I noticed a site I just tried to browse detects both noscript and adblock and completely blocks you from viewing it until you disable both. I disabled adblock first, but I still had to allow all on NoScript before it would display normally. It was showing normally until I allowed scripts for the domain itself, which I need for some of the things on the forum to work. The site is www.360haven.com
Check it out, allow scripts for the site itself, and you'll see that it blocks all access complaining about adblock software. Any ideas? Will this particular detection method be addressed in a future version?
Websites detecting blockers now?
Websites detecting blockers now?
Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.160 Safari/537.22
Re: Websites detecting blockers now?
It will always be theoretically possible for websites to detect NoScript's presence. They can use <noscript> elements, or they can probe to determine whether images are being allowed while scripts are being blocked, etc. I think that JavaScript can also detect which plugins are installed; not sure about extensions.
You can poke around to determine what method they're using and try to work around it, but I'd suggest walking away. If they have so little respect for your privacy and safety that they would demand you switch off two very useful protections, then they're not worth your time.
Update: Looks like if you block scripts for the top-level site, 360haven.com, then their block doesn't work. Seems appropriate. However, that may mean that the site doesn't work. Experiment if you wish.
Update 2: Poked around a bit (with JSView) to see whether I could find the specific script that they're using to show their 'please allow ads' message. And guess what I found? Obfuscated inline JavaScript with the word 'adblock' in it. Seriously, just walk away.
You can poke around to determine what method they're using and try to work around it, but I'd suggest walking away. If they have so little respect for your privacy and safety that they would demand you switch off two very useful protections, then they're not worth your time.
Update: Looks like if you block scripts for the top-level site, 360haven.com, then their block doesn't work. Seems appropriate. However, that may mean that the site doesn't work. Experiment if you wish.
Update 2: Poked around a bit (with JSView) to see whether I could find the specific script that they're using to show their 'please allow ads' message. And guess what I found? Obfuscated inline JavaScript with the word 'adblock' in it. Seriously, just walk away.
Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:19.0) Gecko/20100101 Firefox/19.0
Re: Websites detecting blockers now?
Is there some way to get NoScript to block those lines? Like blocking eval() code entirely? When I find some BS like this, I'd rather get around it than let them win.
Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.160 Safari/537.22
Re: Websites detecting blockers now?
There's really not much point in getting annoyed by a website 'winning'...Viper187 wrote:Is there some way to get NoScript to block those lines? Like blocking eval() code entirely? When I find some BS like this, I'd rather get around it than let them win.
You could try Controle de Scripts, or you could write a surrogate script. Or a Greasemonkey script, similar to a surrogate script.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:19.0) Gecko/20100101 Firefox/19.0
-
Giorgio Maone
- Site Admin
- Posts: 9481
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Websites detecting blockers now?
Surrogate, indeed:Thrawn wrote: You could try Controle de Scripts, or you could write a surrogate script. Or a Greasemonkey script, similar to a surrogate script.
noscript.surrogate.360Haven.sources
Code: Select all
@http://www.360haven.com/*Code: Select all
Object.defineProperty(window, "adblock", { get: function() false, set: function() false }); Object.defineProperty(window, "google_ad_client", { get: function () { return { __noSuchMethod__: function() this } } }); Object.defineProperty(window.HTMLBodyElement.prototype, "innerHTML", {get: function() "" });
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0
Re: Websites detecting blockers now?
Interestingly, I have no adblocking software; yet, if the top-level script is allowed, I still get the "Adblocking software detected" message. Temp-disabling RequestPolicy didn't change that. So apparently, the fact that NS blocks the ad scripts convinces them that you have ABP or similar installed. Certainly a side benefit of NS is how many ads are blocked because they are served only by script.
appeared to make things work. At least, the left-side navigation appeared, and most other pages looked sort of normal.
I found that with all script blocked, but TA this object:Thrawn wrote:Update: Looks like if you block scripts for the top-level site, 360haven.com, then their block doesn't work. Seems appropriate. However, that may mean that the site doesn't work. Experiment if you wish.
Code: Select all
Temporarily allow http://www.360haven.com/forums/360havenNavigation.swf
(application/x-shockwave-flash <EMBED> / http://www.360haven.com)
Mozilla/5.0 (Windows NT 5.1; rv:19.0) Gecko/20100101 Firefox/19.0
Re: Websites detecting blockers now?
Hmm...since the site is obviously conscious of the existence of ad-blocking software, they might notice this. Not worried about them hating on you?Giorgio Maone wrote: Surrogate, indeed:
<snip>
I'm likely gonna include this in next NoScript version, too.
Regardless, thanks for writing that.
Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:19.0) Gecko/20100101 Firefox/19.0