toy4x4
join:2001-06-26
Jenks, OK | Email Notice Popups in Browser Am I the only one bothered with these popups in Firefox?
Anyone know how to stop them? |
|
m8trix
join:2003-12-24
Phoenix, AZ
kudos:3 | do you have the cox tool bar installed on your browser |
|
toy4x4
join:2001-06-26
Jenks, OK | Heck no. |
|
| reply to toy4x4
I am having the problem as well. I have been talking to support and they claim that it only happens when a toolbar is installed or mcafee security suite. That is flatly not true. I'm using linux. It keeps coming up for me.
Change from their DNS Servers and it might stop happening. They are injecting content.
So far it has happened in arstechnica.com, dslreports.com and weather.com |
|
| reply to toy4x4
I'm seeing it as well. Using Firefox and Chromium browsers on linux.
I think it might be time to put on my tin foil hat... |
|
Reviews:
 ·Cox HSI
| reply to toy4x4
Not using Cox DNS, and still getting them. If you reload enough times, it seems to show up on any site that isn't https. It does screw up the display of some sites.
Veiled way of testing their ad injector? I'll drop them exactly on the day I see an ad that's injected by them. |
|
toy4x4
join:2001-06-26
Jenks, OK | Using Google DNS 8.8.8.8 and 8.8.4.4 |
|
|
|
| reply to toy4x4
what pop up's I'm using firefox and don't see any, but our email is down anyway. |
|
| reply to toy4x4
As far as I can tell they're actually injecting the script into pages  .
The only thing I know that stops this is noscript or SSL/HTTPS.
The injected script: »184.178.98.101/static/FloatingCo···frame.js
(It'll 403/forbidden for anyone outside of cox...) |
|
| reply to SlashG42
Who's to say they haven't been doing it already? |
|
| reply to toy4x4
I'm glad I found this thread as I've been very curious about the Cox pop-up. I do not have any toolbars installed in Firefox and do not have the Cox security suite installed. I do use no-script and adblock and the Cox popup is not deterred by either one. I use 2 different Level One DNS servers rather than the Cox default DNS servers. I'm curious how they are doing it.
EDIT: Ah, uguu posted the script that is doing it. I can see 2 instances of it in NoScript that I inadvertently had enabled:
184.178.98.52 and 184.178.98.53 are driving it here. NoScript blocks it nicely. Thanks uguu!
--
Politicians are the only people in the world who create problems and then campaign against them. (Charlie Reese) |
|
| reply to toy4x4
Cox appears to inject a script into the head of any page (on a timer?) that creates a div/iframe with a 'popup' notification with no way to opt-out.
<script src="http://184.178.98.101/static/FloatingContent/243/floating-frame.js" type="text/javascript"></script>
I do use cox's DNS server but to my knowledge that wouldn't be used for how this injection is being done.
Trying to load the script from outside of cox's network will give you a 403 error. |
|
| reply to toy4x4
I've added the following filters to AdBlock Plus:
||184.178.98.132/PASV/*
|»184.178.98.132/static/FloatingContent/*
(That's an "http://" before 184... not >>)
So far, it seems to be working. |
|
| reply to Ender3rd
said by Ender3rd:I do use no-script and adblock and the Cox popup is not deterred by either one. noscript by default blocks this, you must have it set rather permissive.
Just set it to block scripts from 184.178.98.101 (assuming that's the only server they have feeding the script but you should be able to find it in the dropdown list either way). |
|
| Yup, it happened when I "allowed all" on my own webpage so I could view some flash content I had installed. The 184.178.98.xx IP was allowed and the pop-ups were no longer blocked anywhere.
--
Politicians are the only people in the world who create problems and then campaign against them. (Charlie Reese) |
|
| reply to toy4x4
Man I flipped out when I saw this popup/injection, thought I had a bug on the PC, question, is everyone here using the same Motorola modem provided by cox?
(also this is really unnecessary and kinda insecure  ) |
|
 MJimLayAKA FlexBaudPremium
join:2004-10-06
Pensacola, FL
kudos:2 | reply to toy4x4
I have my android phone on WiFi and got the notices on it as well. This really concerns me, I'm not using Cox DNS and it's obvious they are modifying the page code before being sent to you... it really makes me question what else they may be doing... never seen an ISP do this before and deeply concerns me. |
|
 KA0OUVPremium
join:2010-02-17
Jefferson City, MO
 ·Embarq Now Centu..
| »[NEWS] Mediacom Ad Injection Was 'Test Gone Awry'
»[NEWS] Mediacom Not Talking About Javascript Ad Injection
At least Mediacom has company now.... |
|
| reply to toy4x4
I finally found this forum, was looking for same explanation. How did they inject popup??
For me, it only comes up on Loseit.com
I'm on a mac
using google and level 3 for DNS.
have motorola cable modem.
no cox software of any kind installed.
Called their tech support and they had no answer other than they sent it out to all their subscribers, but my friend who is on a mac, but different cable modem didn't see it. |
|
| reply to toy4x4
I'm not seeing the pop up at all. |
|
