Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stop YouPorn's EasyList trickery #39

Closed
ghost opened this Issue May 2, 2016 · 21 comments

Comments

Projects
None yet
2 participants
@ghost
Copy link

ghost commented May 2, 2016

URL(s) where the issue occurs

NSFW: http://www.youporn.com/
(Currently fixed.)

Describe the issue

It seems like YouPorn and the like aren't running out of exception filters to abuse from EasyList. Maybe add a solution for uBO.

Notes

Maybe something similar to this: https://github.com/IDKwhattoputhere/uBlock-Filters-Plus/blob/master/uBlock-Filters-Plus.txt#L217
Example:
/iframe-*.html#zone_id=$domain=pornhub.com|redtube.com|redtube.com.br|tube8.com|tube8.es|tube8.fr|youporn.com|youporngay.com,third-party,subdocument,important

Got the list of domains from the PHN filters in EasyList. Can't say if it's all or if some aren't even involved. PornHub for example (while being referenced in the EasyList changelog) isn't currently using any tricks while YouPorn's trickery is still up (although fixed in EasyList).

@ghost

This comment has been minimized.

Copy link
Author

ghost commented Jul 5, 2016

675cb53 should fix this if I'm not mistaken.
Edit: Breaks the flash player (e.g. http://www.redtube.com/1591029). Needs @@||phncdn.com^$object and @@||pornhub.com^$object.

@ghost ghost closed this Jul 8, 2016

@gorhill

This comment has been minimized.

Copy link
Member

gorhill commented Jul 8, 2016

I hadn't seen this issue. Is redtube.com still broken?

gorhill added a commit that referenced this issue Jul 8, 2016

@ghost

This comment has been minimized.

Copy link
Author

ghost commented Jul 8, 2016

Thank you.

@ghost

This comment has been minimized.

Copy link
Author

ghost commented Jul 13, 2016

redtube.it is missing btw.

gorhill added a commit that referenced this issue Jul 13, 2016

@ghost

This comment has been minimized.

Copy link
Author

ghost commented Nov 7, 2016

On [NSFW] tube8.fr you can see that they now use XMLHttpRequests. Maybe you want to add xmlhttprequest to block those.
Should 3p-script block block XHRs too? I'm not entirely sure what they do but it seems like they can behave similarly to JS.

@gorhill

This comment has been minimized.

Copy link
Member

gorhill commented Nov 7, 2016

There is an exception filter EasyList causing XHRs to passthrough: @@||comeadvertisewithus.com*/ads.js|.

Do you know why it was added?

Does ||comeadvertisewithus.com.abbp1.pw/ads.js$important,xmlhttprequest,domain=tube8.fr work without whatever issue the above exception filter tried to solve?

@ghost

This comment has been minimized.

Copy link
Author

ghost commented Nov 7, 2016

I'm not sure why it was added but I remember seeing it on quite a few sites (Yavli and some popunder laden NSFW sites if I remember correctly).
The issue is simply the abuse of whitelist entries yet again (see https://forums.lanik.us/viewtopic.php?p=106782#p106782 where other entries seem to have been the problem).

Your filter works for the ads but I suppose they'll change it in a few days anyways.

gorhill added a commit that referenced this issue Nov 7, 2016

@ghost

This comment has been minimized.

Copy link
Author

ghost commented Nov 7, 2016

Same thing on [All NSFW] redtube.com.br, tube8.com and xtube.com.
Sometimes one gets through the hiding filters at the bottom of a video page on pornhub.com. Same thing but multiple ones and more often on youporn.com.

@smed79

This comment has been minimized.

Copy link
Contributor

smed79 commented Nov 8, 2016

There is an exception filter EasyList causing XHRs to passthrough
Do you know why it was added?

added to block Yavli ads 0eb19b3662db / viewtopic.php?p=103409#p103409

Working filter https://forums.lanik.us/viewtopic.php?p=107216#p107216

gorhill added a commit that referenced this issue Nov 8, 2016

@ghost

This comment has been minimized.

Copy link
Author

ghost commented Nov 8, 2016

Wouldn't @@||comeadvertisewithus.com^*/ads.js| have been sufficient? Anyways, the commit works, thanks.

@gorhill

This comment has been minimized.

Copy link
Member

gorhill commented Nov 8, 2016

Wouldn't @@||comeadvertisewithus.com^*/ads.js| have been sufficient?

I am at a lost to understand the purpose of the * in @@||comeadvertisewithus.com*/ads.js|. That sort of extremely broad exception filter is begging to be abused.

@ghost ghost referenced this issue Nov 13, 2016

Closed

ndtv.com - Anti adb #188

@ghost

This comment has been minimized.

Copy link
Author

ghost commented Nov 14, 2016

They changed it to comeadvertisewithus.com.abbp1.science/ads.js.

gorhill added a commit that referenced this issue Nov 14, 2016

gorhill referenced this issue in easylist/easylist Nov 19, 2016

@ghost

This comment has been minimized.

Copy link
Author

ghost commented Nov 28, 2016

They switched to traffichaus.com.abbp1.science/ads.js, abusing another way too broad exception filter in EasyList.

gorhill added a commit that referenced this issue Nov 28, 2016

@smed79

This comment has been minimized.

Copy link
Contributor

smed79 commented Nov 28, 2016

@ghost

This comment has been minimized.

Copy link
Author

ghost commented Nov 28, 2016

tube8.es and youporngay.com can be added to the rule too.

gorhill added a commit that referenced this issue Nov 28, 2016

@ghost

This comment has been minimized.

Copy link
Author

ghost commented Dec 5, 2016

@@?stream=/embed/*&width=*&height=$script in EasyList being abused.
||fotzenparty.eu^$important,third-party

gorhill added a commit that referenced this issue Dec 5, 2016

gorhill added a commit that referenced this issue Dec 5, 2016

@smed79

This comment has been minimized.

Copy link
Contributor

smed79 commented Dec 8, 2016

@@||192.168.*/images/adv_$~third-party
https://forums.lanik.us/viewtopic.php?p=109578#p109578

gorhill added a commit that referenced this issue Dec 8, 2016

@smed79

This comment has been minimized.

Copy link
Contributor

smed79 commented Dec 13, 2016

@@||picplzthumbs.com/upload/img/ad/
https://forums.lanik.us/viewtopic.php?p=109945#p109945

@gorhill

This comment has been minimized.

Copy link
Member

gorhill commented Dec 13, 2016

I don't see ads, and there is no picplzthumbs.com in the logger.

@ghost

This comment has been minimized.

Copy link
Author

ghost commented Dec 28, 2016

I'm getting a popunder when clicking on a thumbnail on http://www.pornhub.com/ in Chrome/Firefox. I can open a new issue if necessary. This filter works:
/fp.eng?id=$popunder

@gorhill

This comment has been minimized.

Copy link
Member

gorhill commented Dec 28, 2016

Does that also work?

pornhub.com##script:inject(abort-on-property-write.js, rAb)

We could use both filters.

gorhill added a commit that referenced this issue Dec 28, 2016

This issue was closed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.