InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

AWEmpire Promo Tool bypasses NoScript and hard to block

https://forums.informaction.com/viewtopic.php?t=3197

Page 1 of 1

AWEmpire Promo Tool bypasses NoScript and hard to block

Posted: Fri Nov 20, 2009 5:19 am
by chao28
Ok, there seems too be an issue that is currently being looked at that is resulting a diffcult to block measure that AdultWebmaster Empire seems to have done knowing this add-on is used on firefox, some how they managed to work around the last issue that the bookmarklet: (javascript:setCookie("popundr", 100*365*24*60*60000);void(0) , is no longer working, some how they are on to us and well not sure if this maybe the right place to find another fix around this, here is the official overhauled code they managed to rig this time, BTW this is their promo tool code,

Code: Select all

    function aweDoOpen(url) {
        if (awePuShown === true) {
            return true;
        }
        var aweWindow = window.open(url, "ljPu", "toolbar,status,resizable,scrollbars,menubar,location,height=680,width=790");
        window.setTimeout(window.focus, 500);
        if (aweWindow) {
            aweWindow.blur();
            awePuShown = true;
        }
        return aweWindow;
    }


    function aweSetCookie(name, value, time) {
        var expires = new Date;
        expires.setTime(expires.getTime() + time);
        document.cookie = name + "=" + value + "; expires=" + expires.toGMTString() + "; path=/";
    }


    function aweGetCookie(name) {
        var cookies = document.cookie.toString().split("; ");
        var cookie, c_name, c_value;
        for (var n = 0; n < cookies.length; n++) {
            cookie = cookies[n].split("=");
            c_name = cookie[0];
            c_value = cookie[1];
            if (c_name == name) {
                return c_value;
            }
        }
        return null;
    }


    function aweCheckTarget(e) {
        var cookieValue = aweGetCookie("popundr");
        var isRefDenied = aweCheckIsRefDenied();
        if (isRefDenied === true) {
            aweSetCookie("popundr", 1, 3600000);
            return;
        }
        if (cookieValue === null) {
            aweDoOpen("http://promo.awempire.com/tr/?id=14");
            aweSetCookie("popundr", 1, 86400000);
        }
    }


    function aweCheckIsRefDenied() {
        return false;
    }


    function aweInitPu() {
        if (document.attachEvent) {
            document.attachEvent("onclick", aweCheckTarget);
        } else if (document.addEventListener) {
            document.addEventListener("click", aweCheckTarget, false);
        }
    }

    var awePuShown = false;

    function aweDoOpen(url) {
        if (awePuShown === true) {
            return true;
        }
        var aweWindow = window.open(url, "ljPu", "toolbar,status,resizable,scrollbars,menubar,location,height=680,width=790");
        window.setTimeout(window.focus, 500);
        if (aweWindow) {
            aweWindow.blur();
            awePuShown = true;
        }
        return aweWindow;
    }


    function aweSetCookie(name, value, time) {
        var expires = new Date;
        expires.setTime(expires.getTime() + time);
        document.cookie = name + "=" + value + "; expires=" + expires.toGMTString() + "; path=/";
    }


    function aweGetCookie(name) {
        var cookies = document.cookie.toString().split("; ");
        var cookie, c_name, c_value;
        for (var n = 0; n < cookies.length; n++) {
            cookie = cookies[n].split("=");
            c_name = cookie[0];
            c_value = cookie[1];
            if (c_name == name) {
                return c_value;
            }
        }
        return null;
    }


    function aweCheckTarget(e) {
        var cookieValue = aweGetCookie("popundr");
        var isRefDenied = aweCheckIsRefDenied();
        if (isRefDenied === true) {
            aweSetCookie("popundr", 1, 3600000);
            return;
        }
        if (cookieValue === null) {
            aweDoOpen("http://promo.awempire.com/tr/?id=14");
            aweSetCookie("popundr", 1, 86400000);
        }
    }


    function aweCheckIsRefDenied() {
        return false;
    }


    function aweInitPu() {
        if (document.attachEvent) {
            document.attachEvent("onclick", aweCheckTarget);
        } else if (document.addEventListener) {
            document.addEventListener("click", aweCheckTarget, false);
        }
    }

    aweInitPu();
If there is a code to or bookmarklet that can be used to work around this problem, then let me know,

Re: AWEmpire Promo Tool bypasses NoScript and hard to block

Posted: Mon Jan 04, 2010 5:03 pm
by Giorgio Maone
Please check latest development build

Re: AWEmpire Promo Tool bypasses NoScript and hard to block

Posted: Tue Jan 05, 2010 3:10 am
by therube

Code: Select all

function checkTarget(e)
        {
        	if ( !getCookie('popundr') ) {
                var e = e || window.event;
                var win = doOpen('http://promo.awempire.com/tr/?id=105');
	        	
        		setCookie('popundr', 1, 24*60*60*1000);
        	}
        }
Needed to add *.awempire.com awempire.com to noscript.surrogate.popunder.sources for the above to be blocked.

Nope, that's not doing it either. Still getting past.

(I have long had this particular popunder blocked in AdblockPlus.)

Re: AWEmpire Promo Tool bypasses NoScript and hard to block

Posted: Tue Jan 05, 2010 9:14 am
by Giorgio Maone
Where do you get it (which page(s))?

Re: AWEmpire Promo Tool bypasses NoScript and hard to block

Posted: Tue Jan 05, 2010 3:38 pm
by therube
Everywhere, from what I can tell.

I'll post the name in the related thread in asgard.

If I disable AdblockPlus, allow the site (xxhost.com), open a clip, AWE/livejasmin opens up.
And then there are other sites where whatever filter I have in ABP is not correct for those other sites, so the popunders ensue there too (names escape me).

Note that on the site I listed, the popunder typically occurs once for each clip opened.

Re: AWEmpire Promo Tool bypasses NoScript and hard to block

Posted: Tue Jan 05, 2010 3:54 pm
by Giorgio Maone
You need to add the site (e.g. xxhost.com *.xxhost.com) to the replacement preference. It's a page surrogate, not an external source surrogate.

Re: AWEmpire Promo Tool bypasses NoScript and hard to block

Posted: Tue Jan 05, 2010 3:56 pm
by Giorgio Maone
Giorgio Maone wrote:You need to add the site (e.g. xxhost.com *.xxhost.com) to the sources preference. It's a page surrogate, not an external source surrogate.
Since I do not know which sites use AWEmpire popunders, I added only empornium.us to the default sources.

Re: AWEmpire Promo Tool bypasses NoScript and hard to block

Posted: Tue Jan 05, 2010 4:05 pm
by therube
OK that works.
So it is not the site where the popunder is hosted (awe) or links to (livejasmine), but the site of the page that is hosting the clip (xxhost.com).

If it were the other way around it would be easier, as awe/livejasmine appears to be used quite extensively. You'd end up potentially listing a lot of sources sites.

Re: AWEmpire Promo Tool bypasses NoScript and hard to block

Posted: Tue Jan 05, 2010 4:34 pm
by Giorgio Maone
therube wrote:OK that works.
So it is not the site where the popunder is hosted (awe) or links to (livejasmine), but the site of the page that is hosting the clip (xxhost.com).
Unfortunately yes, because the script producing the popunder is embedded in the page itself, rather than being loaded from awempire.com.
However, if you don't mind a sub-millisecond overhead, you can put every http site as a source:

Code: Select all

@^http:
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited