My ISP is injecting ads into websites

Discussion in 'other security issues & news' started by Rafales, Sep 26, 2016.

  1. Rafales

    Rafales Registered Member

    Joined:
    Feb 20, 2013
    Posts:
    49
    Location:
    Earth
    Hi,

    I use Windows 8.1 Pro (x64)
    My ISP is injecting ads into websites
    I've installed ad blockers like uBlock Origin but still I could see ads
    I found the IP Address of the ads.

    Should I block the IP in Firewall / Hosts file and will it work ?

    If it is hosts file, what entry do I need to enter in the hosts file ?
    Please share a sample on how to block a IP in hosts file
     

    Attached Files:

  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,069
    You can only block domains using hosts file not IPs. I would block that IP using firewall on router, if not possible then Windows firewall, but you will have to enable outbound monitoring.
    If that happened to me I would also start using VPN for my casual browsing and use https wherever possible.
     
  3. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,187
    Location:
    in a remote land :)
    solution: change the ISP ? :p
     
  4. Rafales

    Rafales Registered Member

    Joined:
    Feb 20, 2013
    Posts:
    49
    Location:
    Earth
    thanks Minimalist for your reply
     
  5. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    722
    Other than in hosts files it's possible to block IPs in uBlock Origin (or uMatrix). Just blacklist that IP in Dynamic Filtering should solve the problem.
     
  6. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,087
    If your ISP is injecting something that causes a third-party request, uBlock Origin could fail to block that request if it is not covered by an explicit block rule. However, shouldn't uBlock Origin still be able to recognize/block it as a third-party request? IOW, I'm wondering if you are taking full advantage of uBO's capabilities. If, on the other hand, your ISP injects ads in a manner that doesn't cause third-party requests [and doesn't utilize Javascript] then I think you would have to rely on a cosmetic filter. I'll differ to those more familiar with uBO on such points.

    You've already had some replies on that subject. I would add: have you determined whether it is using multiple IP Addresses? Even if it isn't now, it might down the road. Blocking an IP Address range, or ranges, might prove more beneficial than blocking individual addresses. You may have some other options too, if what is injected can be sufficiently reliably identified and effectively striped from HTTP pages.

    However, if your ISP has crossed such a line then you have a more general problem to deal with. Arguably, your ISP, its network, its servers, its equipment... everything... should be considered unsafe for you and others to use. Are you using its DNS server? It's router? Email server? Any other products/services? Implementing some ad/tracker/third-party block rules, forcing HTTPS for everything you can, blocking all mixed content at important sites, etc... for all devices and contexts mind you... would be a beneficial short-term response. However, you'll likely want a more comprehensive, longer-term, "solution" though.
     
  7. Anonfame1

    Anonfame1 Registered Member

    Joined:
    May 25, 2016
    Posts:
    196
    I second the VPN idea- not only will it prevent the ISP from injecting ads but it will also prevent them from seeing where youre browsing (and thus will prevent them from selling that data, if they do..). Of course, you just move your trust from your ISP to your VPN provider, so theres that.
     
  8. Rafales

    Rafales Registered Member

    Joined:
    Feb 20, 2013
    Posts:
    49
    Location:
    Earth
    Thanks TheWindBringeth, summerheat and Anonfame1 for your replies.

    I believe my ISP is injecting ads only when I visit http sites and not when I visit https sites. I have noticed that many times.
    I checked these ads for few days and noticed these ads are from a single IP only. Not from a range of IPs

    I'm not using my ISP DNS. For DNS I have configured DNSCrypt. I have also installed HTTPS Everywhere extension in my browser.
    I have bought myself a basic D-Link modem/router and I do not use the router supplied by my ISP. Also I never used my ISP email service / email server
    When I searched, many customers using this ISP have made several complaints about this issue and it looks like ISP is not going to stop this shady practice.

    I do not have any immediate plan to change my ISP for some reasons.
    Also no immediate plan to invest in a paid VPN solution. Since the current speed offered by my ISP is not good and when I tried a free VPN solution the internet speed came down further.

    I'm thinking of trying 'AdFender'. Not sure if this solution will block the ads.
    Also I'm going to search if there is an option in my D-link modem/router to block this IP
     
  9. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,087
    FWIW, I came across these after I posted:

    http://www.crazyengineers.com/threa...rtisements-in-your-browser.88882/#post-373374

    https://gist.github.com/d34dman/fb1c3cfb7f737626006572dc1ba3ff9f

    Glad to hear that. Earlier I jotted down some things I recall hearing that some ISPs were doing. Watch your back where appropriate:
    1. NXDOMAIN overriding
    2. Intercepting and responding to queries meant for other DNS servers
    3. HTTP redirection for purposes of appending affiliate codes
    4. HTTP MITMing to inject advertising and/or tracking components and/or affiliate codes
    5. STARTTLS stripping when users access other email servers
    6. Datamining of HTTP and HTTPS traffic patterns for advertising/profiling purposes
    7. Header enrichment
    8. Exposing customers to advertising/tracking/analytics/CRM companies via account management pages, webmail interface, etc
     
    Last edited: Sep 28, 2016
  10. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,188
    It is not I think common ISPs doing that. From what country are you from and what ISP?
    And I second a VPN connection if it is really the ISP problem you have.
     
  11. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    722
    Hm, why? Haven't you tried to blacklist that IP in uBlock Origin's Dynamic Filtering?
    For most routers this should be possible.
     
  12. liba

    liba Registered Member

    Joined:
    Jan 21, 2016
    Posts:
    76
    change your dns address in your modem router and disable "Dnscache Service" permanently

    Permanently disable DNS caching on Win Vista and Win 7
    1. Click the start button.
    2. Type services.msc in the search box.
    3. Click on services.msc in the search results.
    4. Scroll down until you see "DNS Client" in the "Name" column.
    5. Double click on "DNS Client."
    6. Click the Stop button.
     
  13. Rafales

    Rafales Registered Member

    Joined:
    Feb 20, 2013
    Posts:
    49
    Location:
    Earth
    @ TheWindBringeth
    Thanks for the heads up and the links

    @ summerheat
    Have not done that before. I have to read documentation to find how to do this in uBlock Origin.

    @ Jarmo P
    India and my ISP is BSNL.
    Minimum internet broadband speed in India is still pathetic

    @ Liba
    Thanks. I will check and try that
     
  14. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    722
    Just block that IP in the global column in the Dynamic Filtering pane (where it should show up) and save that rule with the padlock.
     
  15. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,188
    You are using Chrome I think. Add uBlock Origin Websocket extension from gorhill.
    This idea came to me from another uBO post in wilders where I saw it blocking those websocket connection ads.
     
  16. Rafales

    Rafales Registered Member

    Joined:
    Feb 20, 2013
    Posts:
    49
    Location:
    Earth
    Thanks again to Jarmo, summerheat :)
     
Loading...