Disabling javascript redirects from a website that you own

Forum Moderators: open

Message Too Old, No Replies

Disabling javascript redirects from a website that you own

Fighting back against rogue scareware ads

geckofuel

1:35 pm on Apr 18, 2009 (gmt 0)

For the last 5 months I've been fighting a losing battle trying to track down the source network of rogue scareware ads that are getting shown on my site. Typically, these are javascript redirects.

My question is this: is there anyway to completely disable javascript redirects on a website that you own?

rocknbil

1:55 pm on Apr 18, 2009 (gmt 0)

The question to be asked is how are these "rogue ads" getting displayed on your site? Is it free hosting or has your site been compromised in some way?

If you page is outputting Javascript, the direct answer is to remove the Javascript (?)

geckofuel

3:23 pm on Apr 18, 2009 (gmt 0)

Rocknbil,

The problem I have is more nuanced than your response implies. It's well known that scareware etc. is making it through even reputable ad networks like MTV, BET, Technorati, AddOn etc.

See this for background:
[voices.washingtonpost.com...]

So it's impossible for me to remove all of my ad networks because they are all legit ad networks. I'm trying to put on a little self-reliance and take care of the problem myself.

So does anyone have any ideas for me rather than giving me a lecture?

rocknbil

3:36 pm on Apr 18, 2009 (gmt 0)

For the benefit of those willing to answer, I'm glad I was able to extract how the ads are actually being displayed on your site. You're welcome.

geckofuel

4:42 pm on Apr 18, 2009 (gmt 0)

I could have made this question more generic:

Is there a way to disable a javascript function without disabling javascript all together?

Can you redefine a standard javascript function on-page?

Any ideas are appreciated.

whoisgregg

4:48 pm on Apr 18, 2009 (gmt 0)

While there is probably disagreement over whether an ad network which includes scumware is a "legit" ad network, I think we can still approach the technical side of the matter in a productive way. ;)

If you wish to sanitize third party code before including it in your page, you can have a proxy running on your server. Essentially it fetches the third party code, removes certain strings (probably using a variety of regular expression matches), and then sends the new code to your page. You could use PHP or any other server-side language to accomplish this.

You may run afoul with the third party site if you modify their code in this way, depending on the license agreement you have with them, so this may not be an option. (For example, Google Adsense doesn't allow this.)

HTH :)

geckofuel

8:14 pm on Apr 18, 2009 (gmt 0)

whoisgregg, it's not a matter of "including scumware" it's a matter of the way ad networks market off their remnant inventory. Ad networks such as MTV (which my site uses) explicitly state that they are fully opposed to scumware and work to track it down. Problem is that they can't manually review every buy on the remnant free market.

Back to the technical stuff...are you saying that even though the ads are served through javascript, php could be used to filter?