what's this? 'http://127.0.0.1:1043/js.cgi?p

Discussion in 'HTML' started by Gdareos, Feb 19, 2006.

  1. Gdareos

    Gdareos Guest

    I keep seeing this in my home page

    <script language='javascript'
    src='http://127.0.0.1:1043/js.cgi?pa&r=24464'></script>

    This is not in my source code on my local machine, and I don't know
    what it does - malicious or otherwise.

    I build the page in Dreamweaver, and assume it's necessary for
    JavaScript, but I'm puzzled as to how it's getting into my source
    code, and suspicious as to whether I need or want it.

    Any insight would be greatly appreciated! I just don't like the idea
    that I'm linking to some web address blindly.
     
    Gdareos, Feb 19, 2006
    #1
    1. Advertising

  2. Gdareos

    Andy Dingley Guest

    On Sun, 19 Feb 2006 06:01:15 -0600, Gdareos <louis_@n0Spam_.hemmi.us>
    wrote:

    >I keep seeing this in my home page


    Congratulations. Now don't you think it would have been a good idea to
    tell us what your homepage's address was?


    ><script language='javascript'
    >src='http://127.0.0.1:1043/js.cgi?pa&r=24464'></script>


    This isn't needed by anything on a standard page. It doesn't look
    malicious (unless the web server has already been compromised) because
    the address 127.0.0.1 is just the localhost address (i..e "self").

    I'd guess it was added by your hoting company automatically, to attach
    either a hit counter or an ad banner. Neither of these is acceptable on
    real hosting, but then you might be using some cheapskate banner-funded
    stuff.
     
    Andy Dingley, Feb 19, 2006
    #2
    1. Advertising

  3. In article <>,
    says...
    > On Sun, 19 Feb 2006 06:01:15 -0600, Gdareos <louis_@n0Spam_.hemmi.us>
    > wrote:
    >
    > >I keep seeing this in my home page

    >
    > Congratulations. Now don't you think it would have been a good idea to
    > tell us what your homepage's address was?
    >
    >
    > ><script language='javascript'
    > >src='http://127.0.0.1:1043/js.cgi?pa&r=24464'></script>

    >
    > This isn't needed by anything on a standard page. It doesn't look
    > malicious (unless the web server has already been compromised) because
    > the address 127.0.0.1 is just the localhost address (i..e "self").
    >
    > I'd guess it was added by your hoting company automatically, to attach
    > either a hit counter or an ad banner. Neither of these is acceptable on
    > real hosting, but then you might be using some cheapskate banner-funded


    It wouldn't work anyway! Brilliant bit of work by the hosting company.


    --

    Hywel
    http://kibo.org.uk/
     
    Hywel Jenkins, Feb 19, 2006
    #3
  4. Gdareos

    Pete Gray Guest

    In article <>,
    says...
    > In article <>,
    > says...
    > > On Sun, 19 Feb 2006 06:01:15 -0600, Gdareos <louis_@n0Spam_.hemmi.us>
    > > wrote:
    > >
    > > >I keep seeing this in my home page

    > >
    > > Congratulations. Now don't you think it would have been a good idea to
    > > tell us what your homepage's address was?
    > >
    > >
    > > ><script language='javascript'
    > > >src='http://127.0.0.1:1043/js.cgi?pa&r=24464'></script>

    > >
    > > This isn't needed by anything on a standard page. It doesn't look
    > > malicious (unless the web server has already been compromised) because
    > > the address 127.0.0.1 is just the localhost address (i..e "self").
    > >
    > > I'd guess it was added by your hoting company automatically, to attach
    > > either a hit counter or an ad banner. Neither of these is acceptable on
    > > real hosting, but then you might be using some cheapskate banner-funded

    >
    > It wouldn't work anyway! Brilliant bit of work by the hosting company.
    >


    It's not the hosting company. I suspect the OP is using ZoneAlarm, which
    is inserting this, and probably also:
    <script language='javascript'>postamble();</script>
    at the end.

