Mines game hack scanner Android.Claim Your Free 999 Pesos Bonus Today

Resolved Gulshan Kumar
(@thegulshankumar)

8 years, 9 months ago

Dear developers,

I’m fade up with adware links which comes from browser.

Please refer this link. I have some concern with our plugin.
https://ask.shoutmeloud.com/t/jetpack-showing-suspicious-link-clicks-report/15270/4?u=gulshankumar

Sincerely,
Gulshan

https://www.ads-software.com/plugins/frame-buster/

Viewing 5 replies - 1 through 5 (of 5 total)

Plugin Author WarfarePlugins
(@warfareplugins)

8 years, 9 months ago

Hi Gulshan! Thanks for your feedback. I don’t think it’s quite fair to say “Not useful” as we’ve already had plenty of users find our simple use case (blocking apps like Sniply) incredibly helpful. Perhaps you’re looking for a solution for a problem (adware links) that we did not intend to solve?

Thread Starter Gulshan Kumar
(@thegulshankumar)

8 years, 9 months ago

I truly apologize for my harsh words. I request you please don’t take it personally. I really appreciate your hard work and concept behind this plugin. My suggestion is to kindly improve it, and I wish, this plugin may become very popular.

Actually, on my friend recommendation I tried this plugin. But, I really didn’t find what this plugin’s description is claiming.

You have mentioned 3 site name
– Sniply
– Linkis
– Start A Fire

As I checked, In plugin core file there are only 2 JavaScripts.

– If JavaScript will be disabled, then this plugin is not going to work.
– secondly, below script has included link of 1 site “stfi.re” Why? You have mentioned above 3 sites e.g, sniply, linkis,start a fire, so how exactly it will work with 2 other site.

// 1st script
<script type="text/javascript">function parentIsEvil() { var html = null; try { var doc = top.location.pathname; } catch(err){ }; if(typeof doc === "undefined") { return true } else { return false }; }; if (parentIsEvil()) { top.location = self.location.href; };var url = "'.get_permalink().'";if(url.indexOf("stfi.re") != -1) { var canonical = ""; var links = document.getElementsByTagName("link"); for (var i = 0; i < links.length; i ++) { if (links[i].getAttribute("rel") === "canonical") { canonical = links[i].getAttribute("href")}}; canonical = canonical.replace("?sfr=1", "");top.location = canonical; console.log(canonical);};</script>

// 2nd Script

<script type="text/javascript"> if (top.location != self.location) { top.location = self.location.href; } </script>

I would suggest, instead of putting this heavy script in head

Why not add just one single line in head,
<meta http-equiv="X-Frame-Options" content="deny">

Or for Apache web server simply add this code in .htaccess

# Don’t allow any pages to be framed – Defends against CSRF
Header set X-Frame-Options DENY

That’s simple.

Sincerely,
Gulshan

Plugin Contributor holas84
(@holas84)

8 years, 8 months ago

Both of those alternate methods that you recommend will block the visitor from gaining access to your site at all. The purpose of having a site, is to get the user onto the site to view your content. Therefore, both of those methods defeat the entire purpose of having a site.

The methods that our plugin use redirect the user off of the framing site’s domain and directly onto your content. This allows content marketers who are using content to call people to action, to get users to see their content without foreign calls to action.

The extra bit for Start A Fire, is because they don’t frame sites. They literally scrape your page, hijack the HTML from it, inject their own stuff directly into the page’s HTML, and then serve your html combined with theirs from their own Proxied IP address. Therefore there is no frame to detect.

However, I was able to find a piece of header meta data that they use so that when I detect it, I can forward users off of their proxied content and back onto your site.

Essentially, the rest of the plugin simply checks for one thing. It checks to see if the frame is originating from the same domain. If it is, like on the options page of the WordPress dashboard (The Customizer) then we assume it’s a good frame. If it’s from a different domain, we redirect the user onto your site.

If that logic doesn’t suite your needs, then our plugin is probably not the solution that you’re looking for.

Plugin Contributor holas84
(@holas84)

8 years, 8 months ago

By the way, I’m fairly certain that your X-Frame-Options being set to Deny will break the built in framing features of WordPress like the Customizer page under the Appearance settings. At the very least, I imagine you would want to set it to SAMEORIGIN wouldn’t you?

Thread Starter Gulshan Kumar
(@thegulshankumar)

8 years, 6 months ago

@nicholas Cardot
I hope you are doing well

As per your suggestion, I have removed this code.
<meta http-equiv="X-Frame-Options" content="deny"> from head of HTML document.

Recently, I noticed due to this meta tag Google Chrome were sending some warning message in console log. So, I have moved to .htaccess way with SAMEORIGIN value.

I want to try this plugin again. I think, this is useful plugin. I’m really extremely sorry for my misbehavior of last time. I was not much aware.

Sincerely,
Gulshan

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Not useful’ is closed to new replies.