A Consuming Experience

Thoughts on my experiences as a consumer of products, services, people (well maybe not that last one...), from reviews to raves, rants and random thoughts - concentrating on technology, gadgets, software, product usability, consumer issues, customer service. Including some introductory guides and tips on various subjects (like blogging!) which stumped me until I figured them out. And the occasional ever so slightly naughty observation.

Add this blog to Del.icio.us, Digg or Furl | Create Watchlist for this blog

Add this blog to my Technorati Favorites!

Statcounter users: hacker warning!

Monday, August 29, 2005
Deutsch | Español | Français | Italiano | Português | 日本語 | 한국어 | 汉语

Add this post to Del.icio.us, Digg or Furl | Create Watchlist




If you use Statcounter for your hit counter, beware.

Previously I'd noticed that sometimes I got referrals to my blog from statcounter.com/counter/counter.js and there wasn't any real explanation that made sense for it, on the Statcounter forum (e.g. see this thread.) So when I wrote up a summary of common Statcounter referers, I left that as a mystery.

In fact, I've since heard that that referral signifies an attempted account hijack. Apparently it's very easy for hackers to retrieve your counter info and they might even hold your account and sniff for keystrokes, pretending to be a .cgi page at Statcounter. Techie details are at this insecure.org page (and no, I don't understand most of it myself!).

Bottom line is, hackers could find out your Statcounter username and password.

That insecure.org page says that Statcounter have fixed this vulnerability. But I know that some people aren't too sure about how secure they really are, still.

What to do? For starters, if you installed your Statcounter code before April 2005, get ye to the Statcounter installation page pronto and update the Statcounter code in your template (it's the spanner icon next to the project for your blog in the projects list, or in the left hand top corner of the page in most views, click Install Code and make sure you update the Statcounter code in your template to the latest version of the code).

Second, if you use the same username/password for Statcounter as you do for your other Web accounts, don't! Change them (especially if you've encountered the statcounter.com/counter/counter.js referer in your own Statcounter logs). Make sure your Statcounter user/password are different from what you use for your other online accounts.

Finally, you might think twice about continuing to use Statcounter for your hit counter, unless they can assure us all that they have really secured their site and their code. I'm still using them for now because my password for Statcounter is unique and my Statcounter account as far as I can see hasn't been messed with, but I'm certainly going to reconsider my use of Statcounter.

(Thanks to Tab for the heads up on this).


Technorati Tags: , , , , , , , , , , , ,



Links to this post on:

Create link here by posting on Blogger



23 Comment(s):

Hello,

I'm an engineer with StatCounter.com - just to clarify for you, regarding the insecure.org vulnerability, this was promptly and completely fixed at the time it was reported. A company called StationX initially highlighted the vulnerability and reported it to us, and insecure.org simply copied and pasted it - however, they neglected to copy from the StationX report that this vulnerability was fixed. Please see the original StationX report here, along with the solution at the bottom:

http://www.stationx.net/downloads/statcounter_script_injection_user_session_hijack.pdf

The solution reads:

"Aodhan Cullen of statcounter fixed this vulnerability after we informed them. The fix was written using the PHP function htmlentities(). So no more worries.
Attempt now returns a security error in a gif.
HTTP/1.1 200 OK
Date: Fri, 29 Apr 2005 10:10:42 GMT
P3P: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Set-Cookie: session_633549=1114769442%260; expires=Wed, 28-Apr-2010 10:10:42 GMT; path=/; domain=.statcounter.com
Content-Type: image/gif
X-Transfer-Encoding: chunked
Content-length: 49"

So this issue is no longer an issue :)

Regarding the "mystery" statcounter.com/counter/counter.js referrer, counter.js is simply our own script that receives data from your site when someone visits it. Sometimes browsers interpret it incorrectly as a referring link, but it's not, although this does not happen too often.

Thanks!

