Windows 7 - No Solution Working To Block Specific IP

B

bigreid

New member
Local time
6:32 PM
Messages
16
Long story short, the ultimate solution, to my dilemma, would be a way to "Disable Active Scripting" on a "per-website" basis.

However, from all of the research that I have done thus far, that option looks grim.

Using Internet Explorer, here is the problem at hand:

I go to a website, one of those websites where, when you click on an Input box, say like a search field, automatically via Java Script, one Pop-Under, or more, appear.

Not Pop-Up, Pop-Under, there is a substantial difference, trust me, as Pop-Ups are stoppable.

This is a great annoyance to me, as to anyone, as that Pop-Under is almost always advertising based.

I have tried a number of solutions, from a number of various engineering sites throughout the net, to stop that Pop-Under, but, for some reason, being that Pop-Under is being called from Script, it appears impossible to stop, at any cost, short of turning off Active Scripting, which I can not afford to do, as some sites, I still need the scripting on.

Just a few of the solutions I have tried:

* I look in the source code of the web page, gather all address that refer to advertising, get the Name Server IP, add those IP's to the HOSTS file. Still gets through.

* Do a video screen capture as the Pop-Under is called, to go back slowly, and see the very fast flashing IP of the offending Pop-Under. Add that IP/Address to HOSTS, still gets through.

* Took the offending IP of the Pop-Under and attempted to block it via Windows Firewall, ...New Rule/Custom/ etc., both Inbound, and Outbound, both Local, and Remote. Still, it gets through.

I have to admit, this one bugged me, as many of the sites that display how to block a single IP using Windows Firewall, many of the folks claimed it worked for them, and quite frankly, it works for me also, AS LONG AS the IP is NOT called from Script, but when the IP is called from Script, then neither the Firewall, nor HOSTS method, any longer work.

* Added offending IP to IE's Internet Options/Restricted Sites, still gets through.

* Also understand I have the option to stop all outbound traffic, and then setup a rule for every single outbound allowance, which is ludicrous, as there are numerous outbound allowances that would be needed, and I only want to stop one single IP.


I mean, I am at wits end here, usually adding an entry to the HOSTS does the trick, but when it is called from Script, NOTHING works to stop that IP.

Don't get me wrong, I am fully aware that there are ways around the HOSTS, as some programs still get through even if you have a related IP listed in the HOSTS, but how they do it, I have not a clue, this is in fact what I need to learn.

I also fully understand, that by simply blocking the IP, the Pop-Under window, itself, will still come up, being that it is called from Script, best I can do, is stop the content in that window.

Any help would be greatly appreciated folks, as I plead total ignorance to this point.

Thank You
 

My Computer My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Build
OS
Microsoft Windows 7 Ultimate x64 / 6.1.7601 Service Pack 1 Build 7601
CPU
Intel(R) Core(TM)2 Extreme CPU X9650
Motherboard
Asus P5K Deluxe
Memory
8 GB
Graphics Card(s)
EVGA Nvidia GeForce GTX 580 (3842) 3GB GF110
Hard Drives
Western Digital WDC WD1001FALS-00J7B1 1TB SATA
Antivirus
Kaspersky Anti Virus v14.0.0.4651(a)
Browser
Internet Explorer / Firefox
It shouldn't matter that the IP is called from a Script. Is it possible they are maybe using different IPs, hidden frames etc to fool you into blocking the wrong IP?! Have you looked at the page source? Have you tried Developer Tools(F12)? From there you can see all connections from a window/tab. In the IE window you want to check, press F12, go to the "Network" tab and press play, then do a reload/refresh in the IE window.

The Windows Firewall by default allows all outbound connections. You can still add block rules without having to change the default value from allow to block.

To block the entire pop-under from opening you have to block Scripts from executing at the page that's creating the pop-under window. And my understanding is that you don't want do to that, not for all sites anyway.

A blacklist approach is not as good as a white list approach. For example you could use zone Trusted instead of Restricted, and set the Internet zone to level High. It takes more time to maintain a white list but it'll work much better!
I have IE configured this way: Internet Zone = High, Trusted = Medium-High. I then add trusted domains like this: *.google.com
This approach won't stop all content from untrusted sites, but it will stop all Scripts and other less safe content.

If you still want to go for a blacklist approach, it should be possible. You just have to make sure you have the correct IP's to block, and from what you describe I'm not sure you have.

What do you mean with "very fast flashing IP of the offending Pop-Under"? Is it a redirect to another site?
 

