N4AOF
join:2009-04-01
Louisville, KY
 ·Insight VOIP
| reply to eric726
Re: [Other] Insight is Injecting Pop Up Ads into customer web se
said by eric726  :Do you guys not understand what I'm saying here? Yawn -- Do you not understand what everyone else is saying? No one else is seeing this problem. I use Insight continuously in the Louisville area and have never seen the problem you claim -- although I can't say that I would care if it did happen.
casalemedia is nothing but a popup ad service used my numerous websites, so if Insight were substituting their choice of stupid popup ad instead of the website's choice of stupid popup ad, I don't see that as a problem for the consumer (although I can see where casalemedia might care). |
|
whurlston
Premium
join:2006-05-06
USA
| reply to eric726
It is not Insight that is "injecting" the code. The website that you are visiting runs ads. They pay sign up for an ad service, add that services javascript snippet to each of their pages, then the ad service serves up ads submitted by their customers.
The screenshot of the Netflix ad that was posted was served from »www.thedailyplate.com (look at the section of the URL in the screenshot that starts with "r="). That is the refering site whose account will be credited by the ad service.
If it were Insight injecting the code, they would want to be the ones that were credited, not another business. |
|
James_C
join:2007-08-03
Florence, KY
| reply to eric726
Did it occur to anyone that even advertising agencies have to pay somebody to be their ISP?
Even if it resolved back to insightbb, so it could be said about anything on the internet resolving back to some ISP. Since advertising itself isn't illegal I'm not even sure if an American ISP could refuse to provide service based only on the basis of the business having a webserver that serves ads instead of text or videos or whatever you wanted to see. |
|
eric726
join:2009-04-29
| reply to Singular
Re: Insight Does Not Trigger Pop-Ups
Wanted to give a quick update. As of yesterday afternoon (04/30/09) it appears that the popups have stopped. We were able to collect several different pieces of javascript that was being injected. All the injection was for Netflix and Geico ads. Ads for Insight Communications phone service and Insight Communications surveys were also seen but we were not able to grab any of the javascript for those. We are still monitoring and have setup web tripwires so that we are alerted if the popup activity starts again.
I received a call from an Insight Rep that said they are currently looking into it but haven't seen anything yet. The rep said it could have been a malicious process, malicious user or misconfiguration. They are still looking for the source or if they are seeing anything like this anywhere else.
The popups were seen around the Westport road area but when we tested from the Nelson Miller Parkway area and Okolona area no popups were seen even when they were occurring.
I will continue to watch for more popups and update the ticket if any are seen from our probes. |
|
Singular
Premium
join:2008-08-13
Shelbyville, KY
| reply to Paul Meltzer
said by Paul Meltzer :To allay any concerns raised here, Insight does not inject pop-ups or pop-unders or anything of the kind into browsing sessions. In fact we provide free security software to Insight Broadband customers with anti-spyware and firewalll components designed specifically to defeat annoying pop-ups. We have not detected any increase in call volume from customers related to spyware or pop-ups, so we have no indication of any systemic issue at this time. But consistent with our commitment to delivering a superior Internet experience, we are actively investigating to be sure there isn't anything escaping our normal means of detection. We do partner with Akamai--as do most North American ISPs--to use their caching servers within our network to bring content to your browser faster, but we have no advertising relationship with them of any kind. To hear what Insight CEO Michael Willner has to say on the subject, please visit » www.michaelsinsight.com/2009/05/···ads.htmlPaul Meltzer SVP, Product Management Insight Communications paulmeltzer@insightbb.com Welcome to the forums Paul! |
|
lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
clubs:  | reply to Paul Meltzer
Welcome, Paul, to BroadbandReports.com & the Insight forum.
We're glad you're here & look forward to your contributions.  |
|
Paul Meltzer
Premium
join:2009-05-01
Louisville, KY
| reply to eric726
To allay any concerns raised here, Insight does not inject pop-ups or pop-unders or anything of the kind into browsing sessions. In fact we provide free security software to Insight Broadband customers with anti-spyware and firewalll components designed specifically to defeat annoying pop-ups. We have not detected any increase in call volume from customers related to spyware or pop-ups, so we have no indication of any systemic issue at this time. But consistent with our commitment to delivering a superior Internet experience, we are actively investigating to be sure there isn't anything escaping our normal means of detection. We do partner with Akamai--as do most North American ISPs--to use their caching servers within our network to bring content to your browser faster, but we have no advertising relationship with them of any kind. To hear what Insight CEO Michael Willner has to say on the subject, please visit »www.michaelsinsight.com/2009/05/···ads.html
Paul Meltzer
SVP, Product Management
Insight Communications
paulmeltzer@insightbb.com |
|
ARGONAUT
got ping?
join:2006-01-24
New Albany, IN
1 edit | reply to eric726
Re: [Other] Insight is Injecting Pop Up Ads into customer web se
It wouldn't surprise me if Insight had some malicious zombie software on their servers.
Insight should be contacted about your findings if somethings there it would get the ball rolling. |
|
Singular
Premium
join:2008-08-13
Shelbyville, KY
1 edit | reply to eric726
Re: [Other] Insight is Injecting Pop Up Ads into customer web se
A very compelling story this is, after reading everyone's posts I am interested to hear what Mr. Willner or any other Insight Rep might say.
