16
1
I've noticed recently, as of today, that all the websites I visit (except for a specific few sites such as Google) are all put into a frame. I'm not sure what the reason for this is, there are no ads displayed and everything appears normal. The only reason I found out is because the headers weren't loading correctly and none of the page titles showed up properly - I quickly checked the source code and saw that instead of the source of the page I was expecting to see, there was a single line with a frame.
I first thought maybe somekind of trojan, but after going through various checks I've determined it's my ISP and/or somekind of Internet Registry (I traced the IP shown in the source code)
What can be done to prevent this frame, short of using a VPN? I feel like I am being spied on.
PS: I'm located in South Korea.
The source code looks like this: [copied from OP's comment to avoid the auto-formatting – grawity]
<html><frameset rows='0,*' border='0'><frame src='http://210.91.57.226/notice.aspx?p=P&s=1495361&h=sitename.com&us=5,841,6&cs=10489585&rt=Y'><frame src='http://sitename.com/?'></frameset></html>
possibly try using a 3rd party DNS service? – Richie Frame – 2013-11-02T10:23:28.653
2which browser ? by the way, can you post the "view page source" – None – 2013-11-02T10:59:41.417
All browsers. The source looks like this: <html><frameset rows='0,*' border='0'><frame src='http://210.91.57.226/notice.aspx?p=P&s=1495361&h=sitename.com&us=5,841,6&cs=10489585&rt=Y'><frame src='http://sitename.com/?'></frameset></html> – PJB – 2013-11-02T12:06:41.470
3I've seen similar practice done by certain US ISP (when listening to security now podcast). The reasoning behind the code injection (for their case) is for the ISP to be able to alert you that you have gone over (or close to) your bandwidth limit. So they do some code injection to allow them to intercept the page and give you a warning regardless of what page you are on. This code injection should not work when you are connecting to HTTPS sites. You might want to check your ISP terms and conditions to see if they made those changes. They should have it written down somewhere. – Darius – 2013-11-02T12:20:01.253
2I hope this isn't too obvious, but you didn't mention trying it: contact them and ask them to turn the #!@(#(* off. – derobert – 2013-11-06T18:52:17.627
You can use Tor. They can't inject into encrypted packets. – Cole Johnson – 2013-11-08T02:06:30.833