: What to do about website users with malware? I have a website I host that uses jquery hosted with google cdn from https://ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js One of my users
I have a website I host that uses jquery hosted with google cdn from ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js
One of my users is complaining the site doesnt work for them. I got them to look in the developer console and they had some error with jquery.min.js so I got them to open the link in a new tab and send me the file. In the bottom of their file is some script that trys to post data to adloads.net but the //# sourceMappingURL in the jquery.min.js causes a javascript error.
I assume they have some malware browser plugin or maybe a virus that injected the extra script into their browser cache.
Is there some way I harden my website so it is not broken for this type of malware? What advice should I give the user?
edit: since posting this I learned about the integrity attribute - it doesn't fix the site for these users but I feel it should be used on external resources: developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
More posts by @Gonzalez347
2 Comments
Sorted by latest first Latest Oldest Best
As Rob suggests, a user's computer is ultimately the responsibility of the user. The best you can do is to make sure your site is secure and not vulnerable to any kind of attack the user's malware infested, virus ridden computer might throw at you (if that really is the case).
If you were able to detect malware on the user's machine then you'd probably want to block that user (if anything), rather than somehow making your site appear immune.
Is there some way I harden my website so it is not broken for this type of malware?
This "malware" appears to be modifying an external resource (JavaScript file). You would need to verify that the contents of the downloaded resource is as expected, perhaps by comparing the contents with some precalcuated hash? But an integrity check (or script signing) of this nature would ideally need to be built in to the browser, rather than home grown.
See this question on StackOverflow:
How can I make sure that my JavaScript files delivered over a CDN are not altered?
However, what exactly is "this type of malware"? It could, theoretically, be doing anything. Injecting code directly into the page, requesting additional resources, etc. etc.?
There are also legitimate browser extensions that modify the HTML source.
What advice should I give the user?
The usual... virus/malware scan. Try a different browser. Try a different computer on the same network.
so I got them to open the link in a new tab
Presumably this "link" was sent to them separately (or verified in some way)? It wasn't grabbed from the page source / developer tools, as otherwise it doesn't necessarily rule out your site being hacked.
No. There is nothing you can do about a user's computer program, even if that program is malware.
As requested: A malware program is a program like any other program running on a user's computer. A web site has no control over the input or output of that malware program or the program itself in the same way that a web site cannot control your installed copy of Microsoft Word. Nor would you ever want that possibility.
In order to respond to a malware program in a different way, just to satisfy a visitor who, apparently, has decided to keep the malware on their system instead, means one needs to understand how the malware works and responds to input in order to re-code their site to respond to that malware on that one computer in a different way that will be unique to that one visitor.
Further discussion into the thought of that will only get me banned from this site.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.