If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
Removing web-page auto forwarding.
Chrome.
Hi, where can I find (and remove) the code that automatically opens some other unwanted page? When I click (or CR) in a certain field I'm sent to it, no matter what. |
Ads |
#2
|
|||
|
|||
Removing web-page auto forwarding.
"Peter Jason" wrote
| Chrome. | Hi, where can I find (and remove) the code that automatically opens | some other unwanted page? | When I click (or CR) in a certain field I'm sent to it, no matter | what. | That's called a link. Don't click it. If you're talking about being forwarded elsehwere, this works in Firefox. There could be similar in Chrome: Accessibility.blockautorefresh It will stop wiseguys who reload the page endlessly because they don't like something about your browser. It wiull also stop news sites from refreshing the page while you're in the middle of trying to read something. If you're talking about popups, that's script. Don't enable script. Don't use Chrome. Use FF with NoScript. |
#3
|
|||
|
|||
Removing web-page auto forwarding.
In alt.comp.os.windows-10, on Fri, 7 Feb 2020 19:06:03 -0500, "Mayayana"
wrote: "Peter Jason" wrote | Chrome. | Hi, where can I find (and remove) the code that automatically opens | some other unwanted page? | When I click (or CR) in a certain field I'm sent to it, no matter | what. | That's called a link. Don't click it. If you're talking about being forwarded elsehwere, this works in Firefox. There could be similar in Chrome: Accessibility.blockautorefresh It will stop wiseguys who reload the page endlessly because they don't like something about your browser. It wiull also stop news sites from refreshing the page while you're in the middle of trying to read something. If you're talking about popups, that's script. Don't enable script. Don't use Chrome. Use FF with NoScript. Just commenting on Noscript. AFter too many times of FireFox freezing for a while, I installed Noscript. It did have the big advantage that in Task Manager, my Disk isn't at 100% 60% of the time. Right now for example, it's at 3% and it's very often that it's below 10. Now it's at 1%. When it's at 100% everything stops for as long as it stays there, up to 10 minutes, but it doesn't do that anymore. It's pretty clear to me that some script was taking it to 100, but I don't know which one. And, hOwever, I still have to permit scripts in order to get pages to load. 95% or more of apges have use a script named after them. If it's globic.com the first script on the list and the one most likely to be needed, almost always will be needed, is globic.com. But that's not always enough, especially if you want the page to do more than blandly display text and pictures. Which one to permit next is often not at all obvious. So I'll try the second line and that might not work, so by then IM'm probably impatient so I Set all Scripts used by that page to Temporarily Trusted. FF sessions can last 2 days but at least when the time is up, they're not trusted anymore. However this leads to the famous Script won't stop box. Since Janaary 8, I've had that 10 times, once the same script twice. What can I glean from that? After installing Noscript Script: chrome://global/content/elements/browser-custom-element.js:76 1/8/2020 Script: chrome://global/content/customElements.js:619 1/10 Script: chrome://global/content/elements/tabbox.js:429 1/12 Script: chrome://browser/content/browser.js:347 1/15 Script: chrome://global/content/customElements.js:266 1/23 Script: chrome://global/content/elements/text.js:137 1/25 Script: chrome://global/content/elements/tabbox.js:429 1/30 Script: chrome://browser/content/browser-siteIdentity.js:869 2/1 Script: chrome://browser/content/tabbrowser.js:256 2/1 Script: chrome://browser/content/tabbrowser.js:2217 2/7 The big problem is that there seems to be no way to match up these script names with the names of scripts I've trusted. None of the names that appear in Noscript trust/don't trust lists have names with 3 or 4-digit numbers in them. None have childish words like tabbrowser, tabbox, custom, elements, browser-site or Identity. So how do I figure out which scripts I should never trust? I'm right, am I not, that the scripts never stop because whoever wrote them made a mistake? In theory if he uses the script himself and it gives the error message, he'll have some way of finding his mistake and he'll fix it . Yes? Another thing that seems to have also happened since January is that now when I restart FF, the script error seems to occur whhen it first loads, and the box seems to be on top, so I don't have to use a frozen program to hunt for the right error window. I think maybe whenever I get a script error, the box comes to the top. ACtually that makes the problem of script errors much less, especially considering I will for the rest of my life have to trust at least one script for each new webpage I go to. Another problem, I think, is that even when you set all scripts to be temprorarily trusted (and maybe when you set all the scripts for this tab to be permanenntly trusted?) that seems to mean only those which the page has attempted to use so far. If you again display the trust/no trust page, because the page still deosn't work, you may find 10 more scripts that weren't there when you temp trusted all, and apparently the add-on doesn't remember that you want it to apply to all. So you have to do it again, and maybe again again. Maybe he has a good reason for that, but maybe it's a bug??? Is this intended, or should I write the author? |
#4
|
|||
|
|||
Removing web-page auto forwarding.
