Today I saw a strange pop up entitled with logo of my ISP while I was browsing a random page. First I thought it was an ad added by site owner but when I check closely it was even on an another pop up. I checked the source and saw that it was clearly coming from somewhere else. An iframe added to page by using a JS script that sourced from direct IP address. No domain, just an IP and path. I am sure it wasn't part of site because iframe was just a static page. It doesn't contain any tracker links that can be seen every ad today. When I refreshed the page, pop up disappeared.<p>This page could be my mail or bank account or anything that might contain private information. Is there any practical way to prevent something like this?
> An iframe added to page by using a JS script that sourced from direct IP address<p>This can kind of page tampering happen if your connection to the website is not encrypted (<a href="http://" rel="nofollow">http://</a> instead of <a href="https://" rel="nofollow">https://</a>)<p>For practical defense against this, you can install the HTTPS Everywhere browser extension: <a href="https://www.eff.org/https-everywhere" rel="nofollow">https://www.eff.org/https-everywhere</a> which attempts to redirect you to secure versions of websites.<p>If there's no secure version of the site available, there's not much you can do to prevent this besides changing your ISP or using a VPN, however this just moves the trust issue to a different entity.
>This page could be my mail or bank account or anything that might contain private information.<p>They should not be able to read or inject into any URL that starts with <a href="https://" rel="nofollow">https://</a> so your mail, bank, paypal etc should be OK.<p>That said, any tampering at all is a really sucky thing to do. If you can't switch ISP's I'd get a VPN subscription somewhere and send all of your traffic through it.