Troubleshooting automated appearance of a JS tag with 127 loopback in a web page

[murrayatuptowngallery]

I'm caught in a classic finger-pointing situation.

My hosting company's server appears to be automatically inserting JS
tags into a JS-free html page that has an image inked to a 2nd page
with JS.

The problem may well be that I am calling JS incorrectly. My host co.
insists my ''web publishing software' is doing this. I can prove it
isn't by deleting the offending code with an impotent text editor like
Notepad, upload it with a WS_FTP and view it's contents. The code
insertion occurs when the JS-containing page is accessed from the
'front' page.

I am going to experiment with accessing the JS page directly so there
is no linking 'calling' page to dump it's trash into.

excerpt from an index.html page in my public_html directory:

<html>
<head>
<meta name="GENERATOR" content="">
<meta name="Keywords" content="gallery, Holland, Michigan, framing,
watercolor, acrylic, oil paintings, photography,Tanis, Vanderhill">
<meta name="Description" content="Fine art gallery &amp; custom
picture framing.">
<meta name="revisit-after" content="7 days">
<title>uptowngallery.org/index.html</title>


<script language='javascript'
src='http://127.0.0.1:1025/js.cgi?pcaw&r=19629'></script>

</head>
<body>

....more html in the middle...

end of the '1st' page has a second line inserted (sometimes multiple
appearances of this)
after the closing body & html tags
</body>
</html>


<script language='javascript'>postamble();</script>


So, I have a 2-3 questions:

1) Any idea how/why a server can access someone's page and why it would
list 127 addresses in there. I read IANA & RFFC3330 references but that
only indicates it's a self-identification IP address that should not
appear anywhere on any network. Obviously it goes somewhere in the path
from a user back to one's self. But WHO is the 127 being
referenced...me or the host server?

2) Is there a problem with linking from an html page called index.html
to another also called index.html but another tree level lower (another
subdirectory)? Should a page containing JS be called .js instead of
..html?


www.uptowngallery.org/index.html is the calling page in the
(transparent) directory public_html.

There is one large image in this page that calls
www.uptowngallery.org/Tanis/index.html .

This page contains JS. Accessing this page thru the 'parent' index page
causes the JS loopback & postamble mess. I only become aware of it
because some browsers 'choke' on it (hang halfway without loading the
page) and once it's there my html editor gives a script error upon
opening the 'corrupted' page.
------

I just looked and now see the same

<script language='javascript'
src='http://127.0.0.1:1027/js.cgi?pcaw&r=31322'></script>

inserted into the Tanis/index.html JS page now. This is a new
development. That page already had a JS identifier, so it looks like
the inserted code is a self-contained script. It has start and finish
script tags.

The Tanis directory also has index1.html, index2.html and index3.html.
They appear to be called my the index.html page in the same directory
but they work fine with JS and a .html extension, nor do they have the
'mystery' code lines.

If I understood this, I could either fix my code 'grammar' or yell
louder at my hosting company.

The script was generated by ImageWalker.

Thanks

Murray

 

[McKirahan]

I'm caught in a classic finger-pointing situation.

My hosting company's server appears to be automatically inserting JS
tags into a JS-free html page ...

[snip]

I stopped reading your post after the above because:

If you page is "JS-free" and there's JS in it when viewed then they did it!

(If it's not "JS-free" than why claim that it is? How about a URL.)

 

[murrayatuptowngallery]

Ah, you stopped reading before the URL...

I meant there is no JS in it by design, until something corrupts it.
There are a couple banner/link things that call cgi on other sites and
I don't know what they have, but they have worked for years. The only
thing that has changed is relocated to new server/plan at host co. and
am experimenting with different image display pages that use JS (Image
Walker software)

www.uptowngallery.org
(loads index.html by default)

click on the large image to link to the first JS page or
to get to it directly, www.uptowngallery.org/Tanis/index.html
proper or not, I count on the index.html in a given directory loading
by default (i.e., www.uptowngallery.org/Tanis/)

Thanks

Murray

 

[McKirahan]

Ah, you stopped reading before the URL...

I meant there is no JS in it by design, until something corrupts it.
There are a couple banner/link things that call cgi on other sites and
I don't know what they have, but they have worked for years. The only
thing that has changed is relocated to new server/plan at host co. and
am experimenting with different image display pages that use JS (Image
Walker software)

www.uptowngallery.org
(loads index.html by default)

click on the large image to link to the first JS page or
to get to it directly, www.uptowngallery.org/Tanis/index.html
proper or not, I count on the index.html in a given directory loading
by default (i.e., www.uptowngallery.org/Tanis/)

1) Your right frame isn't fully visible under 1024x768 even full screen!

2) Change all references to
<script language=javascript>
to
<script type="text/javascript">

3) "disable_right_click" doesn't do what it says.

Try right-clicking and, while still holding the mouse button down,
press Enter to clear the dialog -- see the context menu?

Remove all of the following:

function disable_right_click(e)
{
var browser = navigator.appName.substring ( 0, 9 );
var event_number = 0;
if (browser=="Microsoft")
event_number = event.button;
else if (browser=="Netscape")
event_number = e.which;

if ( event_number==2 || event_number==3 )
{
alert ("Right Mouse Button Is Disabled");
return (false);
}

return (true);
}
function trap_images_mouse_events ()
{
if ( document.images )
{
for (var pic=0; pic<document.images.length; pic++)
document.images[pic].onmousedown = disable_right_click;
}
}
window.onload = trap_images_mouse_events;
</script>
<body>

and replace it with

<body oncontextmenu="return false">

But that is canceled (or so I'm told) by visiting this link:

javascript:void(document.oncontextmenu=null)

Besides, all of the images are in the browser's cache.


How To Block Right Click
http://forums.aspfree.com/html-help-7/how-to-block-right-click-23799.html#po
st193345

 

[Richard Cornford]

I'm caught in a classic finger-pointing situation.

My hosting company's server appears to be automatically
inserting JS tags into a JS-free html page that has an
image inked to a 2nd page with JS.

<script language='javascript'
src='http://127.0.0.1:1025/js.cgi?pcaw&r=19629'></script>

</head>
<body>

...more html in the middle...

end of the '1st' page has a second line inserted (sometimes
multiple appearances of this)
after the closing body & html tags
</body>
</html>

<script language='javascript'>postamble();</script>

<snip>

These are the symptoms of a content inserting/re-writing proxy operating
on _your_ computer. These proxies may take the form of Internet
security/firewall software, add-blockers, etc (and may include some
flavours of spy-ware).

Richard.

 

[murrayatuptowngallery]

Yeah, the right click block seemed kind of unpredictable to me...it was
a checkbox option so I selected it . Not urgent.

Proxy thing, that's interesting...I'll look into that.

I think but have to verify that this problem appears regardless of
which computer I access it from.

Murray