Quantcast
[ 3 / biz / cgl / ck / diy / fa / g / ic / jp / lit / sci / tg / vr ] [ index / top / reports / report a bug ] [ 4plebs / archived.moe / rbt ]

Maintenance is complete! We got more disk space.
Become a Patron!

/g/ - Technology


View post   

[ Toggle deleted replies ]
File: 26 KB, 511x370, (((ekansovi))).png [View same] [iqdb] [saucenao] [google] [report]
61009719 No.61009719 [Reply] [Original] [archived.moe] [rbt]

So what happened with this? By the time I went to bed everyone was shitting themselves. Did you guys ever figure out what the fuck ekansovi is?

>> No.61009764

botnet

>> No.61010014

Is this some kind of 4chan x shit? I've never seen that domain on here before

>> No.61010042

>>61009719
It's a 1x1 image that tracks you.

>> No.61010061

>>61010014
Pretty sure some people without 4chan X were getting it as well
I think it only shows up on certain boards like /pol/

>> No.61010160

>>61010061
i have it right now on /g/ with 4chanx

>> No.61010171

>>61010160
just checked and i do as well

>> No.61010182

i use appchan x and i don't get it on /g/. can't be bothered to try other boards.

>> No.61010209

>>61010171
even with 4chanx disabled i still have it
i don't know what is it but i blocked it with ublock origin and umatrix

>> No.61010241

>>61009719
If this whole thing blows over, which I hope to god it does, I'll have learned to never express overly /pol/ or /r9k/ -tier views here again. Even if only ironically.

>> No.61010269

>>61010241
Yeah I'm fucked if it's what people are making it out to be

>> No.61010287

>>61010241
EVERYTHING I HAVE EVER POSTED ON THIS WEBSITE WAS IRONIC AND DOES NOT REFLECT MY REAL LIFE VIEWS OR BELIEFS. I WAS MERELY "TROLLING"

>> No.61010289

I wonder if this is one of those botnets that stick themselves into your browser's cache like what happened to imgur a few years back.

https://www.reddit.com/r/technology/comments/3lw2g6/imgur_is_being_used_to_create_a_botnet_and_ddos/

>> No.61010304

>>61010287
THIS DESU

>> No.61010355

>>61010287
this. i actually LOVE blacks and jews. they have such nice cultures

>> No.61010389

Why can't I block this in uBlock Origin?
No matter how much I block it, it still appears in the logger when I refresh the page.

>> No.61010413

>>61010389
doesn't the red thing on the left mean it's blocked

>> No.61010418

>>61010061
>I think it only shows up on certain boards like /pol/
It's blue boards, I think.

>> No.61010424

>>61010355
jej

>>61010389
works on my machine

>> No.61010434
File: 4 KB, 723x35, ss (2017-06-21 at 19.29.17).png [View same] [iqdb] [saucenao] [google] [report]
61010434

>>61010413
>>61010424
I think it's working now.
Odd.

>> No.61010436

>>61010269
What are people making it out to be?

>> No.61010439

>>61010418
/pol/ isn't a blue board and it shows on /pol/ for me

>> No.61010450

You guys have tried clearing ALL of your temporary internet files right? Clear the ones from IE and Flash and of course clear the ones from your primary browser.

>> No.61010453

>>61010436
logging your posts with your IP to tie them to your name

>> No.61010464

>>61010453
why would 4chan need separate domain to do that?

>> No.61010477
File: 442 KB, 2116x729, g - The g Wiki httpwiki.installgentoo.com - Technology - 4chan - Mozilla Firefox (Private Browsing) pol - Welcome to pol - Politically Incorrect - Politically Incorrect - 4chan - Mozilla Firefox (Private Browsing).png [View same] [iqdb] [saucenao] [google] [report]
61010477

>>61009719
Nothing. You retards are infected with some botnet shit!

>> No.61010479

>>61010418
>>61010439
It's blue boards + /pol/ afaik.

>> No.61010482

>>61010464
it wouldn't be 4chan doing it, presumably
it's another company using an exploit

>> No.61010488

ITT: Tinfoil hats, its just another ad-thing, they cannot do shit with ad-info they gather from me because I don't buy shit I don't need or that its on fucking internet ads of all places.

>> No.61010489
File: 18 KB, 513x491, ss (2017-06-21 at 19.33.14).png [View same] [iqdb] [saucenao] [google] [report]
61010489

Well it DOES save a cookie to uniquely identify you.

>> No.61010496

>>61010477
Check for ekansovi in your cookies, that's were I found it.

>> No.61010497

>>61010477
Click on "+All"

>> No.61010501
File: 209 KB, 567x358, pieces-of-the-real-me1.jpg [View same] [iqdb] [saucenao] [google] [report]
61010501

pls no bully

>> No.61010517

>>61010488
Yeah, but how did it get here?

Clearly an admin has put it there - why

>> No.61010518
File: 71 KB, 250x250, (((Ekans)))ovi.png [View same] [iqdb] [saucenao] [google] [report]
61010518

ekans is backwards for snake
Coincidence?

>> No.61010519
File: 95 KB, 1146x738, Options - Mozilla Firefox (Private Browsing).png [View same] [iqdb] [saucenao] [google] [report]
61010519

>>61010496

>> No.61010535

>>61010489
>Not using self destructing cookies

>> No.61010536

>>61010489
I think every cloudflare server does that

>> No.61010538
File: 278 KB, 1208x687, g - The g Wiki httpwiki.installgentoo.com - Technology - 4chan - Mozilla Firefox (Private Browsing).png [View same] [iqdb] [saucenao] [google] [report]
61010538

>>61010497
Done. Nothing.

>> No.61010539

>>61010477
if i'm infected i should have it for every site i visit, but i have it only on 4chan

>> No.61010542

Still don't have this.

>> No.61010550

>>61010538
Weird
I have 4chan X and OneeChan installed btw.

>> No.61010555

>>61010477
What country are you located in? I'm on a fresh windows install(literally within the last 24 hrs) and have it. I'm in the US.
If it really is another ad service, has it been spotted on any other websites?

>> No.61010560
File: 154 KB, 2121x1414, 8934hnt7g32dnuifcq.jpg [View same] [iqdb] [saucenao] [google] [report]
61010560

What are we doing now? Is it still safe to post?
>>61010453
How can they tie your IP with your name?
What other risks are we dealing with?

>> No.61010565
File: 122 KB, 1208x730, Add-ons Manager - Mozilla Firefox (Private Browsing).png [View same] [iqdb] [saucenao] [google] [report]
61010565

>>61010550
Maybe that's why? I only have these extensions

>> No.61010568

It's the NSA

>> No.61010569

EVERYTHING I HAVE EVER POSTED ON THIS WEBSITE WAS IRONIC AND DOES NOT REFLECT MY REAL LIFE VIEWS OR BELIEFS. I WAS MERELY JOKING

>> No.61010570

>>61010518
Ovi means EGG SNAKES LAY EGGS

Browser cookies are basically website eggs! Your computer will hatch into a snake and EAT your data and privacy and genitals!

>> No.61010572

>>61010538
check the ub log "behind the scene" for websockets

>> No.61010582

>>61010517
Money, duh

>> No.61010585

>>61010555
Ukraine

>> No.61010586

>>61010519
Same for me. Does that mean that I am safe?

>> No.61010587

>>61010517
Compromised ad network is a more likely explanation. Doesn't seem to be a part of 4chan x, I searched for the url in the code and it turned up nothing.

