[ 3 / biz / cgl / ck / diy / fa / g / ic / jp / lit / sci / tg / vr / vt ] [ index / top / reports / report a bug ] [ 4plebs / archived.moe / rbt ]

/vt/ is now archived.Become a Patron!

/g/ - Technology

View post   

[ Toggle deleted replies ]
File: 26 KB, 511x370, (((ekansovi))).png [View same] [iqdb] [saucenao] [google] [report]
61009719 No.61009719 [Reply] [Original] [archived.moe] [rbt]

So what happened with this? By the time I went to bed everyone was shitting themselves. Did you guys ever figure out what the fuck ekansovi is?

>> No.61009764


>> No.61010014

Is this some kind of 4chan x shit? I've never seen that domain on here before

>> No.61010042

It's a 1x1 image that tracks you.

>> No.61010061

Pretty sure some people without 4chan X were getting it as well
I think it only shows up on certain boards like /pol/

>> No.61010160

i have it right now on /g/ with 4chanx

>> No.61010171

just checked and i do as well

>> No.61010182

i use appchan x and i don't get it on /g/. can't be bothered to try other boards.

>> No.61010209

even with 4chanx disabled i still have it
i don't know what is it but i blocked it with ublock origin and umatrix

>> No.61010241

If this whole thing blows over, which I hope to god it does, I'll have learned to never express overly /pol/ or /r9k/ -tier views here again. Even if only ironically.

>> No.61010269

Yeah I'm fucked if it's what people are making it out to be

>> No.61010287


>> No.61010289

I wonder if this is one of those botnets that stick themselves into your browser's cache like what happened to imgur a few years back.


>> No.61010304


>> No.61010355

this. i actually LOVE blacks and jews. they have such nice cultures

>> No.61010389

Why can't I block this in uBlock Origin?
No matter how much I block it, it still appears in the logger when I refresh the page.

>> No.61010413

doesn't the red thing on the left mean it's blocked

>> No.61010418

>I think it only shows up on certain boards like /pol/
It's blue boards, I think.

>> No.61010424


works on my machine

>> No.61010434
File: 4 KB, 723x35, ss (2017-06-21 at 19.29.17).png [View same] [iqdb] [saucenao] [google] [report]

I think it's working now.

>> No.61010436

What are people making it out to be?

>> No.61010439

/pol/ isn't a blue board and it shows on /pol/ for me

>> No.61010450

You guys have tried clearing ALL of your temporary internet files right? Clear the ones from IE and Flash and of course clear the ones from your primary browser.

>> No.61010453

logging your posts with your IP to tie them to your name

>> No.61010464

why would 4chan need separate domain to do that?

>> No.61010477
File: 442 KB, 2116x729, g - The g Wiki httpwiki.installgentoo.com - Technology - 4chan - Mozilla Firefox (Private Browsing) pol - Welcome to pol - Politically Incorrect - Politically Incorrect - 4chan - Mozilla Firefox (Private Browsing).png [View same] [iqdb] [saucenao] [google] [report]

Nothing. You retards are infected with some botnet shit!

>> No.61010479

It's blue boards + /pol/ afaik.

>> No.61010482

it wouldn't be 4chan doing it, presumably
it's another company using an exploit

>> No.61010488

ITT: Tinfoil hats, its just another ad-thing, they cannot do shit with ad-info they gather from me because I don't buy shit I don't need or that its on fucking internet ads of all places.

>> No.61010489
File: 18 KB, 513x491, ss (2017-06-21 at 19.33.14).png [View same] [iqdb] [saucenao] [google] [report]

Well it DOES save a cookie to uniquely identify you.

>> No.61010496

Check for ekansovi in your cookies, that's were I found it.

>> No.61010497

Click on "+All"

>> No.61010501
File: 209 KB, 567x358, pieces-of-the-real-me1.jpg [View same] [iqdb] [saucenao] [google] [report]

pls no bully

>> No.61010517

Yeah, but how did it get here?

Clearly an admin has put it there - why

>> No.61010518
File: 71 KB, 250x250, (((Ekans)))ovi.png [View same] [iqdb] [saucenao] [google] [report]

ekans is backwards for snake

>> No.61010519
File: 95 KB, 1146x738, Options - Mozilla Firefox (Private Browsing).png [View same] [iqdb] [saucenao] [google] [report]


>> No.61010535

>Not using self destructing cookies

>> No.61010536

I think every cloudflare server does that

>> No.61010538
File: 278 KB, 1208x687, g - The g Wiki httpwiki.installgentoo.com - Technology - 4chan - Mozilla Firefox (Private Browsing).png [View same] [iqdb] [saucenao] [google] [report]

Done. Nothing.

>> No.61010539

if i'm infected i should have it for every site i visit, but i have it only on 4chan

>> No.61010542

Still don't have this.

>> No.61010550

I have 4chan X and OneeChan installed btw.

>> No.61010555

What country are you located in? I'm on a fresh windows install(literally within the last 24 hrs) and have it. I'm in the US.
If it really is another ad service, has it been spotted on any other websites?

>> No.61010560
File: 154 KB, 2121x1414, 8934hnt7g32dnuifcq.jpg [View same] [iqdb] [saucenao] [google] [report]

What are we doing now? Is it still safe to post?
How can they tie your IP with your name?
What other risks are we dealing with?

>> No.61010565
File: 122 KB, 1208x730, Add-ons Manager - Mozilla Firefox (Private Browsing).png [View same] [iqdb] [saucenao] [google] [report]

Maybe that's why? I only have these extensions

>> No.61010568

It's the NSA

>> No.61010569


>> No.61010570


Browser cookies are basically website eggs! Your computer will hatch into a snake and EAT your data and privacy and genitals!

>> No.61010572

check the ub log "behind the scene" for websockets

>> No.61010582

Money, duh

>> No.61010585


>> No.61010586

Same for me. Does that mean that I am safe?

>> No.61010587

Compromised ad network is a more likely explanation. Doesn't seem to be a part of 4chan x, I searched for the url in the code and it turned up nothing.

>> No.61010600


>> No.61010602
File: 122 KB, 1208x1161, uBlock — Logger - Mozilla Firefox (Private Browsing).png [View same] [iqdb] [saucenao] [google] [report]


>> No.61010616

just check where else your IP has logged in
it's not complicated bud

>> No.61010625

Like it can't be obfuscated in any way.
Odd, anyone outside of the US/ have this?

