Ads....

Stratadrake · Posted: Sat Apr 28, 2007 1:57 pm Post subject:

"View Frame Source" is a standard Firefox command, it appears on the context menu when you right-click within a frame.
_________________
Strata here: [url=http://www.nanowrimo.org/eng/user/242293]Nanowrimo[/url] - [url=www.fanart-central.net/user-Stratadrake.php]FAC[/url] - [url=http://stratadrake.deviantart.com]dA[/url] - [url=www.furaffinity.net/user/Stratadrake/]FA[/url]
[size=9]Disclaimer: Posts may contain URLs. Click [url=http://tvtropes.org/pmwiki/pmwiki.php/Main/TVTropesWillRuinYourLife]at your own risk.[/url][/size]

cstdenis · Posted: Sat Apr 28, 2007 2:01 pm Post subject:

The web developer toolbar lets you do it without clicking in the frame -- which you can't do on flash ad iframes.

Also, it gives you an easy list of frame src info, and acts at least partly on javascript generated code.

Think you can write some javascript to capture that kind of info I can stick in a report ad type link?

Stratadrake · Posted: Sat Apr 28, 2007 6:33 pm Post subject:

[quote]Think you can write some javascript to...[/quote]
I know how to script a trick or two, but I'm not THAT good!

It is possible (I think) to use Javascript to iterate through a page's HTML elements, but I'm not up on the details.
_________________
Strata here: [url=http://www.nanowrimo.org/eng/user/242293]Nanowrimo[/url] - [url=www.fanart-central.net/user-Stratadrake.php]FAC[/url] - [url=http://stratadrake.deviantart.com]dA[/url] - [url=www.furaffinity.net/user/Stratadrake/]FA[/url]
[size=9]Disclaimer: Posts may contain URLs. Click [url=http://tvtropes.org/pmwiki/pmwiki.php/Main/TVTropesWillRuinYourLife]at your own risk.[/url][/size]

Sora121 · Posted: Sat Apr 28, 2007 7:30 pm Post subject:

Well i'm useless with java at this point, but i can get the html of any pages i come across that have the pop up attacks on them so we can track them down easier.

and Denis, whatever you did worked out okay, i'm not seeing as many popups from clickstor now, i got one just about an hour ago but i could'nt get back to it or even find a similar one after that.

cstdenis · Posted: Sat Apr 28, 2007 8:39 pm Post subject:

[quote]but i can get the html of any pages i come across that have the pop up attacks on them[/quote]

Unfortunately, that doesn't help very much due to the complexities of Javascript.

Sora121 · Posted: Sat Apr 28, 2007 10:59 pm Post subject:

yeah i figured as much, it shouldn't be to much longer bfore i start in to some java, after i've gotten CSS down well enough.

Sora121 · Posted: Sun Apr 29, 2007 7:39 pm Post subject:

Okay i think i know just where the ad is coming from. while i was building my forum with the PHPBB editor, i was testing around on it and found a few popup/unders from our good friends at clickstor, that originated from the forums, i'm begining to think that these popups we're seeing are coming from this forum, or the many Google ads we have here on the site. I'm not sure if that really helps you but thats what i've noticed the ads from clickstor originating from.

if it is not infact comeing from the forums coding in some way, then it must be from the Google ads.

Stratadrake · Posted: Sun Apr 29, 2007 8:28 pm Post subject:

I just received a popup while browsing FAC. This wasn't a popup ad, but a Javascript aler() popup.

Gathering relevant information now.

Popup:
[quote][img]http://i67.photobucket.com/albums/h316/Stratelier/popup_bad.jpg[/img][/quote]

The popup is clearly bogus. DriveCleaner is known scareware (and possibly trojan).

