Menu
I have a personal website deployed by GitHub pages. Last night I noticed a spam link on the front page. The site is stored in a private repo, and deployed to a custom domain name with GitHub SSH encryption.
Some things I've tried to do to fix the issue:
Bitcoin Rush. Nothing.If anyone has suggestions for what else I could try, and what the underlying issue is so I can prevent it happening again in the future.
878
In your html, there is this script:
<script src="https://www.retainable.io/assets/retainable/rss-embed/retainable-rss-embed.js"></script>
which embed this javascript content:
if (document.readyState !== 'loading') {
if (document.querySelector('p')) {
document.querySelector('p').innerHTML = document.querySelector('p').innerHTML + '<div><a href="redacted">Bitcoin Rush</a></div>';
} else {
document.querySelector('div').innerHTML = document.querySelector('div').innerHTML + '<div><a href="redacted">Bitcoin Rush</a></div>';
}
} else {
document.addEventListener('DOMContentLoaded', function(event) {
if (document.querySelector('p')) {
document.querySelector('p').innerHTML = document.querySelector('p').innerHTML + '<div><a href="redacted">Bitcoin Rush</a></div>';
} else {
document.querySelector('div').innerHTML = document.querySelector('div').innerHTML + '<div><a href="redacted">Bitcoin Rush</a></div>';
}
});
}
My guess is that it was supposed to be javascript code used to load the RSS feed from the configuration:
<div id="retainable-rss-embed"
data-rss="https://medium.com/feed/@F_Delahunty"
data-maxcols="3"
data-layout="grid"
data-poststyle="inline"
data-readmore="Read the rest"
data-buttonclass="btn btn-primary"
data-offset="-100">
</div>
But it seems retainable.io was hacked, any url like https://www.retainable.io/test returns the hacked content
A quick solution is not to use retainable.io
196
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
