eric726
join:2009-04-29
|  [Other] Insight is Injecting Pop Up Ads into customer web sessio
This means that they are watching our web sessions and inserting ads into normal web browsing. How is this legal?
Here is a recent story written about Charter Communications performing the same actions:
»www.breakitdownblog.com/charter-···ing-ads/
Attached is a screen shot that is proof that they are injecting ads. This particular pop up was for a Netflix ad. This is a violation of our privacy and it should be considered illegal just like unwanted SPAM messages.
One of the servers your using to do this is: 74.128.17.203. As of now it looks like Insight is using Akamai to inject these ads. The system using this IP address is a Akami Ghost/mirror server.
Insight Communications should be ashamed of themselves for these types of actions. I've also sent this information to the local TV stations and Courier Journal.
 | |
|
 
anonumos
@insightbb.com
| Re: [Other] Insight is Injecting Pop Up Ads into customer web se uhmmm....the cache1.insightbb.com tells me that it's being cached in insight's dns servers, not injected into your browser session. Sounds to me like you've got some spyware on your computer, and want to place the blame elsewhere.
change your dns servers, and you will find no reference to insight at all. | |
|
 | |
| | eric726
join:2009-04-29 | Re: [Other] Insight is Injecting Pop Up Ads into customer web se This has also been tested with a Knoppix boot CD and multiple systems. I have packet dumps of all sessions and proof that this is ad injection. | |
|
| | | |
| eric726
join:2009-04-29
| Re: [Other] Insight is Injecting Pop Up Ads into customer web se said by anonumos :
uhmmm....the cache1.insightbb.com tells me that it's being cached in insight's dns servers, not injected into your browser session. Sounds to me like you've got some spyware on your computer, and want to place the blame elsewhere.
change your dns servers, and you will find no reference to insight at all.
This has nothing to do with being cached in a DNS server. Insight Communication's DNS servers are resolving b.casalemedia.com to two servers under their control. This is where the ads are coming from. Anyone on the Louisville Insight network has the ability to do an nslookup on b.casalemedia.com and see the results for themselves. The IP addresses that this hostname resolves to is what is being used to inject the ads. | |
|
| | Captain_S
join:2008-05-16
Lexington, KY
| Re: [Other] Insight is Injecting Pop Up Ads into customer web se I'm not an Insight customer, did the nslookup for b.casalemedia.com and it resolved to 64.213.163.83. Not an Insight owned IP.
Have a look for yourself:
»whois.domaintools.com/64.213.163.83
Insight is not generating this activity. Probably the sites you're surfing to that are dropping pop-unders. | |
|
| | | eric726
join:2009-04-29
| Re: [Other] Insight is Injecting Pop Up Ads into customer web se Do you guys not understand what I'm saying here?
Insight Communications (cable ISP) is wanting to inject popups into HTTP data. So what they do is install these Akamai devices to serve out the HTML popup ads. They make a change in their DNS servers so that b.casalemedia.com resolves to this server which lives in their datacenter. Of course it has to be THEIR ip address. Look at my nslookups in the picture attached to the first message. This was an nslookup on Insight Communication's DNS server. So that means THEIR DNS server is answering requests for b.casalemedia.com and resolving it to 74.128.17.201 and 74.17.203. So now the ad doesn't look like its going to insight. They do this to mask where the ad is coming from.
I'm getting these DNS servers via DHCP of course. My primary DNS server is 74.128.17.114 and my secondary DNS server is 74.128.19.102.
Here are the results of nslookups to each DNS server:
******************
C:\nslookup b.casalemedia.com 74.128.17.114
Server: cache1.insightbb.com
Address: 74.128.17.114
Non-authoritative answer:
Name: a1083.g.akamai.net
Addresses: 74.128.17.203
74.128.17.201
Aliases: b.casalemedia.com
b.casalemedia.com.edgesuite.net
**********************
C:\nslookup b.casalemedia.com 74.128.19.102
Server: cache2.insightbb.com
Address: 74.128.19.102
Non-authoritative answer:
Name: a1083.g.akamai.net
Addresses: 74.128.17.203
74.128.17.201
Aliases: b.casalemedia.com
b.casalemedia.com.edgesuite.net
***********************
Of course your DNS servers are not going to resolve an Insight address to this hostname. This is a change that Insight has made in THEIR DNS servers. | |
|
| | | | eric726
join:2009-04-29
1 edit | Re: [Other] Insight is Injecting Pop Up Ads into customer web se When you click on the pop up ad itself you go to:
»c.casalemedia.com/c/1/1/67739/aH···Y3QvMDEv
c.casalemedia.com also resolves to an Insight Communications address:
************************
C:\nslookup c.casalemedia.com
Server: cache1.insightbb.com
Address: 74.128.17.114
Non-authoritative answer:
Name: a1195.g.akamai.net
Addresses: 74.128.17.241
74.128.17.211
Aliases: c.casalemedia.com
c.casalemedia.com.edgesuite.net
*************************
So the solution here is to either add a entry into your hosts file to point b.casalemedia.com and c.casalemedia.com to 127.0.0.1 so you will not see the data or you can use recursive DNS servers that do not belong to Insight. Either one will block these pop ups from your system. | |
|
| | | | N4AOF
join:2009-04-01
Louisville, KY
 ·Insight VOIP
| said by eric726  :Do you guys not understand what I'm saying here? Yawn -- Do you not understand what everyone else is saying? No one else is seeing this problem. I use Insight continuously in the Louisville area and have never seen the problem you claim -- although I can't say that I would care if it did happen.
