I'm looking for a script to remove/hide the IE tool and status bar, when a link that contains 'target="_blank"' is clicked on and a new window opens, also with the mouse right click disabled in the new window, but the right mouse click disable function must have a button 3 press event detect, as I have found that most of the right mouse button disable scripts have a flaw, that when I press the middle button on the mouse then immediatley press the right button (after releasing the middle button), I can get the context menu to allow me to view a page's source code, this,,, I don't want to happen on a particular web page I have created.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Script needed to remove/hide IE tool and status bar in new page.
- Thread starter usalabs3
- Start date
Awesome, another person wanting to hide their source code.
Let me save you a LOT of time - NONE of what you have asked to be shown how to do is 100% foolproof possible.
-kaht
How much you wanna make a bet I can throw a football over them mountains?
Let me save you a LOT of time - NONE of what you have asked to be shown how to do is 100% foolproof possible.
-kaht
How much you wanna make a bet I can throw a football over them mountains?
Forget it, view-source is trivial. For starters, you could turn javascript off, and hey presto! you have the source.
you can try all sorts of tactics, but the bottom line is that, for the page to be displayed, the source must be sent to the browser. And that means the source can be read along the way.
Check out the MSDN reference for window.open. All the info you need is there. Note that hiding the titlebar only operates if the site is trusted, or if it's within a HTA (rare).
<marc>
New to Tek-Tips? Get better answers - faq581-3339
- Thread starter
- #4
The reason I want such code, is that I'm running an E-mail server, but the user sign up page status bar shows the full url and port, to the sign up page, and as a result, some-one could use that url (and has done so in the past so I had to change the web mail interface port) to sign up for an email account and use that account for mass forwarding (thus exeeding the daily limit set by my E-mail relay service, and preventing other account holders from sending mail), without using the main web page to fill in an account application form.
The sign up page source code can not be viewd by right clicking and selecting 'View source code' even though the context menu is there, when 'View source code' is selected, notepad shows an empty window.
Even though I have a javascript to place a message on the status bar, when the mouse is hovered over the link to the sign up page, the status bar shows the full url, hence the status bar needs to be removed in the new window, plus the toolbar needs to be removed in the new window, because when the status bar is hidden, a user would just need to click on 'View-->Status bar' on the tool bar to reveal the url.
I have seen various web pages that do open a window with no tool and status bars, and it wouldn't matter where on that page a user right clicks, it show a message. one such website is slingo.com, when a game is clicked on, a new window opens with no tool or status bar or right clicking.
The sign up page source code can not be viewd by right clicking and selecting 'View source code' even though the context menu is there, when 'View source code' is selected, notepad shows an empty window.
Even though I have a javascript to place a message on the status bar, when the mouse is hovered over the link to the sign up page, the status bar shows the full url, hence the status bar needs to be removed in the new window, plus the toolbar needs to be removed in the new window, because when the status bar is hidden, a user would just need to click on 'View-->Status bar' on the tool bar to reveal the url.
I have seen various web pages that do open a window with no tool and status bars, and it wouldn't matter where on that page a user right clicks, it show a message. one such website is slingo.com, when a game is clicked on, a new window opens with no tool or status bar or right clicking.
usalabs - you cannot hide your source code. it cannot be done. no matter what your intentions. it has been discussed and discussed, it really is impossible.
I appreciate your reasons for doing this, but what you're asking is an impossibility. As I stated, in order for the user's browser to operate, it must receive the source. If the user were behind a proxy, your signup address would be in the logs. The user could always run a packet sniffer, and snoop the source without altering the browser in any way. Or, most trivially, turn off javascript.
If mass sign-ups are a concern, try using a CAPTCHA.
<marc>
New to Tek-Tips? Get better answers - faq581-3339
I appreciate your reasons for doing this, but what you're asking is an impossibility. As I stated, in order for the user's browser to operate, it must receive the source. If the user were behind a proxy, your signup address would be in the logs. The user could always run a packet sniffer, and snoop the source without altering the browser in any way. Or, most trivially, turn off javascript.
If mass sign-ups are a concern, try using a CAPTCHA.
<marc>
New to Tek-Tips? Get better answers - faq581-3339
BillyRayPreachersSon
Programmer
usalabs,
As both posters have already said - give up now. You cannot stop people from finding out your source or links by trying to restrict access to the source code.
