InformAction Forums

Hi,

My ISP is hijacking almost all site and input this script below to the html

*The forum blocked the script see here for the script https://paste2.org/YXmzswyk

i already blocked cfs.uzone.id in my hosts file but since the script is still there, it seem to slow the site loading so is there anyway to remove those script or block those script from running using no script?

i know i should probably move to another isp but sadly the only isp that have fiber optic in my area is this isp.

thanks

Who is your ISP?

(I don't know about such things, but the word, surrogate, comes to mind.
Others?)

Is it your ISP or the Indonesian Cyber Freedom hacking group that is injecting its code onto web pages you are visiting?
(I would only visit that link in a NoScript enabled browser .)

I also don't think it's your ISP. I think it's malware.

Your ISP uses domain "telkom.net.id" and your IP address you posted from has no apparent relation to cfs.uzone.id For more information, put your IP address (which you can get from NoScript Options > Advanced > ABE) into this IP lookup site http://whatismyipaddress.com/ip-lookup, I checked it but I won't post the result here in case it's violation of your privacy.


BTW, what IP address did you use for blocking in HOSTS?

Hi all thanks for all the reply

My isp is Telkom Indonesia www.telkom.co.id

therube wrote:Who is your ISP?

(I don't know about such things, but the word, surrogate, comes to mind.
Others?)

It's my isp, i don't what your posted links mean but it seem it's like a hacked site?

therube wrote:Is it your ISP or the Indonesian Cyber Freedom hacking group that is injecting its code onto web pages you are visiting?

(I would only visit that link in a NoScript enabled browser .)

It's definitely is my isp, you can try to google cfs.uzone.id and you will see many issue similar like mine

my ip is 110.138.42.94 and my isp is Telkom Indonesia and if you whois cfs.uzone.id it will tell you that the owner is Telkom Indonesia
many isp here do content injection, and what worse is our local FCC (Internet regulation) allowed them to do it, they say it's within their isp right to make more money to pay for their infrastructure.

and my isp is doing content injection (for showing ads) by inserting those script i posted in my first reply, and are also use dns transparent proxy (for blocking site)
but i already circumvent the dns transparent proxy by using dnscrypt which prevent auto redirection dead domain (redirect to their another site that my isp owned that have many ads) and allow me to access blocked site
the problem now is the content injection, i already using the hosts file by inserting 127.0.0.1 cfs.uzone.id but since the script is still injected to almost every site it make the site i visit loaded more slowy and sometime even break a site (like imdb.com), the content injection are only appear in http site are not in https site but since many site still doesn't have https i still need for the script to be removed/blocked

so is there any way to use noscript to block/remove the script?

thanks again

barbaz wrote:I also don't think it's your ISP. I think it's malware.

Your ISP uses domain "telkom.net.id" and your IP address you posted from has no apparent relation to cfs.uzone.id

Code: Select all

$ dig cfs.uzone.id

For more information, put your IP address (which you can get from NoScript Options > Advanced > ABE) into this IP lookup site [url]http://whatismyipaddress.com/ip-lookup[/url], I checked it but I won't post the result here in case it's violation of your privacy.


BTW, what IP address did you use for blocking in HOSTS?[/quote]

TehBotolSosro wrote:you can try to google cfs.uzone.id and you will see many issue similar like mine

No I see a bunch of online pastes containing the site and links talking about blocking malicious site (mainly with HOSTS file). Only one or two links even reference Telkom.

TehBotolSosro wrote:the problem now is the content injection, i already using the hosts file by inserting 127.0.0.1 cfs.uzone.id

There's your problem, using 127.0.0.1 is a guaranteed way to get exactly the types of issues you're describing. You are not only pointing the requests to a valid machine but that is your own machine. Use 0.0.0.0 instead. It's discussed here https://hackademix.net/2009/07/01/abe-w ... where-omg/ (do NOT use 255.255.255.0 as suggested there and elsewhere, the performance problem will be as bad or worse)