this script automatically checks links from hundreds of filehosts. For Firefox, Chrome, Opera, Safari & edge.
< Feedback on W.A.R. Links Checker Premium
After more research, I found where this code is coming from...
it's being injected by my ISP: What is Comcast/Xfinity WiFi Code Injection Doing?
:big-sigh!: Glad it's not any userscripts or their host sites being hacked!
Changing the thread's Title from Heads-up: a security hack? to If You See This Weird Behavior With Your Scripts, It's Probably Due to Your Evil ISP
If You See This Weird Behavior With Your Scripts, It's Probably Due to Your Evil ISP
Guys/gals, a warning...
On one of my Firefox profiles, I got an update for this script -- but not from greasyfork.org. I think I must have subscribed directly from @mental 's site (either mentalps.5gbfree.com, warlc.5gbfree.com, or usa.x10host.com).
What was weird about the update is that Greasemonkey showed a popup notification for script '295074' -- not the script's full name, as is normal.
While browsing, I noticed that 'usa.x10host.com' was being polled on every page load.
I went into the script file, and discovered the following content inside: https://pastebin.com/k66GbfYa
Those of you with much scripting experience, please let us know what's going on in that code.
As a security measure, I did the following: -- turned off automatic updating of the script -- ran a virus scan -- it's in-progress -- checked Greasyfork's version of the script, to see if this code had been updated here -- it has not. -- checked @mental 's site - http://usa.x10host.com/mybb/showthread.php?tid=23 - to see if that code was in the newest version -- it is not. -- saved that code in pastebin, for future reference -- posted this warning here
I'm not a member of mental's forum, and I'm not (yet) motivated to join. But I do want him/her to know what I discovered, so hopefully s/he will see this post.
If you're a member, please direct people here to see my information.
Finally, wanna say that I love this script, and will continue to use it. I do not want to imply that there's something nefarious on mental's part -- just the opposite: I want him/her to know that the previous or current sites might have been breached.