I don't understand - why would a page show its own URL in the status bar? Can you clarify this? It may well be that there are other ways to achieve your goal.
Dan
[tt]Dan's Page [blue]@[/blue] Code Couch
[/tt]
As both posters have already said - give up now. You cannot stop people from finding out your source or links by trying to restrict access to the source code.
I don't understand - why would a page show its own URL in the status bar? Can you clarify this? It may well be that there are other ways to achieve your goal.
Dan
[tt]Dan's Page [blue]@[/blue] Code Couch
[/tt]
- Thread starter
- #7
BillyRayPreachersSon said:
Look at my email html page at and hover over one of the links, it used to be, that the status bar showed the full url of the sign up page, but now I use a javascript I found that would open a new window with no tool or status bar, and the link on the html page shows 'javascript:Void(0);' and not the url, it used to be that when the mouse hovers over one of the links, it would show ' in the status bar, the source code of the new window doesn't show the url either.
manarth said:
CAPTCHA refers to a type of challenge response, my email server does have that capability, I know how it works, but have no idea how to set it up, so that some auto created emails, (EG, from the registration process of this forum) get allowed through, where as human sent emails have to be acknowledged.
[ignore][/ignore]
Is that the page?
I note that you already use a CAPTCHA - the image word verification.
By the way, here's a bunch of code (below). I didn't even have to try. See, I use Firefox, and wherever you got your 'block view source' code from, it doesn't work in FF.
The people who'd abuse your email system are spammers; their robots crawl the web looking for these forms/systems, and their robots won't run your javascript. I can grab your source and I'm not even trying...spamming is big business and big bucks - they've got money to throw at the problem. Trying to block "View source" as a defense will give you nothing beyond inflated self-confidence.
<marc>
New to Tek-Tips? Get better answers - faq581-3339
Is that the page?
I note that you already use a CAPTCHA - the image word verification.
By the way, here's a bunch of code (below). I didn't even have to try. See, I use Firefox, and wherever you got your 'block view source' code from, it doesn't work in FF.
The people who'd abuse your email system are spammers; their robots crawl the web looking for these forms/systems, and their robots won't run your javascript. I can grab your source and I'm not even trying...spamming is big business and big bucks - they've got money to throw at the problem. Trying to block "View source" as a defense will give you nothing beyond inflated self-confidence.
Code:
<HTML><HEAD>
<TITLE>Pc Problems and Solving.</TITLE>
<META NAME="description" CONTENT="The best place for pc problem solving.">
<META NAME="keywords" CONTENT="pc help, forums, computer problems">
</HEAD>
<FRAMESET border=0 rows="100%,*" frameborder="no" marginleft=0 margintop=0 marginright=0 marginbottom=0>
<frame src="[URL unfurl="true"]http://ww2.tezandbabs.us:10010/email.htm"[/URL] scrolling=auto frameborder="no" border=0 noresize>
<frame topmargin="0" marginwidth=0 scrolling=no marginheight=0 frameborder="no" border=0 noresize>
</FRAMESET>
<NOFRAMES><BODY><P>
<BLOCKQUOTE>The best place for pc problem solving.</BLOCKQUOTE><P>
<A HREF="[URL unfurl="true"]http://ww2.tezandbabs.us:10010/email.htm">Click[/URL] here to go to webmail.tezandbabs.us</A></BODY></NOFRAMES>
</HTML>
Code:
<html>
<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>Tezandbabs E-mail Service</title>
<!-- Popup Window created with Webmaster Tools ([URL unfurl="true"]http://webmastertools.sawpit.net).-->[/URL]
<SCRIPT LANGUAGE="JavaScript">
<!--
function Start(page)
{
OpenWin = this.open(page, "CtrlWindow","toolbar=No,menubar=No,location=No, scrollbars=No,resizable=No,status=No,width=640,height=480, left=150,top=150,");
}
//-->
</SCRIPT>
<meta name="Microsoft Theme" content="tvtoons 011">
</head>
<body background="_themes/tvtoons/tvbkgnd.gif" bgcolor="#009999" text="#FFFFFF" link="#CCFF66" vlink="#FFCC00" alink="#99CCFF"><!--mstheme--><font face="Arial, Arial, Helvetica">
<script>
/*
Status Bar Decrypter v1.0 by Anarchos [[URL unfurl="true"]http://i.am/Anarchos[/URL]]
Featured on Website Abstraction ([URL unfurl="true"]http://wsabstract.com)[/URL]
For this and over 400+ free scripts, visit [URL unfurl="true"]http://wsabstract.com[/URL]
*/
var data="0123456789";
//set to 1 if not decrypting, set to 0 if decrypting
var done=1;
function statusIn(text){
decrypt(text,2,1);
}
function statusOut(){
self.status='';
done=1;
}
//-------------------------\\
//decrypt(string, int, int)\\
//-------------------------\\
//
//text(string): the text to be decrypted on
//the status bar.
