Advice Request uBlock, I exfiltrate: exploiting ad blockers with CSS

Please provide comments and solutions that are helpful to the author of this topic.

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
Makes sense. And when I hover over the placeholder, nothing happens, so the ad - at least in my very limited technical understanding - seems to be blocked.
Indeed, it's blocked. Cosmetic filtering simply integrates the web page with the blocking --> no empty placeholders. I've always diabled globally without issues.
 
L

Local Host

Because the whole purpose of uBlock Origin is to offer user choice - besides, it does not completely disable uBo, it just means that elements won't be hidden (so the page looks bad & some ads will get through)

Anything using Cloudfare - also, injecting a scriptlet into all websites (even any scriptlet) has many problems & is recommended against by @gorhill

Not equivalent - those versions main advantage is used on uBo/AG specific syntax, which EL doesn't. They are designed to work together. Feel free to ask Gorhill and see if he agrees
This is false, Adguard Base Filter already includes an optimized list of EasyList rules, there's no benefit whasoever in using it with Easylist (if anything there's only drawbacks).

Gorhill opinion on it is irrelevant, cause you can't argue with facts.
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Adguard Base Filter already includes an optimized list of EasyList rules, there's no benefit whasoever in using it with Easylist
Actually, that's how it initially started, but since then a lot has changed. Adguard creates their filters keeping their own products in mind and certain Adguard filters may not work on uBlock Origin while the same won't be the case for EasyList.
thehackernews website was showing an ad on uBlock Origin with all Adguard's filters enabled. The ad were not showing in Adguard's own extension and uBlock Origin with EasyList filters. The particular ad was blocked on Adgaurd with an AG specific rule which is not supported by uBlock Origin and EasyList was using ABP's rule to block that ad on uBlock Origin.
This happened more than a year ago, and I don't know what has changed since then, but this is just an example that using only Adgaurd's filters on uBlock Origin isn't a good idea. But like I said, I don't know how things have changed with uBlock Origin since then regarding supporting Adguard syntax and other things. I don't properly understand this either, so the expert @Kees1958 would know.
 
  • Like
Reactions: Nevi and oldschool

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
@SeriousHoax and @Local Host

The Adguard's own basefilter (in Adguard extension) already included Easylist. The base version in UBO has them excluded (to prevent overlap), that is why I advised (for use in uBO extension) to add AdGuards (optimized) Easylist filter (same applies for tracking protection). So you are both right
Sorry, I have misread what @Local Host said. He said, using Adguard with EasyList in uBO won't be beneficial, not the other way around.
But yeah, your suggestion of using the optimized filter could add some benefits, if not many. Specially the tracking protection filter since it's build from scratch by Adguard.
 

iam-py-test

New Member
Dec 10, 2021
3
This is false, Adguard Base Filter already includes an optimized list of EasyList rules, there's no benefit whasoever in using it with Easylist (if anything there's only drawbacks).

The version in uBo doesn't contain Easylist - https://filters.adtidy.org/extension/ublock/filters/2_without_easylist.txt
Still telling not hiding something leaves you vulnerable to malware is sheer nonsense
1639248774178.png

Screenshot from the on-by-default uBlock badware list.
 

Attachments

  • 1639249131880.png
    1639249131880.png
    84.8 KB · Views: 121
  • 1639249151768.png
    1639249151768.png
    40.4 KB · Views: 112
Last edited:
  • HaHa
Reactions: ForgottenSeer 92963
F

ForgottenSeer 92963

@iam-py-test

I randomly tried 6 of the websites from your screenshot. It must be a reassuring feeling that 'download button place holders' and other risky stuff is hidden on websites which are inaccessible on HTTPS anyway. I don't know where you are living, but in western Europe 99.99% of the websites are encrypted now.

1639296155315.png

Maybe in your region there are still a lot insecure websites, so mileage may vary. Let's agree to disagree. I won't respond to post regarding this topic, not out of disrespect, but because everyone is entitled to have his/her own opinion and I rest my case.

Again you could ask @Evjl's Rain how effective the uBO blocklists are in his malware and phishing links tests. He posts his findings in this thread: Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings
 
Last edited by a moderator:

wat0114

Level 12
Verified
Top Poster
Well-known
Apr 5, 2021
551
@Kees1958 or for anyone who might know,

the original uBlock rule
Code:
! Block the use of eval javascript command bij using uBO's no-eval scriptlet on all websites
*##+js(noeval)

under My filters was blocking some data graphs on website www.cbc.ca. I changed it to com##+js(noeval) with the assumption this will only block on .com websites. Is this rule correct, or can I somehow disable this rule on selected sites? cbc.ca is fine now with this rule change.

Edit

actually I looked up on How to create your own ad filters here:


and came up with this rule: ~cbc.ca##+js(noeval)

which apparently does not apply the rule to a specific domain. This is like trying to learn another language for me. Not easy :unsure:
 
Last edited:
  • Like
Reactions: Nevi

71Hemi

Level 2
Verified
Dec 12, 2015
82
@Kees1958 - Hi Kees, I'm sorry to ask you this as it doesn't pertain to the current topic here as you could consider this hijacking of this thread which is not my intention as I don't want to be disrespectful to anybody here but I saw you were on here and I have no idea how to contact you in regards to a simple question of, where or how do I update this list you provided last year? The list is; Most prevalent advertising and tracking networks in Western Europe and North American websites based on annual web-tech surveys. - 4,361 used out of 4,362 - I understand if you don't reply and regardless, Merry Christmas and Happy New Year! Thank you for your time and consideration Kees!
 
