай сука."
2022, August 1 UPDATE: Blogger has removed this public post as being a violation as if I were intentionally posting spyware — even though I did not embed or link to any code. And I was, in fact, pointing out that this code is suspicious and probably spyware, and was mysteriously showing up on our site years ago. This post is a warning and notification for others to be on the lookout for this weird javascript insertion. So, I have posted an image of the code instead, and hope Blogger reconsiders tagging this as pushing spyware, which it is not and never intended to be. To whomever “reported” this as spyware: That is ridiculous and rude and terribly untrue. Could one guess that it was a Russian crook, or someone connected to PositiveRefreshment? Really awful people in the world, and Blogger is not correct to side with them.
its stored in your databases,atleast on my drupal blog ...your computer is fine..try to find string containing "text/javascript" or similar to that within your post...my experience is not only they redirect blog traffic to malware install site, they also using the site as crypto mining
ReplyDeleteThis post is much helpful for us. This is really very massive value to all the readers and it will be the only reason for the post to get popular with great authority.
ReplyDeleteWeb Designing Course in chennai
Web Designing training in chennai
Big Data Training in Chennai
Blue Prism Training in Chennai
Advanced Java Training in Chennai
Software Testing Training in Chennai
German Language Course in Chennai
Web designing Training in Anna Nagar
favourite posts of the week within their respective areas of interest and expertise:https://www.bullyingornot.org/
ReplyDeleteFree download https://imessageforpcz.com/
ReplyDeleteDownload imessage online for PC for free
ReplyDeleteThis is one of the excellent insights I have read for web development. I definitely use these tips more often to my site. Thank you!
ReplyDeleteOpencart Developers India
Hire a Coder
Hire PHP Developer India
Hire Opencart Developer
Hire Wordpress Programmer
Such a great blog.Thanks for sharing.........
ReplyDeleteIELTS Coaching centre in Chennai
IELTS Coaching centre in coimbatore
IELTS Coaching in madurai
IELTS Coaching in Bangalore
IELTS Classes in Bangalore
ielts coaching centre in bangalore
ielts Coaching centre in marathahalli
IELTS Coaching in Hyderabad
ielts training in bangalore
Ethical hacking course in bangalore
Software Testing Course in Bangalore
ReplyDeleteThis post gives a piece of excellent information. From this blog i learned lot of useful information from this blog
DOT NET Training in Chennai
DOT NET Training in Bangalore
DOT NET Training Institutes in Bangalore
DOT NET Course in Bangalore
Best DOT NET Training Institutes in Bangalore
DOT NET Institute in Bangalore
Dot NET Training in Marathahalli
AWS Training in Bangalore
Data Science Courses in Bangalore
DevOps Training in Bangalore
Thank you for having the time to discuss this topic. I truly appreciate it. I’ll stick a link of this entry in my site. https://royalcbd.com/product/cbd-oil-250mg/
ReplyDeleteGreat article by the great author, it is very massive and informative but still preaches the way to sound like that it has some beautiful thoughts described so I really appreciate this article. Limerick Website Design Service
ReplyDeleteGreat information. The above content is very interesting to read. This will be loved by all age groups.
ReplyDeletefibonacci in python
python class inheritance
length of string in python
palindrome code
digital marketing executive interview questions and answers for freshers
Are you interested in doing Data Science Training in Chennai with a Certification Exam? Catch the best features of Data Science training courses with Infycle Technologies, the best Data Science Training & Placement institutes in and around Chennai. Infycle offers the best hands-on training to the students with the revised curriculum to enhance their knowledge. In addition to the Certification & Training, Infycle offers placement classes for personality tests, interview preparation, and mock interviews for clearing the interviews with the best records. To have all it in your hands, dial 7504633633 for a free demo from the experts.
ReplyDeleteThanks for sharing this blog. It was so informative.
ReplyDeleteHow can I get a job
How to get a job in IT
Thanks for sharing this blog. It was so informative.
ReplyDeleteGerman Classes in Chennai
German Language Classes in Chennai