It looks like my site has been hacked. I have removed all files form the site (on IIS7) and replaced it with a simple asp file:
<%# Language=VBscript%>
<%
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
</head><body>
</body>
</HTML>
If the page is called with the HTTPreferer as 'googlebot' a load of spam links are inserted just before the body close tag. Otherwise the page works fine.
I have the site on shared hosing but have access to IIS7 manager for the site with limited control. I cannot see a URL rewrite function or anything that will allow the page to be altered before the data being sent. There are some functions of the IIS7 system I dont have access to as it is a shared server and I am trying to work with my hosting provider to resove the problem, but they also seem to be drawing a blank.
any ideas? its killing my google rankings!
PS is does affect another of my sites on the same hosing system but not all my sites nor a couple of others I tested.
Related
My web application is triggering quirks mode in IE8. It changes my doctype (html5) and then capitalizes every tag.
When I save the page in Google Chrome and open the saved page in IE8 it works fine.
Does anyone know what is going wrong here and how I can fix it?
What I already tried:
I read this and tried playing with comments before <html>, without
luck:
IE6 changes DOCTYPE to a bad one
I saw Google Chrome's saved version had a META tag defining the
content-type added. Tried inserting this in the page, and tried doing
this with php's header(), but without luck.
I tried other doctypes I found on this page:
http://dorward.me.uk/www/ie8/
Using the saved version is not an option because the page is generated with PHP.
Edit:
I tried putting the Google Chrome version on the web server, but IE fails on that version too. Are there any server settings which can affect IE's rendering of the page?
Edit2:
I tried
<!DOCTYPE html>
and
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
They were both changed to:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">`
Found it. Internet Explorer's compatibility mode was on for websites on the internal network.
I could slap myself.
I have a classic ASP page that calls in some other ASP files using Server Side Includes.
I want neither the main file nor the included files to be cached by any browser.
At the moment my main looks something like this:
<%# Language="VBSCRIPT" %><% Option Explicit %>
<%
Response.CacheControl = "no-cache"
Response.AddHeader "Pragma", "no-cache"
Response.Expires=-1
%>
<!--#include file="scripts1.asp"-->
<!--#include file="scripts2.asp"-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>myTitle</title>
<!--#include file="head.asp"-->
</head>
<body>
<!--#include file="body.asp"-->
</body>
</html>
I have only placed the Response.CacheControl, Response.AddHeader, Response.Expires code on the main page and not on the included files.
My questions are:
Do all server side included ASP pages need the Response.CacheControl, Response.AddHeader and Response.Expires code that I have used, or just the main file?
Is the code I have used sufficient to prevent caching on all browsers?
Only the "master" output page needs the headers, as you've shown. The server-side include happens internally on the server, so the browser never sees it.
You're doing it right.
I'm using the HTML Validator Addon in Firefox 4 (great tool I might add).
However, I'm not sure the validation is working the way it should. I'm getting an error saying 'Canvas is not recognized'.
My doctype and html tags are set as follows:
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
I believe this is supposed to be the HTML5 way for setting doctypes.
Is there something I'm missing?!
Try removing xmlns="http://www.w3.org/1999/xhtml" from the <html> element.
I'm trying to setup compatibility mode in one of our web products however I cannot get compatiblity mode to work via a particular server.
To recount what I've done so far:
I've set the the HTTP header X-UA-Compatible in IIS to IE=7
I've set also addded the meta element as the first element in the head element to the master page:
Using fiddler I've checked the HTTP traffic and I can see the header value and the meta element. Using the same browser (different tab) when I point to our staging server the document renders as IE7 brower mode and IE7 document mode. Which is great. Unfortunately when I point to the live server which is configured in the same way as the staging server the document renders as IE8 browser mode and IE7 document mode.
As a result when I check the dev tools the CSS which is being applied to the html element is
" ie ie8 CSS1Compat Win32"
vs
" ie ie7 CSS1Compat Win32"
Has anyone got any suggestions what I might have missed?
Note there is a blank line before DOCTYPE instruction (which is meaningful).