>> No.61010632

You have to select "behind the scene" and browse /g/ for a bit.

>> No.61010641

If I use private browsing mode and self destructing cookies as well as block it in noscript am I safe?

>> No.61010642

i'm in Italy

>> No.61010654
File: 70 KB, 628x842, 4ec5548fa49022809a579a416122523f0e632246_hq.jpg [View same] [iqdb] [saucenao] [google] [report]

It's not all bad, anon O3o

>> No.61010670
File: 264 KB, 1360x1103, 2956258.jpg [View same] [iqdb] [saucenao] [google] [report]


>> No.61010691

When I load the page 4chan x removes the script that makes the websocket thing work.
It tries to load then gets rekt.

>> No.61010706

I'm seeing it now in the "behind-the-scenes" view on ublock. ublock sees it but it seems to be incapable of blocking it for some reason.

>> No.61010748

I think you have to delete the behind-the-scene entry from the whitelist. Then it blocks it.

>> No.61010784

No it wont block it just like that.

>> No.61010798

Confirmed for me at least.

>> No.61010872

Deleting behind-the-scene from the whitelist and then adding


to the filters worked for me.

>> No.61010926

You can use

to block all future attempts at using websockets like this.

>> No.61011023

>Deleting behind-the-scene from the whitelist
Will make uBlock Origin unable to update the filterlists. Don't suggest this to anyone.

>> No.61011087

it's ad tracking

>> No.61011122

Are you sure? The update seems to work fine. How can we block it then?

>> No.61011135
File: 204 KB, 1000x1000, 1497599546706.jpg [View same] [iqdb] [saucenao] [google] [report]

We hack it.

>> No.61011136

Shouldn't you be able to do the "even if whitelisted" thing?

>> No.61011147

>Are you sure?
Yes. It's on gorhill's github described.

>How can we block it then? ekansovi.com
in your hosts file.

>> No.61011159

why is that allowed on mine? i have nearly all the filters activated, even the hosts files

>> No.61011188

Has anybody actually bothered to find out what script actually tries to set up the websocket and what it tries to transfer?

>> No.61011213

>why is that allowed on mine?
Because of this. It's there I assume it breaks something, You can create a rule:
* doubleclick.net * block
to block it.

>> No.61011215

Firefox has a websockets inspector plugin that you could use. I'd try to figure it out but I don't have this

>> No.61011216

uMatrix does it automatically

>> No.61011227
File: 4 KB, 481x93, Untitled.png [View same] [iqdb] [saucenao] [google] [report]

>Because of this
Silly, I forgot to attatch image

>> No.61011233

has anyone actually looked at the site yet?

>> No.61011239

Even if this is some bullshit ad fuckery, it made me realise I let my guard down.

uMatrix 4lyfe - reminds me of NoScript for Firefox, only less shitty, and easier to use

>> No.61011327

also don't use chrome, use iridium

>> No.61011343
File: 19 KB, 517x407, amisafe.png [View same] [iqdb] [saucenao] [google] [report]

am i safe

>> No.61011372

Best way to check to be 100% sure:

Go to Settings>Advanced Settings>Privacy>Content Settings>All Cookies and Site Data

Search for "ekansovi"

>> No.61011417

chanpink doesn't have this problem

>> No.61011421

It's not working. I tried to block it dynamically but it failed too.

>> No.61011442

So, uh, there's a bunch of obfuscated javascript at the top of every page that's opening the websocket.

>> No.61011451

>not stealing your neighbors Wi-Fi for 4chan usage
enjoy having your racist/sexist virginal shitposts exposed if you or your family ever become of interest

>> No.61011471

So is this just some ad tracking garbage that tinfoil hats are sperging over or something to actually he concerned about

>> No.61011481

wtf is chanpink?

>> No.61011494

both arent good desu senpai

>> No.61011503

i have this showing up on ublock, but no cookie? also running pi-hole

>> No.61011509

I'd prefer ad tracking over potential employers and family reading my shitposts

>> No.61011528
File: 10 KB, 432x145, it's-a-me! Ekan!.png [View same] [iqdb] [saucenao] [google] [report]

uMatrix blocks websockets, at least in Firefox (in Chrom{e,ium} there's a need to add an uBlock companion to fix websockets)
and I never investigated what's the situation for uMatrix but I'd guess that it can't fix websockets there

Cookies/Dom Storage cleaned, no occurrences of this ekans stored anywhere (and I'm a GNU/Linux turboautist) still ekansovi strives to sneak in

Do we have any official word on this?

>> No.61011535

it never ends, does it ?

>> No.61011537

b.u and b.a look like they're the functions for decoding obfuscated strings

>> No.61011574

I got it with uMatrix. Only wants to runs 1 script and XHR.

>> No.61011590

OP here. I got it as well
I'm more worried about what it was, though

>> No.61011616

Try to flush the dns cache
amd as admin:
ipconfig /flushdns
That domain should not resolve at all anymore.

>> No.61011631

Any way to keep the behind-the-scenes whitelisted while blocking websockets? Right now it looks like the only solution is to use an extension to disable websockets which is less than ideal.

>> No.61011637
File: 10 KB, 424x126, "Got Snakes?" - "GNO!".png [View same] [iqdb] [saucenao] [google] [report]

>and I never investigated what's the situation for uMatrix but I'd guess that it can't fix websockets there
well, according to gorhill it only affects "Chromium version 57 and earlier" ; I've checked on Chromium 61 and it werks

>> No.61011666
File: 10 KB, 741x124, unknown.png [View same] [iqdb] [saucenao] [google] [report]

No but seriously guys there's obfuscated javascript at the top of every page and it looks like it's tracking you lol

>> No.61011691

Can it save posts, though, or just when you're on 4chan?

>> No.61011725

in the javascript resolves to "xhr.ekansovi.com"

fucked if I know, I'm trying to make sense of it.

>> No.61011773

Oh shit, OK fuck you.
My name is Sam Hyde, come at me.

Also fuck niggers, spics, kikes, gooks, nips, wops, frogs, libtards, people who use emojis and single speed bikes.

