#48 Research: How to circumvent Antiadbuster?

3.2
closed-works-for-me
Research (4)
5
2003-03-15
2002-09-03
Jamie Zawinski
No

privoxy-2.9.20-1
Red Hat 7.2, Linux 2.4.9-13smp
Mozilla 1.1b

Go to http://www.cdcovers.cc/ and click on "Covers"
(linked to http://www.cdcovers.cc/covers.php )
it redirects you to
http://www.cdcovers.cc/adbust/aab_result.php
which is a blank document.

Apparently this assinine site is detecting that privoxy
is in use, and trying to redirect to an error page
(then failing.)

I've tried using these settings for this site:

-crunch-incoming-cookies
-crunch-outgoing-cookies
-hide-referrer
-prevent-compression
+session-cookies-only

and it doesn't help.

Thought you guys might be interested in figuring out
what games they're playing and circumventing them...
If it becomes common for sites to detect and disable
privoxy, it will certainly undermine its usefulness!

Discussion

1 2 > >> (Page 1 of 2)
  • Logged In: YES
    user_id=78811

    Hi Jamie,

    have just tried the site with 2.9.20 and 3.0.0 (stock config),
    Mozilla 1.0rc1 on Linux 2.4.19 and couldn't reproduce your
    problem, so I guess they're not detecting the use of Privoxy
    as such (which would strike me as flattering, just one week
    after our first public release!).

    It might be that your config has a different combination of
    actions (or was the list exhaustive?), or that you are blocking
    more banners/webbugs from this site than the stock config
    does, and some script detects that you only request the content
    without eating the junk.

    To investigate that, it would be very helpful if you could
    attach a log excerpt from a failed session with
    cdcovers.cc and the output of http://p.p/show-url-info/
    for http://www.cdcovers.cc/.

    TIA,
    --Andreas

     
    • assigned_to: nobody --> oes
    • status: open --> open-works-for-me
     
  • Hal Burgiss
    Hal Burgiss
    2002-09-03

    Logged In: YES
    user_id=322640

    The first time I clicked through to 'Covers', I got a blank
    page. ??? Repeated efforts to reproduce have failed :( Even
    flushing caches. Stock configs.

    RH7.3, Mozilla 1.1 (final), Privoxy 3.0.0.

     
  • Logged In: YES
    user_id=595264

    It happened to me. I went to the site. Isaw that some ads
    weren't blocked. I reported and added to my user.actions
    {+block}:
    /images/tradedoubler/
    Then I clicked on Covers and got brought to
    http://www.cdcovers.cc/adbust/aab_result.php which contains:

    <form name=test method=post
    action='http://www.cdcovers.cc/adbust/aab_error.php'
    target=_top>
    <input type=hidden name=error value='adbuster'>
    <input type=hidden name=source value='/covers.php'>
    <input type=hidden name=aab_rand value=1608694168>
    </form><script
    language=JavaScript>document.test.submit();</script>

    I don't have enabled the log so this is copied from the
    Privoxy window:

    Sep 04 04:36:28 Privoxy(00002) Error: write to:
    hg1.hitbox.com failed: SOCEINVAL
    - Invalid argument.
    Sep 04 04:36:28 Privoxy(00002) Request:
    hg1.hitbox.com/HG?hc=wf135&cd=1&hv=6&ce=
    u&hb=WQ590828O6EB38EN0&n=/index.php crunch!
    Sep 04 04:36:28 Privoxy(00002) Error: write to:
    www.cdcovers.cc failed: SOCEINVA
    L - Invalid argument.
    Sep 04 04:36:28 Privoxy(00002) Request:
    www.cdcovers.cc/phpAdsNew/adview.php?wha
    t=zone:26&n=a299474a crunch!
    Sep 04 04:36:29 Privoxy(00002) Error: write to:
    www.cdcovers.cc failed: SOCEINVA
    L - Invalid argument.
    Sep 04 04:36:29 Privoxy(00002) Request:
    www.cdcovers.cc/phpAdsNew/adview.php?wha
    t=zone:25&n=ab48abff crunch!
    Sep 04 04:36:34 Privoxy(00006) Error: write modified content
    to client failed: S
    OCEINVAL - Invalid argument.
    Sep 04 04:37:18 Privoxy(00002) Request:
    www.oesterhelt.org/actions/step3.php
    Sep 04 04:39:01 Privoxy(00002) Request:
    www.cdcovers.cc/covers.php
    Sep 04 04:39:03 Privoxy(00002) Request:
    www.cdcovers.cc/adbust/aab_javascript_ch
    eck.php?aab_rand=633087072%20marginwidth=0%20topmargin=0%20leftmargin=0%20margin
    height=0%20%20%20%3E%3C/FRAMESET%3E%3CNOFRAMES%3E%3CIFRAME%20width=1%20height=1%
    20framespacing=0%20SRC=
    Sep 04 04:39:03 Privoxy(00003) Request:
    www.cdcovers.cc/adbust/aab_adbuster_chec
    k.php?source=%2Fcovers.php&referer=http%3A%2F%2Fwww.cdcovers.cc%2F&aab_rand=9429
    08813
    Sep 04 04:39:05 Privoxy(00002) Request:
    www.cdcovers.cc/adbust/aab_result.php