(By Peter, at Tuesday, September 13, 2005 2:49:00 PM)  Edit Comment

Peter... why is statcounter.com down again? It's been unaccessable for over a week now. What the hell!? I'm paying for extended services and can't even get on the site. Buy more bandwith or pull the plug.

Matthew
nixcreations2003@yahoo.com

(By Anonymous, at Thursday, September 22, 2005 4:26:00 PM)  Edit Comment

Peter thanks for your comment, but I know someone who has had the .js referral script showing up on her awstats (server dependent) and your explanation seems to make no sense, because if she doesn't have the .js on her page then why is she getting ref hits from one?

Matthew I haven't had any problems with Statcounter being down myself, maybe you've been unlucky with your particular server?

(By Improbulus, at Friday, September 23, 2005 10:35:00 PM)  Edit Comment

When I try to go to www.statcounter.com the page does not load and says "Refresh Page" on the upper left blue strip of the window. I deleted all my cookies and made sure statcounter was not being blocked. Anyone ever have this problem?

Matthew

(By Nix, at Friday, September 30, 2005 11:13:00 PM)  Edit Comment

Sorry no Matthew - have you tried asking at the Statcounter forums?

(By Improbulus, at Friday, October 07, 2005 2:56:00 PM)  Edit Comment

Hey matthew, I am currently having the sam problem. It has over 3 days now and I don't know if statcounter is really down or not. I did the samething you did-deleted cookies, cleared temp files etc, still unaccessable. If anyoneesle has or had this problem, and fixed it, please share with us how you did it or what is causeing the problem. As of now, i truely believe the server is down due to 2006 updates maybe.

(By Anonymous, at Friday, January 06, 2006 3:24:00 AM)  Edit Comment

I'm having the same problem, the site does load but without any content, it's blank, and page title says "Refresh Page".

(By Ronald, at Saturday, January 07, 2006 11:06:00 PM)  Edit Comment

This is a mystery to me, I've not been having problems myself. Maybe it's a particular server? I can only suggest you try Statcounter forums or their support. Good luck!

(By Improbulus, at Sunday, January 08, 2006 8:16:00 PM)  Edit Comment

I Have found the solution,
Here Are the steps to take to fix the problem

Go to network connections
Chose and open the connection you use to access the internet
Go to the properties
in the general tab, go to the Internet protocal (TCP/IP)
Highlight and click properties
In the General Tab, click obtain Ip Address automatically
Also click obtain DNS Server Address automatically
Click ok
In the wireless conection properties main tab
click ok
Restart your computer because it may not work instantly
Then you are done
I hope I have been a good help because I have been in the same
situation and it is frustrating
Take care!!

(By Anonymous, at Friday, January 20, 2006 3:22:00 PM)  Edit Comment

Thanks for the comment anon. Hmm I'm not quite sure how this solves the problem Ronald etc are having but if it worked for you, great and thanks for sharing the suggestion!

(By Improbulus, at Friday, January 20, 2006 5:37:00 PM)  Edit Comment

I'll be damned... the suggestion above works. I've been trying to get to statcounter for a month now with no luck. Thanks for the info.

(By Anonymous, at Monday, January 23, 2006 3:27:00 PM)  Edit Comment

Still stumped as to how & why that suggestion would work, but hey if it works for you, good stuff!

(By Improbulus, at Sunday, February 05, 2006 5:01:00 PM)  Edit Comment

I had to remove the code from my web after I got into my friend's mailbox (following the visitor's link). I could see his e-mails -- it scared **it out of me -- it seems my account had been hijacked. Those who visited my site had cookies installed on their puters & one computer crashed after following the link from me ... ughm ... I'm not a computer person but I don't think statcounter is safe. And they never answered my e-mails. Too bad cause I really liked it

(By mvs, at Wednesday, February 15, 2006 4:49:00 AM)  Edit Comment

mvs, not sure what you mean by "following the visitor's links"? Anyway it doesn't look like people are very happy with Statcounter right now...

