4

I am having a php page where i am seeing bmi_SafeAddOnload javascript function automatically at the end of page.

I dont know what it is . where is it coming from ? will it cause any issue ? 

<script language="javascript"><!--
bmi_SafeAddOnload(bmi_load,"bmi_orig_img",0);//-->
</script>

Also, Please let me know , how to stop it ?

logan
  • 7,946
  • 36
  • 114
  • 185
  • http://stackoverflow.com/questions/4113268/how-to-stop-javascript-injection-from-vodafone-proxy – Gerben Jacobs Apr 24 '14 at 09:20
  • @GerbenJacobs: I already seen that. May i know why is it coming ? how come others can inject some script into my webpage – logan Apr 24 '14 at 09:45
  • 1
    You are using Vodaphone mobile internet. They, just like T-Mobile, add a "service" so you can load websites faster (basically a proxy). I wrote about it here: http://www.gerbenjacobs.nl/t-mobile-traffic-through-edge-proxy/ – Gerben Jacobs Apr 24 '14 at 09:53
  • yeah., i read. Is it anyhow harmful to my site ? is there possibility for that ? – logan Apr 24 '14 at 10:18
  • 1
    No it's not. In fact, only you can see it. It has nothing to do with the website, but your internet provider. – Gerben Jacobs Apr 24 '14 at 11:29
  • it is from Vodafone. – siniradam Nov 16 '14 at 08:38

1 Answers1

1

It is probably your ISP who injects it, but you can't know for sure, it might just as well be a man in the middle attack. Whoever and whatever it is, it might cause problems. If someone can inject stuff into your page others can too.

The best way to stop it would be to run your page over TLS(HTTPS) and thereby remove such problems.

You can by a certificate for use with TLS, proxy traffic with CloudFlare and enable TLS or wait for Let's Encrypt to launch and get a certificate for free.

Alex
  • 115
  • 1
  • 8