>> No.61010600

>>61010570
FUCK

>> No.61010602
File: 122 KB, 1208x1161, uBlock — Logger - Mozilla Firefox (Private Browsing).png [View same] [iqdb] [saucenao] [google] [report]
61010602

>>61010572
Nothing

>> No.61010616

>>61010560
just check where else your IP has logged in
it's not complicated bud

>> No.61010625

>>61010587
Like it can't be obfuscated in any way.
>>61010585
Odd, anyone outside of the US/ have this?

>> No.61010632

>>61010602
You have to select "behind the scene" and browse /g/ for a bit.

>> No.61010641

>>61009719
If I use private browsing mode and self destructing cookies as well as block it in noscript am I safe?

>> No.61010642

>>61010625
i'm in Italy

>> No.61010654
File: 70 KB, 628x842, 4ec5548fa49022809a579a416122523f0e632246_hq.jpg [View same] [iqdb] [saucenao] [google] [report]
61010654

>>61010600
It's not all bad, anon O3o

>> No.61010670
File: 264 KB, 1360x1103, 2956258.jpg [View same] [iqdb] [saucenao] [google] [report]
61010670

:)

>> No.61010691

Weird.
When I load the page 4chan x removes the script that makes the websocket thing work.
It tries to load then gets rekt.

>> No.61010706

I'm seeing it now in the "behind-the-scenes" view on ublock. ublock sees it but it seems to be incapable of blocking it for some reason.

>> No.61010748

>>61010706
I think you have to delete the behind-the-scene entry from the whitelist. Then it blocks it.

>> No.61010784

>>61010748
No it wont block it just like that.

>> No.61010798

>>61010748
Confirmed for me at least.

>> No.61010872

>>61010784
Deleting behind-the-scene from the whitelist and then adding

||ekansovi.com$domain=4chan.org
||a.ekansovi.com/wsm$websocket,domain=behind-the-scene


to the filters worked for me.

>> No.61010926

>>61010872
You can use
||$websocket

to block all future attempts at using websockets like this.

>> No.61011023

>>61010872
>Deleting behind-the-scene from the whitelist
Will make uBlock Origin unable to update the filterlists. Don't suggest this to anyone.

>> No.61011087

it's ad tracking

>> No.61011122

>>61011023
Are you sure? The update seems to work fine. How can we block it then?

>> No.61011135
File: 204 KB, 1000x1000, 1497599546706.jpg [View same] [iqdb] [saucenao] [google] [report]
61011135

>>61011122
We hack it.

>> No.61011136

>>61011023
>>61011122
Shouldn't you be able to do the "even if whitelisted" thing?

>> No.61011147

>>61011122
>Are you sure?
Yes. It's on gorhill's github described.

>How can we block it then?
0.0.0.0 ekansovi.com
in your hosts file.

>> No.61011159

>>61010602
>ad.doubleclick.net
why is that allowed on mine? i have nearly all the filters activated, even the hosts files

>> No.61011188

Has anybody actually bothered to find out what script actually tries to set up the websocket and what it tries to transfer?

>> No.61011213

>>61011159
>why is that allowed on mine?
Because of this. It's there I assume it breaks something, You can create a rule:
* doubleclick.net * block
to block it.

>> No.61011215

>>61011188
Firefox has a websockets inspector plugin that you could use. I'd try to figure it out but I don't have this

>> No.61011216

>>61011122
uMatrix does it automatically

>> No.61011227
File: 4 KB, 481x93, Untitled.png [View same] [iqdb] [saucenao] [google] [report]
61011227

>>61011213
>Because of this
Silly, I forgot to attatch image

>> No.61011233

has anyone actually looked at the site yet?

>> No.61011239

Even if this is some bullshit ad fuckery, it made me realise I let my guard down.

uMatrix 4lyfe - reminds me of NoScript for Firefox, only less shitty, and easier to use

>> No.61011327

>>61011239
also don't use chrome, use iridium

>> No.61011343
File: 19 KB, 517x407, amisafe.png [View same] [iqdb] [saucenao] [google] [report]
61011343

am i safe

>> No.61011372

>>61011343
Best way to check to be 100% sure:

Go to Settings>Advanced Settings>Privacy>Content Settings>All Cookies and Site Data

Search for "ekansovi"

>> No.61011417

>>61009719
chanpink doesn't have this problem

>> No.61011421

>>61011147
It's not working. I tried to block it dynamically but it failed too.

>> No.61011442

So, uh, there's a bunch of obfuscated javascript at the top of every page that's opening the websocket.

>> No.61011451

>not stealing your neighbors Wi-Fi for 4chan usage
lol
enjoy having your racist/sexist virginal shitposts exposed if you or your family ever become of interest

>> No.61011471

So is this just some ad tracking garbage that tinfoil hats are sperging over or something to actually he concerned about

>> No.61011481

>>61011417
wtf is chanpink?

>> No.61011494

>>61011471
both arent good desu senpai

>> No.61011503

>>61011471
i have this showing up on ublock, but no cookie? also running pi-hole

>> No.61011509

>>61011494
I'd prefer ad tracking over potential employers and family reading my shitposts

>> No.61011528
File: 10 KB, 432x145, it's-a-me! Ekan!.png [View same] [iqdb] [saucenao] [google] [report]
61011528

>>61010872
uMatrix blocks websockets, at least in Firefox (in Chrom{e,ium} there's a need to add an uBlock companion to fix websockets)
>>https://github.com/gorhill/uBO-Extra/wiki/Sites-on-which-uBO-Extra-is-useful
and I never investigated what's the situation for uMatrix but I'd guess that it can't fix websockets there

Cookies/Dom Storage cleaned, no occurrences of this ekans stored anywhere (and I'm a GNU/Linux turboautist) still ekansovi strives to sneak in

Do we have any official word on this?

>> No.61011535

>>61010670
>
it never ends, does it ?

>> No.61011537

>>61011442
b.u and b.a look like they're the functions for decoding obfuscated strings

>> No.61011574

>>61009719
I got it with uMatrix. Only wants to runs 1 script and XHR.

>> No.61011590

>>61011574
OP here. I got it as well
I'm more worried about what it was, though

>> No.61011616

>>61011421
Try to flush the dns cache
amd as admin:
ipconfig /flushdns
That domain should not resolve at all anymore.

>> No.61011631

Any way to keep the behind-the-scenes whitelisted while blocking websockets? Right now it looks like the only solution is to use an extension to disable websockets which is less than ideal.

>> No.61011637
File: 10 KB, 424x126, "Got Snakes?" - "GNO!".png [View same] [iqdb] [saucenao] [google] [report]
61011637

>>61011528
>and I never investigated what's the situation for uMatrix but I'd guess that it can't fix websockets there
well, according to gorhill it only affects "Chromium version 57 and earlier" ; I've checked on Chromium 61 and it werks

>> No.61011666
File: 10 KB, 741x124, unknown.png [View same] [iqdb] [saucenao] [google] [report]
61011666

No but seriously guys there's obfuscated javascript at the top of every page and it looks like it's tracking you lol

>> No.61011691

>>61011666
Can it save posts, though, or just when you're on 4chan?

>> No.61011725

>>61011666
b.a("HyEeSzUEDzgZFhwEaxMnKg==")
in the javascript resolves to "xhr.ekansovi.com"

>>61011691
fucked if I know, I'm trying to make sense of it.

>> No.61011773

>>61011666
Oh shit, OK fuck you.
My name is Sam Hyde, come at me.

Also fuck niggers, spics, kikes, gooks, nips, wops, frogs, libtards, people who use emojis and single speed bikes.

