New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

strefadb.pl #636

Closed
KonoromiHimaries opened this Issue Oct 4, 2017 · 33 comments

Comments

5 participants
@KonoromiHimaries

KonoromiHimaries commented Oct 4, 2017

site
https://strefadb.pl/filmy-kinowe/dragon-ball-z-tv-special_01_bardock---ojciec-goku.html

ubpe & ub ( on - not work )
2017-10-05 00_07_30-dragon ball z tv special - 01 bardock - ojciec goku - napisy filmy online
2017-10-05 00_12_45-dragon ball z tv special - 01 bardock - ojciec goku - napisy filmy online

ubpe & up ( off - normaly work )
2017-10-05 00_08_06-dragon ball z tv special - 01 bardock - ojciec goku - napisy filmy online
2017-10-05 00_14_09-dragon ball z tv special - 01 bardock - ojciec goku - napisy filmy online

ub 1.14.8
ubpe 11.352
chrome 61.0.3163.100 x64

@jspenguin2017 jspenguin2017 changed the title from video not work on this site to strefadb.pl Oct 4, 2017

jspenguin2017 added a commit that referenced this issue Oct 4, 2017

jspenguin2017 added a commit that referenced this issue Oct 4, 2017

@jspenguin2017 jspenguin2017 added Fixed and removed Work In Progress labels Oct 4, 2017

@jspenguin2017

This comment has been minimized.

Owner

jspenguin2017 commented Oct 4, 2017

That's some weird anti-adblock logic. Fixed.

@KonoromiHimaries

This comment has been minimized.

KonoromiHimaries commented Oct 4, 2017

i still have a this
2017-10-05 00_49_52-dragon ball z tv special - 03 historia trunks a - napisy filmy online

@uBlock-user

This comment has been minimized.

uBlock-user commented Oct 4, 2017

strefadb.pl###videodiv
strefadb.pl###tooltip
@uBlock-user

This comment has been minimized.

uBlock-user commented Oct 4, 2017

Anti adblock notice video is put as an overlay.

@uBlock-user

This comment has been minimized.

uBlock-user commented Oct 4, 2017

They're not removing the video but only superimposing anti adblock notice video on the Openload video, so hiding via CSS selectors will also work.

@jspenguin2017

This comment has been minimized.

Owner

jspenguin2017 commented Oct 4, 2017

I think the tooltip is unrelated, you can block it with custom filter if you wish.
image
The thing on the bottom is blocked, it can take some time for filter list to sync.

@jspenguin2017

This comment has been minimized.

Owner

jspenguin2017 commented Oct 4, 2017

@uBlock-user Yea, but it won't dispose the player in that case.

@uBlock-user

This comment has been minimized.

uBlock-user commented Oct 4, 2017

You mean via picker ? Zapper doesn't block elements, it only removes them until a page refresh.

@uBlock-user

This comment has been minimized.

uBlock-user commented Oct 4, 2017

Still tooltip is an annoyance, should be removed.

@KonoromiHimaries

This comment has been minimized.

KonoromiHimaries commented Oct 4, 2017

@uBlock-user i still have
2017-10-05 00_57_15-dragon ball z tv special - 03 historia trunks a - napisy filmy online

@jspenguin2017

This comment has been minimized.

Owner

jspenguin2017 commented Oct 4, 2017

True, I thought it's permanent...
I wouldn't say it's purely annoyance, as it could be helpful in some cases. I won't add it to List.

@uBlock-user

This comment has been minimized.

uBlock-user commented Oct 4, 2017

I don't speak polish, you will have to describe it.

@uBlock-user

This comment has been minimized.

uBlock-user commented Oct 4, 2017

By annoyance, I meant its position. They should have placed it somewhere else and not in the centre of the video player, that makes it an annoyance as it always appears.

@jspenguin2017

This comment has been minimized.

Owner

jspenguin2017 commented Oct 4, 2017

Missed ads goes to EasyList. Or right click -> block element.

@jspenguin2017

This comment has been minimized.

Owner

jspenguin2017 commented Oct 4, 2017

Still, I won't add it to List, just in case someone needs it. You can block it with with your custom filter if you don't like it.

@KonoromiHimaries

This comment has been minimized.

KonoromiHimaries commented Oct 4, 2017

@jspenguin2017 i know, thx. for your help : )
i manualy blocked this unwanted elements

@uBlock-user

This comment has been minimized.

uBlock-user commented Oct 4, 2017

Another thing, sometimes openload loads videos via oload.info which is its clone site and popups appear via about:blank

https://oload.info/embed/MDWXdU0koJ0/DBZ_TV_Special_01_-_Bardock_Ojciec_Goku_1990_NapisyPL.mp4

oload.*/*license
oload.*/*script
@jspenguin2017

This comment has been minimized.

