Find the answer to your Linux question:
Results 1 to 5 of 5
Hello all, I've been having some issues with the computer and today i was looking at the source for google.com in my browser, and it came out to 4 lines ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2009
    Posts
    47

    have I been attacked with Javascript?


    Hello all, I've been having some issues with the computer and today i was looking at the source for google.com in my browser, and it came out to 4 lines of all javascript? Is this indicative of javascript dns takeover? I've pasted the code below. I have javascript turned off and if i turn it on this page won't load,
    so I can't wrap it in code tags. I'm sorry. If someone could also tell me what the text codes are for that?

    <!doctype html><html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>Google</title><script>window.google={kEI:"IHDbSsU6k-yzA4iOrdkC",kEXPI:"17259,20495,21766,22107,22189,2 2199,22217",kCSIE:"17259,20495,21766,22107,22189,2 2199,22217",kCSI:{e:"17259,20495,21766,22107,22189 ,22199,22217",ei:"IHDbSsU6k-yzA4iOrdkC"},pageState:"#",kHL:"en",j:{en:1,l:func tion(){},e:function(){},b:location.hash&&location. hash!="#",pl:[]}};
    (function(){for(var d=0,c;c=["ad","bc","p","pa","zd","ac","pc","pah","ph","sa", "zc","zz"][d++](function(b){google.j[b]=
    function(){google.j.pl.push([b,arguments])}})(c)})();
    window.google.sn="webhp";window.google.timers={loa d:{t:{startnew Date).getTime()}}};try{window.google.pt=window.gtb External&&window.gtbExternal.pageT();}catch(b){}wi ndow.google.jsrt_kill=1;
    </script><style>td{line-height:.8em;}.gac_m td{line-height:17px;}form{margin-bottom:20px;}body,td,a,p,.h{font-family:arial,sans-serif}.h{color:#36c}.q{color:#00c}.ts td{padding:0}.ts{border-collapse:collapse}em{font-weight:bold;font-style:normal}.lst{font-family:arial,sans-serif;font-size:17px;margin-bottom:0.2em;vertical-align:bottom; }.lsb{font-family:arial,sans-serif;font-size:15px;height:1.85em;margin:0.2em;}#gbar{float: left;height:22px}.gbh,.gbd{border-top:1px solid #c9d7f1;font-size:1px}.gbh{height:0;position:absolute;top:24px; width:100%}#gbi,#gbg,#gbs,#gbm{background:#fff;lef t:0;position:absolute;text-align:left;visibility:hidden;z-index:1000}#gbi,#gbg,#gbm{border:1px solid;border-color:#c9d7f1 #36c #36c #a2bae7;z-index:1001}#guser{padding-bottom:7px !important;text-align:right}#gbar,#guser{font-size:13px;padding-top:1px !important}.gb1,.gb3{zoom:1;margin-right:.5em}.gb2{display:block;padding:.2em .5em}a.gb1,a.gb2,a.gb3{color:#00c !important}.gb2,.gb3{text-decoration:none}a.gb2:hover{background:#36c;color: #fff !important}</style><script>var _gjwl=location;function _gjuc(){var b=_gjwl.href.indexOf("#");if(b>=0){var a=_gjwl.href.substring(b+1);if(/(^|&)q=/.test(a)&&a.indexOf("#")==-1&&!/(^|&)cad=h($|&)/.test(a)){_gjwl.replace("/search?"+a.replace(/(^|&)fp=[^&]*/g,"")+"&cad=h");return 1}}return 0}function _gjp(){!(window._gjwl.hash&&window._gjuc())&&setTi meout(_gjp,500)};
