this site detected my add blocking tools

Discussion in 'privacy general' started by UNICRON, May 19, 2002.

Thread Status:
Not open for further replies.
  1. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    http://www.afterdawn.com/news/archive/2932.cfm

    Haven't been back with em turned off (and I won't) So maybe it says that to everybody, I dunno.

    Can I get this site tested by others?

    I had Proimotron and surf-in-peace running.
     
  2. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    I went back with Opera. Opera is not configured to use Proximotron, and Surf in peace doesn't work with Opera. So I got ads. The site is real, and quite proud of their ad blocking.

    I left them some feedback telling then that I did not see any ads. maybe that will make em sweat.

    I configured Opera to use proximotron and I was detected as using adblocking software, and denied access.

    Can we get a definitive list of what software works and what doesn't at thi site? Post back what add blockers you use and whether you were denied access or not.

    It might be time to develop a new add blocking app
     
  3. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Grabbed good ol' AtGuard for this special ocassion (not the FW part); went right thru. Didn't bother to use some different apps - that's for other participants to jump in  ;).

    regards,

    paul
     
  4. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,347
    Location:
    The Netherlands
    No problems with Norton Internet Security 4.0 running either.
    Cookies, ads, banners blocked, but no problems accessing every nook and cranny of the site.
     
  5. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    I got blocked from the site.

    SpyBlocker 4.75 log entries for the site (using S.Martins hosts file) :

    Logged Entry Sunday, May 19 2002 at 10:03:59 AM
    Remote Port: 1874
    Remote Host: 127.0.0.1
    [BLOCKED ADVERTISEMENT]

    GET /w/pop.cgi?sid=6682&m=2&v=1.7&u=http%3A//www.afterdawn.com/news/archive/2932.cfm&c=59 HTTP/1.1
    User-Agent: Opera/6.02 (Windows ME; U)  [en]
    Host: media.fastclick.net
    Accept: text/html, image/png, image/jpeg, image/gif, image/x-xbitmap, */*
    Accept-Language: en
    Accept-Charset: windows-1252;q=1.0, utf-8;q=1.0, utf-16;q=1.0, iso-8859-1;q=0.6, *;q=0.1
    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
    Referer: http://www.afterdawn.com/news/archive/2932.cfm
    Connection: Keep-Alive


    Logged Entry Sunday, May 19 2002 at 10:04:00 AM
    Remote Port: 1877
    Remote Host: 127.0.0.1
    [BLOCKED SCRIPT]

    GET /adj/dclk.afterdawn/ros;dcopt=ist;abr=!webtv;sz=468x60;ord=3911617? HTTP/1.1
    User-Agent: Opera/6.02 (Windows ME; U)  [en]
    Host: ad.doubleclick.net
    Accept: text/html, image/png, image/jpeg, image/gif, image/x-xbitmap, */*
    Accept-Language: en
    Accept-Charset: windows-1252;q=1.0, utf-8;q=1.0, utf-16;q=1.0, iso-8859-1;q=0.6, *;q=0.1
    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
    Referer: http://www.afterdawn.com/news/archive/2932.cfm
    Connection: Keep-Alive


    Logged Entry Sunday, May 19 2002 at 10:04:01 AM
    Remote Port: 1886
    Remote Host: 127.0.0.1
    [BLOCKED ADVERTISEMENT]

    GET /images/x-click-but24.gif HTTP/1.1
    User-Agent: Opera/6.02 (Windows ME; U)  [en]
    Host: images.paypal.com
    Accept: text/html, image/png, image/jpeg, image/gif, image/x-xbitmap, */*
    Accept-Language: en
    Accept-Charset: windows-1252;q=1.0, utf-8;q=1.0, utf-16;q=1.0, iso-8859-1;q=0.6, *;q=0.1
    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
    Referer: http://www.afterdawn.com/news/archive/2932.cfm
    Connection: Keep-Alive


    Logged Entry Sunday, May 19 2002 at 10:04:01 AM
    Remote Port: 1886
    Remote Host: 127.0.0.1
    [BLOCKED ADVERTISEMENT]

    GET /images/x-click-but21.gif HTTP/1.1
    User-Agent: Opera/6.02 (Windows ME; U)  [en]
    Host: images.paypal.com
    Accept: text/html, image/png, image/jpeg, image/gif, image/x-xbitmap, */*
    Accept-Language: en
    Accept-Charset: windows-1252;q=1.0, utf-8;q=1.0, utf-16;q=1.0, iso-8859-1;q=0.6, *;q=0.1
    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
    Referer: http://www.afterdawn.com/news/archive/2932.cfm
    Connection: Keep-Alive

    I'll be quite happy to get my d/l's elsewhere - especially considering the fact that I'd never heard of them before, anyway! :)

    Message I got when accessing the page:

    "Ad blocking blocked

     As of today, we have implemented a method to block users who are using so-called "ad blockers" from entering our site. At all.
     