"micky" wrote
| I'm right, am I not, that the scripts never stop because whoever wrote | them made a mistake? In theory if he uses the script himself and it | gives the error message, he'll have some way of finding his mistake and | he'll fix it . Yes? | Or it could just be long. Or waiting for something. The timeout is usually fairly short. I have to adjust a Registry setting for IE in order to stop that error when I write HTAs. If the script takes a few seconds to do its job, the browser assumes it's looping. I don't have nearly as much trouble as you do, but I rarely allow scripts. I find that when I have to I can usually safely block trackers and ads. And many of those are in my HOSTS, anyway. For instance, one of the few sites I allow is Reddit, but I only need to allow their 3 domains. So if I need to allow more I usually look for something that might actually be needed, which does not invclude Google, CRM, etc. |
#5
|
|||
|
|||
Removing web-page auto forwarding.
micky wrote:
I'm right, am I not, that the scripts never stop because whoever wrote them made a mistake? In theory if he uses the script himself and it gives the error message, he'll have some way of finding his mistake and he'll fix it . Yes? There are no mistakes on the web. Everything that happens is by design. That is, even if two different individuals did not realize that their exploits would interact in inappropriate ways. ******* In your situation (high resource usage), I would compare the "benign" URL you're visiting, on a clean setup versus your "working weatherbeaten" setup. Perhaps Sysinternals Process Monitor (procmon.exe) could be used to study how the two browsers (clean versus dirty) behave, and what files within the browser profile they are consulting. If all that the browser was doing, is consulting the files in the (download) cache, and the browser rails the CPU, then maybe it is something in the code of that web page that is defective. But I really don't believe this for a second. There are a lot of "munchkins" working on making your life miserable, and nothing escapes their grasp. Me at work: "Why did you do this, exactly?" [Munchkin] "It looks good on my resume" Notice the Munchkin did not have any high minded morals, or professional attitude applied to the job. No Munchkin says: "I did the best I could for the end-user experience" "I really care about those end-users" I'm sure a lot of Munchkins are tittering right now, at that last statement. There just aren't enough good trustworthy tools for making browsers behave themselves. And I doubt you're very happy with my Process Monitor suggestion. For example, Piriform CCleaner was acquired by Avast! and how much trust can you put in a product like that. Why, none at all. And besides, anyone who is exploiting your browser, will use a tag team approach. They will have a second agent present, such that even if you use Chrome Reset, their crap will come back after the Reset completes. ******* Google apparently made a tool for removing things such as Conduit. (There's actually a list which lists what this removes.) But Google doesn't seem to host the file on their own site. The file is signed up the wazoo, implying Google did prepare this. It's hard to understand why it isn't in its proper place on the Google site (I couldn't find the file on the Google page itself). https://www.techspot.com/downloads/6...oval-tool.html That's not exactly the same as a Chrome Reset. It places items removed in a quarantine folder. The ZIP file with the quarantined items is password protected (for some reason). Anything to be helpful I guess. The version on Bleepingcomputer is a bit older. And Google of course would "lick around the edges". They wouldn't remove any tracking cookies or DOM storage being used on the browser. We've really progressed to the point, of needing to load Internet Cafe software, that "resets the OS everytime the OS is rebooted". (That's the software the public library uses on their machines.) This means, not having any bookmarks, but also, not having any exploits. Paul |
#6
|
|||
|
|||
Removing web-page auto forwarding.
"Paul" wrote
| There are no mistakes on the web. | | Everything that happens is by design. | | That is, even if two different individuals did not realize that | their exploits would interact in inappropriate ways. I don't think that's true. In fact, it's almost the opposite. Few web designers know about code. They just paste in snippets that they found online to do jazzy things that are all the rage. Web design is becoming "high-level coding". By which I mean code that wraps code that wraps code. Each level up gets easier but more bloated. Javascript "libraries" package complex functionality to do what often should be done with HTML/CSS, and web designers use those tools through drag/drop design windows. They don't have to understand code. Even Microsoft. I haven't looked at their pages recently, but they used to have a bloated mess of code, using things like multiple empty DIVs or Ps to create spaces. Lots of indicators that they were being made either by automation or by interns using drag/drop tools for dummies. When you start doing that with ads you can have 5-20 MB of code, with multiple domains calling in a 1 MB script package for dummies, like jquery. I find that most webpages I download now have maybe 30 files, not including images. Several CSS. A dozen or so JS. It's crazy bloat ands most of it is seat-of-the-pants stuff. Just one example of how out of control it is: A couple of years ago I remember an article about malvertising. One of the first instances. NYT and AOL were both affected, with Russian hackers, I think, buying Google ads and then using cross-site scripting tricks to infect visitors through those ad iframes. Now that's common. Ads are a major security risk. And both Google and the web designers at places like NYT say, "not my job". Google don't think they should have to use humans to sell ad space. They want it automated. NYT don't think they should have to use humans to put the ads in their pages. They also want it automated. To a great extent, no one's minding the store. Webpages are turning into a cacaphony of zooming and zipping popups from a dozen domains. And that's all on top of the fad to try to customize the page as it's loading, based on your ID or on dynamic data. Want to buy a vacation package? The cost might depend on who you are. It might also depend on how popular the package is as of 3 minutes ago. Or both. And whether you can buy it will also depend on whether a script kiddie from eastern Europe just stole your credit card info through an ad for Summers Eve female crotch perfume. P. T. Barnum would have loved to live today. |
#7
|
|||
|
|||
Removing web-page auto forwarding.
