Active X Popup On Our Business Site?

[Samrc]

Other than having a FLASH object on the home page, we have no other active content.

People in our office using IE7 are now getting a an ACTIVE X request:

 

"This website wants to run the following add-on: 'Windows media 6.4 player shim' from 'Microsoft corporation'. If you trust the website and want to allow it to run, click here..."

 

Searching the web turned up info on GOOGLE ADSENSE but we are not running any ads on our site.

Other forums discuss quicktime. But again, the site has no quicktime content.

 

Even checked this site: http://blogs.msdn.com/ie/archive/2007/04/2...ing-add-on.aspx

and they say:

 

This warning occurs whenever a web page attempts to execute code on your machine that has not been used previously and is not on the local pre-approved list. This is usually caused by the website trying to use older code.

 

I'd like to know what I should do about this activeX notice. What content could be triggering it?

It only happens on the HOME PAGE of the site. I checked other pages that have other scripts (slidehows, etc) and only the home page pops. It may scare off some visitors that think we are trying to put something nasty on their computers.

 

Appreciate the help!!

Edited July 10, 2007 by Samrc

[JTD]

You answered your own question with your question. a FLASH object on the home page That is why they are getting the active x popup. Flash requires an up to date active x and if someone does not have that it will ask. Or you maybe running an outdated version of flash yourself on the site. Or some other type of outdated content. Maybe an outdated win media code??? Also a link to your site would have helped.

[Samrc]

Additional: Just checked the site again with/without flash piece and no change. Still pops activeX notice on home page. Also used same machine to visit other sites built with the same CSB program and no popup. So must be related directly to the one page! Just gotta figure out WHICH piece of code is causing it...!

 

h**p://www.lambertusa.com

[JTD]

Just tried your site using IE. You have some type of media on your site??? It is asking me for a quicktime active x. Yep found it. It is this swf file causing your problems. http://www.lambertusa.com/HTMLobj-1700/ann...ngprobanner.swf

[Samrc]

I have several codes on the page.

All of these appear on other pages without popup:

- no IE imagebar

- no rightclick(images only)

- ieupdate.js update (for flash to cancel click to activate)

- javascript (css style rollover links)

 

As I mentioned before: "Just checked the site again with/without flash piece and no change. "

I took the flash OUT and reuploaded page. Same popup. I put the flash back in on the home page and same popup.

Take a look at this page (exact copy, without flash) h**p://www.lambertusa.com/testingcode.htm

It caused the popup, even without flash.

 

And when you use the same computer to visit this page demoing several FLASH pieces, no popup!

h**p//www.samisite.com/csb5demo/flash.htm

So I don't think it's the flash, or flash code.

 

I have no other active content on the page.

 

I have no music or other media files on that page. The couple pages that do have mouseover sound (instruction) do NOT pop the warning.

 

-Samantha

Edited July 10, 2007 by Samrc

[TCH-Bruce]

I don't see any popups using IE7

[JTD]

I don't see any popups using IE7

 

Not pop ups Bruce. It is asking for an active x control. Quicktime to be exact. And you may not see it if you already have that active x on your pc when using IE. BTW no right click is about useless now days. Disable java and right click away. But your site asking for the active x is no big deal. It just means someone does not have that particular application the correct permissions on there pc.

[TCH-Bruce]

That's what I meant. I am not seeing the install active x install popup.

[TCH-James]

The line of code that seems to be causing the pop-up is:

><script language="javascript" src="/js/awstats_misc_tracker.js">

 

I copied the page to testingcode2.htm, removed that line and no longer received the popups.

[TCH-Dick]

That's what I meant. I am not seeing the install active x install popup.

 

 

You are not seeing it because you already that activex plugin installed. If you see it, depending on your setup its going to ask you to install 'Windows media 6.4 player shim" or "QuickTimeCheck Scriptable Object".

I have seen this once before with the js files provided by Google's adsense, so it must be something in the js file Jesse pointed out. However, I have no idea what was in the Google adsense code or in this js script that may cause this behaviour.