     This is due the fact that by using ad blockers, you're getting content for free, without compensating us, publishers. We can't provide this content for free -- our server costs for two dedicated servers are extremely high with hundreds of gigabytes of traffic a month. And this is paid by our advertisers -- however annoying their ads might be (we have blocked 99.9% of popup requests from our advertisers and have only allowed popunders -- and even allowing popunders took 2.5 years to decide), those ads pay our server hosting bills.
     
     If you can't tolerate this decision, feel free to find the content and software from other sites. Only thing what I ask from you, is to understand our situation -- we don't like ads either, but they're necessary for us to survive.
     
     -Petteri 'dRD' Pyyny, webmaster"

    I'm always kind of amazed by this sort of thing. Why don't they just take the total server cost per year, divide it by the total # of registered users (of course, for this to work, all users would have to register) and charge registered users that much per year to use the site?

    If the site was really, really good (and they'd have to constantly strive to be, wouldn't they?) it would work - and the more registered users they acquired, the cheaper the cost per individual (to a certain extent, anyway - I realize that the more people use it the more their bandwidth costs would increase).

    And guess what? it would be totally ad free! People who went there wouldn't have to worry about being tracked or profiled or bombarded with all those pop-unders!

    They could further enhance the value of a membership there by making absolutely certain (and certifying so) that nothing you could get from there would contain spyware (or if it did, that it would be plainly marked as such, complete with a description of said spyware and what its' capabilities were).

    That might be too much work, though.  :p

    I simply don't understand why they resort to this kind of thing when they could go the other route and actually wind up giving people something they'd happily pay for because of the peace-of-mind factor.

    Oh, well, I wish them luck with their new policy! pete
     
  6. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    I did go there and didn't see any ad !
    MyIe and Naviscope loading through the pacfile as well as SB !
    Even downloaded an mp3 !
     
  7. snowman

    snowman Guest

            Went there...no ads..other than a couple of a couple of programs they were offering for sale...(on left side of page)  ...on the right side of the page were a few more products being offered   Mp3 etc....
           recorded several .gif (harmless)  two(2) html docum......one (1) CSS.......
       
          never logged anything from either <doubleclick> or <paypal>   no shown connections made  in or out by those......in fact,, all (outbound) stopped immediately after accessing the site....so it seems whatever they claim to have to stop ad blockers...never connected to my machine.  

                        snowman.....
     
  8. snowman

    snowman Guest

           just went back to the site..there are "suppose" to be ads....none were able to "show" or connect.....again no outbound traffic of any kind......

           went to a couple of links there..."news" etc..again no ads..no connections made in or out....can surf the site as anyone would...without ads....no pop-underders..overs..sidewayers...upside-downers or otherwise

                                   snowman
     
  9. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    What apps/browser are you running snoman?

    Seems like it can identify Proximotron no problem.

    Anybody able to access this site and still block adds while running proximotron? If so, I need to figure out what settings I have wrong.
     
  10. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    Unicron, is your proxy loaded through your browser ?
    Try trough the pacfile, and should defeat being recognized .
     
  11. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    Please excuse my ignorance, but I do not know what that is.
     
  12. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
  13. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    The pacfile does a bit like adshield does if you will.
    I don't really use it for it's blocking abilities but rather for it's ability so far to defeat anti ad blockers looking for ad blockers in browsers.
     
  14. FanJ

    FanJ Guest

    Only a quick and short "research" there:

    Using: HOSTS (full one with my own sites added), IE-SPYAD (full one; the one before the last one; almost everything in the "not-for-every-one"-section enabled), NIS1.0-adblocking-feature, CookieWall, IEClean blocking Java etc.etc.:

    I could access the site.
    I clicked a few links there.
    CookieWall alerted me for a cookie which I blokked after that.