F

ForgottenSeer 92963

Hi @71Hemi The list is available at github, it is intended to use with uBlockOrigin and AdGuard because they support the Top Level Domain/Country code wildcard (e.g. google.* for all google search country domains).

Use my list with the allow list of EasyList and EasyPrivacy to prevent false positives

For Youtube add LennyFox filters for uBlock or AdGuard to the mix

It is also recommended you add the Easylist for your country and AdGuard's URL Tracking parameter removal filter (these are default options in both uBlockOrigin and AdGuard filterlists tab). I have all other bocklists disabled in uBlockOrigin/AdGuard, but each to his own preferences. I have cosmetic filtering disabled globally and enabled it for youtube and the websites I blocked leftovers with the element picker.

Any missed ads on website you visit a lot, you can block with uBo's 'element picker' or Adguard's "block an add on this website' option. Above setup will block most advertising and tracking stuff with less rules (blocks 95% of uBO default with 5% of uBO's rules).

Since SecurityNightmares left the project I don't maintain the Host format anymore. Gerd Zelo was so kind to take this task over.
domains: https://raw.githubusercontent.com/Zelo72/rpi/master/pihole/blocklists/kees1958.txt
hosts: https://raw.githubusercontent.com/Zelo72/hosts/main/kees1958.txt

When you need more info PM me, so we don't hijack this thread anymore

1640165735999.png
 
Last edited by a moderator:

Zorro

Level 9
Verified
Well-known
Jun 11, 2019
404
If you use Noscript, it will solve the problem. Noscript settings have an unsafe CSS blocking option.
 
  • Like
Reactions: oldschool
F

ForgottenSeer 92963

@wat0114

I missed your question, I can't find documentation on this, so you could try this (or ask on reddit uBlock forum, AdGuard supports most uBO and ABP formats)
uBlock
option 1
*##+js(noeval)$domain=~cbc.ca

option2
[$domain=~cbc.ca]##+js(noeval)

option 3
*##+js(noeval)
@@cbc.ca##+js(noeval)

AdGuard
option 1
##+js(noeval)$domain=~cbc.ca

option2
[$domain=~cbc.ca]##+js(noeval)

option 3
##+js(noeval)
@@cbc.ca##+js(noeval)
 

wat0114

Level 12
Verified
Top Poster
Well-known
Apr 5, 2021
551
Hi Kees,

option 1 for uBlock seems to work. I guess this means I can disable the original rule with: !*##+js(noeval) ? Because if I keep it enabled, the option 1 exception rule has no effect. Thanks!

EDIT

Darn, I did some verification testing but none actually seem to work. I'll probably just disable the rule for now.
 
Last edited:
F

ForgottenSeer 92963

@ wat0114

Could you post the page wich it concerns on cbc.ca? I tried to find a page with statistics/graphs which were blocked, but could not find one. Even with my most restricted EDGE/uBO profile the graphs showed up with DataWrapper no-eval.

1641298006074.png

By the way my favorite places in Canada are Quebec ,Toronto and Vancouver (in that order, although Toronto is nearly ex-aequo with Quebec) :)
 
Last edited by a moderator:
  • Like
Reactions: wat0114

wat0114

Level 12
Verified
Top Poster
Well-known
Apr 5, 2021
551
@ wat0114

Could you post the page wich it concerns on cbc.ca? I tried to find a page with statistics/graphs which were blocked, but could not find one. Even with my most restricted EDGE/uBO profile the graphs showed up with DataWrapper no-eval.
Here is the link:


Just scroll down a bit to see the graphs. Here are examples of what happens with that filter disabled and enabled:

cbc graph unblocked.pngcbc graph blocked.png
Thanks Kees!

EDIT

just to reconfirm, this is the filter (currently shown as disabled) causing issues: !*##+js(noeval)
By the way my favorite places in Canada are Quebec ,Toronto and Vancouver (in that order, although Toronto is nearly ex-aequo with Quebec) :)
Then you won't like where I live :p
 
Last edited:
F

ForgottenSeer 92963

@wat0114

1. I can't get that work either (inject no-eval scriptlet does not has a domain exception), so you made the right decision to drop this rule

2. Well with Covid-lockdown in the Netherlands right now, it does not make much difference living in a big city of small village. I would rather live in a warmer climate, than the Netherlands (I am one of the few Dutch who have never skated or went on winter holiday to ski or snow board), so when you live in a remote village in Yukon, Saskatchewan or Nunavut you are probably right.
 

wat0114

Level 12
Verified
Top Poster
Well-known
Apr 5, 2021
551
@wat0114

1. I can't get that work either (inject no-eval scriptlet does not has a domain exception), so you made the right decision to drop this rule

Thanks Kees, I appreciate your help.
2. Well with Covid-lockdown in the Netherlands right now, it does not make much difference living in a big city of small village. I would rather live in a warmer climate, than the Netherlands (I am one of the few Dutch who have never skated or went on winter holiday to ski or snow board), so when you live in a remote village in Yukon, Saskatchewan or Nunavut you are probably right.
Yes, a warmer - much warmer - climate is what I need :D I'll bet you don't have to deal with this kind of cold:

weather.png

Time to hibernate. Time shows 7 hrs ahead. A Linux thing I guess.
 
Last edited:

Rustinco

New Member
Jan 8, 2022
1
Here is the link:


Just scroll down a bit to see the graphs. Here are examples of what happens with that filter disabled and enabled:

View attachment 263352View attachment 263353
Thanks Kees!

EDIT

just to reconfirm, this is the filter (currently shown as disabled) causing issues: !*##+js(noeval)

Then you won't like where I live :p
I found a way to make an exception of the no-eval filter, for your website add this line in My filters: datawrapper.dwcdn.*#@#+js(noeval)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top