Unexplainable ads on my published web pages

Discussion in 'malware problems & news' started by techie101, Aug 27, 2003.

Thread Status:
Not open for further replies.
  1. techie101

    techie101 Registered Member

    Joined:
    Aug 27, 2003
    Posts:
    8
    I am using Microsoft FP98 to publish the pages on my web site.
    Yesterday I noticed that EVERY page now has ads on the bottom.
    I have no idea how the got there. Even the pages that do not use outside services (counters, trackers, banners etc) are infected.

    I used Spybot and Adaware and they found a doubleclick cookie which was removed from my system.

    However, when I go to the web pages now, the ads are gone but a white empty box remains. Some boxes are empty, and others contain an error message: Action cancelled. Internet Explorer cannot link to the web page you requested.

    I can't figure out how to get rid of the box.

    Since I don't know how this happened to begin with, I need to figure out how, then why, and take precautions not to have it happen again.

    When I view the pages in MSFP, I do not see an box or ads. The html coding looks normal and I do not see any code added.

    PS: I have Spyblocker, Spywareguard and SpywareBlaster installed, and this still occurred. It has me worried. If these programs can't stop such nonsense....then what.

    The web pages are published on Tripod and I wonder if they are responsible. I have emailed them, but as yet am waiting for an answer.

    I need help please. Thank you.
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,285
    Location:
    New England
    Hi techie,

    I think first we need to determine if the Ads are only visible to you, (when you view the pages in a browser from your system only), or if they are visible to everyone who visits your pages.

    If the former, then it is likely that your system has some sort of as yet undetected spyware which makes these Ads appear in your browser. If everyone can see them, then clearly this must be right in the webserver / host itself, and not within your system. This will point us to the next steps we need to take.

    The obvious way to do this is to have someone else view your site, (or you from another system), and to compare what is seen. Can you do this or would you like us to take a look?

    My guess at this point, just based upon what you've said is that it may be your system only. You said the code has not changed for the pages themselves and yet the Ads, or now the blank spaces where the Ads were, are still there. It sounds like some spyware was cleaned from your system, thus breaking the Ads.

    Let us know if you want us to take a look or if you've checked from elsewhere.
     
  3. techie101

    techie101 Registered Member

    Joined:
    Aug 27, 2003
    Posts:
    8
    LowWater,

    Thank you for your answer. At this point, the ads are seen using another computer. Let me clarify.....I never saw the boxes when viewing the pages with MSFP98. I only would see the ads (now the empty boxes) when looking at the pages online. Since the ads appeared on ALL pages of the site, even those that I did not edit recently, I also felt it was the home server.

    The thing that still puzzles me is that I do not see the boxes when viewing the html in normal mode. The pages look fine. I only see the empty boxes when on the web. This would again indicate the home server.
    Could it be that the adware was embedded by the Tripod server and since I deleted the cookie, it no longer can connect to the link it expected to see? This would make sense. In that case, we need to take precautionary steps.

    The web site address will be sent to you via your email and I will unlock the page for you to view it.

    I no longer see ad content since cleaning out the doubleclick cookie, but why do I still see the empty boxes onlineo_O??

    If it is Tripod....do they have a right to do this without telling me?

    Questions...Questions.....

    :mad:
     
  4. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,285
    Location:
    New England
    Well, I couldn't actually get into the page, perhaps it didn't unlock for some reason. But, it may not be necessary for me to... There is a lot of scripting and ActiveX working within the structure of the tripod.com members pages. I had to disable a lot of security in order to even get to the error message that the page was unavailable.

    A lot of hosts will build Ads around the content that their members upload. Your original HTML doesn't need to have it for them to display Ads on your page. It's actually pretty common for members pages on these kinds of Hosts.

    Regarding why the Ads are broken for you now, is it possible your cleaning removed more than just a doubleclick cookie? A cookie removal alone should not block the display of Ads, besides, unless you are now blocking the cookie with some kind of other privacy software, it would just regenerate.

