Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deadstate.org malicious redirect via mediapass.com #6028

Closed
lpar opened this issue Aug 1, 2019 · 6 comments
Closed

deadstate.org malicious redirect via mediapass.com #6028

lpar opened this issue Aug 1, 2019 · 6 comments

Comments

@lpar
Copy link

lpar commented Aug 1, 2019

URL(s) where the issue occurs

https://deadstate.org/

Describe the issue

Malicious redirect to an anti-adblock page happens on any page load with scripts disabled.

Versions

  • Browser/version: Firefox 68.0
  • uBlock Origin version: 1.21.2

Settings

The relevant change is that I disable JavaScript by default and allow it for domains I trust.

Notes

Appears to be implemented by putting a noscript element in the head of the page:

<noscript><meta http-equiv="REFRESH" content="0; url=https://www.mediapass.com/subscription/noscriptredirect?key=6678&asset=7281&uri=deadstate.org"></noscript>
<script type="text/javascript" src="https://www.mediapass.com/static/js/mm.js"></script>
<script type="text/javascript">MediaPass.init(6678, { asset:7281 });</script>
</head>

A possible fix is to just block everything from www.mediapass.com. Since it's a paywall platform I don't imagine there's anything worthwhile to be found there? Might want to come up with something more fine-grained though.

Have also reported the issue on the EasyList forums.
@lpar lpar changed the title deadstate.org malicious redirect via mediapass.comc deadstate.org malicious redirect via mediapass.com Aug 1, 2019
@liamengland1
Copy link
Contributor

Test deadstate.org##^meta[http-equiv="refresh"]

@lpar
Copy link
Author

lpar commented Aug 1, 2019

Works for me.

@okiehsch
Copy link
Contributor

okiehsch commented Aug 1, 2019

The relevant change is that I disable JavaScript by default and allow it for domains I trust.

I use the same setup, however filters will only be added to uAssets for issues that can be reproduced with a default setup, so the suggested working filter will not be added.

@okiehsch okiehsch closed this as completed Aug 1, 2019
@liamengland1
Copy link
Contributor

liamengland1 commented Aug 1, 2019
edited
Loading

@okiehsch can you add ||mediapass.com^$third-party,script, as they provide paywall and anti-adblock services.

Please see https://www.mediapass.com and https://theislandnow.com -- click on 6 articles and you will be paywalled by mediapass.

On http://tooeleonline.com articles cannot be read at all, they are all paywalled by mediapass.

Subscription nag powered by mediapass
Subscription nag powered by mediapass

Paywall powered by mediapass
Paywall powered by mediapass

@okiehsch
Copy link
Contributor

okiehsch commented Aug 1, 2019

#2317 (comment)

@okiehsch
Copy link
Contributor

okiehsch commented Aug 2, 2019
edited
Loading

I don't know what the confused emoji means.
The linked comment from gorhill is pretty clear to me.
uBO will not add filters to circumvent paywalls.
The difference between a paywall and an anti-adblock wall - as far as uBO is concerned - is that a paywall blocks every user from accessing the content regardless if one uses an adblocker or not.

http://tooeleonline.com uses a genuine paywall. It is laughably easy to circumvent it but it is a paywall nonetheless.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lpar @liamengland1 @okiehsch