XF 2.1 RESOLVED: Hidden iframe after closing body tag?

[djbaxter]

Trying to help someone correct errors and rationalize ads in XF2.

In Inspector, I am seeing this below the closing body tag and just above the /html tag:

<iframe id="google_esf" name="google_esf" src="https://googleads.g.doubleclick.net/pagead/html/r20200506/r20190131/zrt_lookup.html#" style="display: none;" data-ad-client="ca-pub-XXXXXXX"></iframe>

Two questions:

1. Anyone know what this is?

2. Can anyone tell me how to remove it?

Google led me to this: https://arxiv.org/ftp/arxiv/papers/1509/1509.07741.pdf

I am concerned that this may be code for stealing or redirecting AdSense revenue.

 

[Max Taxable]

Might be related?

Google announces Google Marketing Platform Partners program

The program includes more than 500 companies certified to provide resources or training on using Google Marketing Platform products

martechtoday-com.cdn.ampproject.org

 

[djbaxter]

Thanks, but I don't think he's part of that.

And why would anything be below the closing body tag?

And how do I remove it? I can't find it in any of the templates.

 

[djbaxter]

There's actually more of this on the forum list page:

<ins class="adsbygoogle adsbygoogle-noablate" style="display: none !important;" data-adsbygoogle-status="done"><ins id="aswift_3_expand" style="display:inline-table;border:none;height:0px;margin:0;padding:0;position:relative;visibility:visible;width:0px;background-color:transparent;"><ins id="aswift_3_anchor" style="display:block;border:none;height:0px;margin:0;padding:0;position:relative;visibility:visible;width:0px;background-color:transparent;"><iframe id="aswift_3" name="aswift_3" style="left:0;position:absolute;top:0;border:0;width:undefinedpx;height:undefinedpx;" src="https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1234567890&amp;output=html&amp;adk=85976724&amp;adf=3412083302&amp;lmt=1589181107&amp;plat=1%3A1081352%2C2%3A1081352%2C8%3A32776%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1048576%2C32%3A32%2C40%3A32&amp;guci=2.2.0.0.2.2.0.0&amp;format=0x0&amp;url=https%3A%2F%2Fwww.domain.com%2Fforums%2Fdowneast-boat-general-discussion%2F&amp;ea=0&amp;flash=32.0.0&amp;pra=7&amp;wgl=1&amp;adsid=ChAI8O_j9QUQhfG55N22oPF8EkwAui8UP4g048s6-kPiVX2AYRiGPddO1MUXKik2Dcu5YPIQcMYsieU9U7i6jz1x4uTDtZDJOQHJrIIs5fZWQIqRyYDiBjo4YcaPghTb&amp;dt=1589181111494&amp;bpp=4&amp;bdt=2754&amp;idt=6353&amp;shv=r20200506&amp;cbv=r20190131&amp;ptt=9&amp;saldr=aa&amp;abxe=1&amp;cookie=ID%3D5a9bfec1a12cd188%3AT%3D1589020874%3AS%3DALNI_MY3dDr94HFDhBDSws-gmb0stEnROg&amp;crv=1&amp;prev_fmts=1075x280%2C300x250%2C300x600&amp;nras=1&amp;correlator=8063505584270&amp;frm=20&amp;pv=1&amp;ga_vid=469541402.1588948369&amp;ga_sid=1589181112&amp;ga_hid=330219373&amp;ga_fc=0&amp;icsg=558558265343&amp;dssz=29&amp;mdo=0&amp;mso=0&amp;u_tz=-240&amp;u_his=10&amp;u_java=0&amp;u_h=864&amp;u_w=1536&amp;u_ah=824&amp;u_aw=1536&amp;u_cd=24&amp;u_nplug=1&amp;u_nmime=2&amp;adx=-12245933&amp;ady=-12245933&amp;biw=1133&amp;bih=287&amp;scr_x=0&amp;scr_y=1900&amp;eid=21066085%2C21062174&amp;oid=3&amp;pvsid=3962143717459627&amp;pem=882&amp;ref=https%3A%2F%2Fwww.domain.com%2F&amp;rx=0&amp;eae=2&amp;fc=896&amp;brdim=372%2C60%2C372%2C60%2C1536%2C0%2C1164%2C764%2C1150%2C287&amp;vis=1&amp;rsz=%7C%7Cs%7C&amp;abl=NS&amp;fu=8208&amp;bc=29&amp;jar=2020-5-11-6&amp;ifi=3&amp;uci=a!3&amp;dtd=6384" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" scrolling="no" allowfullscreen="true" data-google-container-id="a!3" data-load-complete="true" frameborder="0"></iframe></ins></ins></ins>
<iframe id="google_osd_static_frame_3133185951848" name="google_osd_static_frame" style="display: none; width: 0px; height: 0px;"></iframe>
</body>
<iframe id="google_esf" name="google_esf" src="https://googleads.g.doubleclick.net/pagead/html/r20200506/r20190131/zrt_lookup.html#" style="display: none;" data-ad-client="ca-pub-1234567890"></iframe>
</html>

This looks even more like the information at https://arxiv.org/ftp/arxiv/papers/1509/1509.07741.pdf

Can't find any of this in template searches.

I ran a virus scan on the server, the entire home directory, and it came up with nothing but questionable emails.

I'm baffled. What I want to do at this point is delete those scripts and use the more traditional advertising positions. AdSense ads are appearing on the site but not where we want them to and the normal adsense code does not seem to exist in any of the usual Xenforo 2 templates.

@Chris D @Mike

 

[Chris D]

It's not really something we can support you with as it isn't something that is added by the software.

You are actually running Google ads on your site so I assume it's just something being injected as a result of the ads you have running.

 

[djbaxter]

Isn't the part about the code being inserted after the closing body tag rather suspicious though?

 

[djbaxter]

The person who set that up was a shady guy from India who had originally inserted his own ad code before he was fired. Ijust can't figure out how to find this code and how to delete it.

 

[Chris D]

Suspicious? Not particularly. The iframe src is a Google URL and it looks like Google Ads code. I assume there's a reason they add it outside of body but I have no idea what that reason would be. You'd be better off inquiring about it with them.

Alternatively, remove the Google Ads you've added and it should go away.

 

[Chris D]

The person who set that up was a shady guy from India who had originally inserted his own ad code before he was fired. Ijust can't figure out how to find this code and how to delete it.

That code very likely hasn't been explicitly added to your XF template. The Google Ads JavaScript that you have set up for your ads is likely just injecting it there.

You'd just have to remove the ads if you no longer want the ads to display.

 

[djbaxter]

Thank you. I'll try that. I've also contacted AdSense support about it.

Checking some other sites, it does appear that these are Google additions but I'm double checking with them. It just seemed very odd when I spotted that.

 

[Max Taxable]

Thanks, but I don't think he's part of that

The advertiser might be? I was only pointing out it's not suspicious to see doubleclick in a google advert code since they're partnered.

 

[djbaxter]

Yes. Understood.

 

[Russ]

Did you try disabling all ads and any code you inserted at the head/body as well? I've seen where some of those ad codes that will insert stuff like this.

 

[djbaxter]

On checking further, it appears that this is legitimate AdSense code. I'd just never noticed the parts at the bottom and after the closing body tag before.

 

[djbaxter]

@Russ can you see my question here at https://xenforo.com/community/threads/dont-hide-pagination-at-the-top-of-threads-on-mobile.143606/ please.