dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
5097
share rss forum feed

toy4x4

join:2001-06-26
Jenks, OK

Email Notice Popups in Browser

Am I the only one bothered with these popups in Firefox?

Anyone know how to stop them?


m8trix

join:2003-12-24
Phoenix, AZ
kudos:4

do you have the cox tool bar installed on your browser


toy4x4

join:2001-06-26
Jenks, OK

Heck no.



few

@cox.net
reply to toy4x4

I am having the problem as well. I have been talking to support and they claim that it only happens when a toolbar is installed or mcafee security suite. That is flatly not true. I'm using linux. It keeps coming up for me.

Change from their DNS Servers and it might stop happening. They are injecting content.

So far it has happened in arstechnica.com, dslreports.com and weather.com



b4rf

@cox.net
reply to toy4x4

I'm seeing it as well. Using Firefox and Chromium browsers on linux.

I think it might be time to put on my tin foil hat...


SlashG42

join:2002-02-13
Metairie, LA
Reviews:
·Cox HSI
·AT&T Southeast
reply to toy4x4

Not using Cox DNS, and still getting them. If you reload enough times, it seems to show up on any site that isn't https. It does screw up the display of some sites.

Veiled way of testing their ad injector? I'll drop them exactly on the day I see an ad that's injected by them.


toy4x4

join:2001-06-26
Jenks, OK

Using Google DNS 8.8.8.8 and 8.8.4.4


ajwees41
Premium
join:2002-05-10
Omaha, NE
reply to toy4x4

what pop up's I'm using firefox and don't see any, but our email is down anyway.



uguu

@cox.net
reply to toy4x4

As far as I can tell they're actually injecting the script into pages .

The only thing I know that stops this is noscript or SSL/HTTPS.

The injected script: »184.178.98.101/static/FloatingCo···frame.js

(It'll 403/forbidden for anyone outside of cox...)



b4rf

@cox.net
reply to SlashG42

Who's to say they haven't been doing it already?



Ender3rd

join:2001-07-15
Connecticut
reply to toy4x4

I'm glad I found this thread as I've been very curious about the Cox pop-up. I do not have any toolbars installed in Firefox and do not have the Cox security suite installed. I do use no-script and adblock and the Cox popup is not deterred by either one. I use 2 different Level One DNS servers rather than the Cox default DNS servers. I'm curious how they are doing it.

EDIT: Ah, uguu posted the script that is doing it. I can see 2 instances of it in NoScript that I inadvertently had enabled:

184.178.98.52 and 184.178.98.53 are driving it here. NoScript blocks it nicely. Thanks uguu!

--
Politicians are the only people in the world who create problems and then campaign against them. (Charlie Reese)


Brybry

join:2012-12-15
reply to toy4x4

Cox appears to inject a script into the head of any page (on a timer?) that creates a div/iframe with a 'popup' notification with no way to opt-out.
<script src="http://184.178.98.101/static/FloatingContent/243/floating-frame.js" type="text/javascript"></script>




I do use cox's DNS server but to my knowledge that wouldn't be used for how this injection is being done.

Trying to load the script from outside of cox's network will give you a 403 error.


b4rf

@cox.net
reply to toy4x4

I've added the following filters to AdBlock Plus:

||184.178.98.132/PASV/*
184.178.98.132/static/FloatingContent/*

(That's an "http://" before 184... not >>)

So far, it seems to be working.


Brybry

join:2012-12-15
reply to Ender3rd

said by Ender3rd:

I do use no-script and adblock and the Cox popup is not deterred by either one.

noscript by default blocks this, you must have it set rather permissive.
Just set it to block scripts from 184.178.98.101 (assuming that's the only server they have feeding the script but you should be able to find it in the dropdown list either way).


Ender3rd

join:2001-07-15
Connecticut

Yup, it happened when I "allowed all" on my own webpage so I could view some flash content I had installed. The 184.178.98.xx IP was allowed and the pop-ups were no longer blocked anywhere.
--
Politicians are the only people in the world who create problems and then campaign against them. (Charlie Reese)


the dude

join:2012-12-15
reply to toy4x4

Man I flipped out when I saw this popup/injection, thought I had a bug on the PC, question, is everyone here using the same Motorola modem provided by cox?

