Quiet as a mouse, there's
a new version of the DrivingRevenue code being served on LJ. This change is, of course, not reflected in the
latest LJ News post or
the latest LJ code release post. And any attempt to
bring this up on
those posts is probably going to get completely buried under the deluge of "OMG I CAN BUY TEN THOUSAND ICON SLOTS ♥♥♥♥"
This code is much more complex. It's also not obfuscated, which is nice. It also seems to be doing a lot more processing on the remote end - there's no more juicy list of strings to pull out and see just what sites it's linkjacking.
It's even got a credit for
a MIT-licensed URL parser it's using. So hooray for not, you know, tripping every single alert in my head that this is probably malicious code within the first ten seconds of looking at it. It's still of dubious ethics but at least it's not acting like it's got tons to hide, you know?
A quick dig into the code shows that it does this:
1. Wake up and get a list of every single link on the page.
2. Send this list to
http://outboundlink.me/anxo/dr_ta_1/dr_rwl_v2.php3. Get back a list of which URLs need to be fuzzled with.
4. Attach code to every single link; upon pressing 'return' or clicking the mouse on the link, check if it's in the list in step 3, and change it.
It also seems to be repeatedly asking outboundlink.me for this data at random intervals. Oh, no, I see: when you roll over a link it'll query outboundlink.me as to what should be done with it. Sneaky sneaky sneaky.
It is not presently stripping Amazon affiliate IDs, nor is it inserting new ones. It is however Doing Things: an unaffiliated link to
China Miéville's upcoming book gets turned into a monstrosity like file:///Users/egypt/Desktop/Friends.html?dr_log=-1&linkout=http%3A//www.amazon.com/Kraken-China-Mieville/dp/034549749X/ upon cut-and-paste. (where 'file:///Users/egypt/Desktop/Friends.html' is the URL of whatever page you'e viewing).
DrivingRevenue also seems to have learned from the mistakes we found; the
crittersbythebay.com problem is no more. I guess they have somewhat more robust code for deciding which links should be munged running on their own server than they were able to kludge up in their original Javascript.
Looks like you can stop most of these shenanigans by blocking outboundlink.me. And
http://l-stat.livejournal.com/js/pagestats/DR_v4u.js - hell, maybe just disallow all Javascript from LJ if they're gonna keep pulling crap like this without saying a damn thing. Actually if you wanna block this I'd suggest blocking outboundlink.* - they've switched from .net to .me, and will probably switch to some other top-level domain as they keep getting noticed. I'm just blocking anything from
http://l-stat.livejournal.com/js/pagestats/ myself.
I really need to sit down and figure out the roadblocks to moving my posting habits to Dreamwidth. Let's see: lost some icon associations upon import, need to find out what'll happen if I try a re-import, XJournal needs a little expanding to deal with multiple services. That's about it.
(thanks to
foxfirefey for the heads-up on the return of this stuff.)