>> No.61011778

I genuinely stopped phoneposting because of this. I have the standard filter with ublock and umatrix now. Blocked ekan as much as i could with both.
>>61011725
this thing occasionally shows up in uMatrix, too Seems shifty, but is probably used to save post containers.

>> No.61011814

>>61011666
mirin' satanic trips
and it's true, fuck

adios amigos

>> No.61011849

>>61010550
>>61010565
Its not the extensions.

>> No.61011856

Note: The posts made by this IP address are strictly satirical; and resemblance to any personal opinions, real or ironic, are strictly coincidental. No animals were harmed in the making of these posts.

>> No.61011860
File: 98 KB, 600x500, 9428058.png [View same] [iqdb] [saucenao] [google] [report]
61011860

THREAD THEME:

https://www.youtube.com/watch?v=bUFWXpYJKaI

>> No.61011884

I'm retarded, if ublock blocks the requests then what's the issue?

>> No.61011904

>>61011884
The fact that it's there in the first place

>> No.61011919

>>61011860
I would welcome death if people I knew had access to every one of my 4chan shitposts. South Park was right all along, we should have known

>> No.61011939

>>61011904
If the tinfoil hats are right then of course it's an issue but far less of one, at least for me. My worst fear is >>61011919 coming true and having a database with this information publicly available

>> No.61011944
File: 8 KB, 1134x48, >set CSP >CSP blocks xhr but still allows unsafe-eval.png [View same] [iqdb] [saucenao] [google] [report]
61011944

man

>> No.61011967

so if umatrix blocks this I'm good to go?
I want to make a little infograph explaining what is it using this thread and how to use umatrix to block it

>> No.61011970

>>61011884
>if ublock blocks
except it doesn't unless you instruct it so; many will just assume that standard uBlock w/o uMatrix is enough

and it's not

>> No.61011972

>>61011919
The reason you can see it is to make people give up and become paranoid, any serious Nazis wouldn't care.

>> No.61011996
File: 241 KB, 1069x1196, 1494469666435.jpg [View same] [iqdb] [saucenao] [google] [report]
61011996

>mfw i don't have this
By the outlook of things looks like this might be only targeted at US or EU where people can get arrested for having an opinion

>> No.61012001

>>61011970
It seems to be blocked on my browser

>> No.61012005
File: 66 KB, 400x400, d4843.jpg [View same] [iqdb] [saucenao] [google] [report]
61012005

>not showing up for me anywhere
Looks like I'm home free lads

>> No.61012009

b.a("Aj8NCQ==")
Resolves to "eval"

b.a("ECwODjkbPDMZFgYbIDwnJAw4NS88FhYgCgwnOz4hOA==")
Resolves to "webkitResolveLocalFileSystemURL"

>> No.61012023
File: 163 KB, 1027x794, 1497464162128.jpg [View same] [iqdb] [saucenao] [google] [report]
61012023

Has anybody tried to contact gook about that shit?

>> No.61012049

>>61012001
did you really check the "behind the scene" page? It looks like >>61011528
do you use only uBlock Origin without settings like >>61010872 ?

>> No.61012071

>>61012009
Right click > View source code
Search for one of those code snippits
If it's there you're running the obfuscated Javascript whether you're running uMatrix or not.

>> No.61012072

>>61012049
Well, fuck

>> No.61012092

>>61012071
*whether you're blocking ekansovi or not

>> No.61012102

What if we wipe all broswer data, load up a VPN somewhere like JP and then try and see if it appears. This may be targeting specific countries.

>> No.61012114

>>61012023
>"Hey gook could you pls stop selling my data for once ok thanks bye"

>> No.61012125

>>61011778
firefox for android supports both ublock and umatrix

>> No.61012134

I see it in Iridium 58 and Opera using Blink 58 but not in Chromium 55 and Google Chrome 55. It might be being bypassed on older browsers so if you don't see its probably still loaded.

>> No.61012139

>>61012009
fug

if i have ekansovi blocked at the hosts file, is it safe?

>> No.61012145

>>61012071
>>61012092

Not quite. Everyone will still have the code in the HTML as thats the literal index file its pulling from the 4chan servers. uBlock / HOSTS etc block the connections that code tries to make.

Do you even know how blocking works?

>> No.61012186

>>61012145
I said it's running the obfuscated javascript whether you block ekansovi or not. It's not going to make the connections but it's still running 15KB worth of Javascript.

>> No.61012202

>>61010642
Italy here too, don't have it

>> No.61012217

People saying they "don't have it" - you're probably not looking properly.

>> No.61012220

>>61012186
Well.... yeah.

>> No.61012235

EVERYTHING I HAVE EVER POSTED ON THIS WEBSITE WAS IRONIC AND DOES NOT REFLECT MY REAL LIFE VIEWS OR BELIEFS. I WAS MERELY JOKING

>> No.61012256

I had it a second in ublock and now it's gone after reload

when i turn on yesscript, it's disabled, but 4chan is unusable. tf do i do? i have no idea how to make umatrix load pages correctly.

>> No.61012284
File: 19 KB, 351x359, 502[3].jpg [View same] [iqdb] [saucenao] [google] [report]
61012284

Used to get it on /pol/ and not on /g/ an hour ago, now it's exactly the opposite, /g/ tries to connect to ekansovi and /pol/ doesn't.
Also firebug console suggests the websocket it tries to open just 404s anyway without any blocking on my part.

>> No.61012294

>>61012235
Yes it does buddy.

>> No.61012318
File: 43 KB, 825x533, Capture.png [View same] [iqdb] [saucenao] [google] [report]
61012318

>>61012186
Where you seeing this?

I don't have any javascript running from ekansovi

All of this javascript is Google or 4chan

>> No.61012329

>>61012235
>merely pretending

SWAT's already on the way, punk.

>> No.61012353

>>61012318
It's not being included from some 3rd party site, it's embedded in this page

>> No.61012356

>>61012294
The stories and information posted here are artistic works of fiction and falsehood.
Only a fool would take anything posted here as fact.
You're not fools, are you, NSA?

>> No.61012365
File: 40 KB, 1280x302, hmm.png [View same] [iqdb] [saucenao] [google] [report]
61012365

well, i have it too
location is poland

>> No.61012400

So did anyone bother to un-obfuscate the js to see what it's actually doing?

>> No.61012414

>>61012353
So, this is 100% Hiro's doing I assume?

>> No.61012424

>>61012414
Probably; assuming it's malicious it could be a hacker, but we're yet to find out if it is malicious.

>> No.61012432
File: 3 KB, 229x63, ss (2017-06-21 at 21.29.25).png [View same] [iqdb] [saucenao] [google] [report]
61012432

Can't find the green default .ico in 4chan X anymore after blocking ekans.
Is it gone for anyone else? Green boards display no favicon at all now.

>> No.61012450

>>61012424
If it's malicious it's definitely Hiro.

>> No.61012461

>>61012432
I still have it, you probably blocked it via another rule.

>> No.61012495

There's a lot of stuff in here about ice servers or stun servers, anyone know what that is?

>> No.61012508

>tfw I don't have it

Is this just a USA/UK thing or something?

>> No.61012513

>>61012508
did you check well enough?