    google.y={};google.x=function(e,g){google.y[e.id]=[e,g];return false};if(!window.google)window.google={};window.g oogle.crm={};window.google.cri=0;window.clk=functi on(d,e,f,j,k,l,m){if(document.images){var a=encodeURIComponent||escape,b=new Image,g=window.google.cri++;window.google.crm[g]=b;b.onerror=(b.onload=(b.onabort=function(){delet e window.google.crm[g]}));b.src=["/url?sa=T","",e?"&oi="+a(e):"",f?"&cad="+a(f):"","& ct=",a(j||"res"),"&cd=",a(k),d?"&url="+a(d.replace (/#.*/,"")).replace(/\+/g,"%2B"):"","&ei=","IHDbSsU6k-yzA4iOrdkC",l].join("")}
    return true};
    window.gbar={qs:function(){},tg:function(e){var o={id:'gbar'};for(i in e)o[i]=e[i];google.x(o,function(){gbar.tg(o)})}};</script></head><body bgcolor=#ffffff text=#000000 link=#0000cc vlink=#551a8b alink=#ff0000 onload="try{!google.j.b&&document.f.q.focus()}catc h(e){};if(document.images)new Image().src='/images/nav_logo7.png'" topmargin=3 marginheight=3><textarea id=csi style=display:none></textarea><script>if(google.j.b)document.body.style .visibility='hidden';</script><iframe name=wgjf style=display:none src="" onload="google.j.l()" onerror="google.j.e()"></iframe><textarea id=wgjc style=display:none></textarea><textarea id=csi style=display:none></textarea><textarea id=hcache style=display:none></textarea><span id=main><span id=ghead><div id=gbar><nobr><b class=gb1>Web</b> <a href="http://images.google.com/imghp?hl=en&tab=wi" onclick=gbar.qs(this) class=gb1>Images</a> <a href="http://video.google.com/?hl=en&tab=wv" onclick=gbar.qs(this) class=gb1>Videos</a> <a href="http://maps.google.com/maps?hl=en&tab=wl" onclick=gbar.qs(this) class=gb1>Maps</a> <a href="http://news.google.com/nwshp?hl=en&tab=wn" onclick=gbar.qs(this) class=gb1>News</a> <a href="http://www.google.com/prdhp?hl=en&tab=wf" onclick=gbar.qs(this) class=gb1>Shopping</a> <a href="http://mail.google.com/mail/?hl=en&tab=wm" class=gb1>Gmail</a> <a href="http://www.google.com/intl/en/options/" onclick="this.blur();gbar.tg(event);return !1" aria-haspopup=true class=gb3><u>more</u> <small>▼</small></a><div id=gbi><a href="http://groups.google.com/grphp?hl=en&tab=wg" onclick=gbar.qs(this) class=gb2>Groups</a> <a href="http://books.google.com/bkshp?hl=en&tab=wp" onclick=gbar.qs(this) class=gb2>Books</a> <a href="http://scholar.google.com/schhp?hl=en&tab=ws" onclick=gbar.qs(this) class=gb2>Scholar</a> <a href="http://www.google.com/finance?hl=en&tab=we" onclick=gbar.qs(this) class=gb2>Finance</a> <a href="http://blogsearch.google.com/?hl=en&tab=wb" onclick=gbar.qs(this) class=gb2>Blogs</a> <div class=gb2><div class=gbd></div></div><a href="http://www.youtube.com/?hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a> <a href="http://www.google.com/calendar/render?hl=en&tab=wc" class=gb2>Calendar</a> <a href="http://picasaweb.google.com/home?hl=en&tab=wq" onclick=gbar.qs(this) class=gb2>Photos</a> <a href="http://docs.google.com/?hl=en&tab=wo" class=gb2>Documents</a> <a href="http://www.google.com/reader/view/?hl=en&tab=wy" class=gb2>Reader</a> <a href="http://sites.google.com/?hl=en&tab=w3" class=gb2>Sites</a> <div class=gb2><div class=gbd></div></div><a href="http://www.google.com/intl/en/options/" class=gb2>even more &raquo;</a> </div></nobr></div><div id=guser width=100%><nobr><a href="/url?sa=p&pref=ig&pval=3&q=http://www.google.com/ig%3Fhl%3Den%26source%3Diglk&usg=AFQjCNFA18XPfgb7d KnXfKz7x7g1GDH1tg">iGoogle</a> | <a href="/preferences?hl=en">Search settings</a> | <a href="https://www.google.com/accounts/Login?hl=en&continue=http://www.google.com/">Sign in</a><div id=gbg></div></nobr></div><div class=gbh style=left:0></div><div class=gbh style=right:0></div></span> <center><span id=body><center><br clear=all id=lgpd><img alt="Google" height=110 src="/intl/en_ALL/images/logo.gif" width=276 id=logo onload="window.lol&&lol()"><br><br><form action="/search" name=f><table cellpadding=0 cellspacing=0><tr valign=top><td width=25%>&nbsp;</td><td align=center nowrap><input name=hl type=hidden value=en><input name=source type=hidden value=hp><input autocomplete="off" maxlength=2048 name=q size=55 class=lst title="Google Search" value=""><br><input name=btnG type=submit value="Google Search" class=lsb onclick="this.checked=1"><input name=btnI type=submit value="I'm Feeling Lucky" class=lsb onclick="this.checked=1"></td><td nowrap width=25% align=left><font size=-2>&nbsp;&nbsp;<a href=/advanced_search?hl=en>Advanced Search</a><br>&nbsp;&nbsp;<a href=/language_tools?hl=en>Language Tools</a></font></td></tr></table></form><br></center></span> <span id=footer><center><br><font size=-1><a href="/intl/en/ads/">Advertising&nbsp;Programs</a> - <a href="/services/">Business Solutions</a> - <a href="/intl/en/about.html">About Google</a></font><p><font size=-2>&copy;2009 - <a href="/intl/en/privacy.html">Privacy</a></font></p></center></span> </span> <script>function _gjp() {!(location.hash && _gjuc()) && setTimeout(_gjp, 500);}google.j[1]={cc:[],co:['ghead','body','footer','xjsi'],pc:[],nb:0,css:document.getElementsByTagName('style')[0].innerHTML,main:'<span id=ghead></span><span id=body></span><span id=footer></span><span id=xjsi></span>'};</script><script>function wgjp(){var xjs=document.createElement('script');xjs.src='/extern_chrome/c807e9ccc08a197a.js';(document.getElementById('xjs d') || document.body).appendChild(xjs)};</script><div id=xjsd></div><div id=xjsi><script>if(google.y)google.y.first=[];if(google.y)google.y.first=[];if(!google.xjs){google.dstr=[];google.rein=[];window.setTimeout(function(){var a=document.createElement("script");a.src="/extern_js/f/CgJlbhICdXMrMAo4NUAJLCswDjgHLCswFjgQLCswFzgDLCswGD gELCswGTgJLCswHTgZLCswJTjJiAEsKzAmOAUsKzAnOAIsKzAq OAEsKzArOAYsKzA8OAAs/Vjq-yE5jfcU.js";(document.getElementById("xjsd")||docu ment.body).appendChild(a)},0);
    google.xjs=1};google.y.first.push(function(){googl e.ac.m=1;google.ac.b=true;google.ac.i(document.f,d ocument.f.q,'','')});google.xjs&&google.j&&google. j.xi&&google.j.xi()</script></div><script>(function(){
    function a(){google.timers.load.t.ol=(new Date).getTime();google.report&&google.report(googl e.timers.load,google.kCSI)}if(window.addEventListe ner)window.addEventListener("load",a,false);else if(window.attachEvent)window.attachEvent("onload", a);google.timers.load.t.prt=(new Date).getTime();
    })();

