No idea if this works or if it's just my imagination/paranoia:
The site wichal.com is a spammer/fishing site that wants you to fill out surveys in exchange for torrent passwords.
It's filled with ads and will complain loudly if you have adblock and/or noscript installed. Just try loading it in a sandboxed browser and you'll see what I mean.
But I was shocked to notice that some of the ad/spam scripts still worked under firefox. Even with noscript set to global deny!
I found out that it was because the site WAS SET AS "TRUSTED" IN NOSCRIPT!!!
That and the "leadbolt.net" domain!
I'm always in Global deny mode. So what's going on? Check this out:
Code: Select all
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Your Code is displayed below!</title>
<!--THIS IS THE ONLY LINE YOU NEED TO INCLUDE-->
<script type="text/javascript">ap_loaded = false;</script>
<script type="text/javascript" src="http://ad.leadbolt.net/show_cu.js?section_id=43"></script>
<script type="text/javascript">if (!ap_loaded) { window.location = 'http://ad.leadbolt.net/adblock?section_id=43'; }</script>
<noscript><meta http-equiv="refresh" content="0;url='http://ad.leadbolt.net/noscript?section_id=43'" /></noscript>
<!--THIS IS THE ONLY LINE YOU NEED TO INCLUDE-->
</head>
<body>
<p align="center"><b><font face="Verdana" size="6">Your Code is displayed
below!</font></b></p>
<h1 align="center"> </h1>
<p align="center">
<img border="0" src="Kirkirahtygd.gif" width="300" height="277"></p>
<p align="center">
</p>
<p align="center"> </p>
<p align="center"><b><font face="Verdana" size="5">Hope you enjoy the video!</font></b></p>
<p align="center"><b><font face="Verdana" size="5">Have a nice day :)</font></b></p>
<p align="center"> </p>
<p align="center"> </p>
<p align="center"> </p>
</body>
</html>
Notice this line:
Code: Select all
<noscript><meta http-equiv="refresh" content="0;url='http://ad.leadbolt.net/noscript?section_id=43'" /></noscript>
Fortunately tweaking the options for trusted sites to have the same restrictions as untrusted sites seems to solve this problem.
The scripts from leadbolt.net try to load the main ads, and check for adblock and noscript.
So what's going on? Is noscript really being tricked into running blocked scripts? Am I wrong? Is this really what's happening?
Is this a feature in noscript that lets advertisers set themselves as trusted?
Is this a feature to let sites detect and deny noscript users?
Is this a known bug/exploit? What is going on?