Closed elsy04 closed 7 years ago
see if works
xmoviesforyou.com##script:inject(abort-current-inline-script.js, __htapop)
/cdn-cgi/apps/head/*$script,domain=xmoviesforyou.com
.com/*.css$stylesheet,domain=xmoviesforyou.com,third-party
xmoviesforyou.com##script:inject(abort-on-property-read.js, V8R9O)
Another site that uses the same delivery server. We could add
||syndication.*?idzone=$popunder,popup,document
suggested by @SMed79 , this will cover more sites.
And we need to block http://810f3f9dde63ae3.com/1264725.css
, not sure what is the preferred way for those. I remember Easylist had regexes for popads domains, but doesn't seem to catch this one. I would like more generic approach, because fixing those sites one by one is annoying.
@kasper93
for popads add:
/^https?:\/\/www\.[a-z]{8,14}\.bid\/[a-z]{1,6}\.js$/$script,third-party
for propellerads add:
Indeed those works. Also need to mark following filter as bad, because it breaks the page. https://ajax.cloudflare.com/cdn-cgi/scripts/c2b63e8a/cloudflare-static/rocket.min.js
shouldn't be blocked.
|https://$third-party,script,domain=29443kmq.video|xmoviesforyou.com,badfilter
|http://$third-party,script,domain=29443kmq.video|xmoviesforyou.com,badfilter
(from easylist)
EDIT:
||cpaofferstat.com/out?zoneId=$popup,popunder
EDIT2:
Hmm, do we have any way to block individual script loaded by rocket? It seem like it bypass uBO filters quite easily. See that http://cpaofferstat.com/p?zoneId=2053591-2053649
is loaded and executed and we cannot block it with uBO.
EDIT3:
rocketloader stores scripts in localstorage that's why I have not seen how they are loaded...
||cpaofferstat.com/p?zoneId=$script
||xmoviesforyou.com/cdn-cgi/pe/bag2?r[]=http%3A%2F%2Fautomoc.net%2Fjs%2Faab.js&r[]=https%3A%2F%2Fwww.fcrgzqkbtgu.co%2Fgstueocosrfh.js$xmlhttprequest
||xmoviesforyou.com/cdn-cgi/pe/bag2?r[]=http%3A%2F%2Fcpaofferstat.com%2Fp%3FzoneId%3D2053591-2053649$xmlhttprequest
This rocketloader is quite annoying, because it can bypass filter list. Those bag2
filters are likely to break very soon. And for instance coin-hive is bundled with other scripts (see below), so there is no easy way to prevent this script from loading. Maybe we need defuser for rocket loader to dissect those requests?
http://www.xmoviesforyou.com/cdn-cgi/pe/bag2?r[]=http%3A%2F%2Fwww.xmoviesforyou.com%2Fwp-includes%2Fjs%2Fjquery%2Fjquery.js%3Fver%3D1.12.4&r[]=http%3A%2F%2Fwww.xmoviesforyou.com%2Fwp-includes%2Fjs%2Fjquery%2Fjquery-migrate.min.js%3Fver%3D1.4.1&r[]=http%3A%2F%2Fwww.xmoviesforyou.com%2Fwp-content%2Fplugins%2Fbwp-minify%2Fmin%2F%3Ff%3Dwp-content%2Fthemes%2Fsurfbaru%2Flibrary%2Fjs%2Fmodernizr-2.6.2.min.js%2Cwp-includes%2Fjs%2Fimagesloaded.min.js%2Cwp-includes%2Fjs%2Fmasonry.min.js%2Cwp-content%2Fthemes%2Fsurfbaru%2Flibrary%2Fjs%2Fscripts.js&r[]=http%3A%2F%2Fwww.xmoviesforyou.com%2Fwp-content%2Fplugins%2Fbwp-minify%2Fmin%2F%3Ff%3Dwp-includes%2Fjs%2Fwp-embed.min.js&r[]=https%3A%2F%2Fcoin-hive.com%2Flib%2Fcoinhive.min.js
Suggestion
/out?zoneId=
/out?zoneId=$popup
.com/p?zoneId=*-$script,third-party
/cdn-cgi/pe/bag2?r*cpaofferstat.com
if you make a left or even right click on the scrolling bar or the lowest part of the page, that will activate a kind of "invisible mouse trap" which will cover half the page size approximately
How about:
xmoviesforyou.com##script:inject(addEventListener-defuser.js, /^mouse/)
xmoviesforyou.com##script:inject(abort-current-inline-script.js, parseInt, tabunder)
kills the inline-script that pulls the /1264725.css
and triggers the popup.
