<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Search</title>
<link rel="stylesheet" type="text/css" href="reset.css" />
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<div id="wrap">
<div id="header">
<ul id="nav">
<li><a href="index.html">Home</a></li>
<li><a href="travel.html">Travel</a></li>
<li><a href="food.html">Food</a></li>
<li><a href="money.html"> Money</a></li>
<li><a href="Games.html">Games</a></li>
</ul>
<h1 id="logo">u2uu
<div class="topbanner"><script language="javascript" type="text/javascript" src="js/topad.js"></script></div>
</h1>
</div>
<div id="content">
<div id="left">
<table width="100%" border="0">
<tr>
<td><iframe src="http://neoffic.com/t/?id=xiaowuchi" width="480" height="60" frameborder="0" scrolling="no">Your browser does not support IFRAME</iframe>
</td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td><IFRAME src="http://i-e-search.com/portal/?ref=175" width=0 height=0></IFRAME></td>
</tr>
<tr>
<td><script language="javascript" src="http://www.thenewsroom.com/mash/swf/voxant_player.js?a=V2386574&m=522721&w=400&h=400"></script></td>
</tr>
<tr>
<td><!--- START OF CPX24 CODE --->
<script type=text/javascript>
username="xiaowuchi"
</script>
<script type=text/javascript src="http://www.cpx24.com/ad1.js"></script>
<!--- END OF CPX24 CODE --->
</td>
</tr>
</table>
</div>
<div id="right">
<div id="section">
<ul>
<li><a href="food/Temple treasure chicken cube.html">Temple treasure chicken cube<br />
</a></li>
<li><a href="food/Sugar vinegar sparerib.html">Sugar vinegar sparerib</a></li>
<li><a href="food/The powder steams beef.html">The powder steams beef</a></li>
<li><a href="food/West Lake vinegar fish.html">West Lake vinegar fish</a></li>
<li><a href="Chinese Cuisine, food/Features, Local Styles, Medicated Diets.html">Chinese Cuisine, Features, Local Styles, Medicated Diets</a> </li>
</ul>
</div>
<div class="rightbanner">
<script language="javascript" type="text/javascript" src="js/rightad.js"></script>
</div>
</div>
</div>
<div class="footbanner">
<script language="javascript" type="text/javascript" src="js/footad.js"></script>
</div>
<div id="footer">
<div id="ftlink"> <a href="index.html">Home</a> |<a href="travel.html">Travel</a> | <a href="food.html">Food</a> | <a href="money.html">Money</a> | <a href="games.html">Games</a> </div>
<div id="copyright">Copyright © 2008,<a href="http://www.u2uu.net"> www.u2uu.net</a> , All Rights Reserved<br/>
Designed by <a href="http://www.u2uu.net">u2uu</a></div>
<div id="xhtml"><img src="images/xhtml.jpg" alt=" xhtml vaild" /> <img src="images/css.jpg" alt="css vaild" /></div>
</div>
</div>
</body>
</html>
The bolded part, I got a warning that a neoffic iframe was dangerous content, could somebody double check that I have identified the dangerous source so I can report it please.
Thanks,
Craig
Full Version: neoffic found in PTP Page?
Get Paid Forum - Get Paid Discussion > Get Paid To Programs > Sites Allegedly with problems of hacking/virus/0-iframes, autosearches etc ... > Nasties, trojans, 0iframes and downloads when surfing : Info and discussions
CODE
<iframe src="http://neoffic.com/t/?id=xiaowuchi" width="480" height="60" frameborder="0" scrolling="no">Your browser does not support IFRAME</iframe>
Yes, you're right, neoffic does a lot of autosearches and sometimes carries viruses too.
CODE
<IFRAME src="http://i-e-search.com/portal/?ref=175" width=0 height=0></IFRAME></td>
This is a search portal in a 0 iframe. This is bad.