>> No.61012516
File: 286 KB, 624x224, ss (2017-06-21 at 21.35.23).webm [View same] [iqdb] [saucenao] [google] [report]
61012516

>>61012461
Strange. I have no other 4chan rule other than blocking all ekans stuff.
It's definitely blocking my green favicon, webm related.
I'm not seeing a block in the logger.
I added these rules
||ekansovi.com

! 21.6.2017, 19:25:00 behind-the-scene
||a.ekansovi.com$important

! 21.6.2017, 19:25:20 behind-the-scene
||a.ekansovi.com/wsm$websocket,domain=behind-the-scene

>> No.61012521

>>61012508
read the thread, retard

>> No.61012541

>>61012513
It doesn't show in the requests blocked of UBlock. It doesn't show in the behind the scenes menu either after opening a bunch of threads.

>> No.61012547
File: 19 KB, 531x187, Selection_098.png [View same] [iqdb] [saucenao] [google] [report]
61012547

i blocked it in the ublock origin dashboard but i am still seeing it in the logger in behind-the-scenes

pls halp

>> No.61012562

>>61012450
Revenge for Hiroshima, and calling him Hiroshima.

>> No.61012579
File: 29 KB, 1488x465, ss (2017-06-21 at 21.40.33).png [View same] [iqdb] [saucenao] [google] [report]
61012579

>>61012461
>>61012516
I removed all "My Filters" and it changed nothing.
Can someone post me their exported "My Rules", so that I can revert to default?
I don't know what else it could be.

>> No.61012581

>>61012516
Added those to my filters and still have the icon.

Might be Firefox related. When I was using Nightly the blue favicon would not load.

>> No.61012587
File: 19 KB, 626x94, Selection_099.png [View same] [iqdb] [saucenao] [google] [report]
61012587

if it's red, does that mean it's working?

>> No.61012610

>>61012587
i think it means it's blocked.

>> No.61012629

Decoded most of the strings, its still pretty obfuscated but whatever.

https://pastebin.com/C0Mj6vHL

>> No.61012630

>>61012424
>but we're yet to find out if it is malicious.
Oh come on. Why should he ever engineer such a complex piece of shit able to bypass fucking uBlock Origin with standard settings if it's not malicious. That, or a subpoena to make merrica great again or something.

>>61012587
blocked.

>> No.61012658

>>61012579
You should be able to reset it to default in uBlock settings but I doubt that will change anything.. Check the logger in uBlock to see what is blocking it.

>> No.61012662

>>61012629
wtf i hate 4chan now!

>> No.61012676

>>61012581
Well that's odd because it only gets removed when I enable uBlock.
>>61012658
The logger is not listing the favicon at all.
Just removed all cookies and chache and so on, gonna restart browser now, but doubt it gets fixed.

>> No.61012692

>>61010542
same guy - on my other os the cookie is there but i don't have the requests. ???

>> No.61012693

>>61010477
Your entire OS is a botnet ya dingus.

>> No.61012712

>>61012676
It might Firefox, I don't even have a favicon when I launch Firefox with extensions disabled.

>> No.61012725
File: 42 KB, 821x260, ss (2017-06-21 at 21.47.02).png [View same] [iqdb] [saucenao] [google] [report]
61012725

>>61012676
>>61012581
>>61012658
>>61012712
It just showed up in the logger when I loaded sys.4chan.org/auth, and... what the fuck??
Am I being trolled by Fanboy's list here? Why is 4chan detected as REDDIT?

>> No.61012750

>>61012692
oh shit. now it's showing in the ublock logger too

>> No.61012754

>>61012725
Oh yeah, now I remember, that indeed happen.
Here is the rule I added. I completely forgot about it.
@@||s.4cdn.org/image/favicon.ico$image,domain=4chan.org

>> No.61012777

>>61010287
This, of course. We are always joking here. 100%

>> No.61012783
File: 73 KB, 290x200, NHFUKkw.png [View same] [iqdb] [saucenao] [google] [report]
61012783

>>61012629
>It unironically uses XOR for string encryption

>> No.61012811
File: 23 KB, 261x202, rsz_1rsz_wtf.png [View same] [iqdb] [saucenao] [google] [report]
61012811

I have it according to ublock, but it has a (-) beside it

does that mean it's blocked

also, my browser, pale moon, is set to never save history..am I safe?

>> No.61012819
File: 38 KB, 773x484, ekansovi.png [View same] [iqdb] [saucenao] [google] [report]
61012819

how to block using uMatrix:

go to logger in uMatrix.

refresh the 4chan page and look at the logger again

follow these steps

>> No.61012820
File: 32 KB, 1168x327, ss (2017-06-21 at 21.54.48).png [View same] [iqdb] [saucenao] [google] [report]
61012820

>>61012754
I added it, but now it's not showing up in the logger anymore at all. And it's still not back.
But instead Fanboy's list is now whitelisting doubleclick's favicon? And blocking all favicons not by reddit?
Did they get hacked or something?

>> No.61012847
File: 138 KB, 345x337, IMG_0543.png [View same] [iqdb] [saucenao] [google] [report]
61012847

I helped ccd0 add obfuscated botnet code to recent versions of 4chan X and advised him to pull it from github.org lest he gets discovered and reported. The botnet is appended to the code at compile-time; it's built into our fork of the Coffeescript compiler. It's very basic right now but eventually we're gonna make it into a powerful, decentralized p2p network that DDoSes sites specified by our future clients. The C&C is a hidden Github repo; orders are routed via the updates mechanism (just setting a few variables). Since the last few revisions we've gotten a couple prospective clients (we advertise on IRC and on blackhat SEO forums) and we're going to start actually making money for the next few days. ccd0 will deny this to the best of his ability, for obvious reasons - or maybe try to make it look like he's trolling all of you - but I seriously encourage you to stop updating 4chan X if you ever notice your connection getting slow/have bandwidth restrictions. See, the botnet is opt-out that way.

>> No.61012858

>>61012725
always knew we are reddit

>> No.61012863

I do not get this on Firefox.
I do get this on Vivaldi.

>> No.61012870

>>61012847
It's not 4chanX though, I'm not using it and it's still there.

>> No.61012872

>>61012847
that looked like it took so much effort to make only to be obvious as fuck bait

>> No.61012876

>>61012725
It has a "~reddit.com" meaning it can happen in any domain except reddit so it blocks the 4chan one. Its not detecting as reddit.

>>61012820
Have you tried Shift + reload?

>Did they get hacked or something?
False positive or something. That whitelist might have a purpose, you should be able to block it anyways.

>> No.61012879

>>61012847
No 4chan X here. fuck off.

>> No.61012889

>>61012847
that old copy pasta

>> No.61012908

>>61012876
>It has a "~reddit.com" meaning it can happen in any domain except reddit
Yeah I kinda thought so, but why would you block all favicons except reddit's...

I tried Ctrl+reload multiple times already, yeah. This used to refresh favicons immediately when I worked on some websites.
However, it's still broken now, even after disabling all of the lists the blocking rule appears in and adding the exception

>> No.61012912
File: 106 KB, 923x353, fkwfk.jpg [View same] [iqdb] [saucenao] [google] [report]
61012912

>>61012414
It's code for ads

>> No.61012961
File: 488 KB, 425x534, hnnnng.png [View same] [iqdb] [saucenao] [google] [report]
61012961

>>61009719
>Tfw advertising bots are fake
>Mfw chickmoot makes money with it

>> No.61012987

>>61012863
>I do not get this on Firefox.
read the thread.

>> No.61012992

>>61012908
My guess its trying to block third party fav icons. Check the logger one more time. I am going to try updating my filters to see if I can get that.

>> No.61013000

I don't know what it is for sure but I'm just blocking it in my host file.

I should be fine unless more domains get added.

