[Plugin: 1-click Retweet/Share/Like] Widget contains code from a SPAM server

nvg
(@nvg)

14 years, 3 months ago

I noticed that the iframe that LinksAlpha creates on your site contains this code:

<script type=”text/javascript” src=”http://ads.pro-market.net/ads/scripts/site-129769.js“>http://ads.pro-market.net/ads/scripts/site-129769.js”></script>

which is a script that creates an invisible 1px x 1px iframe which loads a url from from a subdomain on the same domain:

http://pbid.pro-market.net/engine?site=129769

pro-market.net is a known spam server.

To see this, right click in the widget area and select:
This Frame => Show only this frame

On the page that opens, right click and select:
View Source

Scroll down to where you see:

<script type=”text/javascript” src=”http://ads.pro-market.net/ads/scripts/site-129767.js”></script>

paste that url into your browser address bar.

Inspect the code:

document.write(“<IFRAME WIDTH=’1′ HEIGHT=’1′ …….

I’d like to know how why this code is being snuck onto our web sites.

http://wordpress.org/extend/plugins/1-click-retweetsharelike/

Viewing 5 replies - 1 through 5 (of 5 total)

nightflightmedia
(@nightflightmedia)

14 years, 3 months ago

Not only that, but I think it contains BlueKai, Chango, eXelate, and Media6Degrees. I don’t think my other plug-ins could contain them.

Slows down pages immensely. And really sucks.

Data Collected:
Anonymous (browser type, ISP, operating system, page views, URLs), Pseudonymous (IP address)

Data Sharing:
Anonymous data is shared with third parties.

Plugin Author vivekpuri
(@vivekpuri)

14 years, 3 months ago

Almost all widgets and websites(including this one) use 3rd party cookies to help measure, sustain and improve the products. LinksAlpha(company behind this plugin) widgets currently offer user-side opt-out. We will soon support publisher-side opt-out too. As for the impact on load times, according to our measurements, there is no noticeable impact. Still, to mitigate any impact at all, this widget will be transitioning to async js based widget in the next release of the plugin coming out soon. This should eliminate all impact to page load times.

coyotemusic
(@coyotemusic)

13 years, 7 months ago

I can confirm that this widget is significantly slowing down the pageload times for one of my clients: http://www.pinupsalonaustin.com.

Any update on the next release that’ll be using the asynchronous js?

Plugin Author vivekpuri
(@vivekpuri)

13 years, 7 months ago

Can you please instead use the following plugin we offer – http://wordpress.org/extend/plugins/social-discussions/. This plugin loads faster and uses asynchronous js where possible.

coyotemusic
(@coyotemusic)

13 years, 5 months ago

Using Social Discussions now. Thanks for the suggestion!

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘[Plugin: 1-click Retweet/Share/Like] Widget contains code from a SPAM server’ is closed to new replies.