Courtesy of fravia's pages of reverse engineering
Dear fravia
I find that I must change nearly everything on this page... that I had
'originally' sent to you:
A funny thing happened on the way home from snuffing the banner; most
of them started breathing again...
I tested each of these changes in Homesite and ran them thru this editor
and they seemed to work just fine. So I shipped them email and proudly
had a glass of water ( ) (Theres beer commercial on the boob-tube...says;
"Its the water" that makes it good.
Hopeing that these changes would not only work... but also would work
undetected by a snoopy bot I soon came to the conclusion that the only
proper way to run these tests to find out if a bot did so; and the
only way I would feel comfortable while leaving others wide open to be
shut down, was to open an account at each of the mentioned sites instead
of testing other peoples web pages in my editor...Haveing done so I soon
discovered that most of the script changes that worked in editor did not
work in the real 'environment'.
I have no clue why this is so; but the moral of the story is do not
trust your edtior while playing with javascript...(or don't trust yourself
if you don't have a clue to what your doing...:)
I also found several of these ideas elsewhere ...and were not the accidents...
that most of my work is: I will try to go back to several places I have
visited and credit those authors here as I can.
I set up an accountant with all of the sites I will mention below and
began experimenting:
I believe I am now on experiment number 749 altogether...
I have set the tests up to goto the actual test site/s so that they
can be monitored for any changes...
Should they continue to work, for a number of months, I will move the
text and source here and close those sites...unless this format is perfered
?
I have noticed that there is a problem when trying to run these ideas
below thru frames pages also...
NEW!
UPDATE: Sep-14-99
I guess I am about done with banners for awhile; I have found sources
which know much more than I, and provide much more info than I can keep
up with; it has been fun; and I have learned alot...See the References
link below...
[Fortunecity]
~[Tripod]
~[Geocities]
~[Dencity]
~[Virtualave]
~[The Globe]
~[Xoom]
~~[References]
~~[AD Busting Tools]
~~[FAQs]
~~[Tool Author]
june 23, 1999
results of test 1:
Test 1 stops working every fourth
day. A Bot comes in an inserts code that pops a banner. Fortunately it
inserts the same code as in Test 2 below; which has remained working thru-out
the test period so far...
Aha! On july 8; Test 2 stopped working!
It gave me a 404 error page not found...does not exist;
(I have left test 1 alone; u can see the error by clicking on it above)
Going to the ftp site I was thinking I would discover it gone;
I instead found that it was there and would let me view any directory
i had there EXCEPT the directory for Test1
and Test2...the dirctories simply would not open! I don't know why but
I noticed that the file attributes were not the same as the other files
in the directory...
so I changed Test2 which had at that moment ( drw-rw-r-)
too (drwxr-xr-r) (755) ...
and hey! I was then able to open the directory and see my former
files...I then went back to fravias site and tried test 2 (above) and it
works now...
So what happened? A bot found source tampering and changed the file attribute (?) so that the page could not load? I assume it was a bot because a human would simply have taken the site down...
Here are three variations for tripod banners
Update; June 23, 1999: All 3 Tests still working
Test no. 3... I found thru altavista: an essay by rootworm and daniel....
http://www.pheces.org/text/tripod.txt
NEW!
Test 3 above no longer works: they change.. we change; they change... to keep up...
I will no longer be adding to this page (unless I myself find something
significant thru my own work) as i have found sources that understand
and keep up with the changes faster than I can:
for great information an updates on Tripod: (as well as many others)
SEE
June 23, 1999
All three Geocities Tests stopped working at
same time on june 22;
a bot came in an inserted a NEW code Above the Html tag;
IT would seem that this bot assigned the account a NEW account number!
and now all three have pop-ups once again...
First lesson I learned here: Never set up multiple tests... within
a singel account...
I will re-start this test to make sure i did not corrupt it somehow; I'll also put each test in seperate account for proper moderating...arrrrrgh ...(for next update; not this one)
july 4th
well I discoverd several days ago that these original
Geocities tests are working again without my haveing made any
changes;
The new account number that was present on june 23, is now back to
the original account number...??? ...I had thought at first that perhaps
it was some time/date driven revolving script that changed the account
#s to stay on top of source tampering...can only continue to watch
this...time will tell...
Test 3 I found at altavista; but I don't remember where; I shall search to credit that person.
NEW!!
tests 4-5 for embeds:
Test 4:
Testing
html layering: for any embeded image ad
Test 5
javascript
for embeded ad
June 23, 1999: Test 1 still working
heres my personal favorite; ...their poppers have drove me nuts!
June 23, 1999: Both tests still working...
The script from test 1 came from my great friend Eternal Bliss while
I was trying to kill ads at the asm disscussion board.
Test two, which is for the embedded ad (see source below at jeff
2); which can also be viewed working at:
Test 2
http://the-ancient-one.virtualave.net/
NEW!
August 25, '99
it seems the globe has done a change up on us..
.the code for test 1 is not working
because the globe has (at least on my page above) stopped
using a 'pop up' and has inserted a banner at 'top' location...
so using the xoom top banner code this top banner is now gone in test
2 below:
I myself do not care one way or the other if providers
use some small(er) unobtrusive embedded banner; somewhere at the
bottom of our pages would be nice; but; in the globes case by putting
my personal sign up info on display as so: http://members.theglobe.com/ground_01/
...........I will continue doing tests on their change-ups....as an educational
experiment :>)
NEW!
August 1, Okay finally figured out The Seekers method;
Test 3
August 11,
I had trouble producing results with the exact method from vision
(or
was it Volition?)
(although others indicated they got it
to work);
put it down to my lack of knowledge:
but I was able to get this method to work this way:
Test 4
Be sure to see this one:
Encrypt
your XOOM code!
Jeff (2) June 11 1999
Here is another idea I was playing with this morning; What I fear is
that my lack of knowledge is probably missing something...In this following
example for killing a "permanent embedded ad" (NOT a pop up ad) from virtualave
banner you will see all I did was to add in a <!-- and a closing //-->
so it will not print whats between the statement.........what I fear; is
my lack of knowledge does not allow me at this time to know weather or
not the bot that looks to see if the ad is still there will recognize my
addition and close down someones site for tampering......because I have
not changed the initial code I would hope not:
here is vrtualaves banner code:
By adding in these two lines, in the example below, I was able to kill
the banner in Homesite Editor:
<HTML> <HEAD> <TITLE>Virtualave BannerKiller</TITLE> </HEAD> <BODY> <!-- VA Banner --> <!-- <<<<<<<<<<<<-------adding this here </XMP> <CENTER> <a href="http://ad1.virtualave.com/cgi-bin/redirect.cgi?AD=NECX5_20_fakesrch" target=_blank> <img src="http://ad1.virtualave.com/cgi-bin/getimage.cgi?AD=NECX5_20_fakesrch" width=468 height=60></a> <BR> <a href="http://www.virtualave.net" target=_blank> <img border=0 src="http://ad.virtualave.com/banners/freev/vanarrow.gif" width=0 height=0></a> </CENTER> //--> <<<<<<<<<<<<-------adding this here </BODY> </HTML>What do u think? Does the virtualave bot still see the code as untampered like this?
I have a fravia+ mirror set up on virtualave that I have been embarressed
of because I corrupted your site by it haveing the virtualave banner on
it; I can proudly say now that I used the above code and my mirror site
no longer has this banner! (hummmm; it takes the banner away using MS (sorry;
test only) but then pops a Pop Up ad instead...another reason not to use
MS; eh?:) the mirror is at : http://the-ancient-one.virtualave.net/
I also have a mirror at: http://members.dencity.com/jas/fravia/
I have listed no others here because I have not used any others yet:
*******
july 8th; here is a text file with adbusting addresses; its not pretty
but I'll clean it up later:
ADBusting URLS
Here is a nice informative letter from the author of the Proxomitron tool, Scott Lemmon, in response to some questions I asked:
Hi,
At 05:44 PM 6/25/99 -0700, you wrote:
>Dear Scott;
>Your tool is a gawdsend...
>
>As your tool is freeware I hope u will not mind me promoting its use
>here:
>http://129.105.116.5/fravia/jef_rem4.htm
>
Glad you like it! Of course feel free to post it wherever you wish.
>Because I am a seeker of knowledge I want to look deeper than mearly
>loading a tool and using it. I am wondering if you would mind
> in helping to explain what
>transpires when you click on a URL & log into a ADspamming
site; how a
>proxy redirects as a buffer; and how filters work to cloak its
>messages...
I'd be happy to help answer any questions if I can.
>Is it possible to include filters directly into source code; or can
they
>only be read and acted upon by and thru the proxy buffer?
Normally it's not possible to do this on the page itself. It works a bit
like this...
Web page->web server->Proxomitron->Browser
Ads and other junk are added by the free hosting sites at the web server
stage of the journey. Because the Proxomitron comes after that, whatever
HTML was added by the web server can be easily removed. The only trick
is
in sorting out what's been added from the page's original contents.
Normally that's easy for any specific case (since the code is very
predictable). The real challenge is making a single filter that works
in
as
many different situations as possible.
When in comes to JavaScript however, sometimes it is possible to disable
things on the web page itself. This is because with Netscape and IE4
or
greater it's possible to replace a JavaScript command with one of your
own.
You can replace "window.open" for example, with a command that
does
nothing. This, in fact, is the trick used by Proxomitron's default
filter
set to stop pop-up windows, and if you study very closely Proxomitron's
home page you may notice something there too. ;-)
The main problem is that it doesn't work on IE3 or Opera. Their
JavaScript
implementations aren't quite as advanced and don't allow overriding
of
built-in functions.
As I'm sure you've noticed, the most common way to block stuff from
the
web
page itself is by trying to place comments or other HTML before where
the
code will be inserted. I'm sure you've also noticed it's hard to make
it
work all the time. Here's a few alternate way to "comment out" HTML
you
may
find useful.
<!-- --> Normal HTML comment
<noembed> </noembed> Works with any browser that supports the
"embed"
command
<script language="foo"> </script> Browser's will ignore any language
the
don't understand.
There are other ways too. It won't help if the server inserts stuff
at
the
very top of the page (before the HTML tag even), but since that can
confuse
some browsers most will avoid doing so.
Another interesting thing I've noticed is *many* sites (including
Tripod,
Geocities, and Xoom) will not insert stuff at all if they don't
recognize
the browser's user-agent HTTP header. This is to avoid causing
problems
with browsers that may not support JavaScript. Unfortunately, although
easy
enough to do with a program like Proxomitron, this again is something
that
can't be changed on the webpage itself (since in this case the info
is
coming from your browser).
Hope that's of some help,
Scott
homepage links anonymity +ORC students'
essaysacademy
database bots
wars
antismut tools cocktails javascript
wars search_forms mail_fravia
Is
reverse engineering illegal?