If anyone knows exactly what it is please do tell.

>> No.61013034 [DELETED] 
File: 7 KB, 736x220, Screenshot_38.png [View same] [iqdb] [saucenao] [google] [report]
61013034

>>61011372
Not that anon. But founded it. Wat dı?

>> No.61013040

>>61013034
remove and block

>> No.61013067
File: 31 KB, 400x400, 250px-CaptainHindsight_400x400.jpg [View same] [iqdb] [saucenao] [google] [report]
61013067

maybe you shouldn't have used 4chan in the first place. it's too late now

>> No.61013092
File: 171 KB, 208x302, do not panic.png [View same] [iqdb] [saucenao] [google] [report]
61013092

>> No.61013122

>>61013067
Just coming 12 years too late, cunt.

>> No.61013130

>>61012992
The favicons came back after I disabled the fanboy filters and then restarted my browser. (not without restart)
then I enabled the fanboy lists again and favicons immediately dissappeared.
Gonna restart again now.

>> No.61013145

>>61013130
Try force updating the fanboy filters or disable just the ultimate list.

>> No.61013185
File: 82 KB, 984x374, ekans.jpg [View same] [iqdb] [saucenao] [google] [report]
61013185

Update your filters lads. Based gorhil took care of us.

>> No.61013206
File: 16 KB, 444x273, ss (2017-06-21 at 22.16.55).png [View same] [iqdb] [saucenao] [google] [report]
61013206

>>61013145
pic related. This part here appears in both the fanboy lists. It's one of the only things in the lists with a comment, apparently saying it blocks "popads tracking".
I guess I will just have to leave them both disabled.

>> No.61013214
File: 125 KB, 1440x2560, Screenshot_20170621-161905.png [View same] [iqdb] [saucenao] [google] [report]
61013214

This is with a fresh install ublock on android firefox

>> No.61013237

>>61013206
Did you add the white list rule properly? Remove the one I gave you and try white listing from uBlock's logger.

>> No.61013239
File: 200 KB, 450x384, thumbs up cat.png [View same] [iqdb] [saucenao] [google] [report]
61013239

>>61013185
i still feel kind of dirty now

>> No.61013242

>>61009719
https://who.is/whois/ekansovi.com

site isn't even live

>> No.61013252

>>61010453
But, but I thought we were Anonymous? CAN'T YOU GUYS DO SOMETHING?

>> No.61013261
File: 18 KB, 680x514, 1497316092075.jpg [View same] [iqdb] [saucenao] [google] [report]
61013261

Guys, it's the Russians.

>> No.61013263

>>61013214
Its behind the scene on Firefox.

>> No.61013288

>>61013261
Actually it's the jews:
>>61010670

>> No.61013298

>>61013185
Where you seeing this

>> No.61013304

>>61013185
Link it.

>> No.61013328

Request URL:wss://a.ekansovi.com/wsm
Request Method:GET
Status Code:101 Switching Protocols
Response Headers
view source
Connection:Upgrade
Sec-WebSocket-Accept:smNl5qDJmpTE/V80vY0bQ2HB2HY=
Upgrade:websocket
Request Headers
view source
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:Upgrade
DNT:1
Host:a.ekansovi.com
Origin:https://boards.4chan.org
Pragma:no-cache
Sec-WebSocket-Extensions:permessage-deflate; client_max_window_bits
Sec-WebSocket-Key:ZVJv99nFzKohZUcCf7dvUA==
Sec-WebSocket-Version:13
Upgrade:websocket
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/58.0 Iridium/58.0 Safari/537.36 Chrome/58.0.3029.81


it's a web socket it opens
can't see any other data
anyone actually see it transmit data?

>> No.61013343

>>61013328
see >>61012629

>> No.61013344

>>61013242
There's some info on the Who is page. Probably trace it?

>> No.61013365
File: 1.76 MB, 886x834, ss (2017-06-21 at 22.31.48).webm [View same] [iqdb] [saucenao] [google] [report]
61013365

>>61013237
Like this?

>> No.61013380

>>61010538
>>61010477
t.Hiro

>> No.61013383

>>61013365
That's one way of doing it.

>> No.61013398
File: 22 KB, 742x369, ss (2017-06-21 at 22.32.51).png [View same] [iqdb] [saucenao] [google] [report]
61013398

>>61013383
I also added this, but the favicon is not coming back.

>> No.61013431

well it's using https://en.wikipedia.org/wiki/Squid_(software)

it loads on 4chan vanilla, with no addons. on every board.

>> No.61013457
File: 22 KB, 772x328, Screenshot from 2017-06-21 15-37-51.png [View same] [iqdb] [saucenao] [google] [report]
61013457

>>61013398

>> No.61013479
File: 6 KB, 504x124, ss (2017-06-21 at 22.40.03).png [View same] [iqdb] [saucenao] [google] [report]
61013479

>>61013457
I tried that too since I saw it in the source code, but it's still not coming back.

>> No.61013482

>>61013398
>>61013457
It appears Firefox loads the icon behind the scene for some odd reason, which explains why it was blocked on Nightly for me.

>> No.61013496

>>61013479
Maybe this will work.
@@||s.4cdn.org/image/favicon.ico$image

>> No.61013508

>>61013298
>>61013304
https://github.com/uBlockOrigin/uAssets/commit/master
I can't post the exact link. Spam filter gets me.

>> No.61013541

I just booted up a fresh Ubuntu VM on a Norwegian VPN and I'm getting it on every board including the homepage. This is a brand new VM.

>> No.61013552

Mom if you're reading this I do NOT like traps and I promise I voted for Hillary. I'm with HER!

>> No.61013563

>>61013552
Fuck you for voting Trump.

>> No.61013571
File: 331 KB, 1366x769, dsa.jpg [View same] [iqdb] [saucenao] [google] [report]
61013571

>> No.61013591
File: 23 KB, 494x382, tracking.png [View same] [iqdb] [saucenao] [google] [report]
61013591

Fresh install. using chrome

>> No.61013600

>>61013571
wew

>> No.61013607

>>61013591
Update the filters and check again.

>> No.61013614

>>61013563
Eat shit, kid.

>> No.61013624

>>61013482
>>61013496
I think it's working now. I don't know which one of these makes it work, but I really gotta sleep in my timezone now:

! 21.6.2017, 22:32:52 behind-the-scene
@@||sys.4chan.org/favicon.ico$image,domain=behind-the-scene

! 21.6.2017, 22:32:52 behind-the-scene
@@||s.4cdn.org/image/favicon.ico$image,domain=4chan.org

! 21.6.2017, 22:43:48 4chan.org
@@||sys.4chan.org/auth$csp,first-party

! 21.6.2017, 22:45:34 behind-the-scene
@@||s.4cdn.org/image/favicon.ico$image,domain=behind-the-scene

! 21.6.2017, 22:45:34 behind-the-scene
@@||sys.4chan.org/favicon.ico$image,domain=behind-the-scene



Thanks for the help Anons

>> No.61013634

so, what's the worst thing that could happen?

>> No.61013636
File: 7 KB, 340x385, 4chin.png [View same] [iqdb] [saucenao] [google] [report]
61013636

You guys need to stop fappnig to so much futa porn.