    Report from NIS:

    Connections:

    images.amazon.com
    www.afterdawn.com
    gfx.cdfreaks.com
    i.afterdawn.com

    Web:
    http://www.afterdawn.com/news/archive/2932.cfm
    http://i.afterdawn.com/styles/styles_ie.css
    http://www.afterdawn.com/news/archive/2944.cfm
    http://www.afterdawn.com/news/
    http://www.afterdawn.com/index-menu.cfm
     
  15. snowman

    snowman Guest

       Unicron

       Sorry my friend for the delay in my reply....have been out nearly all day on a matter of business.

        for this particular "test"...this time I went in with webwasher......which just happen to be handy....sometimes I use prox....or chain webw & prox....(at the moment proxy has been un-installed due to an experiment)..............Unicron you are perhaps awear that both webw & prox can be very easily be bypassedo_O??   if not..then you will need to add a block to prevent this from happening......works for me.  an no more bypassing of either program.......hundreds of websites are now bypassing both webw & prox......use of the "pac file" mentioned will also prevent this from happening...however, adding yet another program for just that purpose alone does cause a lost of resources.

           I'M using IE 5.5.........but as you noticed in another thread...it appears that I am using an older or not properly functioning broswer......but thats just smoke and mirrors......broswer works just fine..

           a decent Hosts file seems to be the prime factor....used in conjucntion with a broswer...plus any proxy...plus adshield........stops just about anything...sometimes it requires id'ing the offender first.......lets say CSS.....but once blocked....its blocked

         you may notice that FanJ logged a couple of things I did not......in my case they did not connect to my computer...so wasn't logged.......on the other hand I logged a couple of things that FanJ did not......reason being because I allow these to connect...an therefore log.     Notice I did not log cfm...........an although I did log one instance of amazon...it was not an image........I also logged <paypal>....which I have allowed....

          going by FanJ's post I would guess that we are both going in the same direction....our blocks may be differant to some extent.....maybe even using differant programs...but the results are along the same line.

        I have noticed that trying to use a proxy these days as an all purpose blocker has some side-effects....many websites will be blocked completely.....my goal was to have full access to websites but totally block the bad stuff......an so far its working.   there are some websites that are just so downright bad that they are absolutely blocked....this I don't mind.......java applets are pure bad news....an will bypass many security programs......so I forbid then entirely in all zones except for the times when I must use ssh applets from trustworth connects...even those are keep in a sandbox...guarded by a real time scanner.

           Unicron I honestly believe its all in the block list...if it can't connect...it can't bypass...     I use three block lists...in three programs.......most of the IE-spyad list...hosts list..."other list"... plus my own........an everything is "chained"  

           once you prevent proxo from being bypassed...you should be in fairly good condition...unfortunately I can't supply you with the block that would prevent the bypassing of proxo because webw always prevents it from happening to proxo.....next time I install proxo I'll log the bypass...an pm it to you.......you should be able to find it in you "files"......oh its going to be logged there alright.....they can't prevent its being logged.

          whew!  long post.....were's that cup of coffee..hmmmmm

                        snowman
     
  16. snowman

    snowman Guest

          Unicron

          went back to the site without using any of three proxies.......no ads showed.....surfed awhile..went back..no ads...cleaned cache..files etc..went back still not using any proxy...no ads.

    during any given day I switch proxies..if I even use one.......may even switch broswers.....no there is no particular reason why I do this other than to experiment.

           in this present case...it appears that it wasn't any proxy that prevented whatever exploit thats suppose to be at that site.     just thought to tell you.

                            snowman

         
     
  17. snowman

    snowman Guest

       Correction to earlier post:

          <paypal> was NOT logged...never connected to my machine.

            sorry..got ahead of myself in a rather long post.

                                 snowman
     
  18. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    With  the host file I got from the XEN site, the ads are gone and I can surf the site fine. I even downloaded software from them.

    That site cracks me up (pun intended) they offer illegal software, copyright infringment tools and pirated mp3s for download, but hate it when you "steal" from them by using their bandwidth without viewing ads. lol!

    Case closed!
     
  19. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Snowman, how?  I wasn't aware of any vulnerability here, so now (of course) I'm concerned.
     
  20. snowman

    snowman Guest

         Checkout

          How?   actually the exploit is rather old at this point in time......the first to be bypassed was proxo.....an webw just went the same way......in fact....this exploit was the cause of adding the pac file feature to spyblocker.....wonder if anyone still remembers that??  it was brought to the attention of PK an pac file resulted.......