>> No.61011778

I genuinely stopped phoneposting because of this. I have the standard filter with ublock and umatrix now. Blocked ekan as much as i could with both.
this thing occasionally shows up in uMatrix, too Seems shifty, but is probably used to save post containers.

>> No.61011814

mirin' satanic trips
and it's true, fuck

adios amigos

>> No.61011849

Its not the extensions.

>> No.61011856

Note: The posts made by this IP address are strictly satirical; and resemblance to any personal opinions, real or ironic, are strictly coincidental. No animals were harmed in the making of these posts.

>> No.61011860
File: 98 KB, 600x500, 9428058.png [View same] [iqdb] [saucenao] [google] [report]



>> No.61011884

I'm retarded, if ublock blocks the requests then what's the issue?

>> No.61011904

The fact that it's there in the first place

>> No.61011919

I would welcome death if people I knew had access to every one of my 4chan shitposts. South Park was right all along, we should have known

>> No.61011939

If the tinfoil hats are right then of course it's an issue but far less of one, at least for me. My worst fear is >>61011919 coming true and having a database with this information publicly available

>> No.61011944
File: 8 KB, 1134x48, >set CSP >CSP blocks xhr but still allows unsafe-eval.png [View same] [iqdb] [saucenao] [google] [report]


>> No.61011967

so if umatrix blocks this I'm good to go?
I want to make a little infograph explaining what is it using this thread and how to use umatrix to block it

>> No.61011970

>if ublock blocks
except it doesn't unless you instruct it so; many will just assume that standard uBlock w/o uMatrix is enough

and it's not

>> No.61011972

The reason you can see it is to make people give up and become paranoid, any serious Nazis wouldn't care.

>> No.61011996
File: 241 KB, 1069x1196, 1494469666435.jpg [View same] [iqdb] [saucenao] [google] [report]

>mfw i don't have this
By the outlook of things looks like this might be only targeted at US or EU where people can get arrested for having an opinion

>> No.61012001

It seems to be blocked on my browser

>> No.61012005
File: 66 KB, 400x400, d4843.jpg [View same] [iqdb] [saucenao] [google] [report]

>not showing up for me anywhere
Looks like I'm home free lads

>> No.61012009

Resolves to "eval"

Resolves to "webkitResolveLocalFileSystemURL"

>> No.61012023
File: 163 KB, 1027x794, 1497464162128.jpg [View same] [iqdb] [saucenao] [google] [report]

Has anybody tried to contact gook about that shit?

>> No.61012049

did you really check the "behind the scene" page? It looks like >>61011528
do you use only uBlock Origin without settings like >>61010872 ?

>> No.61012071

Right click > View source code
Search for one of those code snippits
If it's there you're running the obfuscated Javascript whether you're running uMatrix or not.

>> No.61012072

Well, fuck

>> No.61012092

*whether you're blocking ekansovi or not

>> No.61012102

What if we wipe all broswer data, load up a VPN somewhere like JP and then try and see if it appears. This may be targeting specific countries.

>> No.61012114

>"Hey gook could you pls stop selling my data for once ok thanks bye"

>> No.61012125

firefox for android supports both ublock and umatrix

>> No.61012134

I see it in Iridium 58 and Opera using Blink 58 but not in Chromium 55 and Google Chrome 55. It might be being bypassed on older browsers so if you don't see its probably still loaded.

>> No.61012139


if i have ekansovi blocked at the hosts file, is it safe?

>> No.61012145


Not quite. Everyone will still have the code in the HTML as thats the literal index file its pulling from the 4chan servers. uBlock / HOSTS etc block the connections that code tries to make.

Do you even know how blocking works?

>> No.61012186

I said it's running the obfuscated javascript whether you block ekansovi or not. It's not going to make the connections but it's still running 15KB worth of Javascript.

>> No.61012202

Italy here too, don't have it

>> No.61012217

People saying they "don't have it" - you're probably not looking properly.

>> No.61012220

Well.... yeah.

>> No.61012235


>> No.61012256

I had it a second in ublock and now it's gone after reload

when i turn on yesscript, it's disabled, but 4chan is unusable. tf do i do? i have no idea how to make umatrix load pages correctly.

>> No.61012284
File: 19 KB, 351x359, 502[3].jpg [View same] [iqdb] [saucenao] [google] [report]

Used to get it on /pol/ and not on /g/ an hour ago, now it's exactly the opposite, /g/ tries to connect to ekansovi and /pol/ doesn't.
Also firebug console suggests the websocket it tries to open just 404s anyway without any blocking on my part.

>> No.61012294

Yes it does buddy.

>> No.61012318
File: 43 KB, 825x533, Capture.png [View same] [iqdb] [saucenao] [google] [report]

Where you seeing this?

I don't have any javascript running from ekansovi

All of this javascript is Google or 4chan

>> No.61012329

>merely pretending

SWAT's already on the way, punk.

>> No.61012353

It's not being included from some 3rd party site, it's embedded in this page

>> No.61012356

The stories and information posted here are artistic works of fiction and falsehood.
Only a fool would take anything posted here as fact.
You're not fools, are you, NSA?

>> No.61012365
File: 40 KB, 1280x302, hmm.png [View same] [iqdb] [saucenao] [google] [report]

well, i have it too
location is poland

>> No.61012400

So did anyone bother to un-obfuscate the js to see what it's actually doing?

>> No.61012414

So, this is 100% Hiro's doing I assume?

>> No.61012424

Probably; assuming it's malicious it could be a hacker, but we're yet to find out if it is malicious.

>> No.61012432
File: 3 KB, 229x63, ss (2017-06-21 at 21.29.25).png [View same] [iqdb] [saucenao] [google] [report]

Can't find the green default .ico in 4chan X anymore after blocking ekans.
Is it gone for anyone else? Green boards display no favicon at all now.

>> No.61012450

If it's malicious it's definitely Hiro.

>> No.61012461

I still have it, you probably blocked it via another rule.

>> No.61012495

There's a lot of stuff in here about ice servers or stun servers, anyone know what that is?

>> No.61012508

>tfw I don't have it

Is this just a USA/UK thing or something?

>> No.61012513

did you check well enough?