//
//max(int): the number of times a random string
//is displayed before the next character is
//'decrypted'.
//
//delay(int): the number of milliseconds between
//each display of a random string
//
//Example:
//decrypt('Enter my site.',10,10);
//
//text = 'Enter my site.' :: 'Enter my site.' is
//eventually decrypted
//
//max = 10 :: a different random string is dis-
//played 10 times before a new character is
//decrypted
function decrypt(text, max, delay){
if (done){
done = 0;
decrypt_helper(text, max, delay, 0, max);
}
}
function decrypt_helper(text, runs_left, delay, charvar, max){
if (!done){
runs_left = runs_left - 1;
var status = text.substring(0,charvar);
for(var current_char = charvar; current_char < text.length; current_char++){
status += data.charAt(Math.round(Math.random()*data.length));
}
window.status = status;
var rerun = "decrypt_helper('" + text + "'," + runs_left + "," + delay + "," + charvar + "," + max + ");"
var new_char = charvar + 1;
var next_char = "decrypt_helper('" + text + "'," + max + "," + delay + "," + new_char + "," + max + ");"
if(runs_left > 0){
setTimeout(rerun, delay);
}
else{
if (charvar < text.length){
setTimeout(next_char, Math.round(delay*(charvar+3)/(charvar+1)));
}
else
{
done = 1;
}
}
}
}
</script>
<script language=JavaScript>
<!--
//Disable right mouse click Script
//By Maximus (maximus@nsimail.com) w/ mods by DynamicDrive
//For full source code, visit [URL unfurl="true"]http://www.dynamicdrive.com[/URL]
var message="Are you that bored, that you have to right click?";
///////////////////////////////////
function clickIE4(){
if (event.button==2){
alert(message);
return false;
}
}
function clickNS4(e){
if (document.layers||document.getElementById&&!document.all){
if (e.which==2||e.which==3){
alert(message);
return false;
}
}
}
if (document.layers){
document.captureEvents(Event.MOUSEDOWN);
document.onmousedown=clickNS4;
}
else if (document.all&&!document.getElementById){
document.onmousedown=clickIE4;
}
document.oncontextmenu=new Function ("alert(message);return false")
// -->
</script>
<p align="center"><!--webbot bot="Navigation" S-Type="banner" S-Rendering
S-Orientation B-Include-Home B-Include-Up U-Page S-Target startspan --><img src="_derived/email.htm_cmp_tvtoons010_bnr.gif" width="605" height="65" border="0" alt="Tezandbabs E-mail Service"><!--webbot bot="Navigation" endspan i-checksum="1918" -->
</p>
<!--msthemeseparator--><p align="center"> <img src="_themes/tvtoons/atvrule.gif" width="600" height="10"></p>
<p align="center"> </p>
<p align="center"><font size="5"><b>Welcome to my E-mail service.</b></font></p>
<p align="left"><font size="5">This service is <i><b> NOT</b></i> to be used for mass
mailing, the result of mass mailing is the mail account being removed, and the
IP address blocked.</font></p>
<p align="left"><font size="5">To accept the condition above and sign up for a free E-mail address click <a href="javascript:void(0);" onclick="javascript:Start ('[URL unfurl="true"]http://signup.tezandbabs.us');">HERE</a>[/URL]
</font></p>
<p align="left"><font size="5">To sign in and retrieve E-mails click <a href="javascript:void(0);" onclick="javascript:Start ('[URL unfurl="true"]http://email.tezandbabs.us');">HERE</a>[/URL]
</font></p>
<p align="left"> </p>
<!--msthemeseparator--><p align="center"><img src="_themes/tvtoons/atvrule.gif" width="600" height="10"></p>
<!--mstheme--></font></body>
</html><marc>
New to Tek-Tips? Get better answers - faq581-3339
- Thread starter
- #9
So what you're saying is, anyone can obtain the url for the sign up page, then sign up for an email account, then use that account to forward 1,000+ of the same spam email, if so, then there's no point in running an email server.
