this script automatically checks links from hundreds of filehosts. For Firefox, Chrome, Opera, Safari & edge.
< 腳本W.A.R. Links Checker Premium的回應
After more research, I found where this code is coming from...
it's being injected by my ISP: What is Comcast/Xfinity WiFi Code Injection Doing?
:big-sigh!: Glad it's not any userscripts or their host sites being hacked!
Changing the thread's Title from Heads-up: a security hack? to If You See This Weird Behavior With Your Scripts, It's Probably Due to Your Evil ISP
QingJ © 2025
镜像随时可能失效,请加Q群300939539或关注我们的公众号极客氢云获取最新地址
If You See This Weird Behavior With Your Scripts, It's Probably Due to Your Evil ISP
Guys/gals, a warning...
On one of my Firefox profiles, I got an update for this script -- but not from gf.qytechs.cn. I think I must have subscribed directly from @mental 's site (either mentalps.5gbfree.com, warlc.5gbfree.com, or usa.x10host.com).
What was weird about the update is that Greasemonkey showed a popup notification for script '295074' -- not the script's full name, as is normal.
While browsing, I noticed that 'usa.x10host.com' was being polled on every page load.
I went into the script file, and discovered the following content inside: https://pastebin.com/k66GbfYa
Those of you with much scripting experience, please let us know what's going on in that code.
As a security measure, I did the following: -- turned off automatic updating of the script -- ran a virus scan -- it's in-progress -- checked Greasyfork's version of the script, to see if this code had been updated here -- it has not. -- checked @mental 's site - http://usa.x10host.com/mybb/showthread.php?tid=23 - to see if that code was in the newest version -- it is not. -- saved that code in pastebin, for future reference -- posted this warning here
I'm not a member of mental's forum, and I'm not (yet) motivated to join. But I do want him/her to know what I discovered, so hopefully s/he will see this post.
If you're a member, please direct people here to see my information.
Finally, wanna say that I love this script, and will continue to use it. I do not want to imply that there's something nefarious on mental's part -- just the opposite: I want him/her to know that the previous or current sites might have been breached.