(By Improbulus, at Friday, February 17, 2006 5:35:00 PM)  Edit Comment

Hi
Ive had the same problem described above regarding being unable to connect to ANY pages related to statcounter.com for a week nowi just get a blank page, i had tried clearing and scanning everything, lowering security settings,dropping firewall to no avail, I tried the suggestion above with the connection settings to obtain the IP auto ect, restarted and bingo! im back into my stats account.
Thanks to the anonymous person who posted it, dont know what it did but it worked :-)

(By Anonymous, at Thursday, April 06, 2006 7:38:00 AM)  Edit Comment

Gotta say I have no idea why it would work but I'm glad it does!

(By Improbulus, at Friday, April 14, 2006 11:49:00 PM)  Edit Comment

hackers suck lol

(By Princess Kiki, at Thursday, May 11, 2006 9:03:00 AM)  Edit Comment

The easier fix if statcounter.com is not loading:

just go to your c:\windows\systme32\drivers\etc folder
open the file called "HOSTS" in notepad
if you find "127.0.0.1 c1.statcounter.com" or "127.0.0.1 www.statcounter.com", put a # in front of the line, like:
#127.0.0.1 c1.statcounter.com
#127.0.0.1 www.statcounter.com

save the file and reload ur browser, it will work fine.
changing ur DNS settings could unblock other potentially harmful sites that were blocked using HOSTS.

(By Anonymous, at Monday, October 09, 2006 10:52:00 PM)  Edit Comment

The solution to change TCP/IP to auto works! For weeks I've had statcounter.com saying forbidden access and blank pages. Statcounter worked on my laptop but didn't work on my desktop. I was stumped. Until I saw this blog.
Thanks to Anonymous for help fixing this issue.

For some reason, all of my connections including wireless had DNS pointing to 85.255.112.217 and 85.255.115.53. I removed them and now statcounter.com works.

I think the DNS was added when I experienced Google.com search links was hijacked. I found a fix that removed my machine from google hijackings. But I guess it didn't remove the DNS settings.

I do believe that this was the cause to the DNS change.

(By Anonymous, at Monday, October 23, 2006 5:42:00 PM)  Edit Comment

You folks need to understand much better your browsers/firewalls/anti-virus/anti-spyware programs you so religiously use.

They are instrumental in blocking your access to sites based on quirks - like if a site uses third party cookies, anti-spyware programs flag it as unsafe and plonk it into the hosts file which is used to manipulate domain resolution to ip address.

In addition to that, some ISP's have DNS problems and on and off you find you cannot reach a certain site simply because the ISP's DNS doesn't have the information at that moment.

That is why "obtain DNS automatically" works better as it picks a different DNS server if the initial one is down or doesn’t have the information. Otherwise you always look in the same "reference" which doesn’t have it - and you'll never find it until that DNS server gets updated correctly, which may be a month of Sundays.

(By Anonymous, at Friday, November 10, 2006 3:22:00 PM)  Edit Comment

Thanks for improving that understanding Anon.

But I think it's better to religiously use firewalls, antiviruses etc than not at all, myself!

(By Improbulus, at Sunday, November 26, 2006 9:24:00 PM)  Edit Comment

Why is my password (secured and encrypted) for www.help2go.com being send to cX.Statcounter.com (X=1 to 20) ??
I can block it now but 'something' is still trying to send it....

(By Anonymous, at Wednesday, May 23, 2007 4:42:00 PM)  Edit Comment

Anon, sorry I don't know, have you tried asking on the Statcounter forums? People are pretty knowledgeable and helpful there, and they'll know a lot more about Statcounter than I do.

(By Improbulus, at Saturday, May 26, 2007 7:19:00 PM)  Edit Comment

Post a Comment | Subscribe to Post Comments [Atom] | Subscribe to all comments on all posts


| Previous Post »
| Previous Post »
| Previous Post »
| Previous Post »
| Previous Post »
| Previous Post »
| Previous Post »
| Previous Post »
| Previous Post »