As I write this post, when I look at the source of this page (or any other pages that are not using SSL), by the end of the page I will find this code:
This script is inserted by my ISP provider (TelkomSpeedy) each time they find tag on the page.
A solution would be to use SSL (#1), but I have a number of sites that I built for me and my clients and this won't be cost-effective. Another solution would be using Universal SSL from CloudFlare, which is free (#2). A hackish solution would be to put <!-- before the </body> tag (#3).
I was going to send a ticket to my hosting provider, asking if they know what to do about this, and later decided that I won't take up resources on their ticketing system.
Put 127.0.01 into my computer's /etc/hosts to suspected FQDN did not work. Also I would need something server side, because my local clients might not be able to reproduce this trick on their own computers.
Ad Block Plus doesn't help
Block the IPs of my ISP proxy from my web server doesn't help --or probably I didn't find the correct one, yet.
Yes, I am moving away from this ISP (TelkomSpeedy from Indonesia) by the end of this month, but this won't help my local customer as well. I fear that they will find the websites that I build will take more time to load or the layout is broken (the injecting script uses visibility:hidden in CSS before, now they put display:none so it doesn't mess with layout)
So I am asking the experts in this forum, does anyone happen to know any work around for this? Also, are there any Indonesian TelkomSpeedy users here experiencing the same?