t411.in ad issues

[HLFH]

Hi,

On http://www.t411.in torrent tracker, it seems that ads are not blocked natively by uBlock Origin. Is there any reason to that? Could we fix it permanently (not a workaround...)?

Thanks in advance, HLFH

[publicarray]

These ads should be taken care of with ||pubdirecte.com^ by Peter Lowe’s Ad server list. Make sure the list is enabled and updated.

[HLFH]

Thanks but I still get these ads on the HTTP URL: http://www.t411.in/. And I already have Peter Lowe’s Ad server list

[publicarray]

Can you post the contents from the logger? Also the operating system, browser version and any settings that differ from the defaults, as per CONTRIBUTING.md?

[HLFH]

OS: Microsoft Windows 10 Professionnel OS Build: 10.0.10240 Chrome version : 46.0.2490.86 m (64-bit) Extensions: Clearly, ColorZilla, CouchPotato, Evernote Web Clipper, Fontface Ninja, Google Cast, HTTP/2 and SPDY indicator, Quick Javascript Switcher, uBlock Origin, wallabag. uBlock Origin version: v1.3.3 uBlock settings: default

And the contents from the logger:

16:36:13 image http://www.t411.in/images/default.png 16:35:32 image http://www.t411.in/images/default.png 16:35:31 xhr http://cdn.myskyspire.com/bandito.php?p=6053&z=273&f=1&j=2&t=yxkqo 16:35:31 xhr http://cdn.myskyspire.com/bandito.php?p=6053&z=271&f=1&j=6&t=oakac 16:35:31 xhr http://cdn.myskyspire.com/bandito.php?p=6053&z=269&f=1&j=6&t=vn7uv 16:35:31 xhr http://cdn.myskyspire.com/bandito.php?p=6053&z=267&f=1&j=6&t=92jtt 16:35:31 image http://www.t411.in/themes/blue/css/images/pbar-ani-orange.gif 16:35:31 image http://www.t411.in/themes/blue/css/images/ui-bg_inset-hard_100_fcfdfd_1x100.png 16:35:31 image http://www.t411.in/themes/blue/images/menuBtn-bg.png 16:35:31 image http://www.t411.in/themes/blue/css/overlay/white.png 16:35:31 image http://www.t411.in/themes/blue/images/footer-bg.png 16:35:31 image http://www.t411.in/themes/blue/images/sub-menu-bg.png 16:35:31 image http://www.t411.in/themes/blue/images/login-bar-right-bg.png 16:35:31 image http://www.t411.in/themes/blue/images/icon-chat.png 16:35:31 image http://www.t411.in/themes/blue/images/icon-arrow-square.png 16:35:31 image http://www.t411.in/themes/blue/images/header-bg-fx.png 16:35:31 image http://www.t411.in/themes/blue/images/header-bg.png 16:35:31 image http://www.t411.in/themes/blue/images/login-bar-bg.png 16:35:31 image http://www.t411.in/themes/blue/images/search-history.png 16:35:31 image http://www.t411.in/themes/blue/images/search-btn.png 16:35:31 image http://www.t411.in/themes/blue/images/search-bg.png 16:35:31 image http://www.t411.in/themes/blue/images/logo.png 16:35:31 image http://www.t411.in/themes/blue/images/lodin-btn.png 16:35:31 image http://www.t411.in/themes/blue/images/border-top.png 16:35:31 script http://cdn.myskyspire.com/dispr.js 16:35:31 ||pubdirecte.com^ -- script http://www.pubdirecte.com/script/pop.php?id=21819&ref=9710 16:35:31 ||pubdirecte.com^ -- script http://www.pubdirecte.com/script/banniere.php?id=20761&ref=9710 16:35:31 ||pubdirecte.com^ -- script http://www.pubdirecte.com/script/banniere.php?id=36995&ref=9710 16:35:31 image http://irc.t411.in/screens/smodo/image1117124600.jpg 16:35:31 image http://irc.t411.in/screens/smodo/image1121140802.jpg 16:35:31 image http://irc.t411.in/screens/smodo/image1203122743.jpg 16:35:31 ||pubdirecte.com^ -- script http://www.pubdirecte.com/script/banniere.php?id=18983&ref=9710 16:35:31 ||pubdirecte.com^ -- script http://www.pubdirecte.com/script/banniere.php?id=18982&ref=9710 16:35:31 ||google-analytics.com^ -- script http://www.google-analytics.com/ga.js 16:35:31 image http://irc.t411.in/screens/smodo/image1117124600.jpg 16:35:31 image http://irc.t411.in/screens/smodo/image1121140802.jpg 16:35:31 script http://cdn.myskyspire.com/disd.php?idsite=6053&idzone=267[3] 16:35:31 ||adnetworkperformance.com^ -- script http://www.adnetworkperformance.com/a/display.php?r=443609 16:35:31 script http://www.t411.in/js/jquery/jquery.tagcanvas.min.js 16:35:31 image http://irc.t411.in/screens/smodo/image1203122743.jpg 16:35:31 ||onclickads.net^ -- script http://onclickads.net/apu.php?zoneid=15029 16:35:31 css http://www.t411.in/themes/blue/css/jbox.css 16:35:31 script http://www.t411.in/themes/blue/js/jbox.js 16:35:31 script http://www.t411.in/themes/blue/js/theme.min.js?v=6 16:35:31 script http://www.t411.in/js/messages.js 16:35:31 script http://www.t411.in/js/jquery/jquery.tools.min.js 16:35:31 script http://www.t411.in/js/jquery/jquery.lavalamp.js 16:35:31 script http://www.t411.in/js/jquery/jquery.easing.js 16:35:31 script http://www.t411.in/js/jquery/jquery.cookie.js 16:35:31 script https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.16/jquery-ui.min.js 16:35:31 script http://www.t411.in/js/jquery/jquery-1.7.js 16:35:31 css http://www.t411.in/themes/blue/css/styles.min.css?v=9 16:35:31 css http://www.t411.in/themes/blue/css/jquery-ui.css 16:35:31 inline-script http://www.t411.in/ 16:35:31 doc http://www.t411.in/

It seems that it's related to cdn.myskyspire.com... And it is specialized against adblockers apparently. Click on http://cdn.myskyspire.com/ to see the evil. :)

[HLFH]

And it's related to this issue: https://github.com/gorhill/uBlock/issues/275 ; the guy behind this ad technology that counteracts uBlock Origin & Co is Yann B. D. and Goyave Lab. @gorhill Do we have a permanent fix?

[gorhill]

You fail to provide the most basic details.

Unable to reproduce:

[gorhill]

Will reopen once the issue comply with CONTRIBUTING and the case is made this is a uBO issue, not a 3rd-party filter list issue.

[gorhill]

Ok sorry I see you provided details later on.

[gorhill]

I still can't reproduce. Try:

• Force a refresh of uBO's filter lists (purge all caches, update now).
• Reload the page in a new tab, see if it has ads.

If it has ads:

• Disable all extensions, except uBO.
• Reload the page in a new tab, see if it has ads.

[HLFH]

@gorhill I'm sure that T411 & Goyave Lab are not targeting every users right now, because T411.in is testing it since one week. I believe they target only a part of their userbase, including me.

Could I do a PR? It's like jeu.info commit.

Force a refresh of uBO's filter lists (purge all cache, update now).

I already did.

Reload the page in a new tab, see if it has ads.

i already did.

Disable all extensions, except uBO.

I already did. I still get the ad issue.

The only thing to do is submit a PR with

t411.in###page [class^="banniere-"]
||t411.in^$inline-script

And after, it's clean.

[gorhill]

My logger is reporting the same exact resources blocked as yours. So you have to rule out one of your extensions is pulling then injecting the ads.

[HLFH]

@gorhill No. I disabled every extension excepted uBlock Origin. T411.in is now testing an anti-adblocker technology, and because it's the testing period, I believe they don't target people outside of their authentic user base, like you or @publicarray. In fact, people in the t411.in chat have seen that on http://www.t411.in (not the HTTPS URL, the HTTP one), they are getting ads even if they have an adblocker enabled.

[gorhill]

they don't target people outside of their authentic user base

So they are showing ads only if you log in?

[HLFH]

@gorhill No. Even if I'm not logged in. So maybe they have a database of IP addresses of their real user base or they are targeting by location (France, Québec, etc.). I don't know but you could be sure that it's a real issue.

[gorhill]

The site funds itself using donations. I am very skeptical about these ads. Bottom-line is that I am not going to pull a fix for an issue which I do not experience 1st-hand. I am just unable to get the ads you have in our screenshot. I will wait for more reports about this, I will have to reproduce this on my side before everything else.

[gorhill]

Could it be your ISP? Try the encrypted connection instead: https://www.t411.in/.

[HLFH]

I just used AdwCleaner and FYI, I still get the issue. My ISP is SFR and it can't be my ISP, they are doing their job right. I know who is Goyave Lab and that it's their Phoenix anti-adblocker technology that is doing that. I understand that you are skeptical.

These are some screenshots to explain: A. When I'm using HTTPS, because http://cdn.myskyspire.com/ is mixed content, it isn't loaded.

B. But I could load the mixed content http://cdn.myskyspire.com/ if I want...

C. And I'm getting the ads from Goyave Lab and their T411.in partner.

D. T411.in is optimized for HTTP (no HTTPS redirect for example), not a lot of users are using the HTTPS URL. And using https://www.t411.in instead of http://www.t411.in would be a workaround not a permanent fix.

[gorhill]

I do not get the ads with the non-encrypted connection -- with the "script"^[1] from http://cdn.myskyspire.com/disd.php?idsite=6053&idzone=267[3] being loaded. So far, the ISP hypothesis is very plausible:

• You get ads with http.
• You do not get ads with https.
• I don't get ads with either http or https.

---

[1] In quotes, because the content of the script is just this: 0ca.

[HLFH]

So please click on http://cdn.myskyspire.com/.

They say:

We are an ad network specialized in adblocked inventory,

No, it can't be my ISP. IMHO, it's Goyave Lab.

• I get ads with http.
• I also get ads with https if I enable/load mixed content.
• You don't get ads with either http or https because you are not targeted during the testing period of the T411.in partnership with Goyave Lab.

Adding ||t411.in^$inline-script is solving this issue. I no longer see ads with either http or https.

[gorhill]

I also get ads with https if I enable/load mixed content.

Ok I get it. For me to figure the best solution I really need to find a way to reproduce on my side.

[HLFH]

Ok I understand. Have a nice day.

[gorhill]

What is the content of the http://cdn.myskyspire.com/disd.php?idsite=6053&idzone=267[3] resource on your side? Mine contains nonsense, which cause javascript execution to throw.

[HLFH]

For me, the source code of the http://cdn.myskyspire.com/disd.php?idsite=6053&idzone=267[3] URL is:

document.write('<script type="text/javascript">var check = ".vtt"; var change = [".vtt",".bmx",".cbr",".ktm"];var css = ""; var height = ["90","600","600","0"]; var zone = "267[3]"; var zones = ["267","269","271","273"]; var type = ["6","6","6","2"]; var website = "6053"; var ip = "x.x.x.x"; var country = "75"; var blockstats = "http://cdn.myskyspire.com/53.php"; var ul = "http://cdn.myskyspire.com/";var t = "1";var tomy = "1";</script><script type="text/javascript" src="http://cdn.myskyspire.com/dispr.js"></script>');

I renamed my IP in var ip to x.x.x.x And what I see printed in the browser is only: document.write(''); Is that the same for you?

[gorhill]

And blocking all of cdn.myskyspire.com does not work? On my side it seems only ajax.googleapis.com 3rd-party is necessary for the page to work fine.

[HLFH]

@gorhill Hum. You're right. Blocking all of cdn.myskyspire.com seems to work! Thanks!! So, we just have to add it.

[zcater]

http://cdn.myskyspire.com/disd.php?idsite=6053&idzone=267[3]

Here it loads '0ro' which very well could mean 0=don't load ro=country code

[HLFH]

Thanks @arthurtiteica

And 0ca for @gorhill seems to be: 0=don't load ca=Canada country code

So yes, T411.in and Goyave Lab are apparently distributing specific ads only to French users for a French website...

[gorhill]

It occurred to me I could try with the Tor browser to get routes until the end point is in France. I did so and I was able to get the ads eventually. Anyway, I will let you report to EasyList the filter above, the simplest solution is always the preferred one.

[smed79]

already blocked on liste FR !

|http://*/bandito.php?$domain=t411.in
|http://*/clip.php?$popup,domain=t411.in
|http://*/disd.php?$domain=t411.in

[HLFH]

@SMed79 You're right, it's now blocked on EasyList FR.

[smed79]

@HLFH >> blocked 20 hours ago / your issue is old 9 hours ago !

• Please before any report ensure that your filters list is UpToDate !
• Report non blocked ad or any other problem on EasyList forum.

T411 issue on Liste FR forum > https://forums.lanik.us/viewtopic.php?f=91&t=26869

Thanks! Med

[publicarray]

I just wanted to add that I am from Australia and that I did not get http://cdn.myskyspire.com/disd.php?idsite=6053&idzone=267[3] in my logger instead I have http://cdn.bigour.net/disd.php?idsite=6053&idzone=267[3] (both returning 0au)

[smed79]

@publicarray already blocked by *`|http:///disd.php?$domain=t411.in` and bigour.net is also already added to liste fr** > your filters lis is not uptodate !