    See:
    <http://www.frontrangeinternet.com/support/knowledgebase/viewArticle.php
    ?articleID=845>

    Interestingly ZoneLabs seem to have deleted all the threads on their
    forums about this 'feature'.
    --
    Pete Gray

    Say No to ID Cards <http://www.no2id.net>
    <http://www.redbadge.co.uk/no2idcards/>
     
    Pete Gray, Feb 19, 2006
    #4
  5. Gdareos

    Gdareos Guest

    I'm sorry that I did not do a good job of describing the issue.

    I work with my HTML in Dreamweaver or HotDog, and have no problems
    with them. However, I routinely "View Page Source" in IE and Netscape
    as part of my testing.

    I was surprised to see that when I would "View Page Source", I'd see
    the unidentified statement in the display.

    After writing the message for the newsgroup, I then started looking at
    the source for other sites, and found the same displayed code which
    really confused me.

    Then, I looked at the responses to my post, and now think it's
    something to do with Zone Alarm, but not sure.

    It doesn't look as though the phantom code is a problem, but I don't
    like the idea that some program is intervening, and redirecting. I
    never would have noticed this except early in the morning, when I
    started up the HTML page, the "127.0.0.1:1043" reference generated a
    message that the server was unavailable.

    Thanks very much to everyone who responded! I"m going to try to
    confirm the ZA connection (or disprove it).

    Cheers!

    On Sun, 19 Feb 2006 20:06:41 -0000, Pete Gray <>
    wrote:

    >In article <>,
    > says...
    >> In article <>,
    >> says...
    >> > On Sun, 19 Feb 2006 06:01:15 -0600, Gdareos <louis_@n0Spam_.hemmi.us>
    >> > wrote:
    >> >
    >> > >I keep seeing this in my home page
    >> >
    >> > Congratulations. Now don't you think it would have been a good idea to
    >> > tell us what your homepage's address was?
    >> >
    >> >
    >> > ><script language='javascript'
    >> > >src='http://127.0.0.1:1043/js.cgi?pa&r=24464'></script>
    >> >
    >> > This isn't needed by anything on a standard page. It doesn't look
    >> > malicious (unless the web server has already been compromised) because
    >> > the address 127.0.0.1 is just the localhost address (i..e "self").
    >> >
    >> > I'd guess it was added by your hoting company automatically, to attach
    >> > either a hit counter or an ad banner. Neither of these is acceptable on
    >> > real hosting, but then you might be using some cheapskate banner-funded

    >>
    >> It wouldn't work anyway! Brilliant bit of work by the hosting company.
    >>

    >
    >It's not the hosting company. I suspect the OP is using ZoneAlarm, which
    >is inserting this, and probably also:
    ><script language='javascript'>postamble();</script>
    >at the end.
    >
    >See:
    ><http://www.frontrangeinternet.com/support/knowledgebase/viewArticle.php
    >?articleID=845>
    >
    >Interestingly ZoneLabs seem to have deleted all the threads on their
    >forums about this 'feature'.
     
    Gdareos, Feb 20, 2006
    #5
  6. Gdareos

    Jose Guest

    127.0.0.1 is the address of your own computer, to itself. This is the
    trick used in the hosts file to defeat advertising. I'm guessing that
    the URL is pointing to something on your own machine. Just as a first
    peek, do a search for js.cgi and for 1043 on your machine.

    Jose
    --
    Money: what you need when you run out of brains.
    for Email, make the obvious change in the address.
     
    Jose, Feb 20, 2006
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mark Shehan

    Client IP is always 127.0.0.1

    Mark Shehan, Feb 27, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    2,568
    Juan T. Llibre
    Feb 27, 2005
  2. Randall Parker

    Full trust and automated log-in for 127.0.0.1?

    Randall Parker, Dec 4, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    383
    Daniel Fisher\(lennybacon\)
    Dec 5, 2005
  3. depo
    Replies:
    5
    Views:
    719
    Nigel Wade
    May 12, 2004
  4. Tim
    Replies:
    2
    Views:
    627
  5. Alf P. Steinbach

    isdigit() for characters greater than 127

    Alf P. Steinbach, Oct 9, 2004, in forum: C++
    Replies:
    4
    Views:
    3,242
    James Gregory
    Oct 9, 2004
Loading...

Share This Page