I've been informed that something (probably Blogger/Blog*Spot ) is inserting some evil popup shit into this blog. I hadn't noticed since Opera defeats it; but Firefox and IE users are getting bombarded with crap. Sorry about this, will confirm the source then work out where to go from there.
OK. Thanks to some help from relapse, plus some experimentation, I have a reasonable idea about what happened.
Background: for many many years I have been using a free stat service, Nedstat/Nedstat Basic. When I say many years... I'm pretty sure I started using them back when I was at college (1997-98). A long time in net years. A couple of months ago, I got an email telling me that Nedstat Basic was now Webstats4U. The name should have given me a clue about the impending doom; but it didn't.
The email included this:
Webstats4U is a 100% FREE version for all webmasters. In order to finance the new developments and to continue providing you with the world?s best FREE web analytics tool in the market, Webstats4U will accept advertising sponsorships on its reporting site and will from time to time accept other types of advertising sponsorships. These advertising sponsorships will not be implemented directly into your website. If you do not wish to continue using our FREE Webstats4U service in exchange for advertising you can of course change anytime to Nedstat?s paid web analytics solutions NedstatPro or Sitestat. (my emphasis).
Nice wording, eh. There was a link to the full terms and conditions; which I skimmed but didn't have time to read. Well, now I have read them properly. In the "Products and Services" section, they don't just define their products and services.
With the installation of Webstats4U on the site it is accepted that WMS has the right to place advertisements on the site in any format or through any channel, including but not limited to e-mail, layer ads, pops, banners and other usual formats without any forewarning and it is furthermore accepted that WMS takes no responsibility for the advertising content and that WMS shall not be liable for any losses incurred regarding this advertising.
Personally I don't think that's "Products and Services" information. That's "Advertising" and "Privacy". But still, I didn't read it - my bad. I went by the original email, which only said they'd have ads on their reporting site (the one you click through to get the data). Nothing was being implemented directly on my website, right? So no dramas.
The evil just keeps going in their FAQ:
These advertising sponsorships can appear as a pop-up or pop-under advertisement or slide-in flash format, and will at no point be implemented directly into your website as banners, buttons, links or similar.
Then today's debacle. Holy crap. Popups, alerts, cookies... the whole nine yards. I don't know why, but only this site hosted on Blogspot was hit. I have several other pages hosted on my own server which don't appear to have been generating popups. I can only speculate on why Blogspot was targetted - maybe the Blogger bar creates a vulnerability? Maybe they have an agreement? Maybe they're specifically targetted by Webstats4U?
Nothing impelemented directly on my site of course. Sure, they'll just appear on my site and piss off my site's readers... but I can rest easy knowing that they were launched from.... well, anywhere they feel like it really. Today it was sel.as-eu.falkag.net.
So now I'm going through and removing Nedstats/WebstatsUpYours code from my pages. It was good while it lasted - the stats are actually good) - and hell, Nedstat made it through the heyday of popups without ever using popups. But now all of a sudden they've decided to cut loose with some of the most aggressive popups I've seen in a long time.
Fuck you too, Webstats4U.