Security Vulnerability
Closed this issue · 3 comments
Several people upon loading the published version of this reported being redirected to different hosts. The GitHub link would also redirect elsewhere, attempt to track the location and send notifications, and prompts to install/download unknown software.
I would provide examples, but I don't wish to expose myself to attackers anymore than I already may have.
Since this inst happening to everyone, It's possible there is some sort of MiM attack going on that is hijacking random amounts of loaded sessions. I'm not sure how this is being executed, only that something malicious is going on.
I suggest you unpublish the site, check with your hosting provider, and scan your code for malicious packages.
If i had to guess, I would say it is something with this line that is replacing all your links and executing malicious code https://github.com/conormccauley1999/DichotomyTests/blob/master/index.html#L34
This appears to be due to an ad script I added to the homepage. I was not aware that it was doing anything other than showing an advertisement in a separate tab.
I'm away from my PC right now but I removed the relevant code from the live page as a temporary fix.
I will look into this in greater detail once I've got access to my PC.
Thanks for bringing this to my attention!
Verified that it's just the ads. Removed notification ad and re-enabled the pop-up ad. I'll try and replace it with a less intrusive version ASAP. Just need to make back the money it costs to host the domain.
Removed ads. Replaced with unobtrusive ad.