Banner ad shown on the page where it occured:
- [url]http://i67.photobucket.com/albums/h316/Stratelier/popup_bad2.jpg[/url]

HTML source:
[list]
<iframe marginwidth="0" marginheight="0" src="http://ipoint.targetpoint.com/tag.php?uid=240312&wd=728&hg=90&cid=1000" frameborder="0" height="90" scrolling="no" width="728"></iframe>
[/list:u]

Iframe source of that banner:
[quote]<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(331174);}
</script><A HREF="http://ad.adserverplus.com/click,gxcAAKyLAACmDQUAD94BAAABXAAAAA4AAgABFQAABgIwCwIAyAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFtnNUYAAAAA
,,http%3A%2F%2Fwww%2Efanart%2Dcentral%2Enet%2Fpic%2D577938%2Ehtml,http://ad.de.doubleclick.net/jump/N4179.oridian_netzwerk/B2195261.23;sz=728x90;ord=1177904987?" target="_blank">
<IMG SRC="http://ad.de.doubleclick.net/ad/N4179.oridian_netzwerk/B2195261.23;sz=728x90;ord=1177904987?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Hier

klicken"></A></body></html>[/quote]

But I don't know if that's enough information to track down the alert box which originally popped up.
_________________
Strata here: [url=http://www.nanowrimo.org/eng/user/242293]Nanowrimo[/url] - [url=www.fanart-central.net/user-Stratadrake.php]FAC[/url] - [url=http://stratadrake.deviantart.com]dA[/url] - [url=www.furaffinity.net/user/Stratadrake/]FA[/url]
[size=9]Disclaimer: Posts may contain URLs. Click [url=http://tvtropes.org/pmwiki/pmwiki.php/Main/TVTropesWillRuinYourLife]at your own risk.[/url][/size]

Falconlobo · Posted: Sun Apr 29, 2007 8:59 pm Post subject:

that poped up on me too and i don't have javascript

that was a weird one that poped up

or ones like that saying something about secearety exchange on the net pop up once in a while

and sorry for my bad spelling

Stratadrake · Posted: Mon Apr 30, 2007 3:33 am Post subject:

[quote]...and i don't have javascript[/quote]
Are you sure?

The confirm() popup is especially annoying, as DriveCleaner is known rogue software:
- http://en.wikipedia.org/wiki/WinFixer
- http://en.wikipedia.org/wiki/SysProtect

And it [i]only occurs when browsing FAC[/i]. Note, however, that the popup message box originates from the DriveCleaner.com domain.
_________________
Strata here: [url=http://www.nanowrimo.org/eng/user/242293]Nanowrimo[/url] - [url=www.fanart-central.net/user-Stratadrake.php]FAC[/url] - [url=http://stratadrake.deviantart.com]dA[/url] - [url=www.furaffinity.net/user/Stratadrake/]FA[/url]
[size=9]Disclaimer: Posts may contain URLs. Click [url=http://tvtropes.org/pmwiki/pmwiki.php/Main/TVTropesWillRuinYourLife]at your own risk.[/url][/size]

Benk · Elder In Training Joined: 28 Jul 2006 Posts: 3733

Ahh!! Winfixer!

For anyone who does not know winfixer; its pops up an ad for virus detecting softwear and opens up another iwndow no matter what you click. The only two ways to get rid of it are to wipe your harddrive or buy a product by the company who makes winfixer. But those might be outdated, that was like that when it was on my computer

Falconlobo · Posted: Mon Apr 30, 2007 10:26 am Post subject:

yes i'm sure i never purchached a javascript program not that i know of

i have adobe flash 9 unless that contians a javascript then i don't know

unfocused · Moderator Joined: 17 Jul 2004 Posts: 6983 Location: Texas

[img]http://i4.photobucket.com/albums/y112/unfocused/untitled.png[/img]
_________________
"edit : i luv james" - Layzcarter

cstdenis · Posted: Tue May 01, 2007 12:45 pm Post subject:

I've disabled targetpoint.

Stratadrake · Posted: Tue May 01, 2007 4:03 pm Post subject:

[quote]For anyone who does not know winfixer; its pops up an ad for virus detecting softwear and opens up another iwndow no matter what you click.[/quote]
There's an easier method to avoid Winfixer infections: If the box occurs, unplug your internet connection before dismissing it.

Fortunately, far as I've seen the SysProtect popup boxes are honest enough to take "no" for an answer.
_________________
Strata here: [url=http://www.nanowrimo.org/eng/user/242293]Nanowrimo[/url] - [url=www.fanart-central.net/user-Stratadrake.php]FAC[/url] - [url=http://stratadrake.deviantart.com]dA[/url] - [url=www.furaffinity.net/user/Stratadrake/]FA[/url]
[size=9]Disclaimer: Posts may contain URLs. Click [url=http://tvtropes.org/pmwiki/pmwiki.php/Main/TVTropesWillRuinYourLife]at your own risk.[/url][/size]