    From show-url-info:
    Matches for http://www.cdcovers.cc/:

    In file: default.action View Edit
    {-add-header
    -block
    -crunch-incoming-cookies
    -crunch-outgoing-cookies
    +deanimate-gifs {last}
    -downgrade-http-version
    -fast-redirects
    -filter {frameset-borders}
    -filter {refresh-tags}
    -filter {img-reorder}
    -filter {banners-by-link}
    -filter {fun}
    -filter {shockwave-flash}
    -filter {js-events}
    -filter {crude-parental}
    +filter {js-annoyances}
    +filter {html-annoyances}
    +filter {webbugs}
    +filter {popups}
    +filter {banners-by-size}
    +filter {nimda}
    -handle-as-image
    +hide-forwarded-for-headers
    +hide-from-header {block}
    +hide-referrer {forge}
    -hide-user-agent
    -kill-popups
    -limit-connect
    +prevent-compression
    -send-vanilla-wafer
    -send-wafer
    +session-cookies-only
    +set-image-blocker {pattern} }
    /
    In file: user.action View Edit
    {-deanimate-gifs
    +fast-redirects
    +filter {img-reorder}
    +filter {frameset-borders}
    +set-image-blocker
    {http://config.privoxy.org/send-banner?type=pattern} }
    /

    Privoxy 3.0.0 on OS/2 with Mozilla 1.1, JavaScript enabled.

     
  • Logged In: YES
    user_id=595264

    Interesting. I go back to the first page and it is blank. I
    reload and click on Covers and I can get there.

     
  • Logged In: YES
    user_id=595264

    http://www.cdcovers.cc/faq.php

    Q: I can't access the site/I'm getting the antiadbuster
    error page. What's wrong ?
    A: Running this site costs money, a lot of money. The only
    reason we can offer this service free of charge is because
    of our advertisers who pay the bills by displaying banners
    and a reasonable amount of popups on the site. We have
    recently discovered that many users are using ad/popup
    blockers on this site - I guess for some people free isn't
    free enough. We could have changed this site into
    ad-free/fee based site but we prefer to let the advertisers
    pay the bills and let you keep your money.

    There are several factors that must be enabled in order to
    access the site:
    Cookies
    Make sure you accept cookies and your security and privacy
    settings in Internet Explorer are both set to default
    (medium). Some personal firewalls such as Norton Internet
    Security and Zonealarm have an option to block cookies, make
    sure this option is not enabled.

    Ad/Popup Blocking
    We are using software on this site to prevent people with ad
    blockers from downloading covers. We are able to provide you
    this service for free only because our sponsors cover the
    server costs by displaying banners and popups. You must
    disable your ad/popup blocker in order to view pages. Again,
    this feature comes built in with some firewall and antivirus
    software such as Norton Internet Security and Zonealarm.
    There is a good chance this feature is enabled by default
    without your knowledge so check your software and disable
    this feature. Latest versions of Opera and Netscape has this
    feature as well so make sure its not enabled.
    * please note that you don't have to shut down your
    antivirus or firewall, just disable the ad blocking feature
    (which has nothing to do with either viruses or security).

    Non Standard Browsers
    Officially only Internet Explorer version 5.5 and above and
    Netscape 6 and above are supported on this site. We haven't
    tested the site with other browsers so they may or may not
    work. In any case, if you have one of those non standard
    browsers such as AOL or Earthlink or even the built in
    browser inside coverXP, you might want to try one of the
    standard browsers to access the site.

    If the problem is not solved, please read our bug report
    forum and most chances that you will find an answer there.
    If for can't find an answer there and decide to Email us,
    please make sure to include a copy of what you are getting
    when loading our test page. Emails without this info will be
    ignored.

     
  • Hal Burgiss
    Hal Burgiss
    2002-09-04

    Logged In: YES
    user_id=322640

    David, very interesting stuff! The gauntlet is thrown. But,
    sadly (sort of :), I have no problems. Using default
    configs, I see no ads, banners, or popups, and all the pages
    there seem to work fine. Thier system is flawed, to a point
    anyway. It would be interesting to know why we are getting
    different results, and all using mozilla.

     
  • Logged In: YES
    user_id=78811

    Turning into developer todo.

     
    • labels: 340250 -->
    • milestone: 123037 -->
    • assigned_to: oes --> nobody
    • summary: insufficiently stealth: cdcovers.cc --> Research: How to circumvent "adbust"?
     
    • labels: --> Research
    • milestone: --> 3.2
    • summary: Research: How to circumvent "adbust"? --> Research: How to circumvent "adbust"?
     
1 2 > >> (Page 1 of 2)