Closed elsy04 closed 7 years ago
mapx-
commented
7 years ago see if works
xmoviesforyou.com##script:inject(abort-current-inline-script.js, __htapop)
/cdn-cgi/apps/head/*$script,domain=xmoviesforyou.com
.com/*.css$stylesheet,domain=xmoviesforyou.com,third-party
xmoviesforyou.com##script:inject(abort-on-property-read.js, V8R9O)
kasper93
commented
7 years ago Another site that uses the same delivery server. We could add
||syndication.*?idzone=$popunder,popup,documentsuggested by @SMed79 , this will cover more sites.
And we need to block http://810f3f9dde63ae3.com/1264725.css, not sure what is the preferred way for those. I remember Easylist had regexes for popads domains, but doesn't seem to catch this one. I would like more generic approach, because fixing those sites one by one is annoying.
smed79
commented
7 years ago @kasper93
for popads add:
/^https?:\/\/www\.[a-z]{8,14}\.bid\/[a-z]{1,6}\.js$/$script,third-party
for propellerads add:
kasper93
commented
7 years ago Indeed those works. Also need to mark following filter as bad, because it breaks the page. https://ajax.cloudflare.com/cdn-cgi/scripts/c2b63e8a/cloudflare-static/rocket.min.js shouldn't be blocked.
|https://$third-party,script,domain=29443kmq.video|xmoviesforyou.com,badfilter
|http://$third-party,script,domain=29443kmq.video|xmoviesforyou.com,badfilter(from easylist)
EDIT:
||cpaofferstat.com/out?zoneId=$popup,popunderEDIT2:
Hmm, do we have any way to block individual script loaded by rocket? It seem like it bypass uBO filters quite easily. See that http://cpaofferstat.com/p?zoneId=2053591-2053649 is loaded and executed and we cannot block it with uBO.
EDIT3:
rocketloader stores scripts in localstorage that's why I have not seen how they are loaded...
||cpaofferstat.com/p?zoneId=$script
||xmoviesforyou.com/cdn-cgi/pe/bag2?r[]=http%3A%2F%2Fautomoc.net%2Fjs%2Faab.js&r[]=https%3A%2F%2Fwww.fcrgzqkbtgu.co%2Fgstueocosrfh.js$xmlhttprequest
||xmoviesforyou.com/cdn-cgi/pe/bag2?r[]=http%3A%2F%2Fcpaofferstat.com%2Fp%3FzoneId%3D2053591-2053649$xmlhttprequestThis rocketloader is quite annoying, because it can bypass filter list. Those bag2 filters are likely to break very soon. And for instance coin-hive is bundled with other scripts (see below), so there is no easy way to prevent this script from loading. Maybe we need defuser for rocket loader to dissect those requests?
http://www.xmoviesforyou.com/cdn-cgi/pe/bag2?r[]=http%3A%2F%2Fwww.xmoviesforyou.com%2Fwp-includes%2Fjs%2Fjquery%2Fjquery.js%3Fver%3D1.12.4&r[]=http%3A%2F%2Fwww.xmoviesforyou.com%2Fwp-includes%2Fjs%2Fjquery%2Fjquery-migrate.min.js%3Fver%3D1.4.1&r[]=http%3A%2F%2Fwww.xmoviesforyou.com%2Fwp-content%2Fplugins%2Fbwp-minify%2Fmin%2F%3Ff%3Dwp-content%2Fthemes%2Fsurfbaru%2Flibrary%2Fjs%2Fmodernizr-2.6.2.min.js%2Cwp-includes%2Fjs%2Fimagesloaded.min.js%2Cwp-includes%2Fjs%2Fmasonry.min.js%2Cwp-content%2Fthemes%2Fsurfbaru%2Flibrary%2Fjs%2Fscripts.js&r[]=http%3A%2F%2Fwww.xmoviesforyou.com%2Fwp-content%2Fplugins%2Fbwp-minify%2Fmin%2F%3Ff%3Dwp-includes%2Fjs%2Fwp-embed.min.js&r[]=https%3A%2F%2Fcoin-hive.com%2Flib%2Fcoinhive.min.jsSuggestion
/out?zoneId=
/out?zoneId=$popup
.com/p?zoneId=*-$script,third-party
/cdn-cgi/pe/bag2?r*cpaofferstat.com
gorhill
commented
7 years ago if you make a left or even right click on the scrolling bar or the lowest part of the page, that will activate a kind of "invisible mouse trap" which will cover half the page size approximately
How about:
xmoviesforyou.com##script:inject(addEventListener-defuser.js, /^mouse/)
okiehsch
commented
7 years ago xmoviesforyou.com##script:inject(abort-current-inline-script.js, parseInt, tabunder)
kills the inline-script that pulls the /1264725.css and triggers the popup.
I can not see any other popups on my end.