[TCH-Dick]

Looks like this is a common issue and can be easily fixed by replacing your awstats_misc_tracker.js file with the one below.

 

>// awstats_misc_tracker.js
//-------------------------------------------------------------------
// You can add this file onto some of your web pages (main home page can
// be enough) by adding the following HTML code to your page body:
//
// <script type="text/javascript" src="/js/awstats_misc_tracker.js"></script>
// <noscript><p><img src="/js/awstats_misc_tracker.js?nojs=y" alt="" height="0" width="0" style="display: none" /></p></noscript>

//
// * This must be added after the <body> tag, not placed within the
//   <head> tags, or the resulting tracking <img> tag will not be handled
//   correctly by all browsers.  Internet explorer will also not report
//   screen height and width attributes until it begins to render the
//   body.
//
// This allows AWStats to be enhanced with some miscellanous features:
// - Screen size detection (TRKscreen)
// - Browser size detection (TRKwinsize)
// - Screen color depth detection (TRKcdi)
// - Java enabled detection (TRKjava)
// - Macromedia Director plugin detection (TRKshk)
// - Macromedia Shockwave plugin detection (TRKfla)
// - Realplayer G2 plugin detection (TRKrp)
// - QuickTime plugin detection (TRKmov)
// - Mediaplayer plugin detection (TRKwma)
// - Acrobat PDF plugin detection (TRKpdf)
//-------------------------------------------------------------------

// If you use pslogger.php to generate your log, you can change this line with
// var awstatsmisctrackerurl="pslogger.php?loc=/js/awstats_misc_tracker.js";
var awstatsmisctrackerurl="/js/awstats_misc_tracker.js";

var TRKresult;
var TRKscreen, TRKwinsize, TRKcdi, TRKjava, TRKshk, TRKsvg, TRKfla;
var TRKrp, TRKmov, TRKwma, TRKpdf, TRKpdfver, TRKuserid, TRKsessionid;
var TRKnow, TRKbegin, TRKend;
var TRKnse, TRKn;

function awstats_setCookie(TRKNameOfCookie, TRKvalue, TRKexpirehours) {
TRKExpireDate = new Date ();
  TRKExpireDate.setTime(TRKExpireDate.getTime() + (TRKexpirehours * 3600 * 1000));
  document.cookie = TRKNameOfCookie + "=" + escape(TRKvalue) + "; path=/" + ((TRKexpirehours == null) ? "" : "; expires=" + TRKExpireDate.toGMTString());
}

//function awstats_runvbscript() {
//	TRKresult = false;
//	p=false;
//	document.write('<script LANGUAGE="VBScript">\non error resume next \n p = IsObject(CreateObject("PDF.PdfCtrl.5")) \n if (p) then \n msgbox("5") \n return true \n end if</SCRIPT>\n');
//	alert(p);
//	if (TRKresult) return 'y';
//	else return 'n';
//}

function awstats_detectIE(TRKClassID) {
TRKresult = false;  // !!! Adding var in front of TRKresult break detection !!!
document.write('<SCR' + 'IPT LANGUAGE="VBScript">\n on error resume next \n TRKresult = IsObject(CreateObject("' + TRKClassID + '")) \n </SCR' + 'IPT>\n');
if (TRKresult) return 'y';
else return 'n';
}

function awstats_detectNS(TRKClassID) {
TRKn = "n";
if (TRKnse.indexOf(TRKClassID) != -1) if (navigator.mimeTypes[TRKClassID].enabledPlugin != null) TRKn = "y";
return TRKn;
}

function awstats_getCookie(TRKNameOfCookie){
if (document.cookie.length > 0){
	TRKbegin = document.cookie.indexOf(TRKNameOfCookie+"=");
	if (TRKbegin != -1) {
		TRKbegin += TRKNameOfCookie.length+1; 
		TRKend = document.cookie.indexOf(";", TRKbegin);
		if (TRKend == -1) TRKend = document.cookie.length;
		  return unescape(document.cookie.substring(TRKbegin, TRKend));
	}
	return null; 
  }
return null; 
}