>> No.61012516
File: 286 KB, 624x224, ss (2017-06-21 at 21.35.23).webm [View same] [iqdb] [saucenao] [google] [report]

Strange. I have no other 4chan rule other than blocking all ekans stuff.
It's definitely blocking my green favicon, webm related.
I'm not seeing a block in the logger.
I added these rules

! 21.6.2017, 19:25:00 behind-the-scene

! 21.6.2017, 19:25:20 behind-the-scene

>> No.61012521

read the thread, retard

>> No.61012541

It doesn't show in the requests blocked of UBlock. It doesn't show in the behind the scenes menu either after opening a bunch of threads.

>> No.61012547
File: 19 KB, 531x187, Selection_098.png [View same] [iqdb] [saucenao] [google] [report]

i blocked it in the ublock origin dashboard but i am still seeing it in the logger in behind-the-scenes

pls halp

>> No.61012562

Revenge for Hiroshima, and calling him Hiroshima.

>> No.61012579
File: 29 KB, 1488x465, ss (2017-06-21 at 21.40.33).png [View same] [iqdb] [saucenao] [google] [report]

I removed all "My Filters" and it changed nothing.
Can someone post me their exported "My Rules", so that I can revert to default?
I don't know what else it could be.

>> No.61012581

Added those to my filters and still have the icon.

Might be Firefox related. When I was using Nightly the blue favicon would not load.

>> No.61012587
File: 19 KB, 626x94, Selection_099.png [View same] [iqdb] [saucenao] [google] [report]

if it's red, does that mean it's working?

>> No.61012610

i think it means it's blocked.

>> No.61012629

Decoded most of the strings, its still pretty obfuscated but whatever.


>> No.61012630

>but we're yet to find out if it is malicious.
Oh come on. Why should he ever engineer such a complex piece of shit able to bypass fucking uBlock Origin with standard settings if it's not malicious. That, or a subpoena to make merrica great again or something.


>> No.61012658

You should be able to reset it to default in uBlock settings but I doubt that will change anything.. Check the logger in uBlock to see what is blocking it.

>> No.61012662

wtf i hate 4chan now!

>> No.61012676

Well that's odd because it only gets removed when I enable uBlock.
The logger is not listing the favicon at all.
Just removed all cookies and chache and so on, gonna restart browser now, but doubt it gets fixed.

>> No.61012692

same guy - on my other os the cookie is there but i don't have the requests. ???

>> No.61012693

Your entire OS is a botnet ya dingus.

>> No.61012712

It might Firefox, I don't even have a favicon when I launch Firefox with extensions disabled.

>> No.61012725
File: 42 KB, 821x260, ss (2017-06-21 at 21.47.02).png [View same] [iqdb] [saucenao] [google] [report]

It just showed up in the logger when I loaded sys.4chan.org/auth, and... what the fuck??
Am I being trolled by Fanboy's list here? Why is 4chan detected as REDDIT?

>> No.61012750

oh shit. now it's showing in the ublock logger too

>> No.61012754

Oh yeah, now I remember, that indeed happen.
Here is the rule I added. I completely forgot about it.

>> No.61012777

This, of course. We are always joking here. 100%

>> No.61012783
File: 73 KB, 290x200, NHFUKkw.png [View same] [iqdb] [saucenao] [google] [report]

>It unironically uses XOR for string encryption

>> No.61012811
File: 23 KB, 261x202, rsz_1rsz_wtf.png [View same] [iqdb] [saucenao] [google] [report]

I have it according to ublock, but it has a (-) beside it

does that mean it's blocked

also, my browser, pale moon, is set to never save history..am I safe?

>> No.61012819
File: 38 KB, 773x484, ekansovi.png [View same] [iqdb] [saucenao] [google] [report]

how to block using uMatrix:

go to logger in uMatrix.

refresh the 4chan page and look at the logger again

follow these steps

>> No.61012820
File: 32 KB, 1168x327, ss (2017-06-21 at 21.54.48).png [View same] [iqdb] [saucenao] [google] [report]

I added it, but now it's not showing up in the logger anymore at all. And it's still not back.
But instead Fanboy's list is now whitelisting doubleclick's favicon? And blocking all favicons not by reddit?
Did they get hacked or something?

>> No.61012847
File: 138 KB, 345x337, IMG_0543.png [View same] [iqdb] [saucenao] [google] [report]

I helped ccd0 add obfuscated botnet code to recent versions of 4chan X and advised him to pull it from github.org lest he gets discovered and reported. The botnet is appended to the code at compile-time; it's built into our fork of the Coffeescript compiler. It's very basic right now but eventually we're gonna make it into a powerful, decentralized p2p network that DDoSes sites specified by our future clients. The C&C is a hidden Github repo; orders are routed via the updates mechanism (just setting a few variables). Since the last few revisions we've gotten a couple prospective clients (we advertise on IRC and on blackhat SEO forums) and we're going to start actually making money for the next few days. ccd0 will deny this to the best of his ability, for obvious reasons - or maybe try to make it look like he's trolling all of you - but I seriously encourage you to stop updating 4chan X if you ever notice your connection getting slow/have bandwidth restrictions. See, the botnet is opt-out that way.

>> No.61012858

always knew we are reddit

>> No.61012863

I do not get this on Firefox.
I do get this on Vivaldi.

>> No.61012870

It's not 4chanX though, I'm not using it and it's still there.

>> No.61012872

that looked like it took so much effort to make only to be obvious as fuck bait

>> No.61012876

It has a "~reddit.com" meaning it can happen in any domain except reddit so it blocks the 4chan one. Its not detecting as reddit.

Have you tried Shift + reload?

>Did they get hacked or something?
False positive or something. That whitelist might have a purpose, you should be able to block it anyways.

>> No.61012879

No 4chan X here. fuck off.

>> No.61012889

that old copy pasta

>> No.61012908

>It has a "~reddit.com" meaning it can happen in any domain except reddit
Yeah I kinda thought so, but why would you block all favicons except reddit's...

I tried Ctrl+reload multiple times already, yeah. This used to refresh favicons immediately when I worked on some websites.
However, it's still broken now, even after disabling all of the lists the blocking rule appears in and adding the exception

>> No.61012912
File: 106 KB, 923x353, fkwfk.jpg [View same] [iqdb] [saucenao] [google] [report]

It's code for ads

>> No.61012961
File: 488 KB, 425x534, hnnnng.png [View same] [iqdb] [saucenao] [google] [report]

>Tfw advertising bots are fake
>Mfw chickmoot makes money with it

>> No.61012987

>I do not get this on Firefox.
read the thread.

>> No.61012992

My guess its trying to block third party fav icons. Check the logger one more time. I am going to try updating my filters to see if I can get that.

>> No.61013000

I don't know what it is for sure but I'm just blocking it in my host file.

I should be fine unless more domains get added.

If anyone knows exactly what it is please do tell.

>> No.61013034 [DELETED] 
File: 7 KB, 736x220, Screenshot_38.png [View same] [iqdb] [saucenao] [google] [report]

Not that anon. But founded it. Wat dı?

>> No.61013040

remove and block

>> No.61013067
File: 31 KB, 400x400, 250px-CaptainHindsight_400x400.jpg [View same] [iqdb] [saucenao] [google] [report]

maybe you shouldn't have used 4chan in the first place. it's too late now

>> No.61013092
File: 171 KB, 208x302, do not panic.png [View same] [iqdb] [saucenao] [google] [report]

>> No.61013122

Just coming 12 years too late, cunt.

>> No.61013130

The favicons came back after I disabled the fanboy filters and then restarted my browser. (not without restart)
then I enabled the fanboy lists again and favicons immediately dissappeared.
Gonna restart again now.

>> No.61013145

Try force updating the fanboy filters or disable just the ultimate list.

>> No.61013185
File: 82 KB, 984x374, ekans.jpg [View same] [iqdb] [saucenao] [google] [report]

Update your filters lads. Based gorhil took care of us.

>> No.61013206
File: 16 KB, 444x273, ss (2017-06-21 at 22.16.55).png [View same] [iqdb] [saucenao] [google] [report]

pic related. This part here appears in both the fanboy lists. It's one of the only things in the lists with a comment, apparently saying it blocks "popads tracking".
I guess I will just have to leave them both disabled.

>> No.61013214
File: 125 KB, 1440x2560, Screenshot_20170621-161905.png [View same] [iqdb] [saucenao] [google] [report]

This is with a fresh install ublock on android firefox

>> No.61013237

Did you add the white list rule properly? Remove the one I gave you and try white listing from uBlock's logger.

>> No.61013239
File: 200 KB, 450x384, thumbs up cat.png [View same] [iqdb] [saucenao] [google] [report]

i still feel kind of dirty now

>> No.61013242


site isn't even live

>> No.61013252

But, but I thought we were Anonymous? CAN'T YOU GUYS DO SOMETHING?

>> No.61013261
File: 18 KB, 680x514, 1497316092075.jpg [View same] [iqdb] [saucenao] [google] [report]

Guys, it's the Russians.

>> No.61013263

Its behind the scene on Firefox.

>> No.61013288

Actually it's the jews:

>> No.61013298

Where you seeing this

>> No.61013304

Link it.

>> No.61013328

Request URL:wss://a.ekansovi.com/wsm
Request Method:GET
Status Code:101 Switching Protocols
Response Headers
view source
Request Headers
view source
Accept-Encoding:gzip, deflate, sdch, br
Sec-WebSocket-Extensions:permessage-deflate; client_max_window_bits
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/58.0 Iridium/58.0 Safari/537.36 Chrome/58.0.3029.81

it's a web socket it opens
can't see any other data
anyone actually see it transmit data?

>> No.61013343

see >>61012629

>> No.61013344

There's some info on the Who is page. Probably trace it?

>> No.61013365
File: 1.76 MB, 886x834, ss (2017-06-21 at 22.31.48).webm [View same] [iqdb] [saucenao] [google] [report]

Like this?

>> No.61013380


>> No.61013383

That's one way of doing it.

>> No.61013398
File: 22 KB, 742x369, ss (2017-06-21 at 22.32.51).png [View same] [iqdb] [saucenao] [google] [report]

I also added this, but the favicon is not coming back.

>> No.61013431

well it's using https://en.wikipedia.org/wiki/Squid_(software)

it loads on 4chan vanilla, with no addons. on every board.

>> No.61013457
File: 22 KB, 772x328, Screenshot from 2017-06-21 15-37-51.png [View same] [iqdb] [saucenao] [google] [report]


>> No.61013479
File: 6 KB, 504x124, ss (2017-06-21 at 22.40.03).png [View same] [iqdb] [saucenao] [google] [report]

I tried that too since I saw it in the source code, but it's still not coming back.

>> No.61013482

It appears Firefox loads the icon behind the scene for some odd reason, which explains why it was blocked on Nightly for me.

>> No.61013496

Maybe this will work.

>> No.61013508

I can't post the exact link. Spam filter gets me.

>> No.61013541

I just booted up a fresh Ubuntu VM on a Norwegian VPN and I'm getting it on every board including the homepage. This is a brand new VM.

>> No.61013552

Mom if you're reading this I do NOT like traps and I promise I voted for Hillary. I'm with HER!

>> No.61013563

Fuck you for voting Trump.

>> No.61013571
File: 331 KB, 1366x769, dsa.jpg [View same] [iqdb] [saucenao] [google] [report]

>> No.61013591
File: 23 KB, 494x382, tracking.png [View same] [iqdb] [saucenao] [google] [report]

Fresh install. using chrome

>> No.61013600


>> No.61013607

Update the filters and check again.

>> No.61013614

Eat shit, kid.

>> No.61013624

I think it's working now. I don't know which one of these makes it work, but I really gotta sleep in my timezone now:

! 21.6.2017, 22:32:52 behind-the-scene

! 21.6.2017, 22:32:52 behind-the-scene

! 21.6.2017, 22:43:48 4chan.org

! 21.6.2017, 22:45:34 behind-the-scene

! 21.6.2017, 22:45:34 behind-the-scene

Thanks for the help Anons

>> No.61013634

so, what's the worst thing that could happen?

>> No.61013636
File: 7 KB, 340x385, 4chin.png [View same] [iqdb] [saucenao] [google] [report]

You guys need to stop fappnig to so much futa porn.