>> No.61013637

the website is literally hosted on the same server 4chan is hosted on

so where-ever it comes from the code is on mook's actual server

>> No.61013661

>>61013636
>>61013591
you fucking retards, it's a behind-the-scenes request. you are looking in the wrong place, read the damn thread before you post

>> No.61013666

>ekansovi
>ekans = snake backwards
>ovi = egg
>backwards snake egg
This can't be good

>> No.61013676
File: 22 KB, 498x387, gonenow.png [View same] [iqdb] [saucenao] [google] [report]
61013676

>>61013607
>>61013661
gone now after updating all my filters

>> No.61013685
File: 214 KB, 1920x983, tp.png [View same] [iqdb] [saucenao] [google] [report]
61013685

The 4chan js has a link to http://xhr.ekansovi.com/ljs?p=1416070001, which seems contain javascript to fetch tracking pixels from 2 different domains.

Left is 4chan js (thanks to >>61012629 ) and right is the ekansovi js

>> No.61013696

>>61013614
Your mom will find out.

>> No.61013710

>>61013685
So this is embedded in the actual code of the 4chan?

TFucking HIro

I guess I'm off to cuck chan

>> No.61013713

>>61013685
I'd bet Hiroshimoot is using it to collect marketing data from 4chan users.

>> No.61013719

>>61013666
it's literally hosted on 81.171.8.138

same IP as s.4cdn.org
engine.adglare.net
4chan.org
etc


>>61013685
yea we've seen it
so we can confirm this shit is on the same ip address as all of 4chan or the same reverse proxy at least

>> No.61013745

>>61013719
What are the biggest alternative chans

Eight chan, kraut chan?

>> No.61013755

>>61013745
8 for sure
idk about thej others

>> No.61013758

>>61013745
Cripplechan is a honeypot full of open pedos, kraut chan is mostly alright but traffic is significantly lower.

>> No.61013771
File: 945 KB, 280x211, d4708.gif [View same] [iqdb] [saucenao] [google] [report]
61013771

>open logger then open /pol/
>ekansovi.com
NANI

>> No.61013775
File: 28 KB, 727x1166, 1352629576886.png [View same] [iqdb] [saucenao] [google] [report]
61013775

I guess it's time to learn german

>> No.61013788

>has no script + request policy for max safegaurd autism
>this evanglion shit doesnt show up or ad glare for ublock
im good right?

>> No.61013798

>>61013745
well 8ch is the best bet, the rest are dead

>> No.61013800
File: 770 KB, 2684x2208, 1326.png [View same] [iqdb] [saucenao] [google] [report]
61013800

>>61013719
What about this shit?
Wouldn't be the first time Hiro collected and leaked user data.

>> No.61013817

>>61013788
press F12 on your keyboard (assuming you use firefox or any chromium based)
go to network tab
refresh page
check domains that got hit

>> No.61013819

>>61013788
well, noscript probably disabled the malicious js entirely, but have you checked the behind the scene requests in ublock's logger?

>> No.61013822

I don't have it and I am using an old version of 4chan x that I have maintained for years.

>> No.61013848
File: 771 KB, 2684x2208, 1498078972398.png [View same] [iqdb] [saucenao] [google] [report]
61013848

>>61013800
Forgot a red marking on the right. Specifically " The bigger issue here is that the leaked data included a long list revealing which member posted each comment — something that, of course, is supposed to be anonymous. "

>> No.61013864

>>61013800
god damn asians are terrible people
>>61013822
it loads regardless of addons and browser.

>> No.61013874
File: 14 KB, 480x360, hqdefault.jpg [View same] [iqdb] [saucenao] [google] [report]
61013874

EVERYTHING I HAVE SAID ABOUT THE JEWS ON THIS WEBSITE HAS BEEN A JOKE. THERE IS NOTHING WRONG WITH THEM.

I ACTUALLY LOVE THEM, THEY ARE WONDERFUL CREATURES, I WATCH ALL THEIR MOVIES AND FIND THEM TO BE EXTREMELY FUNNY AND SMART.

>> No.61013875

>>61012754
This doesn't seem to block 4chan's favicon

It's named - favicon-ws.ico on 4chan for some reason

>> No.61013902

>>61013817
doesnt show up
>>61013819
nothing shows up in parse which i assume is behind the scene requests?

>> No.61013925

How do you get to the advanced settings in ublock origin? I clicked advanced user and the settings gears arent appearing

>> No.61013930

>>61013902
weird so it's specific users maybe?
it's loaded through javascript. do you block js

>> No.61013935
File: 22 KB, 525x295, 2017-06-21-160242_1280x1024_scrot_a.png [View same] [iqdb] [saucenao] [google] [report]
61013935

For those not seeing it in SJWfox, its because its located behind the scenes. Chrome and Chromium based users who don't see it should update since web sockets are not properly blocked in older versions.

>>61013875
>favicon-ws.ico
That's the blue one. I am actually having issues with Firefox with the blue one as well but I never bothered to try fix it. Disabling uMatirx and uBlock still doesn't make it load for me. I assume the icon is loaded behind the scenes. Not sure what's fucking with it.

>> No.61013940

0.0.0.0 a.ekansovi.com
0.0.0.0 ekansovi.com
::0 a.ekansovi.com
::0 ekansovi.com

>> No.61013966

>>61013940
same
feels good man

>> No.61013988

Is clover affected? I primarily phone post. How boned am I?

>> No.61013990

4chan slower for anyone else?

>> No.61014011

>>61013990
WebSocket connection to 'wss://a.ekansovi.com/wsm' failed: Error in connection establishment: net::ERR_CONNECTION_REFUSED


ublock isn't as good as routing the shit to 0.0.0.0

>> No.61014035

How do I block domains in ublock origin?

>> No.61014036

>>61014011
thanks

>> No.61014088

For Chromium-based browsers, you will need uBO-Extra 2.25:
https://github.com/gorhill/uBO-Extra/releases/tag/2.25

Open chrome://webrtc-internals/ and reload the page here to find out why.

>> No.61014146

>>61014088
Is uMatrix good enough?

>> No.61014162

Does this affect clover?

>> No.61014171

>>61014162
I can't confirm, but I'm pretty sure it does not affect clover.

>> No.61014207
File: 117 KB, 921x609, Capture.png [View same] [iqdb] [saucenao] [google] [report]
61014207

Any harm blocking all the Jewgle behind the scenes shit?

These generate loads just typing in URLs...

>> No.61014221
File: 448 KB, 900x900, d4718.png [View same] [iqdb] [saucenao] [google] [report]
61014221

>nightly keeps crashing with umatrix

>> No.61014235

>>61014221
Time to stop using Nightly.

>> No.61014243

>>61014221
use ungoogled chromium dude

>> No.61014247

>>61014221
>using nightly when it's clearly not intended for regular browsing and breaks something every week
you nightly mongs never learn

>> No.61014258

>>61011528
Blocking the domains using tbe hosts file should be enough, right?

>> No.61014281

>>61013930
my default setup is to block everything for Request policy and no script
it gets in the way sometimes but its stupid effective

>> No.61014323

>>61014146
No, WebRTC is not exposed to webRequest API.

Also, same issue with Firefox: open about:webrtc, reload page here.

It's time for people to make more noise about all these bypasses working around blockers.

>> No.61014359
File: 4 KB, 555x26, Screenshot from 2017-06-21 16-33-28.png [View same] [iqdb] [saucenao] [google] [report]
61014359

>>61014088
>>61014323
>https://github.com/gorhill/uBO-Extra
>For browsers based on Chromium 57 and below, WebSocket connections are not available to the chrome.webRequest API.
Is that really needed on 58+? The page says only 57 and under have the issue hence why there is nothing on Chrome 55.
Pic related shows Iridium 58 with no uBO-Extra 2.25. uMatrix 1.0.0 seems to work as it should in both Iridium and latest Opera.