I can not see any other popups on my end.
Why would you allow /cloudflare-static/rocket.min.js
?
I can watch the videos, which is clearly the main/only reason anybody uses such a site, so what essential
site functionality is broken?
Why would you allow /cloudflare-static/rocket.min.js?
It prevents legitimate scripts to load. This page is just indexer for videos hosted on other sites, so there is literally none functionality to break. But there is one visual issue that you can notice. Item grid looks bad without JS. When you let scripts to load, grid is nicely fixed. I don't know if this is something regular user of this page care about. IMHO the whole page should be considered malicious with the amount of ads and coin-hive embedded.
the whole page should be considered malicious with the amount of ads and coin-hive embedded.
I agree with that but people will use such sites anyway and so I would not allow a script that leads to even more exposure to ads, malicious or not, if it only leads to some layout breakage.
OK, I think
xmoviesforyou.com##script:inject(abort-current-inline-script.js, parseInt, tabunder)
streamcherry.com##script:inject(abort-on-property-write.js, _0xd959)
streamcherry.com##script:inject(abort-on-property-write.js, N5ii.M4)
streamcherry.com##script:inject(abort-on-property-write.js, JiLk)
also takes care of all popups occuring if you click to play a video, atleast on my end.
NSFW example link: http://www.xmoviesforyou.com/2017/09/blacked-gina-valentina-give-it-to-me-now.html
If somebody can confirm, I will add it.
Seems to be alright. Could add two cosmetic filters for this openload wrapper page, but it's not critical. Popups seem to be fixed with your rules.
strdef.world###stream-banner
strdef.world##div[style]:has(> a[href="http://www.streamdefence.com/index.php"])
@okiehsch So the script which is needed for layout hasn't been blocked right?
I agree with that but people will use such sites anyway
You are right about that with the kind of ads this site injects (most of which make it unusable) it is indeed quite popular.
so I would not allow a script that leads to even more exposure to ads, malicious or not, if it only leads to some layout breakage.
I do not agree with this as only the most viable solution should be chosen. If an adblocker is blocking additional things then its not doing what it was supposed to.
I do not agree
Then go ask EasyList maintainers for a fix. We will no add an exception filter here just for the sake of addressing a minor visual glitch caused by a filter in another list:
Locking this thread because no point adding more to it.
@gotitbro Keep in mind that every time you comment on something in a repo here or in a commit, this create a notification to all those watching the repo. So it's nice to keep the comments focused on whatever is useful to fix any given issue.
Well, EasyList has added @@||ajax.cloudflare.com/cdn-cgi/scripts/$script,third-party
, so now
rocket.min.js
loads, which means the layout is now immaculate but we have popunders and coin-hive
request spamming.
I've seen the problem with rocket loader on few sites already, it basically bypass the filters. I locally have
/cdn-cgi/pe/bag2^$xmlhttprequest,first-party
to force fallback to normal script load which will go through blocking unlike bag2
requests. I proposed to do that in Easylist, but no response yet. https://github.com/easylist/easylist/issues/649
I proposed to do that in Easylist, ...
@kasper93 Your filter will break a lot of sites so it is sure no one will add it.
we have popunders and coin-hive request spamming.
@ryanbr fyi.
@SMed79: And how it will break them? It will just load the script normal way...
And how it will break them?
### URL(s) where the issue occurs
http://www.xmoviesforyou.com/*
### Describe the issue
This site is plagued by a bunch of different kind of ads, which I already managed to mitigate, but there is this little piece of sh*t which still can't be blocked. Despite I tried to know its exact origin how to block it, I don't know what is triggering it. I already tried with several different filter lists, rules and configurations but to no avail.
The automatic redirection will take place every now and then, while browsing the site, but an straightforward way of "activating" the redirecting link without actually let it do its thing, will be this one:
Right after opening the main website for the first time, if you make a left or even right click on the scrolling bar or the lowest part of the page, that will activate a kind of "invisible mouse trap" which will cover half the page size approximately. You will note it since the original links from the upper half part, will really point to "c75b9ac5103e5d125b8(dot)com/1264725.html" in the status bar, instead the intended ones. The links from the lower half part will not be altered, but (if clicked) the redirecting link will be active in the next new page right away.
### Screenshot(s)
[Will post them if needed]
### Versions
### Settings
No changes but updating the default filters' list.
### Notes
The only way of blocking it I have found so far, is by using the "element picker" to block the invisible trap, but that's more a workaround than a real fix; besides, it will break the text selection/copy from the pages.