if (window.location.search == "" || window.location.search == "?") {
// If no query string
TRKnow = new Date();
TRKscreen=screen.width+"x"+screen.height;
if (navigator.appName != "Netscape") { TRKcdi=screen.colorDepth; }
else {TRKcdi=screen.pixelDepth};
TRKjava=navigator.javaEnabled();
TRKuserid=awstats_getCookie("AWSUSER_ID");
TRKsessionid=awstats_getCookie("AWSSESSION_ID");
var TRKrandomnumber=Math.floor(Math.random()*10000);
if (TRKuserid == null || (TRKuserid=="")) { TRKuserid = "awsuser_id" + TRKnow.getTime() +"r"+ TRKrandomnumber; }
if (TRKsessionid == null || (TRKsessionid=="")) { TRKsessionid = "awssession_id" + TRKnow.getTime() +"r"+ TRKrandomnumber; }
awstats_setCookie("AWSUSER_ID", TRKuserid, 10000);
awstats_setCookie("AWSSESSION_ID", TRKsessionid, 1);
TRKuserid=""; TRKuserid=awstats_getCookie("AWSUSER_ID");
TRKsessionid=""; TRKsessionid=awstats_getCookie("AWSSESSION_ID");

var TRKnav=navigator.appName.toLowerCase();	 // "internet explorer" or "netscape"
var TRKagt=navigator.userAgent.toLowerCase();   // "msie...", "mozilla...", "firefox..."
//alert(TRKnav); alert(TRKagt);

var TRKwin  = ((TRKagt.indexOf("win")!=-1) || (TRKagt.indexOf("32bit")!=-1));
var TRKmac  = (TRKagt.indexOf("mac")!=-1);

var TRKns   = (TRKnav.indexOf("netscape") != -1);
var TRKopera= (TRKnav.indexOf("opera") != -1);
var TRKie   = (TRKagt.indexOf("msie") != -1);

// Detect the browser internal width and height
var TRKwinsize;
if (document.documentElement && document.documentElement.clientWidth)
	TRKwinsize = document.documentElement.clientWidth + 'x' + document.documentElement.clientHeight;
else if (document.body && document.body.clientWidth)
	TRKwinsize = document.body.clientWidth + 'x' + document.body.clientHeight;
else
	TRKwinsize = window.innerWidth + 'x' + window.innerHeight;

if (TRKie && TRKwin) {
	TRKshk = awstats_detectIE("SWCtl.SWCtl.1");
	TRKsvg = awstats_detectIE("Adobe.SVGCtl");
	TRKfla = awstats_detectIE("ShockwaveFlash.ShockwaveFlash.1");
	TRKrp  = awstats_detectIE("rmocx.RealPlayer G2 Control.1");
	TRKmov = awstats_detectIE("Quicktime.Quicktime");
	TRKwma = awstats_detectIE("wmplayer.ocx");
	TRKpdf = 'n'; TRKpdfver='';
	if (awstats_detectIE("PDF.PdfCtrl.1") == 'y') { TRKpdf = 'y'; TRKpdfver='4'; } // Acrobat 4
	if (awstats_detectIE('PDF.PdfCtrl.5') == 'y') { TRKpdf = 'y'; TRKpdfver='5'; } // Acrobat 5
	if (awstats_detectIE('PDF.PdfCtrl.6') == 'y') { TRKpdf = 'y'; TRKpdfver='6'; } // Acrobat 6
	if (awstats_detectIE('AcroPDF.PDF.1') == 'y') { TRKpdf = 'y'; TRKpdfver='7'; } // Acrobat 7
}
if (TRKns || !TRKwin) {
	TRKnse = "";
	for (var TRKi=0;TRKi<navigator.mimeTypes.length;TRKi++) TRKnse += navigator.mimeTypes[TRKi].type.toLowerCase();
	TRKshk = awstats_detectNS("application/x-director","");
	  TRKsvg = awstats_detectNS("image/svg+xml","");
	if (document.implementation.hasFeature("org.w3c.dom.svg", "")) {TRKsvg = "y"; }
	TRKfla = awstats_detectNS("application/x-shockwave-flash"); // ou lire dans naviagtor.plugins si on trouve "Shockwave Flash" ou "Shockwav Flash 2.0"
	TRKrp  = awstats_detectNS("audio/x-pn-realaudio-plugin");
	TRKmov = awstats_detectNS("video/quicktime");
	TRKwma = awstats_detectNS("application/x-mplayer2");
	TRKpdf = awstats_detectNS("application/pdf");
	TRKpdfver='';
}

