Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Subscribe to our newsletter

Advertise on LowEndTalk.com

Latest LowEndBox Offers

    Indonesian ISP injecting javascript to my browser
    New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

    Indonesian ISP injecting javascript to my browser

    thsigitthsigit Member
    edited December 2014 in Help

    As I write this post, when I look at the source of this page (or any other pages that are not using SSL), by the end of the page I will find this code:

    http://prntscr.com/5hsif7 (screenshot)

    This script is inserted by my ISP provider (TelkomSpeedy) each time they find tag on the page.

    A solution would be to use SSL (#1), but I have a number of sites that I built for me and my clients and this won't be cost-effective. Another solution would be using Universal SSL from CloudFlare, which is free (#2). A hackish solution would be to put <!-- before the </body> tag (#3).

    I was going to send a ticket to my hosting provider, asking if they know what to do about this, and later decided that I won't take up resources on their ticketing system.

    Some notes:

    1. Put 127.0.01 into my computer's /etc/hosts to suspected FQDN did not work. Also I would need something server side, because my local clients might not be able to reproduce this trick on their own computers.

    2. Ad Block Plus doesn't help

    3. Block the IPs of my ISP proxy from my web server doesn't help --or probably I didn't find the correct one, yet.

    4. Yes, I am moving away from this ISP (TelkomSpeedy from Indonesia) by the end of this month, but this won't help my local customer as well. I fear that they will find the websites that I build will take more time to load or the layout is broken (the injecting script uses visibility:hidden in CSS before, now they put display:none so it doesn't mess with layout)

    So I am asking the experts in this forum, does anyone happen to know any work around for this? Also, are there any Indonesian TelkomSpeedy users here experiencing the same?

    Thanks.

    Comments

    • said: does anyone happen to know any work around for this?

      Buy a small VPS abroad (Singapore should work well for you), set up some VPN such as OpenVPN or Tinc, install Squid proxy on the VPS, then do all your browsing via the proxy.

      Thanked by 1ehab
    • haha , so do we in CHINA

    • Hmm, I wonder why do they do it?

    • rm_rm_ Member
      edited December 2014

      c1bl said: I wonder why do they do it?

      Did you check the picture? Did you notice "push ad" in an URL in the inserted code? Do you still wonder? :D

    • Why not mail/ring them and ask them why they are doing it?

      I would go with what @_rm said, at least until my new ISP is live.

      Taking a hiatus.

    • @rm_ said:
      Did you check the picture? Did you notice "push ad" in an URL in the inserted code? Do you still wonder? :D

      Yes, I still wonder why do they do it....

      IMO it's so stupid action, customers will move away from them.

    • tommytommy Member
      edited December 2014

      use dnscrypt and all of these crap will gone forever.

      c1bl said: Yes, I still wonder why do they do it....

      IMO it's so stupid action, customers will move away from them.

      if you search something that nonexist or blocked by their crappy dns system, they will redirect you to website full of ads and generate more money for their piggy pocket. Customer won't move, because we don't have many ISP here.

      Let's bet which dot-name will collapse first ;)

    • Yeahh, there is f*ckin provider in Indonesia just like sapidi :(

      If you're using windows, the solution is by adding this

      127.0.0.1 cfs.u-ad.info

      to

      C:\WINDOWS\system32\drivers\etc\hosts then reload your browser, it should be removed soon :D

    • Install DNSCrypt from opendns.com.

      ..:: Kloxo-MR - hosting and forum ::..

    • @arest said:
      Yeahh, there is f*ckin provider in Indonesia just like sapidi :(

      If you're using windows, the solution is by adding this

      127.0.0.1 cfs.u-ad.info

      to

      C:\WINDOWS\system32\drivers\etc\hosts then reload your browser, it should be removed soon :D

      it's works for me.. you save my live. thx

    • Sapidi is going to die, no?

      Thanked by 1ehab

      Happy to be alive and kicking!

    • @arest nice find. I'll save it in case I need to use ;)

    • You can get unlimited free SSL from startssl.

      Thanked by 1thsigit
    • I use Sapidi unlimited 3 mbps (yes, 3 mbps, thats the fastest bandwidth that I can obtain for now) and never got this kind of adverts injection. :)

    • @linuxthefish said:
      You can get unlimited free SSL from startssl.

      Then send them to administrators of non-SSL websites you're going to visit ;)

    • thsigitthsigit Member
      edited December 2014

      @rm_ :Nope, VPN is not a solution, because my customers won't bother to see their websites through it.

      @arest: been there, tried that.

      I had put these lines earlier before into /etc/hosts on my Ubuntu machine, but no joy:

      127.0.0.1 a02.u-ad.info
      127.0.0.1 cfs.u-ad.info

      Haven't tried that on my Windows 7, though, but isn't it the same?

      @vRozenSch00n: Soon.

      @linuxthefish: Thanks! Forgot that one!

