21 January 2008 | 8,317 views

Perl.com Sends Visitors to P*rn Site!

Prevent Network Security Leaks with Acunetix

Another tale to do with advertising, it just goes to show it’s really not a good idea to run JavaScript from a 3rd party source on your site, especially if you don’t want your visitors redirected to a p*rn site!

This is just what happened to Perl.com a few days ago.

Visitors to Perl.com, the O’Reilly Media-owned resource, were redirected on 17th of January to a link farm pushing p*rn sites.

Geeks who hit the site were sent to grepblogs-dot-net, a site that offers links to live adult webcams, erotic blogs and adult erotic fiction, among other things. Closing the Internet Explorer browser window that contains the site caused another link farm of dubious links to open, from a site called cnomy-dot-com. It carries more p*rno links and banner ads claiming visitors have won a free iPod.

“I was aghast,” said Tom Christiansen, author of many of the most popular Perl reference books. “I need to understand the nature of the problem.”

Odd that the name of the p*rn site is pretty geeky too, grep blog? Doesn’t sound like your run of the mile adult webcam directory right?

I guess spammers and getting more clued in, targeting a Perl site..using a geeky blog name – pretty smart.

The episode is the latest example of the perils that come from running ads and javascript from a third-party website. In recent months, rogue ads hosted on DoubleClick, Real Media and others have infected websites. While such services often make life easier for administrators, they also create opportunities for miscreants to defraud users.

Since 2006, HTML code on the Perl.com website has pulled javascript off of the grepblogs site, said Dale Dougherty, general manager of the O’Reilly divisions that’s responsible for upkeep of Perl.com. Once the content on the grepblogs site changed, visitors to the site were soon redirected to other sites. O’Reilly admins fixed the problem at about 6:30 a.m. California time on Friday by nullifying the script.

As many of the members here have done, blocking JavaScript may be a good idea, blocking ads may help or just not surfing at all!

Of course not using Internet Exploder Explorer also goes a long way.

Source: The Register



Recent in General Hacking:
- Dradis v2.9 – Information Sharing For Security Assessments
- MagicTree v1.3 Available For Download – Pentesting Productivity
- Kvasir – Penetration Testing Data Management Tool

Related Posts:
- Trafscrambler – Anti-sniffer/IDS Tool
- MTR – Traceroute on Steroids
- Netscape.com HACKED With Cross Site Scripting (XSS) Vulnerability

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,136,346 views
- Hack Tools/Exploits - 579,923 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 413,514 views

Low-cost VPS Hosting

8 Responses to “Perl.com Sends Visitors to P*rn Site!”

  1. Sir Henry 21 January 2008 at 3:41 pm Permalink

    Indeed, the first thing I noticed was the mention of IE. I just do not understand why people still use IE. Then again, my soon-to-be previous employer builds applications that only run in IE, thus securing their insecurity. Digression noted, I do find their lexicon of geek to be impressive for the sake of domain naming.

  2. Pantagruel 21 January 2008 at 5:12 pm Permalink

    Guess someone found a ‘creative’ way to plug a whole for the needy Perl geeks ;). And indeed their way of finding a sexy url/domain name surely will have fooled some of the geeks until they where confronted with the scantly clad men/women.
    Restricting websites to IE surfers only should be made punishable (a life sentence of lynx usage would be appropriate), it’s shortsighted, extremely annoying and does no justice to your programming/coding skill. Further more I cannot understand why an O’Reilly website would rely on 3rd party sourced Javascripts, you are effectively creating a point of entry/abuse/etc.

  3. Reticent 22 January 2008 at 12:25 am Permalink

    “a life sentence of lynx” – That’s pretty cold, I wouldnt wish that upon anyone :)

  4. goodpeople 22 January 2008 at 12:37 am Permalink

    oh dear.. how sad.. never mind.

    This is just plain stupid. But hey, shit happens. I wonder though how the bad guys got hold of the domain name..

  5. Nobody_Holme 22 January 2008 at 3:23 pm Permalink

    *points at the tutorial on that somewhere on here* at least, i’m pretty sure it was on here… bad guys can read this too…
    I just ignore anything that tries to force me onto exploder… its in my permanent firewall block list just to make sure. So far (and i’ve been doing so for a couple of years now) i think the only site i’ve cared about was some corporate recruitment company who i’ve since found are incompetent in every way anyway, so no loss there.

  6. eM3rC 7 February 2008 at 5:46 am Permalink

    Black hats strike again. Seems like a pretty funny prank to pull considering the volume of people that visit perl.com.

    I think mozilla should be the new default browser!

  7. J. Lion 11 February 2008 at 11:16 pm Permalink

    The example was Internet Explorer (IE) – but was it truly limited to IE or was Firefox vulnerable as well?

  8. eM3rC 12 February 2008 at 2:03 am Permalink

    I would say IE is the most vulnerable to almost every attack. With firefox you can download an addon called noscript which blocks attacks like this and if you are equipped with a good firewall it should catch the download and/or attempt to install this program. Although I dont know about this exploit personally it seems like IE would be the one affected.