XF 2.1 RESOLVED: Hidden iframe after closing body tag?

D

djbaxter

in memoriam 1947-2022
Trying to help someone correct errors and rationalize ads in XF2.

In Inspector, I am seeing this below the closing body tag and just above the /html tag:

JavaScript: 
<iframe id="google_esf" name="google_esf" src="https://googleads.g.doubleclick.net/pagead/html/r20200506/r20190131/zrt_lookup.html#" style="display: none;" data-ad-client="ca-pub-XXXXXXX"></iframe>

Two questions:

1. Anyone know what this is?

2. Can anyone tell me how to remove it?

Google led me to this: https://arxiv.org/ftp/arxiv/papers/1509/1509.07741.pdf

I am concerned that this may be code for stealing or redirecting AdSense revenue.
 
Sort by date Sort by votes
Thanks, but I don't think he's part of that.

And why would anything be below the closing body tag?

And how do I remove it? I can't find it in any of the templates.
 
Last edited:
Upvote 0 Downvote
There's actually more of this on the forum list page:

Code: 
<ins class="adsbygoogle adsbygoogle-noablate" style="display: none !important;" data-adsbygoogle-status="done"><ins id="aswift_3_expand" style="display:inline-table;border:none;height:0px;margin:0;padding:0;position:relative;visibility:visible;width:0px;background-color:transparent;"><ins id="aswift_3_anchor" style="display:block;border:none;height:0px;margin:0;padding:0;position:relative;visibility:visible;width:0px;background-color:transparent;"><iframe id="aswift_3" name="aswift_3" style="left:0;position:absolute;top:0;border:0;width:undefinedpx;height:undefinedpx;" src="https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1234567890&amp;output=html&amp;adk=85976724&amp;adf=3412083302&amp;lmt=1589181107&amp;plat=1%3A1081352%2C2%3A1081352%2C8%3A32776%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1048576%2C32%3A32%2C40%3A32&amp;guci=2.2.0.0.2.2.0.0&amp;format=0x0&amp;url=https%3A%2F%2Fwww.domain.com%2Fforums%2Fdowneast-boat-general-discussion%2F&amp;ea=0&amp;flash=32.0.0&amp;pra=7&amp;wgl=1&amp;adsid=ChAI8O_j9QUQhfG55N22oPF8EkwAui8UP4g048s6-kPiVX2AYRiGPddO1MUXKik2Dcu5YPIQcMYsieU9U7i6jz1x4uTDtZDJOQHJrIIs5fZWQIqRyYDiBjo4YcaPghTb&amp;dt=1589181111494&amp;bpp=4&amp;bdt=2754&amp;idt=6353&amp;shv=r20200506&amp;cbv=r20190131&amp;ptt=9&amp;saldr=aa&amp;abxe=1&amp;cookie=ID%3D5a9bfec1a12cd188%3AT%3D1589020874%3AS%3DALNI_MY3dDr94HFDhBDSws-gmb0stEnROg&amp;crv=1&amp;prev_fmts=1075x280%2C300x250%2C300x600&amp;nras=1&amp;correlator=8063505584270&amp;frm=20&amp;pv=1&amp;ga_vid=469541402.1588948369&amp;ga_sid=1589181112&amp;ga_hid=330219373&amp;ga_fc=0&amp;icsg=558558265343&amp;dssz=29&amp;mdo=0&amp;mso=0&amp;u_tz=-240&amp;u_his=10&amp;u_java=0&amp;u_h=864&amp;u_w=1536&amp;u_ah=824&amp;u_aw=1536&amp;u_cd=24&amp;u_nplug=1&amp;u_nmime=2&amp;adx=-12245933&amp;ady=-12245933&amp;biw=1133&amp;bih=287&amp;scr_x=0&amp;scr_y=1900&amp;eid=21066085%2C21062174&amp;oid=3&amp;pvsid=3962143717459627&amp;pem=882&amp;ref=https%3A%2F%2Fwww.domain.com%2F&amp;rx=0&amp;eae=2&amp;fc=896&amp;brdim=372%2C60%2C372%2C60%2C1536%2C0%2C1164%2C764%2C1150%2C287&amp;vis=1&amp;rsz=%7C%7Cs%7C&amp;abl=NS&amp;fu=8208&amp;bc=29&amp;jar=2020-5-11-6&amp;ifi=3&amp;uci=a!3&amp;dtd=6384" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" scrolling="no" allowfullscreen="true" data-google-container-id="a!3" data-load-complete="true" frameborder="0"></iframe></ins></ins></ins>
<iframe id="google_osd_static_frame_3133185951848" name="google_osd_static_frame" style="display: none; width: 0px; height: 0px;"></iframe>
</body>
<iframe id="google_esf" name="google_esf" src="https://googleads.g.doubleclick.net/pagead/html/r20200506/r20190131/zrt_lookup.html#" style="display: none;" data-ad-client="ca-pub-1234567890"></iframe>
</html>

This looks even more like the information at https://arxiv.org/ftp/arxiv/papers/1509/1509.07741.pdf

Can't find any of this in template searches.

I ran a virus scan on the server, the entire home directory, and it came up with nothing but questionable emails.

I'm baffled. What I want to do at this point is delete those scripts and use the more traditional advertising positions. AdSense ads are appearing on the site but not where we want them to and the normal adsense code does not seem to exist in any of the usual Xenforo 2 templates.

@Chris D @Mike
 
Upvote 0 Downvote
It's not really something we can support you with as it isn't something that is added by the software.

You are actually running Google ads on your site so I assume it's just something being injected as a result of the ads you have running.
 
Upvote 0 Downvote
The person who set that up was a shady guy from India who had originally inserted his own ad code before he was fired. Ijust can't figure out how to find this code and how to delete it. :(
 
Upvote 0 Downvote
Suspicious? Not particularly. The iframe src is a Google URL and it looks like Google Ads code. I assume there's a reason they add it outside of body but I have no idea what that reason would be. You'd be better off inquiring about it with them.

Alternatively, remove the Google Ads you've added and it should go away.
 
Upvote 0 Downvote
djbaxter said:
The person who set that up was a shady guy from India who had originally inserted his own ad code before he was fired. Ijust can't figure out how to find this code and how to delete it. :(
Click to expand...
That code very likely hasn't been explicitly added to your XF template. The Google Ads JavaScript that you have set up for your ads is likely just injecting it there.

You'd just have to remove the ads if you no longer want the ads to display.
 
Upvote 0 Downvote
Thank you. I'll try that. I've also contacted AdSense support about it.

Checking some other sites, it does appear that these are Google additions but I'm double checking with them. It just seemed very odd when I spotted that.
 
Upvote 0 Downvote
Did you try disabling all ads and any code you inserted at the head/body as well? I've seen where some of those ad codes that will insert stuff like this.
 
Upvote 0 Downvote
You must log in or register to reply here.
Back
Top Bottom