      @fazar: don't worry, it will come soon to your area. I learned about this since yesterday, but searching online I found 2 other blogs mentioning this from Dec 5 and Dec 15 (I have it since Dec 16)

      ===
      From a reader on my blog I ended up using a small javascript as a replacement for </body> tag, works a treat!

      <script type="text/javascript" src="data:text/javascript;base64,PC9ib2R5Pg=="></script>

      Looking at the source, it will show as it is, but using inspector on Firefox or Chrome, this mini script renders as </body> tag.

      Anyway, thanks for all your concern.

    • @thsigit I applied on my win7, but never used it in linux

      Thanked by 1thsigit
    • @thesigit thanks for the info. On the campaign linked there is only one result?

      Thanked by 1thsigit
    • JanevskiJanevski Member
      edited December 2014

      @thsigit Buy a VPS in a nearby datacenter which respects net neutrality, look for the lowest ping, then make a SSH tunnel or use OpenVPN for personal usage.
      https://openvpn.net/index.php/access-server/download-openvpn-as-sw.html
      Now You most likely can tunnel all the data through Your VPS, bypassing the ISP transparent proxy.

      The best solution is just not to use an ISP which doesn't respect user's privacy, plus to add insult to injury tampers the data. If people don't use them they won't have income. If they don't have income they won't be able to work, and if they want to stay on the market they will have to start respecting their customers.

      Up to some point i understand passive data gathering, but this looks like interception and tampering, done without a specific case, towards all the users, it's outrageous.

      PS: Among the other things, if needed You can use html pre tags on Vanilla Forums, so the code or other preformatted plain text won't get reformatted and scrambled.

      Thanked by 1thsigit

      You are dreaming. | And it's a nightmare. | THE SECRET THREAD | THE TRUTH | HAVES YOU SEEN THIS YURA?

    • Call your ISP and ask to opt-out. My ISP was doing nxdomain highjacking and I asked to be excluded from it. They complied with no grief.

      Thanked by 2thsigit Chuck
    • MelitaMelita Member, Provider
      edited December 2014

      Telkom Speedy is sadly the largest cable internet provider in Indonesia (owned by government), and it can reach any house in Indonesia with 250 million+ citizens as long as you have fixed telephone. In most areas, they are alone and having monopoly as cable provider.

      They use transparent DNS (any udp dpt 53 intercepted to use their own DNS) as well as transparent proxy (port 80, https not intercepted) to add javascript ads and block some sites which is having a pornographic content. Kinda works like China, but no political content blocked. Well, I do wonder why reddit and imgur also blocked.

      To bypass this as a single customer, the best solution is by using any type of VPN. Just buy any VPN / VPS located in Singapore / Hongkong.

      But if you want your website free from this script, best way might be to use SSL (cloudflare is free) or use HTML comments before body closure tag which you already mentioned.

      Thanked by 3thsigit NanoG6 Mark_R

      Currently work with IndoVirtue, selling US/Asia/Singapore KVM/OpenVZ SSD VPS and Dedicated Server.

    • rm_rm_ Member
      edited December 2014

      Melita said: But if you want your website free from this script, best way might be to use SSL (cloudflare is free) or use HTML comments before body closure tag which you already mentioned.

      Indeed the best way to prevent anyone tampering with what your visitors get when they open your website, is to use SSL. Aside from Cloudflare, you can get any number of free SSL certificates from StartSSL.

      Thanked by 1Janevski
    • MelitaMelita Member, Provider

      @rm_ said:
      Aside from Cloudflare, you can get any number of free SSL certificates from StartSSL.

      I am too lazy to renew StartSSL myself every year. At least we have one less yearly schedule if using Cloudflare SSL :)

      Thanked by 1rm_

      Currently work with IndoVirtue, selling US/Asia/Singapore KVM/OpenVZ SSD VPS and Dedicated Server.

    • Ads injection seems to be the new "trend" within ISPs in Indonesia.

      XL Axiata seems to be doing it worse by injecting interstitial ads before showing the requested webpages. The company president justified that he invested in the network and infrastructure, but the Over The Top providers are the ones who reaps the profits, like Google that shows paid advertisements in search pages.

      I'm here to collect your heart

    • rm_rm_ Member
      edited December 2014

      Melita said: I am too lazy to renew StartSSL myself every year.

      Haha, same here. It's a bit of a hassle to renew with them. Hopefully it's about the last time we needed to do that, as https://letsencrypt.org/ launches next year.

      Thanked by 1ehab
    • JanevskiJanevski Member
      edited December 2014

      rm_ said: Indeed the best way to prevent anyone tampering with what your visitors get when they open your website, is to use SSL. Aside from Cloudflare, you can get any number of free SSL certificates from StartSSL

      I agree, if a specific HTTPS URL is provided this should work like a charm, however, if the web site is just typed into the browser, most browsers are going to visit the HTTP destination first and if they receive HTTP 3XX redirect (or HTML meta redirect) they are going to continue, in this case towards HTTPS. Therefore as long as the initial contact is in plain text the displayed site contents towards the end user could still be easily manipulated. Most likely instead of 3XX it's going to receive a crafted 200 with injected js, html iframes etc.