>> No.61013637

the website is literally hosted on the same server 4chan is hosted on

so where-ever it comes from the code is on mook's actual server

>> No.61013661

you fucking retards, it's a behind-the-scenes request. you are looking in the wrong place, read the damn thread before you post

>> No.61013666

>ekans = snake backwards
>ovi = egg
>backwards snake egg
This can't be good

>> No.61013676
File: 22 KB, 498x387, gonenow.png [View same] [iqdb] [saucenao] [google] [report]

gone now after updating all my filters

>> No.61013685
File: 214 KB, 1920x983, tp.png [View same] [iqdb] [saucenao] [google] [report]

The 4chan js has a link to http://xhr.ekansovi.com/ljs?p=1416070001, which seems contain javascript to fetch tracking pixels from 2 different domains.

Left is 4chan js (thanks to >>61012629 ) and right is the ekansovi js

>> No.61013696

Your mom will find out.

>> No.61013710

So this is embedded in the actual code of the 4chan?

TFucking HIro

I guess I'm off to cuck chan

>> No.61013713

I'd bet Hiroshimoot is using it to collect marketing data from 4chan users.

>> No.61013719

it's literally hosted on

same IP as s.4cdn.org

yea we've seen it
so we can confirm this shit is on the same ip address as all of 4chan or the same reverse proxy at least

>> No.61013745

What are the biggest alternative chans

Eight chan, kraut chan?

>> No.61013755

8 for sure
idk about thej others

>> No.61013758

Cripplechan is a honeypot full of open pedos, kraut chan is mostly alright but traffic is significantly lower.

>> No.61013771
File: 945 KB, 280x211, d4708.gif [View same] [iqdb] [saucenao] [google] [report]

>open logger then open /pol/

>> No.61013775
File: 28 KB, 727x1166, 1352629576886.png [View same] [iqdb] [saucenao] [google] [report]

I guess it's time to learn german

>> No.61013788

>has no script + request policy for max safegaurd autism
>this evanglion shit doesnt show up or ad glare for ublock
im good right?

>> No.61013798

well 8ch is the best bet, the rest are dead

>> No.61013800
File: 770 KB, 2684x2208, 1326.png [View same] [iqdb] [saucenao] [google] [report]

What about this shit?
Wouldn't be the first time Hiro collected and leaked user data.

>> No.61013817

press F12 on your keyboard (assuming you use firefox or any chromium based)
go to network tab
refresh page
check domains that got hit

>> No.61013819

well, noscript probably disabled the malicious js entirely, but have you checked the behind the scene requests in ublock's logger?

>> No.61013822

I don't have it and I am using an old version of 4chan x that I have maintained for years.

>> No.61013848
File: 771 KB, 2684x2208, 1498078972398.png [View same] [iqdb] [saucenao] [google] [report]

Forgot a red marking on the right. Specifically " The bigger issue here is that the leaked data included a long list revealing which member posted each comment — something that, of course, is supposed to be anonymous. "

>> No.61013864

god damn asians are terrible people
it loads regardless of addons and browser.

>> No.61013874
File: 14 KB, 480x360, hqdefault.jpg [View same] [iqdb] [saucenao] [google] [report]



>> No.61013875

This doesn't seem to block 4chan's favicon

It's named - favicon-ws.ico on 4chan for some reason

>> No.61013902

doesnt show up
nothing shows up in parse which i assume is behind the scene requests?

>> No.61013925

How do you get to the advanced settings in ublock origin? I clicked advanced user and the settings gears arent appearing

>> No.61013930

weird so it's specific users maybe?
it's loaded through javascript. do you block js

>> No.61013935
File: 22 KB, 525x295, 2017-06-21-160242_1280x1024_scrot_a.png [View same] [iqdb] [saucenao] [google] [report]

For those not seeing it in SJWfox, its because its located behind the scenes. Chrome and Chromium based users who don't see it should update since web sockets are not properly blocked in older versions.

That's the blue one. I am actually having issues with Firefox with the blue one as well but I never bothered to try fix it. Disabling uMatirx and uBlock still doesn't make it load for me. I assume the icon is loaded behind the scenes. Not sure what's fucking with it.

>> No.61013940 a.ekansovi.com ekansovi.com
::0 a.ekansovi.com
::0 ekansovi.com

>> No.61013966

feels good man

>> No.61013988

Is clover affected? I primarily phone post. How boned am I?

>> No.61013990

4chan slower for anyone else?

>> No.61014011

WebSocket connection to 'wss://a.ekansovi.com/wsm' failed: Error in connection establishment: net::ERR_CONNECTION_REFUSED

ublock isn't as good as routing the shit to

>> No.61014035

How do I block domains in ublock origin?

>> No.61014036


>> No.61014088

For Chromium-based browsers, you will need uBO-Extra 2.25:

Open chrome://webrtc-internals/ and reload the page here to find out why.

>> No.61014146

Is uMatrix good enough?

>> No.61014162

Does this affect clover?

>> No.61014171

I can't confirm, but I'm pretty sure it does not affect clover.

>> No.61014207
File: 117 KB, 921x609, Capture.png [View same] [iqdb] [saucenao] [google] [report]

Any harm blocking all the Jewgle behind the scenes shit?

These generate loads just typing in URLs...

>> No.61014221
File: 448 KB, 900x900, d4718.png [View same] [iqdb] [saucenao] [google] [report]

>nightly keeps crashing with umatrix

>> No.61014235

Time to stop using Nightly.

>> No.61014243

use ungoogled chromium dude

>> No.61014247

>using nightly when it's clearly not intended for regular browsing and breaks something every week
you nightly mongs never learn

>> No.61014258

Blocking the domains using tbe hosts file should be enough, right?

>> No.61014281

my default setup is to block everything for Request policy and no script
it gets in the way sometimes but its stupid effective

>> No.61014323

No, WebRTC is not exposed to webRequest API.

Also, same issue with Firefox: open about:webrtc, reload page here.

It's time for people to make more noise about all these bypasses working around blockers.

>> No.61014359
File: 4 KB, 555x26, Screenshot from 2017-06-21 16-33-28.png [View same] [iqdb] [saucenao] [google] [report]

>For browsers based on Chromium 57 and below, WebSocket connections are not available to the chrome.webRequest API.
Is that really needed on 58+? The page says only 57 and under have the issue hence why there is nothing on Chrome 55.
Pic related shows Iridium 58 with no uBO-Extra 2.25. uMatrix 1.0.0 seems to work as it should in both Iridium and latest Opera.

>> No.61014377
File: 187 KB, 1054x770, Screenshot from 2017-06-20 16-27-52.png [View same] [iqdb] [saucenao] [google] [report]

Chrome 55 not showing that web socket.