    If Spybot and Ad-Aware removed other things or you used any of their preventative capabilities like Spybot's Immunize, then these could very well be blocking. Also, the other tools you mentioned have powerful blocking capabilities, too.

    Since I can't get to the page itself, I can't state for certain, but, it seems very likely the Ads are from Tripod.
     
  5. techie101

    techie101 Registered Member

    Joined:
    Aug 27, 2003
    Posts:
    8
    LWM,

    I understand your viewpoint. It is peculiar because I have been using Triopd for almost 4 years and never have I had ads on the pages.

    I don't know why the page did not unlock, but I can send you the html from one of the pages if you want to examine it.

    A final test I can run is to generate a test page from a different computer and upload it to Tripod. It the box appears, or worse...ads, then I know it is Tripod.

    If that is the case, I will look for an ad-free home!

    :D
     
  6. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,285
    Location:
    New England
    Turns out I had to lower my security a lot more to get to the pages. :rolleyes:

    Okay, when I view the source on those pages I see a lot of Ad routines there. I went to one sub-page, (the top link in left panel - the for sale page), and got both a pop-up window, and an Ad image at the very bottom of the page that was also blank because of my Hosts file.

    I'm guessing that Tripod has inserted Ad code between your head and body sections. In there is a TripodShowPopup() function. Then below where I think your HTML ends (below the "back to home page" link), is more inserted Ad code... it's all footer Ad related and also is javascript.

    If those functions are not in your uploaded source code, then clearly Tripod is adding them automatically when it gets to their server. :doubt:

    Again, I've seen ISPs and hosts do this for member pages before, so, I'm guessing you don't get an option to prevent it. It's unfortunate, of course, but it may be done to keep hosting costs down.
     
  7. techie101

    techie101 Registered Member

    Joined:
    Aug 27, 2003
    Posts:
    8
    LWM,

    An update: the empty boxes are no longer on all pages. It seems that the majority of the pages are clear now. I didn't do anything.

    I still cannot find any problem with the code so I am sending you one of the simpler pages to look at if you have the time.
    I would appreciate it.

    My site visitors are complaining about commercial ads on a non-commercial site (mine) so I need to make sure it is not my system.

    I tried to send Tripod a test page from another computer, but it tells me my password or username is not valid. Oh what tricks they play!

    I am still confused at why some pages cleared up and others still have the boxes. These symtoms make it hard to analyze.

    Any help is welcome.

    :(
     
  8. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,285
    Location:
    New England
    Well, I still see both the pop-up window based Ad, and the box Ad at the bottom of the screen (centered and below your "back to home page" link) on every one of your pages that I checked.

    The HTML code that is visible when doing a View Source on those pages still has the added javascript for both of these Ad types. When I disabled my Hosts file, I was able to actually see the real Ads, not just the blank boxes.

    So, I still think your provider is adding those Ads to your uploaded code.
     
  9. techie101

    techie101 Registered Member

    Joined:
    Aug 27, 2003
    Posts:
    8
    LWM,

    MYSTERY IS SOLVED!!!

    Thank you for contacting the Lycos Network Abuse Department.

    Free members no longer have a choice of how ads will appear on their Web
    sites. All free users will now see embedded ads and pop up ads. If you
    decide to build your web site with frames, you run the risk of having
    the ads appear in multiple frames. We suggest that you do not build
    with frames.

    If you would like to upgrade your Web site to an ad free plan starting
    at $4.95 a month, please login to Tripod, go to the My Account page and
    click on Upgrade Your Membership.

    You were right and it was as I suspected! Thank you for confirming what we suspected. I got the email almost the same time I came in on the forum.

    Looking for a new free web hoster with no ads or banners. Know of any reliable ones?

    Thanks again. :D


    READ THIS!
     
  10. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,285
    Location:
    New England
    Well, at least now you know for sure what was causing it.

    The Ad box at the bottom of the pages weren't too bad, but, that pop-up window one was annoying, and I didn't like the content either.

    Hopefully you will find another host that'll be better. Good luck!

    LowWaterMark
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.