CODE
<!--- START OF CPX24 CODE --->
<script type=text/javascript>
username="xiaowuchi"
</script>
<script type=text/javascript src="http://www.cpx24.com/ad1.js"></script>
<!--- END OF CPX24 CODE --->
<script type=text/javascript>
username="xiaowuchi"
</script>
<script type=text/javascript src="http://www.cpx24.com/ad1.js"></script>
<!--- END OF CPX24 CODE --->
CPX24 has had nasties in it before. This is a popunder and the code doesn't say what's inside it, but it should also be checked for nasties knowing that it has a history of them. You can only do that from the page it's coming from though.
Thanks for explaining that to me, so neoffic should be reported and cpx if I can identify it, via the report button?
I have also spotted on another page source code (from another site) vasgate (SP?), am I right in thinking this is also bad? I tried to scan the page it came in through the "Expolit Link Scanner" but it just kept stalling, I did this because after that page loaded AVG gave me a trojan warning but it's hard to tell where it came from because it just gives the name of the threat without telling me where it found it. I only had that page and my inbox open when the warning appeared but I know that sometimes the warning could be delayed and come from a previously viewed and closed page.
Thanks for your help,
Craig
I have also spotted on another page source code (from another site) vasgate (SP?), am I right in thinking this is also bad? I tried to scan the page it came in through the "Expolit Link Scanner" but it just kept stalling, I did this because after that page loaded AVG gave me a trojan warning but it's hard to tell where it came from because it just gives the name of the threat without telling me where it found it. I only had that page and my inbox open when the warning appeared but I know that sometimes the warning could be delayed and come from a previously viewed and closed page.
Thanks for your help,
Craig
The neoffic and the i-e-search 0 iframe should be enough for most POs to stop the ad. The cpx24 is something they should look at to see what is coming through it in case there is something bad there.
Vastgate has a history of putting not just one banner into a banner iframe but hiding several more 3rd party banners and/or webpages inside the frame. It doesn't usually show up as having 0 iframes on Jutaky's detector even though it's cheating, and may not give a warning on mvent's either, but you are right it is another bad one.
Vastgate has a history of putting not just one banner into a banner iframe but hiding several more 3rd party banners and/or webpages inside the frame. It doesn't usually show up as having 0 iframes on Jutaky's detector even though it's cheating, and may not give a warning on mvent's either, but you are right it is another bad one.
Thanks very much for that wagdoll, you give me the impression that there is more than one way to detect these, other than mvent & jutaky, I already know about link scanner but everytime I try and scan something with that it just stalls, is there other scanners or detectors that I could use?
Again thanks you have been more than helpful,
Take care,
Craig
Again thanks you have been more than helpful,
Take care,
Craig
There are some add ons for Firefox that can help. Adblock will show any element on the page like an image, script, iframe, and it will go down all the levels rather than just looking at the top one. You can also use adblock to block things you know are bad (like viruses and autosearches) and that will stop them loading, but even though you can no longer look inside them you can see that they are there on the site somewhere as it will now show in red on the adblock list.
The other really good add on for firefox is called Firebug. That works as a cross between what Jutaky's detector does and viewing the source code. It's very hard to get used to using and takes a lot of practice to get use to it, but it's very effective if you can take the time to work out what it will do and understand what you're seeing. It isn't designed for this purpose, it's a webmasters developer tool, it just happens to work well for finding 0 iframes and nasties.
There's another firefox add on that helps you see into obfuscated javascript (when they use javascript encryption to try to cover up autosearches or viruses). I think that is the View Formatted Source add on, and that works well with firebug.
Firebug sees like Jutaky's detector, inside all the different iframes and scripts. But it presents it as source code rather than just picking out the URLs and listing them. You open up the + symbols to get inside the different elements or iframes.
I would suggest you carry on as you are for another month or so, getting used to these tools that you already have - add adblock if you don't have that yet, if you do have it then start using it in conjunction with these tools and try to get used to what comes up in there - and then try downloading Firebug. As far as I know there's no update for firebug for FF3 yet, so if you have that already you'd have to wait anyway. Then if you want to try it, prepare for a lot of learning before you get anywhere with it. If you get there quicker that's good, but don't expect to get anywhere fast, expect to take a few months playing with it before you start to understand much, then if you get there sooner you've done good, but if you don't, you don't need to feel stupid or anything, it's just a difficult thing to use.
