Home/ Questions/Q 9108011
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T02:42:27+00:00

First of all I think this is more or less the same problem as

  • 0

First of all I think this is more or less the same problem as "undefined" randomly appended in 1% of requested urls on my website since 12 june 2012 but since I’m a new user and cannot comment on this post and it has no solution yet, I can only ask a new question.

Since 12 June 2012 14:22 EET (the moment when the first error happened) we are experiencing very weird problems:
Less than 1% of the requests to our site have the “undefined” string appended to the end or replacing a valid part of the url and the referrer is a completely valid URL to the site. For example we get a request for http://example.com/foo/undefined with referer http://example.com/foo/bar or request to http://example.com/undefined with referer http://example.com/ (the homepage). These URLs come from diverse client IP addresses, diverse ISPs and the browser is most often Chrome, but happens also with IE and Firefox 3.5. It seems like something is rewriting the URL to something invalid, keeping the original URL in the referrer tag.
We can’t reproduce this problem.

We are also exeperiencing another problem mentioned in the comments of the source post: we are receiving URL requests of the form http://example.com/cache/xxx where xxx looks like 32 character MD5 string (exmple: 3d453e96e68cc01ced7920ae77356078 or bbc80a4244caf556fdcaa9fb60231af7). We don’t have the “cache” string in any of our valid URLs. One and the same xxx string may come from diverse IPs for several days, even weeks. And all these weird requests come from a Chrome browser. This problem didn’t started on 2012-06-12. It happens at least since the beginning of the year but is much more rare than the first one. We can’t reproduce this problem too.

Our web site is on IIS, the client side is heavily Javascript-based and we are using the Prototype framework (not jquery).

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Based on this post, I reverse-engineered the “Complitly” Chrome Plugin/malware, and found that this extension is injecting an “improved autocomplete” feature that was throwing “undefined” requests at every site that has a input text field with NAME or ID of “search”, “q” and many others.

    I found also that the enable.js file (one of complitly files) were checking a global variable called “suggestmeyes_loaded” to see if it’s already loaded (like a Singleton). So, setting this variable to true disables the plugin.

    TL:DR;

    To disable the malware and stop “undefined” requests, apply this to every page with a search field on your site:

    <script type="text/javascript">
    window.suggestmeyes_loaded = true;
</script>

    This malware also redirects your users to a “searchcompletion.com” site, sometimes showing competitors ADS. So, it should be taken seriously.

    • 0