>> No.61014381


>> No.61014413

webrtc =/= websocket

webrtc is even worst, as it shows nowhere (not even behind-the-scene), and cannot be controlled with Content Security Policy.

See https://bugs.chromium.org/p/chromium/issues/detail?id=707683

>> No.61014431

Ah right, crap that's more bloat to install.

>> No.61014460

This is only time in years that Nighly brok efor me

>> No.61014465

I don't see it there or in the ublock logger. Does the setting in 4chan X that makes you force the no java script captcha block all javascript?

>> No.61014519

In firefox you can disable webrtc through about:config, at least.

>> No.61014613

Alright thanks for the heads up, installed and it working. It's also no longer showing up on uMatrix and uBo, I assume that's normal since chrome://webrtc-internals/ is blank.

>> No.61014637

>enabling third party cookies

>> No.61014640

My ekansovi just disappeared... wut.

uBlock added it to the default filter, but it'd come up as blocked surely?

>> No.61014662

Check the console. It's blocked for me after the update.

>> No.61014692

Nothing to hide nothing to fear. Go back to sleep.

>> No.61014697
File: 58 KB, 1408x554, Capture.png [View same] [iqdb] [saucenao] [google] [report]

Fucking RIP in pieces mang, wtf is this shit

>> No.61014707

Still fuck that fishnigger for adding that.

>> No.61014723

I have it on /g/ and haven't had 4chanx installed in maybe 6 years, I can't remember.

>> No.61014749

Ok, so I've been seeing ekansovi for a while. I've always had it blocked by uMatrix by default, but just to be sure I also added this to my uBlock rules:

Problem is, I don't see websocket anywhere and I don't know if I should block that or how.
uMatrix does not show it in the log, even if I'm on FF Nightly, and I have behind-the-scene whitelisted in uBlock by default. Will something like
||a.ekansovi.com/wsm$websocket,domain=behind-the-scene^$important override the whitelist?

>> No.61014779

You're already compromised so why bother?

>> No.61014834

But I called some guy a mouthbreather for liking an anime that I dislike.

Don't care if my boss/family/police finds out, but I'm scared the mouthbreather finds my house and katanas my thinkpad

it took forever to get gentoo working :(((

>> No.61014835

no just google's shit
wondering if it's per specific ip's or operating systems it follows
going to spoof wangblows on my laptop and run IE and see if it's there then do the same under a diff ip

>> No.61014901

loads on literally everything for me
even my VPS' locally in different country.. remote connected in (not tunneling)

>> No.61014918

Thank you.

>> No.61014926
File: 70 KB, 830x801, gone.png [View same] [iqdb] [saucenao] [google] [report]

After removing all cookies and data, and restarting, I no longer get Ekansovi come up

Adglare is new though

>> No.61014946

I don't get this to appear in Firefox but I get this to appear in Vivaldi. Is it because WebRTC

>> No.61014970

>I don't get this to appear in Firefox
Check behind the scene. Open the uMatrix pop in a uMatrix settings.

>> No.61014985

>Is that really needed on 58+?
see >>61011637

>> No.61015001


Try going here, and refresh this thread

>> No.61015011

Apparently that's not good enough since webRTC is not the same as websocket.

>> No.61015012
File: 167 KB, 1846x1166, question mark.png [View same] [iqdb] [saucenao] [google] [report]


>> No.61015018

the post you're quoting is addressing websockets, not webrtc.

>> No.61015025

Then do I need it or not? That anon claimed I needed it.

>> No.61015049


This states it blocks WebRTC - not just websocket

>> No.61015070
File: 15 KB, 300x300, sweat.jpg [View same] [iqdb] [saucenao] [google] [report]

>Ekansovi has vanished from every logger now

Why... it's still in my uMatrix rules, and uBlock too... but it doesn't even appear anymore, even as blocked (or in behind the scenes)

Using uMatrix, uBlock, and uBlock Extra

>> No.61015094

>uBlock Extra
Might be that doing its job. I think I am just going to switch to IceCat or something in the future. Fuck that Fishnigger for adding that ekansovi crap.

>> No.61015115

I think it has something to do with gorhill adding ekansovi to the default filters. I can only see it blocked at the browser console now.

>> No.61015141

>install uBlock Extra
>ekansovi disappears
>adglare shows up
So it was all a ruse.

>> No.61015153

adglare has always been there.

>> No.61015170

see >>61011637 and Gorhill's FAQ. You don't need the companion to address websockets in uBlock Origin in Chromium; arguably, uMatrix in Chromium blocks websockets as well if your Chromium version is >57.

About the WebRTC concerns, that's has always been an issue and hopefully you've disabled completely WebRTC in your browsers. This means avoiding any Chromium-based browser.

>one hour ago
nice, but the only solution to address this is to use a browser that allows you to disable it totally. uBlock and similar tools in that browser prevent only (some kinds of) IP leakage.

>> No.61015188


>> No.61015213

That fishnigger is obviously data mining.

>> No.61015229

What about the IRC channel? We could try to get a response there. From a mod at least.

>> No.61015237

>>About the WebRTC concerns, that's has always been an issue and hopefully you've disabled completely WebRTC in your browsers. This means avoiding any Chromium-based browser.
Guess I should have gone for ungoogled chromium instead of Iridium.

>Disable WebRTC (will be configurable in the future #179)

>> No.61015265

I haven't seen it before.

>> No.61015272
File: 61 KB, 500x384, 1496269535428.jpg [View same] [iqdb] [saucenao] [google] [report]

>ublock origin extra
>blocked off ekansovi in umatrix
>ekan not showing up in log or cookies
I think we're okay now

>> No.61015277

I don;t even see it anymore after installing oBo-extra. I am no longer sure ho this shit is working.

>> No.61015285

>ublock extra

>> No.61015307

Interesting, with this new uBO-extra webrtc is nulled in chrome://webrtc-internals/ AND there's no ekansovi.com popping up in uMatrix. As soon as I turn this uBO-extra 2.25 off and refresh a 4chins page, here we are again: webrtc and ekansovi.com pops up.

In Firefox with media.peerconnection.enabled=false I still see ekansovi.com in uMatrix.

