Hacker News new | ask | show | jobs
by machinesofn 4093 days ago
That's correct. I work at a company in the US, and visitors to our website were giving the "Malicious Script" alert because we had Baidu analytics installed. Defending against this is much more nuanced than just blocking all traffic from China.
2 comments
akurtzhs 4093 days ago
I'm curious what prompted installing Baidu analytics in the first place.
link
sarciszewski 4093 days ago
So block the Baidu analytics CDN and call it a day?
link
machinesofn 4093 days ago
That would work, assuming there isn't a workaround. If they were really serious about the attack, though, it's easy to imagine ways around that, especially if you add the possibility of browser caching and exploits in the injected script.
link