Forum Moderators: martinibuster
I got a message from one of my website visitors today about an ActiveX prompt displayed when website is being loaded. The user suggested that my site is infected with latest MS Zeroday exploit, which is not true but still may damage website reputation.
I tested it and it appears to be triggered by Adsense code. It does not show with the default IE settings, you need to do the following to see it in IE7:
- go to Tools-Internet Options-Security
- select "Internet" zone
- click on "Custom Level"
- scroll down to "ActiveX controls and plugins"
- In "Run ActiveX Controls and Plugins" select "Prompt" - this will trigger the warning "Do you want to allow software such as ActiveX controls and plug-ins to run?"
- If you select "Prompt" in "Script ActiveX controls marked safe for scripting", then you will get a second warning: "A script is accessing software (an ActiveX control) on this page which has been marked safe for scripting. Do you want to allow this?"
Removing Adsense code blocks stops these warnings. If I click no in "Run ActiveX Controls and Plugins" prompt then ads are still displayed.
Although most users won't see this unless they change default IE security settings, I am still concerned about the Adsense code using ActiveX.
Regards,
albl
Are the sites that do trigger it running just adsense or are they also running Google Analytics or some such stats package?
the site I am getting the warning on has just Adsense text ads, no analytics and no image ads
Could there be something else on the page triggering the message?
When I did that test, I pasted AdSense ads into a blank text file. The image ad trggered the message, and the text ad did not. Also, I was using IE6, not IE7.
Meanwhile, I doubt if many people are using the setting that causes the message. It would be really annoying because alot of websites would trigger the message.