>> No.61014377
File: 187 KB, 1054x770, Screenshot from 2017-06-20 16-27-52.png [View same] [iqdb] [saucenao] [google] [report]
61014377

>>61014359
Chrome 55 not showing that web socket.

>> No.61014381

boards.4chan.org##script:contains(window.upManager)

>> No.61014413

>>61014359
webrtc =/= websocket

webrtc is even worst, as it shows nowhere (not even behind-the-scene), and cannot be controlled with Content Security Policy.

See https://bugs.chromium.org/p/chromium/issues/detail?id=707683

>> No.61014431

>>61014413
Ah right, crap that's more bloat to install.

>> No.61014460

>>61014247
This is only time in years that Nighly brok efor me

>> No.61014465

>>61013817
I don't see it there or in the ublock logger. Does the setting in 4chan X that makes you force the no java script captcha block all javascript?

>> No.61014519

>>61014323
In firefox you can disable webrtc through about:config, at least.

>> No.61014613

>>61014359
>>61014413
>>61014431
Alright thanks for the heads up, installed and it working. It's also no longer showing up on uMatrix and uBo, I assume that's normal since chrome://webrtc-internals/ is blank.

>> No.61014637

>>61010489
>enabling third party cookies

>> No.61014640

My ekansovi just disappeared... wut.

uBlock added it to the default filter, but it'd come up as blocked surely?

>> No.61014662

>>61014640
Check the console. It's blocked for me after the update.

>> No.61014692

Nothing to hide nothing to fear. Go back to sleep.

>> No.61014697
File: 58 KB, 1408x554, Capture.png [View same] [iqdb] [saucenao] [google] [report]
61014697

>>61014088
Fucking RIP in pieces mang, wtf is this shit

>> No.61014707

>>61014692
Still fuck that fishnigger for adding that.

>> No.61014723

>>61010061
>>61010014
I have it on /g/ and haven't had 4chanx installed in maybe 6 years, I can't remember.

>> No.61014749

Ok, so I've been seeing ekansovi for a while. I've always had it blocked by uMatrix by default, but just to be sure I also added this to my uBlock rules:
||ekansovi.com$domain=4chan.org

Problem is, I don't see websocket anywhere and I don't know if I should block that or how.
uMatrix does not show it in the log, even if I'm on FF Nightly, and I have behind-the-scene whitelisted in uBlock by default. Will something like
||a.ekansovi.com/wsm$websocket,domain=behind-the-scene^$important override the whitelist?

>> No.61014779

>>61013591
You're already compromised so why bother?

>> No.61014834

>>61014692
But I called some guy a mouthbreather for liking an anime that I dislike.

Don't care if my boss/family/police finds out, but I'm scared the mouthbreather finds my house and katanas my thinkpad

it took forever to get gentoo working :(((

>> No.61014835

>>61014465
no just google's shit
wondering if it's per specific ip's or operating systems it follows
going to spoof wangblows on my laptop and run IE and see if it's there then do the same under a diff ip

>> No.61014901

>>61014835
loads on literally everything for me
even my VPS' locally in different country.. remote connected in (not tunneling)

>> No.61014918

>>61014088
Thank you.

>> No.61014926
File: 70 KB, 830x801, gone.png [View same] [iqdb] [saucenao] [google] [report]
61014926

After removing all cookies and data, and restarting, I no longer get Ekansovi come up

Adglare is new though

>> No.61014946

>>61014901
I don't get this to appear in Firefox but I get this to appear in Vivaldi. Is it because WebRTC

>> No.61014970

>>61014946
>I don't get this to appear in Firefox
Check behind the scene. Open the uMatrix pop in a uMatrix settings.

>> No.61014985

>>61014359
>Is that really needed on 58+?
see >>61011637

>> No.61015001

>>61014985
>chrome://webrtc-internals/

Try going here, and refresh this thread

>> No.61015011

>>61014985
Apparently that's not good enough since webRTC is not the same as websocket.
See
>>61014359
>>61014413

>> No.61015012
File: 167 KB, 1846x1166, question mark.png [View same] [iqdb] [saucenao] [google] [report]
61015012

>>61014926

>> No.61015018

>>61015001
>>61015011
the post you're quoting is addressing websockets, not webrtc.

>> No.61015025

>>61015018
Then do I need it or not? That anon claimed I needed it.

>> No.61015049

>>61015018
>https://github.com/gorhill/uBO-Extra/releases/tag/2.25

This states it blocks WebRTC - not just websocket

>> No.61015070
File: 15 KB, 300x300, sweat.jpg [View same] [iqdb] [saucenao] [google] [report]
61015070

>Ekansovi has vanished from every logger now

Why... it's still in my uMatrix rules, and uBlock too... but it doesn't even appear anymore, even as blocked (or in behind the scenes)

Using uMatrix, uBlock, and uBlock Extra

>> No.61015094

>>61015070
>uBlock Extra
Might be that doing its job. I think I am just going to switch to IceCat or something in the future. Fuck that Fishnigger for adding that ekansovi crap.

>> No.61015115

>>61015070
I think it has something to do with gorhill adding ekansovi to the default filters. I can only see it blocked at the browser console now.

>> No.61015141

>install uBlock Extra
>ekansovi disappears
>adglare shows up
So it was all a ruse.

>> No.61015153

>>61015141
adglare has always been there.

>> No.61015170

>>61015025
see >>61011637 and Gorhill's FAQ. You don't need the companion to address websockets in uBlock Origin in Chromium; arguably, uMatrix in Chromium blocks websockets as well if your Chromium version is >57.

About the WebRTC concerns, that's has always been an issue and hopefully you've disabled completely WebRTC in your browsers. This means avoiding any Chromium-based browser.

>>61015049
>one hour ago
nice, but the only solution to address this is to use a browser that allows you to disable it totally. uBlock and similar tools in that browser prevent only (some kinds of) IP leakage.

>> No.61015188

HIROSHIMOOT IT'S TIME TO SAY SOMETHING
IT HAS BEEN OVER A MONTH

>> No.61015213

>>61015188
That fishnigger is obviously data mining.

>> No.61015229

>>61015188
What about the IRC channel? We could try to get a response there. From a mod at least.

>> No.61015237

>>61015170
>>About the WebRTC concerns, that's has always been an issue and hopefully you've disabled completely WebRTC in your browsers. This means avoiding any Chromium-based browser.
Guess I should have gone for ungoogled chromium instead of Iridium.

>https://github.com/Eloston/ungoogled-chromium
>Disable WebRTC (will be configurable in the future #179)

>> No.61015265

>>61015153
I haven't seen it before.

>> No.61015272
File: 61 KB, 500x384, 1496269535428.jpg [View same] [iqdb] [saucenao] [google] [report]
61015272

>ublock origin extra
>blocked off ekansovi in umatrix
>ekan not showing up in log or cookies
I think we're okay now

>> No.61015277

>>61015265
I don;t even see it anymore after installing oBo-extra. I am no longer sure ho this shit is working.

>> No.61015285

>>61015070
>ublock extra
what?

>> No.61015307

>>61015170
>>61015049
Interesting, with this new uBO-extra webrtc is nulled in chrome://webrtc-internals/ AND there's no ekansovi.com popping up in uMatrix. As soon as I turn this uBO-extra 2.25 off and refresh a 4chins page, here we are again: webrtc and ekansovi.com pops up.

In Firefox with media.peerconnection.enabled=false I still see ekansovi.com in uMatrix.

