Why Is Your Friend

December 8th, 2012 - Posted by Steve Marks to (X)HTML / CSS, Javascript / jQuery, Web Development.

Before I get too far into proceedings, allow me to explain a bit of background as to why I’m writing this article. I’ve included below a summarized transcript of a call I had with my ISP a few days ago:

Me: “I’m not getting an internet signal”
ISP Lady: “Have you tried turning your router off and on again?”
Me: “Only about a gazillion times”
ISP Lady: “Have you tried connecting to the modem direct via an ethernet cable?”
Me: “Sure have”

(insert about 30 minutes worth of other suggestions here…)

ISP Lady: “OK, We’ll send you another router out.”
Me: “Excellent, when can I expect it?”
ISP Lady: “It will be with you within the next 7 days”

That’s right, you read that correctly. 7 days! “It’s fine” I thought. I can live without access to the internet for a week. Besides, I have unlimited access to the web on my phone and it will probably do me good…. Wrong!!!

24 hours later and I’m fed up of trying to browse the web, reply to emails and more from the tiny keyboard on my phone using my fat fingers.

The solution was simple. Tether the 3G through my phone so I could share the connection with the PC. Luckily, living in a city the 3G wasn’t too slow and was more than enough for allowing me to browse the web.

Allow me to now move onto why I’m writing this blog post…

Not only did tethering the 3G allow me to browse the web, it also gave me access to work on and maintain websites under my control. Whilst viewing the page source of one of my websites, I noticed a reference to a JavaScript file that definitely wasn’t put in by me. It read as follows:

<script src=””></script>

Malware was my initial thought. This sites been infected with a rogue JS file and I need to get rid of it. I opened up the sites files but to my surprise the reference to this JS file was nowhere to be found.

After a little investigation it turned out that the file wasn’t malware, but was in fact added by my 3G data provider in an effort to compress and reduce the data downloaded whilst browsing the web.

My internet is now back up and running and can confirm that this link to isn’t present when browsing normally.

This entry was posted on Saturday, December 8th, 2012 at 4:42 pm by +Steve Marks and is filed under (X)HTML / CSS, Javascript / jQuery, Web Development. You can follow any responses to this entry through the RSS 2.0 feed.

Fear not, we won't publish this

Comments (4)
  1. Dave says:

    It’s definitely not your friend as a web developer because it crudely injects a script into your document that adds an option to load the proper image for each recompressed image. Unfortunately, since the script is a horribly-written 1990s-style JS, it craps all over your namespace, hijacks your event handlers and stands a high chance of messing up your own scripts.
    See how to disable it from your server here http://stackoverflow.com/questions/4113268/how-to-stop-javascript-injection-from-vodafone-proxy

  2. Colin says:

    Also, what an amazing IP address. According to Whois it is owned by “APNIC Debogon Project” …

  3. Colin says:

    Dude, thanks! This was on my website – and my first thought I was I was hacked! Thankfully a quick Google and search – and your article – and I suddenly feel a lot better :)


  4. Just because it doesn’t appear to be malware doesn’t mean it’s “your friend”. It’s still your ISP tampering with the data you requested, without even a means of opting out. I’m sure they mean well, but I want websites to display as they were intended.