Fansites - Etsy redirector

[THEtomaso]

Prerequisites

• [X] This is not a support issue or a question
• [X] I performed a cursory search of the issue tracker to avoid opening a duplicate issue
• [X] I am running the latest version of uBlock Origin

I tried to reproduce the issue when...

• [X] uBO is the only extension
• [X] uBO with default lists/settings
• [X] using a new, unmodified browser profile

URL(s) where the issue occurs

https://christinaricci.net/ https://natalie-portman.org/

Describe the issue

A nasty redirector script is being rolled out for various fansites. It redirects to etsy.com, about 2.5 minutes after visiting the sites.

More info here: https://github.com/DandelionSprout/adfilt/issues/63/#issuecomment-1086599665

The post includes a working fix, but it might not be advisable on a generic level.

Screenshot(s)

No response

uBlock Origin version

v1.16.4.30 Legacy / v1.42.2

Browser name and version

Pale Moon v29.4.5.1 / Chromium-ungoogled v100.0.4896.62-r972766

Settings

Nothing of relevance

Notes

No response

[krystian3w]

Maybe someone found setTimeout/setInterval with ≈ 150000 ms.

The best with networking filter to avoid load widget:

phpeverywherewidget

[okiehsch]

Does natalie-portman.org##+js(acis, setTimeout, .click()) work for you?

[THEtomaso]

Yeah, that seems to do the trick! 👍 ..but is it suitable as a generic rule? I only ask, because I'm not very keen on having to go through hundreds upon hundreds of such sites again, looking for yet another issue!

[mapx-]

maybe no breakage using

||christinaricci.net^$csp=script-src *

[krystian3w]

But still not generic.

[mapx-]

no generic, I see nothing generic in what they are using (automatic clicking a link delayed by setTimeout)

[krystian3w]

So need mining in NerdyData/PublicWWW to catch all "pokemon" ads.

[okiehsch]

is it suitable as a generic rule?

You mean adding that filter globally?

We don't do that with script injections.

[THEtomaso]

Those type of sites uses the same codes. Once something like this appears, it's only a question of time before they've all implemented it, through updates.

[krystian3w]

Then maybe move to quick fixes (changed faster in 4 days delay) and "delegate" into stephenhawk8054 or shenzhiming88 hands (as long readable will be javascript).

[THEtomaso]

We don't do that with script injections.

OK, so you can add this then, for now: christinaricci.net,natalie-portman.org##+js(acis, setTimeout, .click())

I'll report back, if I discover more, or it gets reported to me. ..but I won't be looking for it systematically, because I feel that I've reached my limit with those type of sites! :)

[okiehsch]

Then maybe move to quick fixes (changed faster in 4 days delay)

Why, it's not like they will change that script?

OK, so you can add this then, for now:

Already done and nobody is expecting you to report anything, you report what you want when you want to.

[krystian3w]

I mean situation then fansites started downolad ad plugin update in 1-12 hours and convert this to first party assets.

Both uses WordPress so possible write plugins with very small delay to delivery hotfixes.

[okiehsch]

If they start circumventing the filter we can add it to quick fixes until then the standard list applies.

[THEtomaso]

These just landed in my inbox (CONFIRMED): emmy-rossum.com rachel-brosnahan.org

[krystian3w]

Maybe:

https://milakunis.org/ - also uses same plugin to generate ads in right sidebar based on Etsy/Google.

[krystian3w]

19 can by hidden by paywall:

https://publicwww.com/websites/%22%28site%2C+side%2C+300x250%29%22/

5 based on gif too:

https://publicwww.com/websites/lvftw.com/

6 public in NerdyData maybe:

https://www.nerdydata.com/reports/site-side-300x250/96902185-3fd4-445b-97e7-1da23ac06407

+++ cara-delevingne.com
+++ ivana-baquero.net
+++ drew-barrymore.net
+++ kate-bosworth.net
--- christinaricci.net
+++ kelly-clarkson.org
+++ tatiana-maslany.net
--- milakunis.org
--- emmy-rossum.com

I redishied founds by THEt. and blind match https://github.com/uBlockOrigin/uAssets/issues/12594#issuecomment-1089139691 (Form NerdyData by other pharse).

[THEtomaso]

https://milakunis.org/ - also uses same plugin to generate ads in right sidebar based on Etsy/Google.

No, it's not the same, bacuase it doesn't automatically redirect to anything!

Also, all such sites have ads in the sidebar. The placeholders can't be blocked by generic rules, because their paths are slightly different, from site to site. E.g. ###sidebar > div.side:has-text(Advertisement) will work for milakunis.org, but might break the entire sidebar on other fansites! (I've told you this before)

[krystian3w]

uBO can use :remove() for found domains, so only PaleMoon will be have troubles with redirect (then needed by use ra after detect fail with acis).

[THEtomaso]

only PaleMoon will be have troubles with redirect.

No, the redirect happens in all browsers!

[krystian3w]

But possible remove nodes after upgrade uBO to 1.26.0+ (unreadable links for ra scriptlet).

[krystian3w]

And not all browsers - these no support JS:

Dillo / D+ Browser Links / Lynx

[THEtomaso]

okiehsch has added a perfectly good, working fix to uBO Filters. More domains can be added to it on demand. No need to complicate things any further.

[THEtomaso]

alycia-debnam-carey.com