In alt.comp.os.windows-10, on Fri, 7 Feb 2020 20:51:57 -0500, "Mayayana"
wrote: "micky" wrote | I'm right, am I not, that the scripts never stop because whoever wrote | them made a mistake? In theory if he uses the script himself and it | gives the error message, he'll have some way of finding his mistake and | he'll fix it . Yes? | Or it could just be long. Or waiting for something. The timeout is usually fairly short. I have to adjust a Registry setting for IE in order to stop that error when I write HTAs. If the script takes a few seconds What's an HTA. to do its job, the browser assumes it's looping. Does the browser stop it then? I don't have nearly as much trouble as you do, but I rarely allow scripts. Not even the first one on the list? No page ever even displays all the text if don't allow that one. And if Iwant to download a file, or display a drop down box, I have to add at least one more. I find that when I have to I can usually safely block trackers and ads. And many of those I never allow doubleclick, except when I temporarily allow all of them, and of course that means the scripts I allow for one page are allowed for every page. Could you send me a copy of your hosts file? I'd really appreciate it. I think I have nothing in mine. (Remove NONONO for my real address.) are in my HOSTS, anyway. For instance, one of the few sites I allow is Reddit, but I only need to allow their 3 domains. So if I need to allow more I usually look for something that might actually be needed, which does not invclude Google, CRM, etc. Don't you have to allow google for google maps or google search? |
#8
|
|||
|
|||
Removing web-page auto forwarding.
In alt.comp.os.windows-10, on Sat, 08 Feb 2020 02:39:17 -0500, Paul
wrote: We've really progressed to the point, of needing to load Internet Cafe software, that "resets the OS everytime the OS is rebooted". (That's the software the public library I never thought about how those machines work. uses on their machines.) This means, not having any bookmarks, but also, not having any exploits. I forgot to mention that, I didnt' notice how but Noscript will display a list of all scripts alloweed, so if I knew about bad ones I'd mistakenly allowed, I could disallow them. OKay I just searched for a list and I got lists of bad screenplays. I'll try again No good results. I got lists of bad sites and good scripts, but no bad scripts. So if anyone knows of even one or two we shouldn't allow, I'd appreciate hearing. |
#9
|
|||
|
|||
Removing web-page auto forwarding.
In alt.comp.os.windows-10, on Sat, 8 Feb 2020 08:38:29 -0500, "Mayayana"
wrote: Just one example of how out of control it is: A couple of years ago I remember an article about malvertising. One of the first instances. NYT and AOL were both affected, with Russian hackers, I think, buying Google ads and then using cross-site scripting tricks to infect visitors through I don't understand much of this post but Noscipt does give warning boxes sometimes about cross-site something or other. It pre-checks Block Them and I click on OK. (Other timers it gives what is probably a warning box but there is no text and only two boxes, OK and Cancel, and neither does anything. I think the X in the upper right makes it go away. those ad iframes. Now that's common. Ads are a major security risk. And both Google and the web designers at places like NYT say, "not my job". Google don't think they should have to use humans to sell ad space. They want it automated. NYT don't think they should have to use humans to put the ads in their pages. They also want it automated. To a great extent, no one's minding the store. Webpages are turning into a cacaphony of zooming and zipping popups from a dozen domains. And that's all on top of the fad to try to customize the page as it's loading, based on your ID or on dynamic data. Want to buy a vacation package? The cost might depend on who you are. It might also depend on how popular the package is as of 3 minutes ago. Or both. And whether you can buy it will also depend on whether a script kiddie from eastern Europe just stole your credit card info through an ad for Summers Eve female crotch perfume. P. T. Barnum would have loved to live today. |
#10
|
|||
|
|||
Removing web-page auto forwarding.
