eyeblaster/addineyeV2.html traffic found on website

Today we happened to notice traffic on our site was showing the URL “/eyeblaster/addineyeV2.html” which caused us some concern.

The first thing we did was head to the server FTP and look for the folder “eyeblaster” which did not exist. We then realised this was some kind of attack using a potential insertion of code which was searching for an Adsense vulnerability.

We looked at the page that was generating the starting problem which was using Google Adsense.

On further investigation we found that this was aimed at the Adsense Ads, this needed to be prevented.

Eyeblaster is an online advertising company that is suggested to be malware which finds its way onto most computers. It functions using what is known as an iframe buster. This specific one is written by Media Mind who are also called Sizmek.

We investigated further to discover the company creates an ad-serving “EyeBlaster” script which loads various ads into one advert. A lot of online advertisers are now using this tool for their own adverts.

Preventing eyeblaster/addineyeV2.html

Option 1 – Robots.txt file can have the following added:-

Disallow: /eyeblaster
Disallow: /addineyeV2.html

Option 2 – Add to your .htacess file the following:-

RewriteCond %{REQUEST_URI} (eyeblaster|addineyeV2) [NC]
RewriteRule ^(.*)$ /index.html? [R=301,L]

Option 3 – Create a blank file and place it in a new folder as below:-

/eyeblaster/addineyev2.html
/eyeblaster/addineyeV2-secure.html

There are some documents relating this:-

Stub files and iframe busters – https://support.google.com/dfp_premium/answer/1085693?hl=en