Courtesy of reverser's pages of reverse engineering
I find that I must change nearly everything on this page... that I had
'originally' sent to you:
A funny thing happened on the way home from snuffing the banner; most of them started breathing again...
I tested each of these changes in Homesite and ran them thru this editor and they seemed to work just fine. So I shipped them email and proudly had a glass of water ( ) (Theres beer commercial on the boob-tube...says; "Its the water" that makes it good.
Hopeing that these changes would not only work... but also would work
undetected by a snoopy bot I soon came to the conclusion that the only
proper way to run these tests to find out if a bot did so; and the
only way I would feel comfortable while leaving others wide open to be
shut down, was to open an account at each of the mentioned sites instead
of testing other peoples web pages in my editor...Haveing done so I soon
discovered that most of the script changes that worked in editor did not
work in the real 'environment'.
I also found several of these ideas elsewhere ...and were not the accidents... that most of my work is: I will try to go back to several places I have visited and credit those authors here as I can.
I set up an accountant with all of the sites I will mention below and
I believe I am now on experiment number 749 altogether...
I have set the tests up to goto the actual test site/s so that they can be monitored for any changes...
Should they continue to work, for a number of months, I will move the text and source here and close those sites...unless this format is perfered ?
I have noticed that there is a problem when trying to run these ideas below thru frames pages also...
I guess I am about done with banners for awhile; I have found sources which know much more than I, and provide much more info than I can keep up with; it has been fun; and I have learned alot...See the References link below...
~~[References] ~~[AD Busting Tools] ~~[FAQs] ~~[Tool Author]
june 23, 1999
results of test 1:
Test 1 stops working every fourth day. A Bot comes in an inserts code that pops a banner. Fortunately it inserts the same code as in Test 2 below; which has remained working thru-out the test period so far...
Aha! On july 8; Test 2 stopped working!
It gave me a 404 error page not found...does not exist;
(I have left test 1 alone; u can see the error by clicking on it above)
Going to the ftp site I was thinking I would discover it gone;
I instead found that it was there and would let me view any directory i had there EXCEPT the directory for Test1 and Test2...the dirctories simply would not open! I don't know why but I noticed that the file attributes were not the same as the other files in the directory...
so I changed Test2 which had at that moment ( drw-rw-r-)
too (drwxr-xr-r) (755) ...
and hey! I was then able to open the directory and see my former files...I then went back to reversers site and tried test 2 (above) and it works now...
So what happened? A bot found source tampering and changed the file attribute (?) so that the page could not load? I assume it was a bot because a human would simply have taken the site down...
Here are three variations for tripod banners
Update; June 23, 1999: All 3 Tests still working
Test no. 3... I found thru altavista: an essay by rootworm and daniel.... http://www.pheces.org/text/tripod.txt
Test 3 above no longer works: they change.. we change; they change... to keep up...
I will no longer be adding to this page (unless I myself find something
significant thru my own work) as i have found sources that understand
and keep up with the changes faster than I can:
for great information an updates on Tripod: (as well as many others)
June 23, 1999
All three Geocities Tests stopped working at same time on june 22;
a bot came in an inserted a NEW code Above the Html tag;
IT would seem that this bot assigned the account a NEW account number!
and now all three have pop-ups once again...
First lesson I learned here: Never set up multiple tests... within a singel account...
I will re-start this test to make sure i did not corrupt it somehow; I'll also put each test in seperate account for proper moderating...arrrrrgh ...(for next update; not this one)
well I discoverd several days ago that these original Geocities tests are working again without my haveing made any changes;
The new account number that was present on june 23, is now back to the original account number...??? ...I had thought at first that perhaps it was some time/date driven revolving script that changed the account #s to stay on top of source tampering...can only continue to watch this...time will tell...
Test 3 I found at altavista; but I don't remember where; I shall search to credit that person.
tests 4-5 for embeds:
Testing html layering: for any embeded image ad
June 23, 1999: Test 1 still working
heres my personal favorite; ...their poppers have drove me nuts!
June 23, 1999: Both tests still working...
The script from test 1 came from my great friend Eternal Bliss while
I was trying to kill ads at the asm disscussion board.
Test two, which is for the embedded ad (see source below at jeff 2); which can also be viewed working at:
August 25, '99
it seems the globe has done a change up on us..
.the code for test 1 is not working
because the globe has (at least on my page above) stopped using a 'pop up' and has inserted a banner at 'top' location...
so using the xoom top banner code this top banner is now gone in test 2 below:
I myself do not care one way or the other if providers use some small(er) unobtrusive embedded banner; somewhere at the bottom of our pages would be nice; but; in the globes case by putting my personal sign up info on display as so: http://members.theglobe.com/ground_01/ ...........I will continue doing tests on their change-ups....as an educational experiment :>)
August 1, Okay finally figured out The Seekers method;
I had trouble producing results with the exact method from vision (or was it Volition?)
(although others indicated they got it to work);
put it down to my lack of knowledge:
but I was able to get this method to work this way:
Be sure to see this one:
Encrypt your XOOM code!
Jeff (2) June 11 1999
Here is another idea I was playing with this morning; What I fear is that my lack of knowledge is probably missing something...In this following example for killing a "permanent embedded ad" (NOT a pop up ad) from virtualave banner you will see all I did was to add in a <!-- and a closing //--> so it will not print whats between the statement.........what I fear; is my lack of knowledge does not allow me at this time to know weather or not the bot that looks to see if the ad is still there will recognize my addition and close down someones site for tampering......because I have not changed the initial code I would hope not:
here is vrtualaves banner code:
By adding in these two lines, in the example below, I was able to kill the banner in Homesite Editor:
<HTML> <HEAD> <TITLE>Virtualave BannerKiller</TITLE> </HEAD> <BODY> <!-- VA Banner --> <!-- <<<<<<<<<<<<-------adding this here </XMP> <CENTER> <a href="http://ad1.virtualave.com/cgi-bin/redirect.cgi?AD=NECX5_20_fakesrch" target=_blank> <img src="http://ad1.virtualave.com/cgi-bin/getimage.cgi?AD=NECX5_20_fakesrch" width=468 height=60></a> <BR> <a href="http://www.virtualave.net" target=_blank> <img border=0 src="http://ad.virtualave.com/banners/freev/vanarrow.gif" width=0 height=0></a> </CENTER> //--> <<<<<<<<<<<<-------adding this here </BODY> </HTML>What do u think? Does the virtualave bot still see the code as untampered like this?
I have a reverser+ mirror set up on virtualave that I have been embarressed
of because I corrupted your site by it haveing the virtualave banner on
it; I can proudly say now that I used the above code and my mirror site
no longer has this banner! (hummmm; it takes the banner away using MS (sorry;
test only) but then pops a Pop Up ad instead...another reason not to use
MS; eh?:) the mirror is at : http://the-ancient-one.virtualave.net/
I also have a mirror at: http://members.dencity.com/jas/fravia/
UPs Must Die!
I have listed no others here because I have not used any others yet:
july 8th; here is a text file with adbusting addresses; its not pretty but I'll clean it up later:
Here is a nice informative letter from the author of the Proxomitron tool, Scott Lemmon, in response to some questions I asked:
At 05:44 PM 6/25/99 -0700, you wrote:
>Your tool is a gawdsend...
>As your tool is freeware I hope u will not mind me promoting its use
Glad you like it! Of course feel free to post it wherever you wish.
>Because I am a seeker of knowledge I want to look deeper than mearly
>loading a tool and using it. I am wondering if you would mind
> in helping to explain what
>transpires when you click on a URL & log into a ADspamming site; how a
>proxy redirects as a buffer; and how filters work to cloak its
I'd be happy to help answer any questions if I can.
>Is it possible to include filters directly into source code; or can
>only be read and acted upon by and thru the proxy buffer?
Normally it's not possible to do this on the page itself. It works a bit
Web page->web server->Proxomitron->Browser
Ads and other junk are added by the free hosting sites at the web server
stage of the journey. Because the Proxomitron comes after that, whatever
HTML was added by the web server can be easily removed. The only trick
in sorting out what's been added from the page's original contents.
Normally that's easy for any specific case (since the code is very
predictable). The real challenge is making a single filter that works in
many different situations as possible.
things on the web page itself. This is because with Netscape and IE4
You can replace "window.open" for example, with a command that does
nothing. This, in fact, is the trick used by Proxomitron's default
set to stop pop-up windows, and if you study very closely Proxomitron's
home page you may notice something there too. ;-)
The main problem is that it doesn't work on IE3 or Opera. Their
implementations aren't quite as advanced and don't allow overriding of
As I'm sure you've noticed, the most common way to block stuff from
page itself is by trying to place comments or other HTML before where
code will be inserted. I'm sure you've also noticed it's hard to make it
work all the time. Here's a few alternate way to "comment out" HTML
<!-- --> Normal HTML comment
<noembed> </noembed> Works with any browser that supports the "embed"
<script language="foo"> </script> Browser's will ignore any language the
There are other ways too. It won't help if the server inserts stuff
very top of the page (before the HTML tag even), but since that can
some browsers most will avoid doing so.
Another interesting thing I've noticed is *many* sites (including
Geocities, and Xoom) will not insert stuff at all if they don't
the browser's user-agent HTTP header. This is to avoid causing problems
enough to do with a program like Proxomitron, this again is something
can't be changed on the webpage itself (since in this case the info is
coming from your browser).
Hope that's of some help,
homepage links anonymity +ORC students'
Is reverse engineering illegal?