>> No.61015370


>> No.61015449
File: 2.00 MB, 250x158, 1272932551669.gif [View same] [iqdb] [saucenao] [google] [report]


D-did we win?

What happens when Hiro just changes the domain... fucking cunt

>> No.61015537

also, uBO-extra 2.24 does NOT block webrtc on 4chins; only 2.25 does (and 2.25 isn't the in chrome store already, so you'll likely have to enable developer mode and add it manually)

I've double checked settings in firefox and even with
media.peerconnection.enabled = false
media.peerconnection.turn.disable = true
media.peerconnection.use_document_iceservers = false
media.peerconnection.video.enabled = false
media.peerconnection.identity.timeout = 1
media.peerconnection.identity.enabled = false
there are still ekonsovi websockets blocked in uMatrix (even after having cleaned cookies and dom storage); this suggests to me that "some" webrtc-thing is passing through; and there's no "defuse" add on for firefox.

this site has been listed in the hostile sites that need to be defused "early" before they even hit uBlock (see contentscript DOT js, hiromoot unironically won't allow me to link here the commit)
so really I'm at a loss of words

>> No.61015616

uBlock Origin Extra 2.25 is on chrome store now.

>> No.61015624
File: 760 KB, 1200x831, Capture.png [View same] [iqdb] [saucenao] [google] [report]

2.25 is up on the Chrome Store now.

I just don't get it - says only Chromium 57 or below need? But, even with Chrome 59, uBlock, uMatrix I get ekansovi in - chrome://webrtc-internals/

I'm keeping uBlock Extra for now - that stops it

>> No.61015646

>says only Chromium 57 or below need?
only earlier versions of chromium needed it to address websockets. webrtc is a different championship and this ubo extra try to address it always, regardless of your version.

>> No.61015649

Chromium 57 or below is web sockets

Everything else is WebRTC. Ungoogled-Chromium is supposed to have WebRTC disabled.

>> No.61015660

>MCMICHAEL claimed this post was a joke.

>> No.61015689

Misread that then.

Well - I am Ekansovi free now.

Fuck Japmoot

>> No.61015726

So have I, the more that know the better.
I prefer to call him fishnigger.

>> No.61015744
File: 30 KB, 851x350, Capture.png [View same] [iqdb] [saucenao] [google] [report]

Without uBlock Extra uBlock will stop the websocket, but not the WebRTC.

I'd advise everyone to get uBlock Extra...

Also - wtf is this anyway. Not even big ad companies go to these lengths - why is this Ekansovi shit so advanced and using all these ultra shady methods to bypass blocks?

>> No.61016010


Can anyone explain this.

>22nd May



Uraton.com is a known ad shit website, and uses the exact same formatting as ekansovi.

So, they are one in the same?

>> No.61016027

>I've double checked settings in firefox and even with
>media.peerconnection.enabled = false
>media.peerconnection.turn.disable = true
>media.peerconnection.use_document_iceservers = false
>media.peerconnection.video.enabled = false
>media.peerconnection.identity.timeout = 1
>media.peerconnection.identity.enabled = false
t>here are still ekansovi websockets blocked in uMatrix
I still see ekansovi.com managing to reach uMatrix in firefox, even if about:webrtc shows up nothing, I don't get it.

Wait, wait
>AND there's no ekansovi.com popping up in uMatrix
it now pops up in Chromium; after having installed uBO-extra 2.25, I see now ekansovi.com in uMatrix but not in uBlock; whilst in firefox I see ekansovi (blocked) in uMatrix, NoScript and uBlock Origin, and no webrtc connection at all according to about:webrtc

>> No.61016129

does firefox not need this? if so, is there a setting i should be changing right now in user:config or something?

>> No.61016140

I'm just saying - if you value your privacy, use Appchan instead.

Did you not even read my post?

>> No.61016160

What is weirder is ufraton.com has IP links to a company called Interlink (based in Israel lol), but has more decently updated whois records to use the same identity concealing service as ekansovi

They also have the same 404 not found site

This IP is apparently a ufraton IP, and gets the same 404, and is the one hosted in Israel -

What the fuck, seems like it was (((them))) all along

>> No.61016192

It's /wsp that's blocked for me. Anyone else get that?

>> No.61016219

Why would Firefox be an exception? Just download it.

>> No.61016255

isnt it designed for chome?

>> No.61016263

wsp seems newer.

wsm seemed to be the URL back in May.

If it changes again, it'll be blocked anyway as the entire domain is blacklisted in uBlock

>> No.61016284

Ive been away, can someone fill me in on what is going on?
I do not have anything in my ublock button that says "Ekansovi". When I inspect the page and run a search, nothing says "Ekansovi".

I have ublock and noscript running in firefox if that is relevant.

>> No.61016324

it's not for firefox fuckface, don't open your whore mouth if you can't even read a github page.

>> No.61016329


>> No.61016397
File: 12 KB, 284x279, 1487992540526.jpg [View same] [iqdb] [saucenao] [google] [report]


>> No.61016467

>whilst in firefox I see ekansovi (blocked) in uMatrix, NoScript and uBlock Origin
in uMatrix https://a.ekansovi.com/wsp gets blocked ; in uBlock wss://a.ekansovi.com/wsp gets blocked.

>> No.61016474

>the entire domain is blacklisted
should it be this
or this?
wasn't there some problem with how these filters are ABP syntax but uBO interpreted them differently?

>> No.61016543



>Data processing, hosting and related activities (63110)

What the fuck - is this a false positive, like Cloudflare IPs being unreliable?

>> No.61016560

uBlock Origin already updated their filter with this:

! https://rbt.asia/g/thread/61009719
! Appears related to uponit.com
! Somehow, websocket requests are behind-the-scene with Firefox. Pending
! further investigation, this fixes the issue.
||4chan.org^$csp=connect-src https: http:

>> No.61016688

It has a name of "__cfduid" is this some cloudflare shit?

>> No.61016730

Seem like cloudflare, just wipe all the cookies.

>> No.61016779

It appears in requestpolicy continued for me but not in noscript or ublock origin.

Am I safe?

>> No.61016806

Where do you see "request policy continued"? Im severly out of date with this shit

>> No.61016871


Appears in every list of privacy plugins but for some reason I've never seen it used by people on /g/

Name (leave empty)
Comment (leave empty)
Password [?]Password used for file deletion.