I use Firefox as my main browser so I don't ever have any problems with those silly injected pop up ads. |
|
lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
clubs: | reply to eric726
Re: Insight Does Not Trigger Pop-Ups
Awaiting word from "official reps"
»/forum/r206660···ing-help |
|
eric726
join:2009-04-29
| reply to Anon
We will see about that. We have evidence that javascript is being injected into HTML. We are doing more testing now. Its either Insight or a malicious system on the Insight network that is performing these injections. HTML injection is happening at some level.
I've seen multiple incidents of ARP spoofing with malicious javascript injection in the past but this would be the first time I've ever seen a malicious user or compromised system injecting revenue generating ads. |
|
compugeek
I love making my own beer.
Premium
join:2002-07-30
Pickerington, OH
·Insight VOIP
·Vonage
| reply to eric726
Re: [Other] Insight is Injecting Pop Up Ads into customer web se
All your seeing is an Akamai caching server. They are all over the world to cache frequently used content.
»en.wikipedia.org/wiki/Akamai_Technologies
I trace routed the domain you said they are coming from then some of the sites they list as partners they all went to the same server.
»www.akamai.com/html/customers/index.html
Geek
--
»www.itsnewtoyou.biz |
|
Damon85
Premium
join:2004-12-25
Louisville, KY
| reply to eric726
What you posted doesn't necessarily prove that ads were injected into the pages, but maybe we can approach this another way:
Do you have any information on the frequency at which the ads are being inserted, and the source code that's causing them to be generated? I was unable to reproduce the pop-ups here after several tries. |
|
eric726
join:2009-04-29
| reply to Damon85
Yes. Actually if you look above at the image you will see the ad injected into a "thedailyplate.com" ad. I've also seen these ads injected into my own website "peekconsultingllc.com" and another site I own "billeteyewear.com". Neither of these websites have advertising or popup ads of any type.
I have a friend that reported these injections to me and he saw popups on a site that he owned. I didn't start to look into this until it happened to sites that I owned. |
|
Damon85
Premium
join:2004-12-25
Louisville, KY
1 edit | reply to eric726
I can confirm that the two hosts in question (b. and c.casalemedia.com) do resolve to Insight-operated addresses when using their DNS servers, and resolve to different addresses when using a variety of other DNS servers located elsewhere...
With that being said, absent any evidence that the ads are actually being injected, I can't rule out the possibility that these addresses serve intentionally placed ads from Akamai's network to Insight customers locally, for purposes of loading faster (perhaps through contract with Akamai). That would likely explain the wide variety of addresses seen when resolving the two domain names on other ISP networks.
Do you have any page content you know to be ad-free that has had these advertisements injected on Insight's network?
I don't mean to discount your story -- it is possible that Insight is injecting ads into HTTP sessions, and on some level, it wouldn't surprise me... but sometimes things aren't always nefarious in nature.
Edit: Adding the results for the domain:
; > DiG 9.3.4-P1 > @cache1.insightbb.com b.casalemedia.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2345
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 9, ADDITIONAL: 4
;; QUESTION SECTION:
;b.casalemedia.com. IN A
;; ANSWER SECTION:
b.casalemedia.com. 1313 IN CNAME b.casalemedia.com.edgesuite.net.
b.casalemedia.com.edgesuite.net. 19313 IN CNAME a1083.g.akamai.net.
a1083.g.akamai.net. 20 IN A 74.128.17.201
a1083.g.akamai.net. 20 IN A 74.128.17.203
;; AUTHORITY SECTION:
g.akamai.net. 1313 IN NS n0g.akamai.net.
g.akamai.net. 1313 IN NS n1g.akamai.net.
g.akamai.net. 1313 IN NS n2g.akamai.net.
g.akamai.net. 1313 IN NS n3g.akamai.net.
g.akamai.net. 1313 IN NS n4g.akamai.net.
g.akamai.net. 1313 IN NS n5g.akamai.net.
g.akamai.net. 1313 IN NS n6g.akamai.net.
g.akamai.net. 1313 IN NS n7g.akamai.net.
g.akamai.net. 1313 IN NS n8g.akamai.net.
;; ADDITIONAL SECTION:
n0g.akamai.net. 105 IN A 63.227.135.25
n3g.akamai.net. 1785 IN A 74.128.17.206
n4g.akamai.net. 950 IN A 74.128.17.237
n7g.akamai.net. 805 IN A 74.128.17.196
;; Query time: 201 msec
;; SERVER: 74.128.17.114#53(74.128.17.114)
;; WHEN: Thu Apr 30 08:48:10 2009
;; MSG SIZE rcvd: 367 |
|
eric726
join:2009-04-29
1 edit | reply to eric726
When you click on the pop up ad itself you go to:
»c.casalemedia.com/c/1/1/67739/aH···Y3QvMDEv
c.casalemedia.com also resolves to an Insight Communications address:
************************
C:\nslookup c.casalemedia.com
Server: cache1.insightbb.com
Address: 74.128.17.114
Non-authoritative answer:
Name: a1195.g.akamai.net
Addresses: 74.128.17.241
74.128.17.211
Aliases: c.casalemedia.com
c.casalemedia.com.edgesuite.net
*************************
So the solution here is to either add a entry into your hosts file to point b.casalemedia.com and c.casalemedia.com to 127.0.0.1 so you will not see the data or you can use recursive DNS servers that do not belong to Insight. Either one will block these pop ups from your system. |
|