(also this is really unnecessary and kinda insecure )



MineCoast
Premium
join:2004-10-06
127.0.0.1
reply to toy4x4

I have my android phone on WiFi and got the notices on it as well. This really concerns me, I'm not using Cox DNS and it's obvious they are modifying the page code before being sent to you... it really makes me question what else they may be doing... never seen an ISP do this before and deeply concerns me.



KA0OUV
Premium
join:2010-02-17
Jefferson City, MO

»[NEWS] Mediacom Ad Injection Was 'Test Gone Awry'

»[NEWS] Mediacom Not Talking About Javascript Ad Injection

At least Mediacom has company now....



amok

@cox.net
reply to toy4x4

I finally found this forum, was looking for same explanation. How did they inject popup??

For me, it only comes up on Loseit.com
I'm on a mac
using google and level 3 for DNS.
have motorola cable modem.
no cox software of any kind installed.
Called their tech support and they had no answer other than they sent it out to all their subscribers, but my friend who is on a mac, but different cable modem didn't see it.



BillRoland
Premium
join:2001-01-21
Ocala, FL
kudos:3
reply to toy4x4

I'm not seeing the pop up at all.


mclasser

join:2011-12-12
reply to MineCoast

I'm also perturbed by this. I'm using OpenDNS and Level 3 DNS and still saw the pop up. Call it paranoia, but I wouldn't be surprised if they're tracking everything we do online.


the dude

join:2012-12-15
reply to amok

I believe it modem based, but I'd like to hear if someone with just another 3rd party modem has been facing these issues.

But man my trust in Cox has diminished quite a bit, a popup isn't so bad its how they did it is the kicker.


Rob_
Premium
join:2008-07-16
Mary Esther, FL
kudos:1

There is a service in windows that allows popups to just come up.. perhaps cox is taking advantage of that, what's next, advertisements on cox media?

-Rob


Rob_
Premium
join:2008-07-16
Mary Esther, FL
kudos:1

From the Cox Comm FB page:

»tech.slashdot.org/story/12/12/15···=twitter

An anonymous reader writes "Cox Communications appears to be injecting JavaScript and HTML into subscriber's traffic, as part of their effort to announce an email service outage. Pictures showing the popup."

-Rob


Beezel

join:2008-12-15
Las Vegas, NV
reply to the dude

said by the dude:

I believe it modem based, but I'd like to hear if someone with just another 3rd party modem has been facing these issues.

But man my trust in Cox has diminished quite a bit, a popup isn't so bad its how they did it is the kicker.

I use a Cisco DPQ3212 supplied by Cox and using OpenDns and Level 3 DNS as backup. I use Waterfox browser which is Firefox in 64 bit. and I have never had one of these popups. When I use regular Firefox I don't see it in it either. Must be from the security settings people set in their browsers.


chip89
Premium
join:2012-07-05
Independence, OH
reply to m8trix

It even showed up on my iPhone on Wi Fi.


nmlobo

join:2002-11-02
Yorktown, VA
reply to Beezel

I agree. It must be a browser setting that is allowing the message. I have a Moto 6120, IE9, and Cox DNS. I have not seen a single pop-up message.



BillRoland
Premium
join:2001-01-21
Ocala, FL
kudos:3
reply to toy4x4

Multiple devices here, Windows 7, IE 9, and even an iPad that a guest of mine is using, and we haven't seen this popup. I have a Motorola Surfboard SB6120.


Rob_
Premium
join:2008-07-16
Mary Esther, FL
kudos:1

Scroll up guys and read the news article I found

-Rob



KahunaNui

join:2000-05-01
Fayetteville, AR
Reviews:
·Cox HSI

said by Rob_:

Scroll up guys and read the news article I found

-Rob

Yeah, was reading from this early this morn.
VERY interesting but concerning information.