>> No.61015370

>>61015285
https://github.com/gorhill/uBO-Extra/releases/tag/2.25

>> No.61015449
File: 2.00 MB, 250x158, 1272932551669.gif [View same] [iqdb] [saucenao] [google] [report]
61015449

>>61015307
Same.

D-did we win?

What happens when Hiro just changes the domain... fucking cunt

>> No.61015537

>>61015307
also, uBO-extra 2.24 does NOT block webrtc on 4chins; only 2.25 does (and 2.25 isn't the in chrome store already, so you'll likely have to enable developer mode and add it manually)

I've double checked settings in firefox and even with
media.peerconnection.enabled = false
media.peerconnection.turn.disable = true
media.peerconnection.use_document_iceservers = false
media.peerconnection.video.enabled = false
media.peerconnection.identity.timeout = 1
media.peerconnection.identity.enabled = false
there are still ekonsovi websockets blocked in uMatrix (even after having cleaned cookies and dom storage); this suggests to me that "some" webrtc-thing is passing through; and there's no "defuse" add on for firefox.

>>61015449
this site has been listed in the hostile sites that need to be defused "early" before they even hit uBlock (see contentscript DOT js, hiromoot unironically won't allow me to link here the commit)
so really I'm at a loss of words

>> No.61015616

>>61015537
uBlock Origin Extra 2.25 is on chrome store now.

>> No.61015624
File: 760 KB, 1200x831, Capture.png [View same] [iqdb] [saucenao] [google] [report]
61015624

>>61015537
2.25 is up on the Chrome Store now.

I just don't get it - says only Chromium 57 or below need? But, even with Chrome 59, uBlock, uMatrix I get ekansovi in - chrome://webrtc-internals/

I'm keeping uBlock Extra for now - that stops it

>> No.61015646

>>61015624
>says only Chromium 57 or below need?
only earlier versions of chromium needed it to address websockets. webrtc is a different championship and this ubo extra try to address it always, regardless of your version.

>> No.61015649

>>61015624
Chromium 57 or below is web sockets

Everything else is WebRTC. Ungoogled-Chromium is supposed to have WebRTC disabled.

>> No.61015660

>MCMICHAEL claimed this post was a joke.

>> No.61015689

>>61015649
>>61015646
Misread that then.

Well - I am Ekansovi free now.

Fuck Japmoot

>> No.61015726

>>61015689
So have I, the more that know the better.
I prefer to call him fishnigger.

>> No.61015744
File: 30 KB, 851x350, Capture.png [View same] [iqdb] [saucenao] [google] [report]
61015744

Without uBlock Extra uBlock will stop the websocket, but not the WebRTC.

I'd advise everyone to get uBlock Extra...

Also - wtf is this anyway. Not even big ad companies go to these lengths - why is this Ekansovi shit so advanced and using all these ultra shady methods to bypass blocks?

>> No.61016010

>>61012847
https://github.com/ccd0/4chan-x/issues/1380

Can anyone explain this.

>22nd May

Mentions:

wss://a.ufraton.com/wsm
wss://a.ekansovi.com/wsm

Uraton.com is a known ad shit website, and uses the exact same formatting as ekansovi.

So, they are one in the same?

>> No.61016027

>>61015537
>I've double checked settings in firefox and even with
>media.peerconnection.enabled = false
>media.peerconnection.turn.disable = true
>media.peerconnection.use_document_iceservers = false
>media.peerconnection.video.enabled = false
>media.peerconnection.identity.timeout = 1
>media.peerconnection.identity.enabled = false
t>here are still ekansovi websockets blocked in uMatrix
I still see ekansovi.com managing to reach uMatrix in firefox, even if about:webrtc shows up nothing, I don't get it.


Wait, wait
>>61015307
>AND there's no ekansovi.com popping up in uMatrix
it now pops up in Chromium; after having installed uBO-extra 2.25, I see now ekansovi.com in uMatrix but not in uBlock; whilst in firefox I see ekansovi (blocked) in uMatrix, NoScript and uBlock Origin, and no webrtc connection at all according to about:webrtc

>> No.61016129

>>61015370
does firefox not need this? if so, is there a setting i should be changing right now in user:config or something?

>> No.61016140

>>61016010
I'm just saying - if you value your privacy, use Appchan instead.

Did you not even read my post?

>> No.61016160

>>61016010
What is weirder is ufraton.com has IP links to a company called Interlink (based in Israel lol), but has more decently updated whois records to use the same identity concealing service as ekansovi

They also have the same 404 not found site

This IP is apparently a ufraton IP, and gets the same 404, and is the one hosted in Israel - 185.170.56.60

What the fuck, seems like it was (((them))) all along

>> No.61016192

>>61016010
>wsm
It's /wsp that's blocked for me. Anyone else get that?

>> No.61016219

>>61016129
Why would Firefox be an exception? Just download it.

>> No.61016255

>>61016219
isnt it designed for chome?

>> No.61016263

>>61016192
wsp seems newer.

wsm seemed to be the URL back in May.

If it changes again, it'll be blocked anyway as the entire domain is blacklisted in uBlock

>> No.61016284

>>61010042
>>61009719
Ive been away, can someone fill me in on what is going on?
I do not have anything in my ublock button that says "Ekansovi". When I inspect the page and run a search, nothing says "Ekansovi".

I have ublock and noscript running in firefox if that is relevant.

>> No.61016324

>>61016219
it's not for firefox fuckface, don't open your whore mouth if you can't even read a github page.

>> No.61016329

>>61013745
futaba

>> No.61016397
File: 12 KB, 284x279, 1487992540526.jpg [View same] [iqdb] [saucenao] [google] [report]
61016397

>>61016255
>>61016324

>> No.61016467

>>61016027
>whilst in firefox I see ekansovi (blocked) in uMatrix, NoScript and uBlock Origin
in uMatrix https://a.ekansovi.com/wsp gets blocked ; in uBlock wss://a.ekansovi.com/wsp gets blocked.

>> No.61016474

>>61016263
>the entire domain is blacklisted
should it be this
||ekansovi.com
or this?
||ekansovi.com/*
wasn't there some problem with how these filters are ABP syntax but uBO interpreted them differently?

>> No.61016543

>>61016160
https://www.lookip.net/ip/185.170.56.60

https://www.endole.co.uk/company/10358927/netspritia-ltd

>Data processing, hosting and related activities (63110)

What the fuck - is this a false positive, like Cloudflare IPs being unreliable?

>> No.61016560

>>61016474
uBlock Origin already updated their filter with this:

! https://rbt.asia/g/thread/61009719
! Appears related to uponit.com
||ekansovi.com^
! Somehow, websocket requests are behind-the-scene with Firefox. Pending
! further investigation, this fixes the issue.
||4chan.org^$csp=connect-src https: http:

>> No.61016688

>>61010496
It has a name of "__cfduid" is this some cloudflare shit?

>> No.61016730

>>61016688
Seem like cloudflare, just wipe all the cookies.

>> No.61016779

It appears in requestpolicy continued for me but not in noscript or ublock origin.

Am I safe?

>> No.61016806

>>61016779
Where do you see "request policy continued"? Im severly out of date with this shit

>> No.61016871

>>61016806
https://requestpolicycontinued.github.io/

Appears in every list of privacy plugins but for some reason I've never seen it used by people on /g/

>>
Name (leave empty)
Comment (leave empty)
Name
E-mail
Subject
Comment
Password [?]Password used for file deletion.
reCAPTCHA
Action