-1

I am using a template blogger with an 'ad virus'.

The virus redirect users to others pages like bet365.com.

The virus is scrambled and I can not think of a quick way to unscramble.

As I can not find the 'href' for 'ad links' in 'dom' or 'http links' for 'windows.location.href' in the javascript code since it is scrambled.

I thought about getting the final output link using some listener for redirect event JavaScript like OnHashChange and then cancel the redirect if it was an 'ad link'.

https://developer.mozilla.org/pt-BR/docs/Web/API/WindowEventHandlers/onhashchange

Where OnHashCahnge return the new URL and old URL, but only for hash urls.

So I try beforeunload

https://developer.mozilla.org/pt-BR/docs/Web/Events/beforeunload

But although I can use a function before leaving the page, it does not return the new URL

Escanor Nanatsu no Taizai
  • 7
  • 3
  • 3
    Why are you using an infected template in the first place? – Ropali Munshi Jan 28 '19 at 03:55
  • I liked the template, and I do not have the money or time to copy it or make my own. The template is for free, but everything has its price, the price is the job of taking the virus, and I think I could do it quickly if I could get the url of the page that will be redirected. It's a problem similar to an ad block chrome extension, but for one site. – Escanor Nanatsu no Taizai Jan 28 '19 at 04:02
  • Using an infected template is just a bad idea overall. Try to find a free alternative or workaround that does not require using something already infected. – Keno Jan 28 '19 at 04:04
  • There are many free template providers for blogger which are reliable. If you are using an infected template then you are compromising your website's security and users trust. – Ropali Munshi Jan 28 '19 at 04:06

1 Answers1

0

As everyone here suggests, you should not use any templates (actually everything) that contains or infected by any form of malicious code.

Since you insist on fixing this rather than finding a new one, here is what you can try.

Override all of the possible redirect functions so that if the virus tries to use any of the redirect functions here, it will be in your control instead.

Here is a topic that includes, I think, every possible redirect functions in JavaScript, so you can try to override them to see if it helps. Not guarantee though.

If this way does not do the trick then I still recommend changing template, or even if it does solve this redirect problem I still insist that you change the template because the template you are using is compromised and this is the only problem you found. There might be other security holes out there that you have not found yet.

holydragon
  • 6,158
  • 6
  • 39
  • 62
  • There are many functions that redirect in different ways. The virus also made my site inaccessible if I deleted certain vital functions for its functioning. JavaScript can also get code from a string with eval ("my script here"); Modify the elements href or create elements with href where users will click. Can you think of a quick way to solve this? – Escanor Nanatsu no Taizai Jan 28 '19 at 05:19