var imgsrc1 = awstatsmisctrackerurl+'?screen='+TRKscreen+'&win='+TRKwinsize+'&cdi='+TRKcdi+'&java='+TRKjava;
var imgsrc2 = '&shk='+TRKshk+'&svg='+TRKsvg+'&fla='+TRKfla+'&rp='+TRKrp+'&mov='+TRKmov+'&wma='+TRKwma+'&pdf='+TRKpdf+'&uid='+TRKuserid+'&sid='+TRKsessionid;
//alert(imgsrc1);
//alert(imgsrc2);
var imgsrc=imgsrc1+imgsrc2;
if( document.createElementNS ) {
	var l=document.createElementNS("http://www.w3.org/1999/xhtml","img");
	l.setAttribute("src", imgsrc );
	l.setAttribute("height", "0");
	l.setAttribute("width", "0");
	l.setAttribute("border", "0");
	document.getElementsByTagName("body")[0].appendChild(l);
} else {
	document.write('<img style="display:none;" src="'+ imgsrc +'" height="0" width="0" border="0" />')
}

}

[Samrc]

Thanks TCH-Dick. I replaced the awstats_misc_tracker.js file. But unfortunately, the home page (lambertusa.com) still causes the active X notice. So that did not fix the problem.

 

The test page, h**p://www.lambertusa.com/testingcode.htm caused the active X notice. BUT once I removed the tracking code from the page <script language="javascript" src="/js/awstats_misc_tracker.js"> the page loads normally with no active X notice.

 

Looks like the only way I can fix it is remove the tracking code from the home page too and skip the additional awstats info unless anyonw else has a suggestion.

[TCH-Bruce]

Or get your users to configure their browser so that it doesn't happen.

[Samrc]

Or get your users to configure their browser so that it doesn't happen.

That would work on my personal/tutorial site where the visitors are more computer conscious.

 

However, the lambert visitors are a mixed bag. Some are architects with current equipment and some computer savy. But most are contractors with older equipment that can barely use computers (often let wives do the surfing because they are uncomfortable with the internet), and distributor office workers that have no idea how to adjust browser settings. Telling them to do it would be like an accountant telling me the tax code. I might learn it but don't want to!

[TCH-James]

Samrc,

 

I made a modification to the javascript which removes the awstats check for QuickTime and MediaPlayer. If you look at your original testing page, I added the extended awstats code back in and it will no longer give the active-x prompt.

 

So the solution for IE7 is to remove the references to IE Media Player and QuickTime (and RealPlayer just in case):

>var TRKrp  = awstats_detectIE("rmocx.RealPlayer G2 Control.1")
var TRKmov = awstats_detectIE("QuickTimeCheckObject.QuickTimeCheck.1")
var TRKwma = awstats_detectIE("MediaPlayer.MediaPlayer.1")

[Samrc]

EXCELLENT! Works like a charm!!! Thank you so much!

 

I had actually forgotten about the awstats.js file! Since our site does not depend on those media players, I am glad that the tracker script will no longer check for them. No more Active X notice!

 

But I will keep the full code on my tutorial site.

 

 

I LOVE THIS PLACE!!!