Page 2 of 8

Posted: Fri Jan 04, 2008 11:25 am
by s.dot
I recently read an article about an ISP inserting stuff into google's home page.

Posted: Fri Jan 04, 2008 2:21 pm
by califdon
I hope there's a special room in Hell for those who deliberately interfere with the operations and enjoyment of other people by hacking like that.

Posted: Sat Jan 05, 2008 12:55 pm
by anjanesh
Now its a new domain : asdafdgfgf.com
With g.asdafdgfgf.com/ad.js script being called.

How on earth do I stop this if its coming from the network ?

Posted: Sat Jan 05, 2008 1:16 pm
by Jonah Bron
Talk to your ISP:idea:

Posted: Sat Jan 05, 2008 4:21 pm
by Inkyskin
Have you tried other browsers yet too?

Posted: Sat Jan 05, 2008 6:10 pm
by RobertGonzalez
You need a new ISP. The only thing I could suggest, as a test, is to connect to a network that serves internet from another ISP than yours and see if the sites you visit are still throwing that mess in your browser.

Posted: Sat Jan 05, 2008 9:13 pm
by anjanesh
Inkyskin wrote:Have you tried other browsers yet too?
I started this thread explaining why its not the browser at fault here.

Its coming in directly through the network. The line is getting injected into the html page before its received in my PC.

Apparently, some script is attacking PCs with open ports.

Posted: Sat Jan 05, 2008 10:44 pm
by Chris Corbyn
anjanesh wrote:
Inkyskin wrote:Have you tried other browsers yet too?
I started this thread explaining why its not the browser at fault here. ....

Apparently, some script is attacking PCs with open ports.
And you have a firewall?

Posted: Sat Jan 05, 2008 11:00 pm
by anjanesh
default, Windows Firewall.
But this is seems to affect the gateways at which point it modifies the HTML source.

Posted: Sat Jan 05, 2008 11:10 pm
by Chris Corbyn
anjanesh wrote:default, Windows Firewall.
But this is seems to affect the gateways at which point it modifies the HTML source.
And your ISP have said...? When you request a file from 'localhost' this line isn't there then?

For now I'd just disable JavaScript in your web browser and hassle your ISP for answers. Do you know other people using the same ISP as you who are experiencing the same issue?

Posted: Sat Jan 05, 2008 11:35 pm
by anjanesh
Tech support from ISP at this level are no good. Called them once - tried explaining - same answer over & over again - pl contact hardware engineer.
When you request a file from 'localhost' this line isn't there then?
Obviously.

For now, I've made 2 precautions :
1. Using AdBlock Plus extension on FF
2. Added entries in hosts file mapping them to 127.0.0.1
Do you know other people using the same ISP as you who are experiencing the same issue?
1. It doesnt seem to be from one ISP alone (btw, there seems to be just one major ISP called AirTel that provide the groundwork for other ISPs)
2. I dont think other users, who are affected know abt this.
3. I've come across 2 other Indians voicing their issues on the net regarding this - all on Windows XP SP2, different locations, different ISPs.

There arent many google results on 222360.com. Most of them in chinese.

Not very sure - but it seems to attack open ports resulting in slow internet.

How can I know & block the ports opened by FireFox & ThunderBird ? I understand FF uses some ports for bookmarks, etc.
I can see it in netstat

Code: Select all

...
  TCP    hpcompaq:1056          localhost:1057         ESTABLISHED     2492
  [firefox.exe]

  TCP    hpcompaq:1057          localhost:1056         ESTABLISHED     2492
  [firefox.exe]

  TCP    hpcompaq:1061          localhost:1062         ESTABLISHED     2492
  [firefox.exe]

  TCP    hpcompaq:1062          localhost:1061         ESTABLISHED     2492
  [firefox.exe]
...

Posted: Sun Jan 06, 2008 12:13 am
by jmut
Check these directives in your php.ini
auto_prepend_file =
auto_append_file =

Posted: Sun Jan 06, 2008 12:45 am
by anjanesh

Code: Select all

; Automatically add files before or after any PHP document.
auto_prepend_file =
auto_append_file =

Posted: Sun Jan 06, 2008 1:32 am
by RobertGonzalez
Have you at least disabled javascript for now?

Posted: Sun Jan 06, 2008 1:38 am
by anjanesh
Nope: Im using AdBlock extension to disable some of the JavaScript.