    </script>
    </code>

    --and this bit of Javascript I got from ixquick.com is suspicious to me.

    <code>
    <SCRIPT LANGUAGE=JAVASCRIPT> function getelem (i) { if (typeof document.getElementById == "undefined") { return document.all[i]; } else { return document.getElementById(i); } } function show_img (i_ob) { i_ob.style.visibility = 'visible'; } function show (ob) { ob.style.display = ''; } function hide (ob) { ob.style.display = 'none'; } function changeimage(id, url) { var imgname = document.getElementById(id); imgname.src = url; } function rc (result_number) { getelem('title_' + result_number).style.color = '#BCD3F5'; } function eh (e_ob, fg, enginename) { var sp_el = document.createElement('span'); if (document.blah1.elements[enginename].value != '') { if (fg == 1) { sp_el.innerHTML = 'Click to disable this search engine for your next search'; e_ob.title = sp_el.innerHTML; e_ob.style.color = '#4585e7';} else {e_ob.style.color = '#140b74';} } else { if (fg == 1) { sp_el.innerHTML = 'Click to enable this search engine for your next search'; e_ob.title = sp_el.innerHTML; e_ob.style.color = '#140b74'; } else {e_ob.style.color = '#4585e7';} } } function vch (e_ob, fg, enginename) { if (document.blah1.elements[enginename].value != '') { if (fg == 1) { e_ob.style.color = '#4585e7';} else {e_ob.style.color = '#140b74';} } else { if (fg == 1) { e_ob.style.color = '#140b74'; } else {e_ob.style.color = '#4585e7';} } } function vd_s (form_obj, enginename, engine) { for (i = 0; i < form_obj.elements.length; i++) { elem = form_obj.elements[i].name; if (elem.indexOf('engine') != -1) { form_obj.elements[elem].value = ''; } } form_obj.elements[enginename].value = engine; if (form_obj.elements['query'].value != '') { form_obj.submit(); } } function te (enginename, engine, instance, wp) { var formname = 'blah' + instance; var imagename = instance + engine; if (document[formname].elements[enginename].value != '') { document[formname].elements[enginename].value = ''; document[imagename].src = 'http://us2.ixquick.com/graphics/radio_res_U.gif'; if (wp == 'image') { getelem(imagename + '_span').style.color = '#4585E7'; } else { getelem(imagename + '_span').style.color = '#140B74'; } } else { document[formname].elements[enginename].value = engine; document[imagename].src = 'http://us2.ixquick.com/graphics/radio_res_C.gif'; if (wp == 'image') { getelem(imagename + '_span').style.color = '#140B74'; } else { getelem(imagename + '_span').style.color = '#4585E7'; } } } function changeImages() { if (document.images) { var selected = ""; if (typeof document.blah2 == 'undefined') { var catpos = changeImages.arguments[0].indexOf("_"); if (catpos != -1) { changeImages.arguments[0] = changeImages.arguments[0].substring(0,catpos); } } for (var i=0; i<changeImages.arguments.length; i+=2) { document[changeImages.arguments[i]].src = changeImages.arguments[i+1]; var intext = changeImages.arguments[i] + "_span"; getelem(intext).style.color = "#140B74"; var id=changeImages.arguments[i].indexOf("_"); if (id != -1){ changeImages.arguments[i] = changeImages.arguments[i].substring(0,id); } if (typeof document.blah1 != 'undefined') { document.blah1.cat.value=changeImages.arguments[i]; } if (typeof document.blah2 != 'undefined') { document.blah2.cat.value=changeImages.arguments[i]; } } } } function change (image_id, image_url) { getelem(image_id).src = image_url; return true; } function verifyChecked (form_obj) { var formname = form_obj.name; var orig_query = document[formname].query.value; if (orig_query == "") { return false; } form_obj.submit(); return false; } function maincats (ct) { uncheckall('web', 'phone', 'video', 'pics'); if ((ct == 'video') && (document.blah1.cat.value != 'video')) { for (i = 0; i < document.blah1.elements.length; i++) { elem_name = document.blah1.elements[i].name; if (elem_name.indexOf('engine') != -1) { document.blah1.elements[i].value = ''; } } } changeImages(ct, 'http://us2.ixquick.com/graphics/radio_res_C.gif'); } function cho (c_ob, fg, ct) { if (fg == 1) { c_ob.style.color = '#140b73'; window.status=''; return true; } else { if (document.blah1.cat.value != ct) { c_ob.style.color = '#4585E7'; } else { c_ob.style.color = '#140b73'; } } } function uncheckall() { var selected = ""; var intext = ""; for (var i=0; i<uncheckall.arguments.length; i+=1) { document[uncheckall.arguments[i]].src="http://us2.ixquick.com/graphics/radio_res_U.gif"; intext = uncheckall.arguments[i] + "_span"; getelem(intext).style.color = "#4585E7"; } } function ws () { window.status = ''; } function tc (t_ob) { t_ob.style.color = '#BCD3F5'; } function changeIxquickStarRatingImage(start, end, changeOnColor, newImageSrc) { for (var i=start;i<=end;i++) { if (document.getElementById('title_'+i) && document.getElementById('title_stars_'+i) ) { var current_color = getStyle('title_'+i, 'color'); if ( current_color.indexOf('#') == -1 ) { current_color = rgbConvert(current_color); } if ( current_color == changeOnColor || current_color == changeOnColor.toLowerCase() ) { var baseTag = document.getElementById("title_stars_"+i); var documentTag = baseTag.getElementsByTagName("img"); for (var j = 0; j < documentTag.length; j++) { if (documentTag[j].src.indexOf('s/white/graphics') != -1) { documentTag[j].src = newImageSrc; } } } } } return false; } function getStyle(el,styleProp) { var x = document.getElementById(el); if (x.currentStyle) var y = x.currentStyle[styleProp]; else if (window.getComputedStyle) var y = document.defaultView.getComputedStyle(x,null).getP ropertyValue(styleProp); return y; } function rgbConvert(str) { str = str.replace('rgb', '').replace('(' , '').replace(')' , ''); str = str.split(','); str[0] = parseInt(str[0], 10).toString(16).toLowerCase(); str[1] = parseInt(str[1], 10).toString(16).toLowerCase(); str[2] = parseInt(str[2], 10).toString(16).toLowerCase(); str[0] = (str[0].length == 1) ? '0' + str[0] : str[0]; str[1] = (str[1].length == 1) ? '0' + str[1] : str[1]; str[2] = (str[2].length == 1) ? '0' + str[2] : str[2]; return ('#' + str.join("")); } function newImage(arg) { if (document.images) { rslt = new Image(); rslt.src = arg; return rslt; } } function openResult(imgurl, url, where) { var reg = /result?/; if (reg.test(imgurl)) { var t_url = imgurl + "&j=js&anticache=" + Math.floor(Math.random()*1000001); newImage(t_url); }; reg = /\/highlight.pl?/; if (imgurl == url) { return true; } else if (reg.test(url)) { return true; } where = where.toLowerCase(); if (where == '_blank') { window.open(url); } else { location.href = url; }; return false; } function certifiedsecure() { day = new Date(); id = day.getTime(); eval("page" + id + " = window.open('http://www.certifiedsecure.nl/certificates/52771bfa615370cb7a6a9c31385086a8/', '" + id + "', 'toolbar=0,location=0,statusbar=0,scrollbars=1,men ubar=0,resizable=0,width=580,height=515');"); } var preloadFlag = false; function preloadImages() { if (document.images) { on = newImage('http://us2.ixquick.com/graphics/radio_res_U.gif'); off = newImage('http://us2.ixquick.com/graphics/radio_res_C.gif'); bg = newImage('http://us2.ixquick.com/graphics/blue-bg.gif'); bg_o = newImage('http://us2.ixquick.com/graphics/blue-bg_on.gif'); bg_c = newImage('http://us2.ixquick.com/graphics/blue-bg_click.gif'); pl1 = newImage('http://us2.ixquick.com/graphics/eng/plugin_promo_ff.gif'); pl2 = newImage('http://us2.ixquick.com/graphics/eng/plugin_promo_ff_hov.gif'); pl3 = newImage('http://us2.ixquick.com/graphics/eng/plugin_promo_ie.gif'); pl4 = newImage('http://us2.ixquick.com/graphics/eng/plugin_promo_ie_hov.gif'); a1 = newImage('http://us2.ixquick.com/graphics/eng/protects_privacy.gif'); a2 = newImage('http://us2.ixquick.com/graphics/eng/protects_privacy_hov.gif'); n1 = newImage('http://us2.ixquick.com/graphics/eng/certified_secure_results.gif'); seal = newImage('http://us2.ixquick.com/graphics/eng/privacy_seal_result.gif'); seal_h = newImage('http://us2.ixquick.com/graphics/eng/privacy_seal_result_hover.gif'); preloadFlag = true; } } preloadImages(); function bg_hover(id, imgp_url) { document.getElementById(id).style.backgroundImage = "url(" + imgp_url + ")"; } </SCRIPT> </HEAD><BODY aLink="#4064CE" bgColor="#FFFFFF" link="#4064CE" text="#333333" vLink="#4064CE" leftmargin="0" topmargin="0" MARGINHEIGHT="0" MARGINWIDTH="0" >
    <!-- whichserver: http://s2-us2.ixquick.com/do/--><!-- Loading Time: 0 seconds --><table width="100%" border="0" cellspacing="0" cellpadding="0">
    <FORM NAME="blah1" METHOD=POST AUTOCOMPLETE="off" ACTION="http://us2.ixquick.com/do/metasearch.pl?" onSubmit="return verifyChecked(this);">

  2. #2
    Linux Guru coopstah13's Avatar
    Join Date
    Nov 2007
    Location
    NH, USA
    Posts
    3,149
    wait, why can't you put it in code tags? just manually type them into the post, then paste them, you don't need to click the code button on the post page.

    In any case, can you describe the issues you are having in more detail?

  3. #3
    Just Joined!
    Join Date
    Jul 2009
    Posts
    47
    I think someone has done something to my DNS. I read about Javascript being used to do something like this.

  4. #4
    Just Joined!
    Join Date
    Jul 2009
    Posts
    47
    my laptop, which is having the problem, no longer loads any webpages. I am afraid to open all http traffic to fix this because i am at a risk right now.

  5. #5
    Linux Guru coopstah13's Avatar
    Join Date
    Nov 2007
    Location
    NH, USA
    Posts
    3,149
    What are you using for dns servers? Post contents of /etc/resolv.conf. You can pick what DNS servers you want to use, try using opendns servers. Do you have lots of addons installed in firefox?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •