Closed DanielCeregatti closed 8 years ago
dschaper
commented
8 years ago Thanks for the report. We've had the coinbase code in the admin page for quite some time now. One of the blocklists may have just added them to be blocked. Which version of Pi-hole and Admin are you running? (The versions should be listed on the admin page ironically...)
dschaper
commented
8 years ago Can you get us a screenshot of the admin page with the code in and with the code commented out?
Does the site break? I'm trying to re-create the situation and I'm not able to find coinbase in the gravity.list?
Hippyjake
commented
8 years ago I have seen the same thing, admin interface loads from pi-holed domains. Just reload the admin page and watch the blocked number go up. This was happening before the update yesterday.
dschaper
commented
8 years ago Can you do a tail -f /var/log/pihole.log | grep gravity.list in a terminal window while you are reloading the admin page? That should list the exact domains that are triggering the Pi-hole.
dschaper
commented
8 years ago Also, which Pi-hole version are you running?
jacobsalmela
commented
8 years ago We can remove the Coinbase at any time. It's not necessary.
dschaper
commented
8 years ago That would solve it!
jacobsalmela
commented
8 years ago I created #32 in the AdminLTE repo to have this code removed.
DanielCeregatti
commented
8 years ago Sorry for the late response. I'm using the latest and greatest clone from earlier today. Here's how to recreate what I observed:
Using chrome (Only because I prefer chrome's dev tools), open a new browser tab, right click anywhere and select "inspect element". This opens the developer console view. Select to the console entry in the developer view. Open the admin URL in the same browser tab. Note that 3 requests show up as blocked with 2 distinct host names in the console view. I whitelisted these 2 host names and reloaded the admin, only to see 2 more host names come up in the console. I whitelisted these 2 new hostnames, reloaded again, and no more blocking occurred once all 4 hosts were whitelisted. I traced these requests to the coinbase javascript code that was delivered from the admin's index.php. These hosts were no longer contacted once the coinbase reference was commented out in index.php:
diff --git a/index.php b/index.php
index d279242..454b30b 100644
--- a/index.php
+++ b/index.php
@@ -81,9 +81,9 @@
<img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>
</div>
- <div style="text-align:center">
+ <!--div style="text-align:center">
<a class="coinbase-button" data-code="c851bab4454421aa35bc789526207381" data-button-style="donation_small" href="https://www.coinbase.com/checkout
- </div>
+ </div-->
</li>
</ul>
</li>Here are the 4 host names I had whitelisted:
js-agent.newrelic.com cdn.siftscience.com bam.nr-data.net b.siftscience.com
It seems you have fixed this already, but I felt that I owed you this. If you need any more info, please let me know.
dschaper
commented
8 years ago Thank you again for the information. Jacob has removed the coinbase section from the production code so there should only be the PayPal links along with the CDN's for Bootstrap. (And there has been some very early discussions about the possiblity of caching some of the CDN's .js files so that there is no repeated lookups, but that's in the concept stages and may not pan out.)
DonLexos
commented
8 years ago That would make this issue closed right?
PromoFaux
commented
8 years ago Correct!
I thought this odd at first, but then I dug into it a bit. This coinbase javascript code is the culprit. I commented that out in index.php and the problem went away. Is this supposed to be a proof of concept? Because if it's not, seems like this could be a bit of a black eye for the project?