Why would you allow /cloudflare-static/rocket.min.js?
I can watch the videos, which is clearly the main/only reason anybody uses such a site, so what essential
site functionality is broken?
kasper93
commented
7 years ago Why would you allow /cloudflare-static/rocket.min.js?
It prevents legitimate scripts to load. This page is just indexer for videos hosted on other sites, so there is literally none functionality to break. But there is one visual issue that you can notice. Item grid looks bad without JS. When you let scripts to load, grid is nicely fixed. I don't know if this is something regular user of this page care about. IMHO the whole page should be considered malicious with the amount of ads and coin-hive embedded.
okiehsch
commented
7 years ago the whole page should be considered malicious with the amount of ads and coin-hive embedded.
I agree with that but people will use such sites anyway and so I would not allow a script that leads to even more exposure to ads, malicious or not, if it only leads to some layout breakage.
okiehsch
commented
7 years ago OK, I think
xmoviesforyou.com##script:inject(abort-current-inline-script.js, parseInt, tabunder)
streamcherry.com##script:inject(abort-on-property-write.js, _0xd959)
streamcherry.com##script:inject(abort-on-property-write.js, N5ii.M4)
streamcherry.com##script:inject(abort-on-property-write.js, JiLk)also takes care of all popups occuring if you click to play a video, atleast on my end.
NSFW example link: http://www.xmoviesforyou.com/2017/09/blacked-gina-valentina-give-it-to-me-now.html
If somebody can confirm, I will add it.
kasper93
commented
7 years ago Seems to be alright. Could add two cosmetic filters for this openload wrapper page, but it's not critical. Popups seem to be fixed with your rules.
strdef.world###stream-banner
strdef.world##div[style]:has(> a[href="http://www.streamdefence.com/index.php"])
gotitbro
commented
7 years ago @okiehsch So the script which is needed for layout hasn't been blocked right?
I agree with that but people will use such sites anyway
You are right about that with the kind of ads this site injects (most of which make it unusable) it is indeed quite popular.
so I would not allow a script that leads to even more exposure to ads, malicious or not, if it only leads to some layout breakage.
I do not agree with this as only the most viable solution should be chosen. If an adblocker is blocking additional things then its not doing what it was supposed to.
gorhill
commented
7 years ago I do not agree
Then go ask EasyList maintainers for a fix. We will no add an exception filter here just for the sake of addressing a minor visual glitch caused by a filter in another list:
Locking this thread because no point adding more to it.
@gotitbro Keep in mind that every time you comment on something in a repo here or in a commit, this create a notification to all those watching the repo. So it's nice to keep the comments focused on whatever is useful to fix any given issue.
okiehsch
commented
7 years ago Well, EasyList has added @@||ajax.cloudflare.com/cdn-cgi/scripts/$script,third-party, so now
rocket.min.js loads, which means the layout is now immaculate but we have popunders and coin-hive request spamming.
kasper93
commented
7 years ago I've seen the problem with rocket loader on few sites already, it basically bypass the filters. I locally have
/cdn-cgi/pe/bag2^$xmlhttprequest,first-partyto force fallback to normal script load which will go through blocking unlike bag2 requests. I proposed to do that in Easylist, but no response yet. https://github.com/easylist/easylist/issues/649
smed79
commented
7 years ago I proposed to do that in Easylist, ...
@kasper93 Your filter will break a lot of sites so it is sure no one will add it.
we have popunders and coin-hive request spamming.
@ryanbr fyi.
kasper93
commented
7 years ago @SMed79: And how it will break them? It will just load the script normal way...
smed79
commented
7 years ago And how it will break them?
### URL(s) where the issue occurs
http://www.xmoviesforyou.com/*### Describe the issue
This site is plagued by a bunch of different kind of ads, which I already managed to mitigate, but there is this little piece of sh*t which still can't be blocked. Despite I tried to know its exact origin how to block it, I don't know what is triggering it. I already tried with several different filter lists, rules and configurations but to no avail.
The automatic redirection will take place every now and then, while browsing the site, but an straightforward way of "activating" the redirecting link without actually let it do its thing, will be this one:
Right after opening the main website for the first time, if you make a left or even right click on the scrolling bar or the lowest part of the page, that will activate a kind of "invisible mouse trap" which will cover half the page size approximately. You will note it since the original links from the upper half part, will really point to "c75b9ac5103e5d125b8(dot)com/1264725.html" in the status bar, instead the intended ones. The links from the lower half part will not be altered, but (if clicked) the redirecting link will be active in the next new page right away.
### Screenshot(s)
[Will post them if needed]
### Versions
### Settings
No changes but updating the default filters' list.
### Notes
The only way of blocking it I have found so far, is by using the "element picker" to block the invisible trap, but that's more a workaround than a real fix; besides, it will break the text selection/copy from the pages.