         I don't know the tech terms for how its down....it works like a re-direct......an yes can most defintely be blocked.....look for any odd listing in your temp internet file.  (view files).......that includes the name of the proxy you are using......that should be it............of course thats only if you went to a website that bypassed your proxy.......

         ....most certainly its a major issue.....frankly by now I thought this issue was well known and discussed.....appearantly not.......the exploit makes proxies useless....simple as that.    
           Checkout I am just waking up...was ill yesterday....will get back with you on this if need be..

                             snowman

         
     
  21. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    snowman, if I use a firewall and the browser is only allowed to connect to local host on port 8080 and nowhere else, how can a site bypass anything? if it tried the firewall would block it.

    !?


    PS Ad blocker and Proxo still have issues. Seems the host file has eliminated the ads, but I still can't download on some sites. wierdly, I can on the site I was complaining about. Some of the others only block file downloads, and I have a problem there.

    If I use a browser without proxo, but with the new hostfile, all the ads are blocked and I can download at will. Seems the host file strategy is still working. I wonder if I should turn off all ad-blocking in proxo, and let the hostfile take care of that. I'll try and report back.
     
  22. snowman

    snowman Guest

          Unicron

            **note: please bear with me....got a bad case of food poisoning from yesterday.....having a rough go of it today ***


     in response to you post......as stated I don't know the tech terms to correctly explain....but will try as best I can

       the exploit walks right throught any firewall un-noticed....considering the possible implicarions...not good.......you are greatly more experienced in such things so perhaps can make senses of it.......the exploit attaches itself to a normal url.....ex:  
         http://***.**/http://

    Unicron I don't know if it would be proper to post the actual "thing" here at the BB....for sure it should be blocked...it appears its not as commonly known as I would have thought....so let me assure you that its widely used by websites....very widely used!!!
         frankly its rather disturbing to suddenly realize that people using proxies are believing they are "filtered" when in fact they are not...an that answers a few questions I"ve had personally.....darn..if I had e mail I would send the info to you immediately....I must be the only person on the planet without e mail.

         an in response to your not being able to dl...Xen's list should not prevent DL'ing.....at least I've never known it to do so....the only thing I can think of that would cause that when using a host file...would be if the user was re-directed to another website for the download..an that website was blocked by proxy....but there again I have never run into that particular problem....an I dl from anywhere/everywhere...

         "chaining" works exceptionally well........you may want to use adshield with proxy....but don't just block ads.....again the temp internet files will reveal alot that needs blocking.....adshield acts like a pac file....
         Unicron..in the mean time you can see what results by using this in proxo:      *(/trans|?)*   another possibles:  *(trans)*      *(/trans)*        

           if you haven't already guessed....hint "trans"

       one problem you may have if adding the above to proxo...you may not prevent exploit from connecting..but instead just re-route to 127.    which may keep you out of websites.........or\  may not always prevent the exploit
    from being blocked..the exploit also uses other means....ex: trans>

           an you can bet there are alot of people that don't want this exploit blocked........an thats a fact  Jack!!
          I am sitting here waiting for the flamers....

                               snowman
     
  23. snowman

    snowman Guest

         Unicron

          just to mention......most often than not...its the main url itself that carries the exploit.....not the ads.....yes the ads can and do carry the exploit....just not as often as the main url.......which gets you coming in.             hope some of this makes sense to you.
    ........your idea of not using proxo to block the ads may work real well......what the heck..the host file is doing that job anyway..............again..I lorv the host file  LOL

                    snowman
     
  24. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    snowman - Hope you get to feeling better real soon!

    BTW, I'm not going to change a thing on this set-up at home to get around that stuff - once any site has shown its' true colors by denying me access based on the fact that I don't wish to participate in being tracked or profiled, they certainly don't have to worry about me ever coming back again.

    If they'll shove that kind of stuff down your throat, what's next?

    "We're sorry, but we've noticed that you're using an anti-virus program...."  :) Pete
     
  25. snowman

    snowman Guest

       Pete

       old friend I could not agree with you more......hey, thats the way you guys taught me from day one....got no reason to change now...its not broke..why fix it  LOL

                               snowman


      P>S    gosh am I ever sick......
     
Loading...
Thread Status:
Not open for further replies.