Googleapis.com hacked?
As you know, host ajax.googleapis.com is a CDN host for many libraries, including jQuery. And now an acquaintance is addressing, who says that when entering his site, Yandex Safe Browsing strongly curses and recommends not visiting, which has suddenly become a dangerous site.
The link to the site immediately went to the online antivirus and site code analyzer. And that's what turned out.
And it turned out a simple thing that the site itself is not infected. There is no virus code in the page code; there are also no modifications of any scripts or uploaded files on the host itself. .htaccess is also empty.
At the same time, from external links on the site there are only links to a couple of counters and to the notorious jQuery library hosted on ajax.googleapis.com. And with her, that's just the problem.
This is what Google Safe Browsing has already given out about its own website:
')
What happened at the time Google visited this site?
On 0 out of 10 pages of the site that we tested in the last 90 days, malware was downloaded and installed without user consent. The last time Google visited this site was 2012-03-18; The last time suspicious content was found on this site is 2012-03-18.
Malicious software includes 44 scripting exploit (s), 29 exploit (s), 1 trojan (s).
Networks that hosted this site: 8 (including AS15169 (Google Internet Backbone), AS9318 (HANARO), AS23338 (DCS)).
Was this site an intermediate in further spreading malware?
Apparently, over the past 90 days, ajax.googleapis.com has been used as an intermediate to infect other sites. The number of infected sites: 6 (including interkambio.com/, laisla.com.co/, animetoplist.org/).
Has this site hosted malware?
Yes. Over the past 90 days, this site has hosted malware. Number of domains infected by it: 8 (including pumpthebeat.com/, trackingvinceyoung.com/, by-murat.at/)
More details and links can be found here .
As you can see now the site is already cured.
But a lot of sites from which there is an appeal to jQuery (other libraries did not look) on ajax.googleapis.com are still blocked by Yandex.
Google, Yandex did not give anything about the details of hacking or problems. Does anyone have any guesswork or details?
Ps. I know that quite often there is jQuery library loading with ajax.googleapis.com in the injected code, but in this case this is not the case.
The link to the site immediately went to the online antivirus and site code analyzer. And that's what turned out.
And it turned out a simple thing that the site itself is not infected. There is no virus code in the page code; there are also no modifications of any scripts or uploaded files on the host itself. .htaccess is also empty.
At the same time, from external links on the site there are only links to a couple of counters and to the notorious jQuery library hosted on ajax.googleapis.com. And with her, that's just the problem.
This is what Google Safe Browsing has already given out about its own website:
')
What happened at the time Google visited this site?
On 0 out of 10 pages of the site that we tested in the last 90 days, malware was downloaded and installed without user consent. The last time Google visited this site was 2012-03-18; The last time suspicious content was found on this site is 2012-03-18.
Malicious software includes 44 scripting exploit (s), 29 exploit (s), 1 trojan (s).
Networks that hosted this site: 8 (including AS15169 (Google Internet Backbone), AS9318 (HANARO), AS23338 (DCS)).
Was this site an intermediate in further spreading malware?
Apparently, over the past 90 days, ajax.googleapis.com has been used as an intermediate to infect other sites. The number of infected sites: 6 (including interkambio.com/, laisla.com.co/, animetoplist.org/).
Has this site hosted malware?
Yes. Over the past 90 days, this site has hosted malware. Number of domains infected by it: 8 (including pumpthebeat.com/, trackingvinceyoung.com/, by-murat.at/)
More details and links can be found here .
As you can see now the site is already cured.
But a lot of sites from which there is an appeal to jQuery (other libraries did not look) on ajax.googleapis.com are still blocked by Yandex.
Google, Yandex did not give anything about the details of hacking or problems. Does anyone have any guesswork or details?
Ps. I know that quite often there is jQuery library loading with ajax.googleapis.com in the injected code, but in this case this is not the case.
Source: https://habr.com/ru/post/140303/
All Articles