"micky" wrote
| Just one example of how out of control it is: A couple of | years ago I remember an article about malvertising. One | of the first instances. NYT and AOL were both affected, | with Russian hackers, I think, buying Google ads and then | using cross-site scripting tricks to infect visitors through | | I don't understand much of this post but Noscipt does give warning boxes | sometimes about cross-site something or other. It pre-checks Block Them | and I click on OK. | Most ads are in an iframe. An iframe is technically a separate webpage, in a separate browser window, within a webpage. By using no border they can show an ad that looks like a simple picture, but it's actually a webpage coming from sleazeballAds.com. So hackers buy ad space for their ad, then use script to attack you from their domain, which often works due to low security or bugs. By using an iframe the ad becomes 1st party. You sort of chose to visit, even though you didn't. So they can set a first-party cookie and the scripting restrictions are mixed up. |
#11
|
|||
|
|||
Removing web-page auto forwarding.
"Mayayana" wrote
|| What's an HTA. || | | HTML application. I write them a lot as quickie software | programs. The HTML serves as a graphical interface, | powered by VBScript. There are some minor differences | from HTML, but basically an HTA is just a webpage in IE | with no security restrictions. The only restriction is that | the webpage file must be local. | Microsoft invented it when they started trying to make | IE more secure. A lot of business customers were using IE | to make programs, so MS created HTAs as a fork. Security | in HTML. No security in HTAs. | An addendum that might be of interest to some people: In an HTA there's no restriction on "unsafe" activeX controls. So you can use any control you don't need a license for, embed it in the webpage, and script that functionality. A music player, text editor, photo viewer.... anything that's available as an ActiveX control. |
#12
|
|||
|
|||
Removing web-page auto forwarding.
In alt.comp.os.windows-10, on Sat, 8 Feb 2020 17:10:42 -0500, "Mayayana"
wrote: This is my current one, but it's for Unbound DNS resolver. You'd need to reformat for HOSTS. I've also used Acrylic DNS proxy. Both Acrylic and Unbound allow blocking top level domains, so it's much easier than a HOSTS file. I'll look into these, or I'll reformat what you sent me. Than you very much. 127.0.0.1 cse.google.com 127.0.0.1 www.google.com/cse 127.0.0.1 www.youtube-nocookie.com 127.0.0.1 *.appspot.com I occasionally use Google search. That's it. I wrote my own software that pulls in Bing maps after Google started asking for a credit card. I've never gone to Google maps online, anyway. Google has several widespread tracking devices that many sites use: fonts, google ad domains, fonts, jquery, maps. If you enable any then Google is still tracking you online. So I block all but www.google.com. And I rarely use that. (A recent search at Google sent me to Google sign-in! Huh?! First time I've seen that. But I'm I havent' seen that, but otoh, I have an Android phone and had to get a gmail address to buy apps, so maybe I've signed in already. Yes, I checked www.google.com and that's true. not surprised. Google is a cancer on the Internet, constantly growing and choking healthy cells.) Hmm. |
#13
|
|||
|
|||
Removing web-page auto forwarding.
In alt.comp.os.windows-10, on Sat, 08 Feb 2020 15:05:26 -0500, micky
wrote: (Other timers it gives what is probably a warning box but there is no text and only two boxes, OK and Cancel, and neither does anything. I think the X in the upper right makes it go away. I take it back. There is no X in the upper right, and for a couple weeks I just let the box sit there and get covered up by other windows, but I finally thought to use ctrl-W and that worked. |
#14
|
|||
|
|||
Removing web-page auto forwarding.
In alt.comp.os.windows-10, on Sat, 8 Feb 2020 17:15:49 -0500, "Mayayana"
wrote: "micky" wrote | Just one example of how out of control it is: A couple of | years ago I remember an article about malvertising. One | of the first instances. NYT and AOL were both affected, | with Russian hackers, I think, buying Google ads and then | using cross-site scripting tricks to infect visitors through | | I don't understand much of this post but Noscipt does give warning boxes | sometimes about cross-site something or other. It pre-checks Block Them | and I click on OK. | Most ads are in an iframe. An iframe is technically a separate webpage, in a separate browser window, within a webpage. By using no border they can show an ad that looks like a simple picture, but it's actually a webpage coming from sleazeballAds.com. So hackers buy ad space for their ad, then use script to attack you from their domain, which often works due to low security or bugs. By using an iframe the ad becomes 1st party. You sort of chose to visit, even though you didn't. So they can set a first-party cookie and the scripting restrictions are mixed up. Since I've been using noscript, I don't get many ads, and I don't even get complaints that I'm using an adblocker |
#15
|
|||
|
|||
Removing web-page auto forwarding.
"micky" wrote
| Since I've been using noscript, I don't get many ads, and I don't even | get complaints that I'm using an adblocker | Yes. I never get those. They need script to check whether you're loading the ads. |
Thread Tools | |
Display Modes | Rate This Thread |
|
|