Thanks for everyones help, I'll shut down the email server, and just have the web server running.
Thanks for everyones help, I'll shut down the email server, and just have the web server running.
usalabs3, perhaps you misunderstand our intentions. I hope you don't think we're being obstructive - we're simply advocating a different approach.
blocking "view source" is not possible, and security through obscurity is not a winning strategy.
There are many webmail systems in operation, with varying results in spam-avoidance. Some are more successful than others. Client-side JavaScript solutions should be avoided, because the trivial solution is simply to turn off JavaScript. Anti-spam techniques should be implemented in the web code running the signup pages, the configurations of the email server software, and routing software.
Whilst the JavaScript forum is not the best place to ask, perhaps you should be seeking advice on how to secure a webmail server. For starters you could:[ul]
[li]force the account signup process to take time (prevent submission until at least 30 seconds after the form is requested)[/li]
[li]restrict concurrent signups from the same IP (although take into consideration proxy servers, such as users behind a corporate firewall, or on AOL)[/li]
[li]have a maximum quota of emails (or unique email recipients) per day)[/li]
[li]use bandwidth-throttling on the email server[/li]
[li]use bayesian tools to monitor outgoing messages; throttle bandwidth (on page/email you) those that appear to be spam[/li]
[/ul]
It's just a few suggestions - there are I'm sure many other steps you can take.
Good luck.
<marc>
New to Tek-Tips? Get better answers - faq581-3339
blocking "view source" is not possible, and security through obscurity is not a winning strategy.
There are many webmail systems in operation, with varying results in spam-avoidance. Some are more successful than others. Client-side JavaScript solutions should be avoided, because the trivial solution is simply to turn off JavaScript. Anti-spam techniques should be implemented in the web code running the signup pages, the configurations of the email server software, and routing software.
Whilst the JavaScript forum is not the best place to ask, perhaps you should be seeking advice on how to secure a webmail server. For starters you could:[ul]
[li]force the account signup process to take time (prevent submission until at least 30 seconds after the form is requested)[/li]
[li]restrict concurrent signups from the same IP (although take into consideration proxy servers, such as users behind a corporate firewall, or on AOL)[/li]
[li]have a maximum quota of emails (or unique email recipients) per day)[/li]
[li]use bandwidth-throttling on the email server[/li]
[li]use bayesian tools to monitor outgoing messages; throttle bandwidth (on page/email you) those that appear to be spam[/li]
[/ul]
It's just a few suggestions - there are I'm sure many other steps you can take.
Good luck.
<marc>
New to Tek-Tips? Get better answers - faq581-3339
- Thread starter
- #11
manarth said:
I don't think that at all, not be a long shot.
It's just, I've tried everything possible in the Spam Assasin setup section, and the mail size and daily quota of my email server, and it still don't stop a user from using his/her address book to mass forward a spam email, EG. I have a relay service notification icon in the system tray, and at one time it popped up saying I had reached the limit of my relay service, so I looked at the log files for that service and there was 1 email that was being forwarded to 500 different addresses, my relay limit is 30 per day, the client program that monitors the relay activity allows me to show the contents of any emails passed through it, and that particular email was a scam mail that was basically requesting money from everyone for a business partnership, thus the need to hide the sign up url.
By forwarding that amount of emails (of which only 30 was allowed through) prevents other (legitimate) users from sending mail via my email server, until the next day.
I'll see if there's a web-mail server forum here, that may have someone that can secure it for me.
- Thread starter
- #12
manarth....I noticed you created an email account on Nov 23 at 21:26 MST, but as I have redirected the address to a page that has no link to the sign up page, I assume you used the url from the code above.
Even though I have challenge response set as default on all new accounts, if you registered for a forum and used that email address for the registration, then when that forum auto sends the email, it can not be viewed untill the challenge has been accepted (it won't be, as the mail would have meen auto generated and sent), but when a human sends an email to that address they would have to click on a link to verify their sending address.
What can be done?, I have searched this forum for a group called 'webmail servers' there's no such group, I have also asked in the 'Merak Mail Server' group but nothing.
Even though I have challenge response set as default on all new accounts, if you registered for a forum and used that email address for the registration, then when that forum auto sends the email, it can not be viewed untill the challenge has been accepted (it won't be, as the mail would have meen auto generated and sent), but when a human sends an email to that address they would have to click on a link to verify their sending address.
What can be done?, I have searched this forum for a group called 'webmail servers' there's no such group, I have also asked in the 'Merak Mail Server' group but nothing.
i'm intrigued...I'm guessing from your IP address that you're running the email/web server on your home computer, and rather than send mail directly, it relays it via cox's servers.
Is there any particular reason you're relaying via your ISP's servers? Have they blocked port 25? Whilst this wouldn't alleviate the problem of spam, sending mail directly instead of via another relay would stop you being blocked out (although your ISP may eventually bar you for running an 'open' relay).
Now I've never come across Icewarp's Merak Server...and whilst TekTips is often a surprising fountain of knowledge, I doubt there's much info on this product sloshing about.
On the other hand, if you were running a linux boxen, with an email server (exim, postfix and sendmail are popular), there's a wealth of advice on configuration. Your security would revolve around 3 key aspects:
[ul]
[li]security in the web app[ul][li]in registering new users[/li][li]in existing users sending mail[/li][/ul][/li]
[li]security in the email server (virus scanning & bayesian filtering to flag abuse and trigger a script to throttle the abuser's bandwidth)[/li]
[li]ip blacklisting through iptables[/li]
[/ul]
There are plenty of TT fora for administering linux boxen: forum54 (linux server), forum93 (BSD, if that's your flavour), forum14 (sendmail) forum921 (postfix).
<marc>
New to Tek-Tips? Get better answers - faq581-3339
Is there any particular reason you're relaying via your ISP's servers? Have they blocked port 25? Whilst this wouldn't alleviate the problem of spam, sending mail directly instead of via another relay would stop you being blocked out (although your ISP may eventually bar you for running an 'open' relay).
Now I've never come across Icewarp's Merak Server...and whilst TekTips is often a surprising fountain of knowledge, I doubt there's much info on this product sloshing about.
On the other hand, if you were running a linux boxen, with an email server (exim, postfix and sendmail are popular), there's a wealth of advice on configuration. Your security would revolve around 3 key aspects:
[ul]
[li]security in the web app[ul][li]in registering new users[/li][li]in existing users sending mail[/li][/ul][/li]
[li]security in the email server (virus scanning & bayesian filtering to flag abuse and trigger a script to throttle the abuser's bandwidth)[/li]
[li]ip blacklisting through iptables[/li]
[/ul]
There are plenty of TT fora for administering linux boxen: forum54 (linux server), forum93 (BSD, if that's your flavour), forum14 (sendmail) forum921 (postfix).
<marc>
New to Tek-Tips? Get better answers - faq581-3339
- Thread starter
- #14
manarth....I'm not using cox as a relay, as they have blocked port 25, I'm using an external (outside of cox) relay service, that recieves mail from the server on port 25 (via a client program, then leaves the client on a different port), then sends that mail to the recipient on port 25, plus I'm using another service that recieves mail on port 110, then relays it to my server on another port, via an MX record I set up using a DNS service that's also outside my ISP.
The mail server is the Merak Mail Server as a closed relay, on a WinXP machine running apache webserver on a different port, then using webforward (also part of the DNS service) to direct http requests on a designated port on the server.
Unfortunately, I don't like Linux, but that's another story/post.
If you have yahoo messenger, could we chat more on there, as we're drifting from the main subject of this post.
The mail server is the Merak Mail Server as a closed relay, on a WinXP machine running apache webserver on a different port, then using webforward (also part of the DNS service) to direct http requests on a designated port on the server.
Unfortunately, I don't like Linux, but that's another story/post.
If you have yahoo messenger, could we chat more on there, as we're drifting from the main subject of this post.
- Status
Similar threads
- Locked
- Question