Owner

jspenguin2017 commented Oct 4, 2017

Ehm, they have a crypto miner as well... Seems to be throttled to 50% of 1 CPU core.
image

jspenguin2017 added a commit that referenced this issue Oct 4, 2017

@jspenguin2017

This comment has been minimized.

Owner

jspenguin2017 commented Oct 4, 2017

@okiehsch of uAssets
@keraf of NoCoin

CoinHive is registering new domains.

jspenguin2017 added a commit that referenced this issue Oct 4, 2017

@jspenguin2017

This comment has been minimized.

Owner

jspenguin2017 commented Oct 4, 2017

One Linode hypervisor is experiencing hardware issues. The popup fix will have to wait.
image

@jspenguin2017 jspenguin2017 reopened this Oct 4, 2017

@okiehsch

This comment has been minimized.

okiehsch commented Oct 4, 2017

Hm, they are using random domains.
unbenannt

So blocking by domain seems pointless.

@jspenguin2017

This comment has been minimized.

Owner

jspenguin2017 commented Oct 4, 2017

Blocking the WebAssembly file only fix half the problem, the bootstraper will try to start 3 times per second. I have put /cryptonight.wasm in List until we can figure something out. Probably should fingerprint and block the wasm file by patching WebAssembly property.

@jspenguin2017

This comment has been minimized.

Owner

jspenguin2017 commented Oct 4, 2017

Can we write a bot and list all their domains? It costs money to register domain, let's see how much funding they got.
I knew CoinHive is going to be a hard and long battle...
I know we can just $third-party all OpenLoad's connections, but that's one domain, it'll be a pain to police the entire Internet.

@okiehsch

This comment has been minimized.

okiehsch commented Oct 5, 2017

Well, I can see two solutions for uBO:
oload.info##script:inject(abort-on-property-read.js, WebAssembly) or

oload.info##script:inject(abort-current-inline-script.js, document.createElement, (/[A-Z0-9]{8}-[A-Z0-9]{4}-[A-Z0-9]{4}/.test(key)

the second one seems preferable.

@jspenguin2017

This comment has been minimized.

Owner

jspenguin2017 commented Oct 5, 2017

So basically we'll be chasing behind them and patch on a per domain basis?
It's kind of hard tell since it throttles itself pretty hard (to 13% of CPU on my PC), they can stay under the radar for a while.
The new and promising WebAssembly is getting abused right away, kind of sad that people find ways to exploit everything they find.

@okiehsch

This comment has been minimized.

okiehsch commented Oct 5, 2017

I don't see a better solution right now.

@uBlock-user regarding the popups, I added oload.info to uBO-filters

@gorhill

This comment has been minimized.

gorhill commented Oct 5, 2017

So basically we'll be chasing behind them and patch on a per domain basis?

That's how it has been always working with ads and trackers, there is no magic bullet.

In uBlockOrigin/uAssets#690 (comment), I entertain the idea of informing users about the use of webworkers, and ability to block them (like the no-popup-switch). One problem is Firefox is not CSP3 yet, it does not know about worker-src. At least this would give users some control without having to completely wait for filter list maintainers to provide filters.

@okiehsch

This comment has been minimized.

okiehsch commented Oct 5, 2017

.info^$script,third-party,domain=oload.info will also work and could be added to NoCoin

@gorhill

This comment has been minimized.

gorhill commented Oct 5, 2017

@okiehsch Yes, that seems to be the safest solution for now. Though why not:

||info^$script,third-party,domain=oload.info
@okiehsch

This comment has been minimized.

okiehsch commented Oct 5, 2017

OK, I will add it to uBlock Origin -- Resource-abuse

jspenguin2017 added a commit that referenced this issue Oct 5, 2017

okiehsch added a commit to uBlockOrigin/uAssets that referenced this issue Oct 5, 2017

Repository owner locked and limited conversation to collaborators Oct 5, 2017

@jspenguin2017

This comment has been minimized.

Owner

jspenguin2017 commented Oct 5, 2017

Alright, my server is up, build is published.
It's gone far enough off topic, so I'll lock the thread. Open a new issue for further problems.

Update: Actually, I'll leave the thread unlocked in case someone has a quick comment, but report other domains that uses CoinHive to a new issue.

Repository owner unlocked this conversation Oct 5, 2017

@uBlock-user

This comment has been minimized.

uBlock-user commented Oct 5, 2017

Why not CSP the entire domain ? Let them run as many random domains as they want.

||oload.info^$csp=script-src 'self' 'unsafe-inline' 'unsafe-eval'

@uBlock-user

This comment has been minimized.

uBlock-user commented Oct 5, 2017

@okiehsch I already have that filter in my personal list, that doesn't stop the popups on my end. They only stop after I block license and script jses mentioned in #636 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment