Previous 1 2 3 4 5 6 7 Next 95 Replies Latest reply: May 14, 2015 8:30 PM by gazeldx Go to original post Branched to a new discussion.
  • WZZZ Level 6 Level 6 (12,775 points)

    Safari AdBlock




    And just to be sure, old news but scan for the DNSChanger.



    EDIT: If this doesn't help, I would seriously consider changing browsers to the far more secure Firefox, if run with the Add-ons, NoScript, Adblock Plus, WOT and Ghostery. NoScript will help prevent browser exploits and attacks through JavaScript, one of the principal attack vectors in OS X.


    I never see an ad and have never encountered the MacKeeper sleaze.


    Message was edited by: WZZZ

  • noondaywitch Level 6 Level 6 (8,130 points)

    Just to add to that, the NoScript extension can also block cross-site scripting attempts and disable iFrames which are often used to create redirects such as this from otherwise innocuous sites.


    Firefox itself has a redirection warning setting, too.

  • Memoire Level 1 Level 1 (10 points)

    Hi WZZZ Thank you for your kind support, it is a great help. I tried DNS changer a few days ago and it showed no issues existed.


    I have downloaded the extensions you mentioned for Firefox and will use that and see if the issue continues.


    You are quite lucky to have stayed out of the MacKeeper Sleaze net, it is definately a night mare.


    How do you activate the redirection warning setting noondaywitch?

  • noondaywitch Level 6 Level 6 (8,130 points)

    Firefox > preferences > Advanced > general. tick (check) the box for "warn me when web sites try to redirect or reload the page"


    This will effectively block the redirect, with FF showing a warning banner at the top with a button to allow.


    Be aware that this setting can prevent some sites working; Verified by Visa is a total pain in this regard.

  • Memoire Level 1 Level 1 (10 points)

    Hi - thank you I found and set the redirection warning. It even warned after sign into Apple and I had to accept a page redirect. Looks good for now. There was no MacKeeper embedded adverts yet.


    I am quite curious what was planted into my system to allow Zoebit to redirect http: URLs to have their Mackeeper advert. All very stange.

  • WZZZ Level 6 Level 6 (12,775 points)

    I'm not certain this feature will prevent the kind of redirect you have been experiencing -- if, indeed, that is what you have been experiencing. Not sure it prevents true redirects or just reloads/refreshes from within a site. Unclear if this will prevent "JavaScript or HTTP" redirects. I will have to look into this some more.

    The setting in "Tools > Options > Advanced > General" is meant as an accessibility feature, as you can see by the label of that section, so that people with disabilities or people who use screen readers do not get confused and is not meant as a safety protection to stop redirecting.


    I think simply using NoScript to allow the minimum JS, or none at all, for a site to function is the way to go.


    See the Quick Start Guide for Beginners.



    Message was edited by: WZZZ

  • WZZZ Level 6 Level 6 (12,775 points)

    What I thought. It only prevents meta refresh, and nothing else.


    This extension will prevent HTTP redirects.


  • Memoire Level 1 Level 1 (10 points)

    Thank you so much for all your kind and accurate support WZZZ, I have all the bits and pieces you recommended installed into Firefox and the MacKeeper embedded adverts are no longer present, even with http: URLs; so that is magic, thank you.


    I stll wonder what was causing that issue of the embedded MacKeeper adverts, whether it was something external or or internal; perhaps I will never know.


    All in all I seem to be back to normal with the website log on pages etc. Seems to be all right.

  • WZZZ Level 6 Level 6 (12,775 points)

    You're welcome. Glad to help. If and when you find out, let us know.

  • Memoire Level 1 Level 1 (10 points)

    Yes sure thing WZZZ. I am interested to locate whatever was causing the problem just in case it is currently sleeping and likely to raise it's ugly head if activated in future.


    At least for now web-surfing to critcle pages seems more secure.


    I am greatful for all your kind support, pure magic!

  • WZZZ Level 6 Level 6 (12,775 points)

    Correction: I think I've just found out that the Firefox "Warn me when..." feature may, after all, prevent redirects to other URLs, not just refreshes or redirects within a site. I'm learning the meta refresh tag, which Firefox flags, can be coded to redirect to other domains. Therefore, I think it is a useful safety feature.


    Meta refresh is a legacy method of instructing a web browser to automatically refresh the current web page or frame after a given time interval, using an HTML meta element with the http-equiv parameter set to "refresh" and a content parameter giving the time interval in seconds. It is also possible to instruct the browser to fetch a different URL when the page is refreshed, by including the alternative URL in the content parameter. By setting the refresh time interval to zero (or a very low value), this allows meta refresh to be used as a method of URL redirection.



  • Memoire Level 1 Level 1 (10 points)

    Hi WZZZ,

    Yes I am finding the features you advise very interesting; they are quite active with Facebook, I never dreamt so many things were going on while FB was open. Also not over-riding them doesn't really interfer much with the practical use of FB in this example.


    I think the meta refresh has the original function to over-ride the webpages stored by web-browsers, so rather than seeing the last visited page it forces the page to look for the latest version. I am unsure how it works for frames as I have never used that programing on my webpages: I usually use the less intrusive:

    <meta http-equiv="Pragma" content="no-cache">

    so that the new content is always accessable.


    Usually the redirect is used for when you change the location of a page on the server for example, or update the page, the redirect sends the user to the new page. Well that's how it used to be. I haven't kept up with the latest developments; so as you point out these initially inocent functions are now being used for less desirable purposes.


    I am still curious how Zoebit managed to embed their advert for MacKeeper into and - just two examples. I was particularly concerned that because they could hack their advert into people would think the software was supported by cnet; as usual using or a proxy server and the MacKeeper advert was no longer there. I will try to ask on a website programing forum to see if I can get any feedback. When I do I will let you know.

  • noondaywitch Level 6 Level 6 (8,130 points)

    One way is to use iFrames - an invisible frame placed in front of some (or all) site content so that clicking on an apparently innocuous object triggers a JavaScript redirect to their adserver. You can disable these in NoScript.

  • Memoire Level 1 Level 1 (10 points)

    Thank you for the information Noondaywitch.


    I am still keep to find out how Zeobit hacked their adverts for MacKeeper into legitimate webpages. It could be connected to this, for sure they are gone now.

  • MadMacs0 Level 5 Level 5 (4,660 points)

    > I am still curious how Zoebit managed to embed their advert for MacKeeper into

    > and - just two examples.


    Here is one possibility:



    Available for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,

    Windows 7, Vista, XP SP2 or later

    Impact:  Visiting a maliciously crafted website may lead to the

    disclosure of video data from another site

    Description:  A cross-origin issue existed in QuickTime plug-in's

    handling of cross-site redirects. Visiting a maliciously crafted

    website may lead to the disclosure of video data from another site.

    This issue is addressed by preventing QuickTime from following cross-

    site redirects. For Mac OS X v10.6 systems, this issue is addressed

    in Mac OS X v10.6.7. This issue does not affect Mac OS X v10.7



    CVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability

    Research (MSVR)


    Update to QT 7.7.