Is this a recognised technique or what?

TechnoBear · September 15, 2011, 4:18pm

My knowledge of Javascript is pretty limited. I know enough to tweak the occasional image gallery or slideshow script, and that’s about it, so this may be a pretty stupid question, but I’m going to go ahead and ask anyway, because that’s how I learn.

I’ve just been asked to do a complete revamp of a site built by somebody else. I’ve been taking a look to see what’s there, and found a (to me) very odd construction. There are a series of small images, which one clicks for the larger image - except that it doesn’t work like that and I’ve never seen this technique anywhere. The HTML reads

<a href="javascript:openImage('Images/Garden.jpg')"><img alt="garden" src="ImagesGardenSml.html"></a>

The .html file referenced in the <img> tag contains

<head>
<meta http-equiv="refresh" content="0;url=http://**.***.***.**/" />
</head>
<script LANGUAGE="JavaScript">
window.location="http://**.***.***.**/";
</script>

followed by a vast array of numbers, in groups of three, commented out in the HTML. There is a separate file for each image, but the content is identical, as far as I can see.

Clicking the small image opens the URL in a new window. There are no images, just a series of links. I’ve checked the IP address of the URL in hpHosts Online, and it’s associated with a long list of dodgy sites.

My question is basically: was this ever a genuine method to display a large image, or has the site been hacked at some point, or what?

felgall · September 15, 2011, 7:38pm

That technique has only ever been used by people who have never learnt any JavaScript at all. It was more common back when JavaScript used to be mixed with HTML rather than kept in a separate file.

TechnoBear · September 15, 2011, 8:57pm

Thank you for that reassurance. In that case, it fits nicely with the rest of the site, which has been written by somebody with only a hazy notion of HTML.

rpkamp · September 15, 2011, 10:14pm

Looking at that snippet you’re probably better off ditching all existing code and start over from scratch. That will probably be less work than trying to fix what’s already there (unless we’re talking about a very, very large website of course).

And yes, that weird URL stuff looks like the site was hacked / tampered with. Putting a .html as an img src filled with crap has the smell of black hat “SEO” all over it.

mmj · September 16, 2011, 6:41am

Looks like the site was hacked at one point.

Look at it this way:

The pages don’t actually work
They all redirect using Javascript/meta tags (the wrong way to do a legitimate redirect) to some site identified only by a bare IP address
The pages containing the dodgy redirects otherwise contain large lists of dodgy sites.

TechnoBear · September 16, 2011, 12:38pm

I’d already reached the same conclusion. For a start, it’s using a table for layout, but the one part of the site that contains tabular data is not marked up as a table. It’s marked up as a series of <ul>s, each containing a single <li>. All very odd.

Ah, now that was what I was afraid of. As yet, I don’t have access to the server to see if there’s any other evidence of foul play but that stuff set my alarm bells ringing.

@mmj Thanks for confirming the suspicion.