casalemedia is nothing but a popup ad service used my numerous websites, so if Insight were substituting their choice of stupid popup ad instead of the website's choice of stupid popup ad, I don't see that as a problem for the consumer (although I can see where casalemedia might care). | |
|
Damon85
Premium
join:2004-12-25
Louisville, KY
1 edit | I can confirm that the two hosts in question (b. and c.casalemedia.com) do resolve to Insight-operated addresses when using their DNS servers, and resolve to different addresses when using a variety of other DNS servers located elsewhere...
With that being said, absent any evidence that the ads are actually being injected, I can't rule out the possibility that these addresses serve intentionally placed ads from Akamai's network to Insight customers locally, for purposes of loading faster (perhaps through contract with Akamai). That would likely explain the wide variety of addresses seen when resolving the two domain names on other ISP networks.
Do you have any page content you know to be ad-free that has had these advertisements injected on Insight's network?
I don't mean to discount your story -- it is possible that Insight is injecting ads into HTTP sessions, and on some level, it wouldn't surprise me... but sometimes things aren't always nefarious in nature.
Edit: Adding the results for the domain:
; > DiG 9.3.4-P1 > @cache1.insightbb.com b.casalemedia.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2345
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 9, ADDITIONAL: 4
;; QUESTION SECTION:
;b.casalemedia.com. IN A
;; ANSWER SECTION:
b.casalemedia.com. 1313 IN CNAME b.casalemedia.com.edgesuite.net.
b.casalemedia.com.edgesuite.net. 19313 IN CNAME a1083.g.akamai.net.
a1083.g.akamai.net. 20 IN A 74.128.17.201
a1083.g.akamai.net. 20 IN A 74.128.17.203
;; AUTHORITY SECTION:
g.akamai.net. 1313 IN NS n0g.akamai.net.
g.akamai.net. 1313 IN NS n1g.akamai.net.
g.akamai.net. 1313 IN NS n2g.akamai.net.
g.akamai.net. 1313 IN NS n3g.akamai.net.
g.akamai.net. 1313 IN NS n4g.akamai.net.
g.akamai.net. 1313 IN NS n5g.akamai.net.
g.akamai.net. 1313 IN NS n6g.akamai.net.
g.akamai.net. 1313 IN NS n7g.akamai.net.
g.akamai.net. 1313 IN NS n8g.akamai.net.
;; ADDITIONAL SECTION:
n0g.akamai.net. 105 IN A 63.227.135.25
n3g.akamai.net. 1785 IN A 74.128.17.206
n4g.akamai.net. 950 IN A 74.128.17.237
n7g.akamai.net. 805 IN A 74.128.17.196
;; Query time: 201 msec
;; SERVER: 74.128.17.114#53(74.128.17.114)
;; WHEN: Thu Apr 30 08:48:10 2009
;; MSG SIZE rcvd: 367 | |
|
| eric726
join:2009-04-29
| Re: [Other] Insight is Injecting Pop Up Ads into customer web se Yes. Actually if you look above at the image you will see the ad injected into a "thedailyplate.com" ad. I've also seen these ads injected into my own website "peekconsultingllc.com" and another site I own "billeteyewear.com". Neither of these websites have advertising or popup ads of any type.
I have a friend that reported these injections to me and he saw popups on a site that he owned. I didn't start to look into this until it happened to sites that I owned. | |
|
| | Damon85
Premium
join:2004-12-25
Louisville, KY
| Re: [Other] Insight is Injecting Pop Up Ads into customer web se What you posted doesn't necessarily prove that ads were injected into the pages, but maybe we can approach this another way:
Do you have any information on the frequency at which the ads are being inserted, and the source code that's causing them to be generated? I was unable to reproduce the pop-ups here after several tries. | |
|
|
|
| |
| | eric726
join:2009-04-29
| Re: Insight Does Not Trigger Pop-Ups We will see about that. We have evidence that javascript is being injected into HTML. We are doing more testing now. Its either Insight or a malicious system on the Insight network that is performing these injections. HTML injection is happening at some level.
