Suddendly i started noticing strange urls in my drupal site error logs. They have url encoded javascript functions and i have no clue where they come from or how to reproduce them. Since the url doesn't exist it shows up on error logs as "Access Denied".
URL
mydomain.com/function%20(a,c)%7Bvar%20b=this.slice((c||a)+1||this.length);this.length=0%3Ea?this.length+a:a;return%20this.push.apply(this,b)}
Referral
mydomain.com/start?created=All&search=&sort_bef_combine=created%20DESC&sort_order=DESC&sort_by=created&page=1
Other example
URL
mydomain.com/function%20(a,c)%7Bvar%20b=this.slice((c||a)+1||this.length);this.length=0%3Ea?this.length+a:a;return%20this.push.apply(this,b)}
Referral
mydomain.com/some-random-url
Another function
mydomain.com/function(b)%7Bif(void%200===this%7C%7Cnull===this)throw%20new%20TypeError;var%20a=Object(this),e=a.length%3E%3E%3E0;if(0===e)return-1;var%20c=0;0%3Carguments.length&&(c=Number(arguments[1]),c!==c?c=0:0!==c&&c!==1/0&&c!==-(1/0)&&(c=(0=e)return-1;for(c=0<=c?c:r.max(e-r.abs(c),0);c
Does anyone knows why this is happening? It's not always the same function, but this one seems to be showing more often than the rest.
I've logged the user agent string of one of the offenders and they were using Firefox 25, but when i access the site using Firefox 25 nothing strange shows up in the logs.
Is it bad coding?
Some browser extension goin' crazy?
Some insight needed please. Thanks
EDIT: Whatever it was, it got fixed or they got fed up. Thanks to all intervenients for the responses.
People (or bots) are trying to exploit your website. Hope you're sanitizing your get variables.
Related
I am nearly done with my code for my new Website but am really bothered that the following gets somehow logged to my Chrome-Console:
For instance, it gets printed when I switch between pages of my Website (using react-router-dom). I am not consciously injecting any script (nor do I know how that would work or why I would do such a thing).
I don't even know what "allpages.js" is, I never came across it so far.
If I click on it, to see the area that throws the error, I get the following (it is on line 83):
Happy to provide any further info or code and thanks everyone!
I'm trying to work on a html file. But I'm getting this error. I'm working on windows xp. I don't know what the error means. I tried running the files on my laptop running on windows 10 and it's giving the same error. I'm attaching a screenshot.
As Adam Axad said, the postimage.org denying access to the images, since its a 403 error.
Make sure whether the postimage.org has o+x (public enter) permission and image has o+r (public read) permission.
Hope it helps :)
The 403 Forbidden error is an HTTP status code which means that accessing the page or resource you were trying to reach is absolutely forbidden for some reason.
Just replace the images to you local once or which you have access to and it will work.
Adam and Thinker answered it, but 403 means you don't have permission to access that url. As the other two said, just try putting the images elsewhere and then linking to them at their new destination.
For future reference, here is a list of all the HTTP response codes. https://developer.mozilla.org/en-US/docs/Web/HTTP/Status
These make it easier to troubleshoot various issues like the one you're facing here, and they are good to know anyways!
I have browsed the web trying to find a solution to this problem, many people have suggested disabling avast plugin, add blocker within chrome extensions yet none of these worked.
the url is https://careers.telstra.com/ you will see half way down next to the facebook feed the twitter feed is empty when using chrome, when I view this in IE, FireFox it displays as I would expect.
I've checked the console log in Firefox and I receive no errors, when I go to chrome on the other hand I see the following:
I personally do not think these are related it any way but I thought I would provide as much information as possible to try and get this fixed.
update Turns out the errors are related to google-cast-sdk instead of silently dumping the errors they have decided to dump them straight in to the console. Read more about it here
I've checked and made sure I'm referencing the correct twitter widget.
We build it as follows as pass it to the page
sb.Append("<div class=\"twitterWidget\"><a class=\"twitter-timeline\" href=\"//twitter.com/telstracareers\" data-widget-id=\"345026269295038465\" data-chrome=\"nofooter noscrollbar transparent\" data-tweet-limit=\"3\">Tweets by #telstracareers</a></div>");
The website runs under https, I have tried the following:
href=\"https://twitter.com/telstracareers\"
href=\"//twitter.com/telstracareers\"
Still have no luck, I'm not sure what else I could try any suggestions?
Thanks
I have an issue that happened to an user of my web-application but that I can't reproduce locally.
The message is the one given in title:
"'XMLHttpRequest.prototype' is null or not an object"
It occurs when trying to do "if (!XMLHttpRequest.prototype.sendAsBinary)"
The user told me he was using Mozilla firefox 4.0 but I can't even reproduce it using this version. I don't manage IE version under 8.
So, my question is:
Can the problem only occur in some browsers?
Does it have something to do regarding the cross-domain policy even though the message is not "access denied". Thus it would be some parameter to change on the server I guess.
Is there a workaround ?
Of course, if you have another idea,feel free to mention it.
Thanks in advance :)
I get this error message in Firebug:
Permission denied for <http://googleads.g.doubleclick.net> to call method Location.toString
It comes from this page:
http://www.comehike.com/outdoors/trees/add_spotted_trees.php?hike_id=108
The login credentials for this page are:
test#comehike.com | password
When I look at it in Firebug, using the Console --> Errors view, I see that error first, followed by a number of other errors, but I can't really double-click on the errors to see what line they are coming from, and the line isn't written there as far as I can see. There are some line references on the page, but they lead to pretty random spots.
Any ideas how to debug such a thing? I am new to JS and FireBug.
Thanks,
Alex
The Location.toString error is usually due to some ad-serving javascript code, trying to get a text version of the current page's location. Firefox denies access to this information to 3rd party scripts by default, since 3rd party scripts should have no business knowing exactly what page you're on.
Basically it's an attempt by ad networks to work around some clients not sending referers, by trying to grab the location data directly.
In firebug under the "bug" icon (upper left when open) you'll see a pause button (in the console tab). This will cause the page to stop loading and jump to the exact error in the script.
However, when I visited the page I do not see any errors.
body' onLoad is:
initializeTreeHike( , );
You don't need to use comma if you wish to pass no parameters to the function.
When I follow the provided link in Firefox 4.0 with Firebug 1.7, I don't receive the error you encountered. What I do receive however is the following:
Syntax error: initializeTreeHike( , );
It appears this is coming from line 326 in add_spotted_trees.php in the following line:
<body onload="initializeTreeHike( , );"
Perhaps you meant to pass in empty strings as parameters?