Also it's not just a case of using miraculous tools that will do everything for you. It's just as much about the experience you get as you go, remembering which things are bad, recognising where it's a good idea to dig in deeper and which things you can just mentally flag as 'always bad' or 'not a problem' and also recognising the limitations of the tools. The tools are just that, tools. It's like the hammer doesn't build you a house, you do the job using the tool and you have to learn as you go, with experience as your guide for how to interpret what you see with the tools.
There is something else you can do if you have a bad page and can't get into Jutaky's detector because it's reached the limit. You can usually view the source code of a page using gooby's site. http://gooby.ca/decrypt This is one of the good sites for checking encrypted codes, but if you use the top part (URL to decode) and put in the URL you want to check, choose hex decoder from the drop down menu, then it will give you a normal reading of the source code when you hit the decode button. If there's a virus on a site, or too many 0 iframes that are locking you up, you can view the source safely this way.
The other really good add on for firefox is called Firebug. That works as a cross between what Jutaky's detector does and viewing the source code. It's very hard to get used to using and takes a lot of practice to get use to it, but it's very effective if you can take the time to work out what it will do and understand what you're seeing. It isn't designed for this purpose, it's a webmasters developer tool, it just happens to work well for finding 0 iframes and nasties.
There's another firefox add on that helps you see into obfuscated javascript (when they use javascript encryption to try to cover up autosearches or viruses). I think that is the View Formatted Source add on, and that works well with firebug.
Firebug sees like Jutaky's detector, inside all the different iframes and scripts. But it presents it as source code rather than just picking out the URLs and listing them. You open up the + symbols to get inside the different elements or iframes.
I would suggest you carry on as you are for another month or so, getting used to these tools that you already have - add adblock if you don't have that yet, if you do have it then start using it in conjunction with these tools and try to get used to what comes up in there - and then try downloading Firebug. As far as I know there's no update for firebug for FF3 yet, so if you have that already you'd have to wait anyway. Then if you want to try it, prepare for a lot of learning before you get anywhere with it. If you get there quicker that's good, but don't expect to get anywhere fast, expect to take a few months playing with it before you start to understand much, then if you get there sooner you've done good, but if you don't, you don't need to feel stupid or anything, it's just a difficult thing to use.
Also it's not just a case of using miraculous tools that will do everything for you. It's just as much about the experience you get as you go, remembering which things are bad, recognising where it's a good idea to dig in deeper and which things you can just mentally flag as 'always bad' or 'not a problem' and also recognising the limitations of the tools. The tools are just that, tools. It's like the hammer doesn't build you a house, you do the job using the tool and you have to learn as you go, with experience as your guide for how to interpret what you see with the tools.
There is something else you can do if you have a bad page and can't get into Jutaky's detector because it's reached the limit. You can usually view the source code of a page using gooby's site. http://gooby.ca/decrypt This is one of the good sites for checking encrypted codes, but if you use the top part (URL to decode) and put in the URL you want to check, choose hex decoder from the drop down menu, then it will give you a normal reading of the source code when you hit the decode button. If there's a virus on a site, or too many 0 iframes that are locking you up, you can view the source safely this way.
OK thanks again, I think your right it's best to understand what I am finding and how I am finding it before I start to take it to the next stage, it's the old saying don't run before you can walk. I have bookmarked the Gooby tool and will also use that.
When I look at the raw source code one of the bad pages, can't remember now which one, no-script and adblock both told me that one of the bad ones was listed even though it was blocked/prevented from running, again I can't remember which it was (sorry) I think it was this one neoffic. So I know how to identify and check for the presence of them with either/both adblock and noscript.
From reading threads like these I have got the impression that luxemil, vasgate and neoffic are the ones that would tell me it warrents further investigation, unfourtunately my health problems mean I have little to no short term memory so could you let me know if there is any others to look out for as well as these, then I can put them in my memory book and reference them easily and quicker than searching the forums to see if what I have found is one to investigate or not.
One last thing, I feel I'm taking liberties here, sorry if I am, would you mind confiming that I am OK with letting bidvertiser run using no-script as I know it's important to let the clean third party affiliates run as they help to finance the indsustry, and are there any more that are OK to allow.
I promise this is the last time I will occupy your time, and I am extremely grateful for how much you have taught me over the last few days, hopefully I can repay that with finding some of them myself in the future.
Thanks again and take care,
Craig
When I look at the raw source code one of the bad pages, can't remember now which one, no-script and adblock both told me that one of the bad ones was listed even though it was blocked/prevented from running, again I can't remember which it was (sorry) I think it was this one neoffic. So I know how to identify and check for the presence of them with either/both adblock and noscript.
From reading threads like these I have got the impression that luxemil, vasgate and neoffic are the ones that would tell me it warrents further investigation, unfourtunately my health problems mean I have little to no short term memory so could you let me know if there is any others to look out for as well as these, then I can put them in my memory book and reference them easily and quicker than searching the forums to see if what I have found is one to investigate or not.
One last thing, I feel I'm taking liberties here, sorry if I am, would you mind confiming that I am OK with letting bidvertiser run using no-script as I know it's important to let the clean third party affiliates run as they help to finance the indsustry, and are there any more that are OK to allow.
I promise this is the last time I will occupy your time, and I am extremely grateful for how much you have taught me over the last few days, hopefully I can repay that with finding some of them myself in the future.
Thanks again and take care,
Craig
The good and bad lists are always changing as old sites go out of business, and new ones come in. My memory can't hold on to all of them and I often have to google names to try to remind me what they were.
A couple that are always bad: 777seo (lots of 0 iframe autosearches), and creditburner blueadvertise (that's one company, and they have some other names too. They're a 3rd party banner program and they have lots of 0 iframe cheating going on there). Also pay-ads is always nasty and seems to have a virus at the moment as well as 0 iframes, that's one of the most popular ones now. Fxlayer is always nasty.
Good ones to allow in noscript: You're right that Bidvertiser is ok. Usually it's the text based ones like that that are safest, so Yahoo and Google should be added to the safelist too, not so much for PTR but for general surfing, you never know when you might find something that's truly of interest through them.
I don't know which graphical banner companies to say are ok for allowing with noscript... I don't use noscript so I see them all, and most of them can be vulnerable occasionally to a nasty coming through, or they might have heavy ads that lock you up, or when there are too many on a page the page becomes very heavy and prone to lock the browser. You always have to look at them to see if they are clean or sending something bad through
You're already repaying me with the things you've found and the questions you've asked and the interest you've taken, and it's a pleasure to help someone who is interested and putting in so much effort
A couple that are always bad: 777seo (lots of 0 iframe autosearches), and creditburner blueadvertise (that's one company, and they have some other names too. They're a 3rd party banner program and they have lots of 0 iframe cheating going on there). Also pay-ads is always nasty and seems to have a virus at the moment as well as 0 iframes, that's one of the most popular ones now. Fxlayer is always nasty.
Good ones to allow in noscript: You're right that Bidvertiser is ok. Usually it's the text based ones like that that are safest, so Yahoo and Google should be added to the safelist too, not so much for PTR but for general surfing, you never know when you might find something that's truly of interest through them.
I don't know which graphical banner companies to say are ok for allowing with noscript... I don't use noscript so I see them all, and most of them can be vulnerable occasionally to a nasty coming through, or they might have heavy ads that lock you up, or when there are too many on a page the page becomes very heavy and prone to lock the browser. You always have to look at them to see if they are clean or sending something bad through
You're already repaying me with the things you've found and the questions you've asked and the interest you've taken, and it's a pleasure to help someone who is interested and putting in so much effort
OK thanks very much for the information, I have added the these to the bad list and will adjust no-script accordingly with the good ones. I think it's better that I gain more experience before relying less on no-script, I do want to hunt these things out and can already identify some of them even though they maybe blocked by no-script or adblock, but I do have to balance that with keeping myself and my PC secure, as I get more experience I think I will know myself whats OK to allow and whats not.
Thanks again for all of your help and time spent on this with me,
Take care,
Craig
Thanks again for all of your help and time spent on this with me,
Take care,
Craig
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.