My Computer My Computer

Computer type
Laptop
Computer Manufacturer/Model Number
HP Elitebook 8540p
OS
Windows 7 Pro 32
CPU
Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz
Motherboard
Hewlett-Packard 1521
Memory
4,00 GB (Usable 2,98)
Graphics Card(s)
NVIDIA NVS 5100M
Sound Card
NVIDIA High Definition Audio
Screen Resolution
1600x900
Hard Drives
INTEL SSDSA2CW120G3
Antivirus
F-Secure Internet Security
Browser
IE, Firefox, Opera
Other Info
Sandboxie,
SRP (Software Restriction Policy),
EMET (Enhanced Mitigation Experience Toolkit),
WFC (Windows Firewall Control by BiniSoft),
Malwarebytes Premium
Tookeri said:
What do you mean with "very fast flashing IP of the offending Pop-Under"? Is it a redirect to another site?
Click to expand...

Yes. After you click into the, "enter text" field, immediately a Pop-Under appears with a URL.

But, that very same Pop-Under immediately switches to another URL, which is the annoying ad.

So the very first URL, obviously is the redirect source, that URL/IP, is the IP I am trying to kill.

That is why I had to use a video screen capture, to capture that very first, fastly disappearing IP.

And as I said above, I was able to get that inital IP, and tried to block it every way I know how, to no avail.

If it weren't for some of those ads being of the nature of those, "full screen locked" ads that you need to reboot to get rid of, and major annoyances of that type, I would not care as much.
 

My Computer My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Build
OS
Microsoft Windows 7 Ultimate x64 / 6.1.7601 Service Pack 1 Build 7601
CPU
Intel(R) Core(TM)2 Extreme CPU X9650
Motherboard
Asus P5K Deluxe
Memory
8 GB
Graphics Card(s)
EVGA Nvidia GeForce GTX 580 (3842) 3GB GF110
Hard Drives
Western Digital WDC WD1001FALS-00J7B1 1TB SATA
Antivirus
Kaspersky Anti Virus v14.0.0.4651(a)
Browser
Internet Explorer / Firefox
You should add the URL of the page it's redirected to also to the Restricted Zone. That will stop it from running Scripts and probably not be so annoying anymore.

To try and stop redirects you could change the setting "Allow META REFRESH" to disabled for the Internet Zone. But that will affect all pages and might break functionality on legitimate sites. But they usually provide a link to use instead of the redirect.

The security level High which is the level for Restricted sites don't allow Scripts or redirects, and many other things.

A great browser extensions that blocks/warns of "bad" sites based on user reputations is WOT(Web Of Trust). I only use it in Firefox but it's available for Internet Explorer as well:
https://www.mywot.com/en/download/ie

You can use this page and enter the URL of the ad page to check its status in WOT:
https://www.mywot.com/en/scorecard
 

My Computer My Computer

Computer type
Laptop
Computer Manufacturer/Model Number
HP Elitebook 8540p
OS
Windows 7 Pro 32
CPU
Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz
Motherboard
Hewlett-Packard 1521
Memory
4,00 GB (Usable 2,98)
Graphics Card(s)
NVIDIA NVS 5100M
Sound Card
NVIDIA High Definition Audio
Screen Resolution
1600x900
Hard Drives
INTEL SSDSA2CW120G3
Antivirus
F-Secure Internet Security
Browser
IE, Firefox, Opera
Other Info
Sandboxie,
SRP (Software Restriction Policy),
EMET (Enhanced Mitigation Experience Toolkit),
WFC (Windows Firewall Control by BiniSoft),
Malwarebytes Premium

My Computer My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Home made Desktop
OS
Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
CPU
Intel i7-6800K @ 4.3
Motherboard
ASUS X-99 Deluxe II
Memory
Corsair Platinum 16 gig @2400
Graphics Card(s)
EVGA GTX 1070 OC
Monitor(s) Displays
Asus 27" LED LCD/VE278Q
Screen Resolution
1920-1080 or 1280-720 HDMI
Hard Drives
INTEL SSD 730-240 Gb Sata 3.0/
PSU
EVGA Platium 1200W
Case
Phanteks Luxe Tempered Glass 8 fans/ one radiator
Cooling
XSPC/ Water Cooled CPU
Keyboard
Das 4 Professional
Mouse
Logitech M705/MX Anywhere 2-S
Internet Speed
100 mbits
Antivirus
Microsoft Security Essentials/ Malwarebytes Premium 3.0/ SAS
Browser
I.E. 11 default/Firefox/ ISP Time Warner Cable/Spectrum
Other Info
LG BluRay Burner/
Sound system-KLipsch-THX/
Icy Dock ssd Hot Swap bays.
You must log in or register to reply here.

Similar threads

Windows 7 hp 64bit (genuine) reverted to grace period, no activation
Replies
11
Views
4K
SIW2
SIW2
How to Block Specific IP Addresses??
Replies
1
Views
37K
richc46
richc46
  • Article Article
Internet Explorer Content Advisor - Allow or Block Specific Websites
Replies
0
Views
105K
Brink
Brink
End to End Trust and Windows 7
Replies
1
Views
4K
Romulinx2
Romulinx2
Back
Top