I've seen multiple incidents of ARP spoofing with malicious javascript injection in the past but this would be the first time I've ever seen a malicious user or compromised system injecting revenue generating ads. | |
|
| | | |
Singular
Premium
join:2008-08-13
Shelbyville, KY
1 edit | A very compelling story this is, after reading everyone's posts I am interested to hear what Mr. Willner or any other Insight Rep might say.
I use Firefox as my main browser so I don't ever have any problems with those silly injected pop up ads. | |
|
| |
| | |
ARGONAUT
got ping?
join:2006-01-24
New Albany, IN
1 edit | It wouldn't surprise me if Insight had some malicious zombie software on their servers.
Insight should be contacted about your findings if somethings there it would get the ball rolling. | |
|
Paul Meltzer
Premium
join:2009-05-01
Louisville, KY
| To allay any concerns raised here, Insight does not inject pop-ups or pop-unders or anything of the kind into browsing sessions. In fact we provide free security software to Insight Broadband customers with anti-spyware and firewalll components designed specifically to defeat annoying pop-ups. We have not detected any increase in call volume from customers related to spyware or pop-ups, so we have no indication of any systemic issue at this time. But consistent with our commitment to delivering a superior Internet experience, we are actively investigating to be sure there isn't anything escaping our normal means of detection. We do partner with Akamai--as do most North American ISPs--to use their caching servers within our network to bring content to your browser faster, but we have no advertising relationship with them of any kind. To hear what Insight CEO Michael Willner has to say on the subject, please visit »www.michaelsinsight.com/2009/05/···ads.html
Paul Meltzer
SVP, Product Management
Insight Communications
paulmeltzer@insightbb.com | |
|
| |
| Singular
Premium
join:2008-08-13
Shelbyville, KY
| said by Paul Meltzer :To allay any concerns raised here, Insight does not inject pop-ups or pop-unders or anything of the kind into browsing sessions. In fact we provide free security software to Insight Broadband customers with anti-spyware and firewalll components designed specifically to defeat annoying pop-ups. We have not detected any increase in call volume from customers related to spyware or pop-ups, so we have no indication of any systemic issue at this time. But consistent with our commitment to delivering a superior Internet experience, we are actively investigating to be sure there isn't anything escaping our normal means of detection. We do partner with Akamai--as do most North American ISPs--to use their caching servers within our network to bring content to your browser faster, but we have no advertising relationship with them of any kind. To hear what Insight CEO Michael Willner has to say on the subject, please visit » www.michaelsinsight.com/2009/05/···ads.htmlPaul Meltzer SVP, Product Management Insight Communications paulmeltzer@insightbb.com Welcome to the forums Paul! | |
|
| | eric726
join:2009-04-29
| Re: Insight Does Not Trigger Pop-Ups Wanted to give a quick update. As of yesterday afternoon (04/30/09) it appears that the popups have stopped. We were able to collect several different pieces of javascript that was being injected. All the injection was for Netflix and Geico ads. Ads for Insight Communications phone service and Insight Communications surveys were also seen but we were not able to grab any of the javascript for those. We are still monitoring and have setup web tripwires so that we are alerted if the popup activity starts again.
I received a call from an Insight Rep that said they are currently looking into it but haven't seen anything yet. The rep said it could have been a malicious process, malicious user or misconfiguration. They are still looking for the source or if they are seeing anything like this anywhere else.
The popups were seen around the Westport road area but when we tested from the Nelson Miller Parkway area and Okolona area no popups were seen even when they were occurring.
I will continue to watch for more popups and update the ticket if any are seen from our probes. | |
|
James_C
join:2007-08-03
Florence, KY
| Did it occur to anyone that even advertising agencies have to pay somebody to be their ISP?
Even if it resolved back to insightbb, so it could be said about anything on the internet resolving back to some ISP. Since advertising itself isn't illegal I'm not even sure if an American ISP could refuse to provide service based only on the basis of the business having a webserver that serves ads instead of text or videos or whatever you wanted to see. | |
|
whurlston
Premium
join:2006-05-06
USA
| It is not Insight that is "injecting" the code. The website that you are visiting runs ads. They pay sign up for an ad service, add that services javascript snippet to each of their pages, then the ad service serves up ads submitted by their customers.
The screenshot of the Netflix ad that was posted was served from »www.thedailyplate.com (look at the section of the URL in the screenshot that starts with "r="). That is the refering site whose account will be credited by the ad service.
If it were Insight injecting the code, they would want to be the ones that were credited, not another business. | |
|
|
|
|