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:b="http://www.backbase.com/2006/btl"
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:e="http://www.backbase.com/2006/xel"
xmlns:c="http://www.backbase.com/2006/command" xmlns:d="http://www.backbase.com/2006/tdl"
xmlns:x="http://woodmac.com/x">
<head><meta http-equiv="X-UA-Compatible" content="IE=7" /><meta http-equiv="content-type" content="text/html; charset=iso-8859-1" /><meta http-equiv="expires" content="-1" /><meta name="robots" content="index,follow" />
<script type="text/javascript" src="Backbase/engine/boot.js"></script>
<link href="App_Themes/MANDA/print_style.css" type="text/css" rel="stylesheet" /><link href="App_Themes/MANDA/screen_style.css" type="text/css" rel="stylesheet" /></head>
<body>
Thanks,
Philip
Take a look at this site and see if you missed anything. It may be related to the doctype, but it looks like the meta tags should override that.
What url are you using to access each server? IE8 has an option which is enabled by default which will force "intranet", or single-name, domains to render in compatibility mode regardless of your XUA and other header settings (Tools > Compatibility View Settings > Display intranet sites in compatibility view).
If this setting is enabled and you are accessing one or the other of your staging and prod sites with something like http://servername, then this may be causing them to render differently regardless of your setting.
Recently I was faced with this issue and ended up requiring all servers to be accessed with a domain extension (e.g. http://servername.company.com), and set the XUA header to IE7. Now everything renders in IE7 mode regardless of the server its running on.
i wrote 2 pages to test this problem, but the server complaints error. i don't know why, anyone can explaint it? great thanks.
this is 1.cfm
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
<title>Page Title</title>
</head>
<body>
<cfscript>
a="aaaaaaaaaaa";
b="bbbbbbbbbbb";
request.r1="rrrrrrr111111111";
request.r2="rrrrrrrr222222222";
session.s1="sssssssssss11111111111";
session.s2="sssssssssss2222222222";
</cfscript>
<iframe src="2.cfm" width="600" height="400" name="myframe" scrolling="yes">
</iframe><br />
variables
<cfdump var="#variables#">
request
<cfdump var="#request#">
session
<cfdump var="#session#">
</body>
</html>
and this is 2.cfm
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
<title>2.cfm</title>
</head>
<body>
variables
<cfdump var="#variables#">
request
<cfdump var="#request#">
session
<cfdump var="#session#">
</body>
</html>
It seems like you're misunderstanding a basic concept of web-page requests.
An iframe, while displayed as a portion of the rendering page, is in fact its own request, entirely separate from the original page request.
Session variables would be shared between the two of them (assuming you have sessions enabled in Application.cfm/Application.cfc), and although it's unlikely that you'll get into a race condition by setting variables from a parent page (1.cfm) and reading them from a child page in an iframe (2.cfm), it's just not a great idea (best practice).
Request variables set in the parent page (1.cfm) will not be available to the page in the iframe (2.cfm), as it is a separate request.
Like the Request scope is private to each request (but shared to all templates and objects), the "variables" scope is private to each template (but shared among them when using cfinclude).
While your iframe will have access to its own request and variables scopes, they will not be the same scope as the original page (1.cfm).
This is a fairly basic concept of programming in general, and also of ColdFusion. If you're finding it difficult to grasp, you might consider picking up a copy of the ColdFusion Web Application Construction Kit, which can take you from complete novice to beginner-intermediate level fairly quickly.
Do you have an Application.cfm in the directory you're running these tests in?
If you add the following line into a file called Application.cfm and the root of the directory it should work.
<cfapplication name="test_app" sessionmanagement="true">
I tested your two files and without the Application.cfm it broke, with it present it works fine.
I think Ian's on the right track here with his observation that to use session variables, one needs to have sessionmanagement enabled, however I think suggesting using Application.cfm for this is a bit anachronistic.
If one is using a version of CF from CFMX7 onwards, the recommended way to manage the application framework is via Application.cfc, and the equivalent to Ian's code would be:
<cfcomponent>
<cfset this.name = "test_app">
<cfset this.sessionManagement = true>
</cfcomponent>