      You are dreaming. | And it's a nightmare. | THE SECRET THREAD | THE TRUTH | HAVES YOU SEEN THIS YURA?

    • thsigitthsigit Member
      edited December 2014

      @utama: that's my campaign, yes. If you face the same issue, please write on your own website/blog and join the campaign. I will urge some people at another channel to join too. Thanks!

      @Janevski: I can do that, but I can't ask my local customers (I build websites) to do the same. Also, a simple VPN will do good, but I am afraid this will beyond my customers' (and their clients) interests.

      @joereid: been with them for years .. And they started this too late in my country. I will stop subscription with them by the end of the month, anyway. But I didn't know the same issue with XL Axiata (another ID ISP) until @DalComp mentioned it, though.

      @Melita: indeed, SSL is the best solution. Domain is in the process of moving to a new registrat, so I would wait. The base64 script I created above will temporarily take care of the problem.

      @rm_ didn't know about https://letsencrypt.org/, so thanks for the info!

    • Looks like I will consider moving to https early next year. Wildcard SSL still expensive though, I need it for the CDN (using MaxCDN).

      I will write about it on my blog. Even though I never see any injected ads from speedy but the prospect is alarming. Is AdBlock can block this? I use it all time and maybe this is the reason I never saw it.

      Thanked by 1thsigit
    • timnboystimnboys Member
      edited December 2014

      Hello I can tell you I bought a $20 a year wildcard ssl from one of the members here in let. It had it in his signature a link to it. and it was way cheaper than paying the ssl provider directly.
      Maybe you can find him and find his link to order it as it would be better and cheap and a wildcard ssl than trying to do multiple ssl from startssl.

      CubeData FraudRecord Module: https://cubedata.net/fraudrecord OpenNebula module: https://cubedata.net/opennebula now for blesta & whmcs

    • Interesting, here what I got from http://telkomspeedy.com/product-description

      *** Seluruh paket dapat disisipi advertising 

      Man, I should go to other provider. :(

      Thanked by 1thsigit
    • You know, this just makes me appreciate my $56/mo 5M internet a bit more.

      Devops Consultant | GitHub

    • thsigitthsigit Member
      edited December 2014

      @utama: nope, Adblock doesn't help. I installed it last night and the script injection is still showing on this forum source page. The only way to get rid of it from your browser is using VPN, I got a cheap one from vpn.sh here. And if you manage websites, you would need to insert that code I created above (it is simply a base64 version of < / body > tag)

      fazar said: *** Seluruh paket dapat disisipi advertising

      hmmmm thanks for that, I am taking a screenshot of it.

      @StartledPhoenix: mine is ca. $30/mo and only 1M/512kb download/upload :(

    • thanks for the tip @thsigit

      this is a noob question: is that code can be inserted in wordpress?

      i got 1MB for 19$/m

    • ALinuxNinjaALinuxNinja Member
      edited December 2014

      @thsigit said:
      utama: nope, Adblock doesn't help. I installed it last night and the script injection is still showing on this forum source page. The only way to get rid of it from your browser is using VPN, I got a cheap one from vpn.sh here. And if you manage websites, you would need to insert that code I created above (it is simply a base64 version of < / body > tag)

      D: Yikes

      Others are not as lucky in my neighborhood. These are the non-grandfathered plans that they created a year after we signed up.
      Whoever the crap can use less than 40G/mo is insane (unlimited is avaliable for an extra $50/mo). I sure can't.

      And for cable...

      I am going to be very upset if they start dropping grandfathered plans since its a Bell/Rogers monopoly.

      Devops Consultant | GitHub

    • thsigitthsigit Member
      edited December 2014

      @utama: Aren't we all noobs, at some points. So, no such things as noob questions.

      Feel free to check this screenshot, how to apply it on footer.php of a Wordpress theme:

      http://prntscr.com/5i22ua

      Basically, put the little script above on any template that will output < / body > < / html > tag, to replace body closing tag. So it can be, e.g., page.tpl.php on Drupal.

      @StartledPhoenix: you might be surprised that my 1MB/512kb connection is NOT among the slowest plan in here (relatively) :)

      edit: but that is extremely expensive the options you have in there!

    • Get your new president to do something about it.

      He looks like "i-will-change-everything-wrong-in-Indonesia" kinda guy.

      Thanked by 1thsigit

      vpsdash.com - Tips and tricks in life, information and technology news to get things done

    • thsigitthsigit Member
      edited December 2014

      unfortunately there are many things went wrong here in the yester-years. Hopefully fixing past mistakes will not create new wrong doings, tho. Fortunately am not a politician, so whatever will be, will be.

    • Setting up a VPN to use is probably the best idea, there are plenty of tutorials out there if you need them such as @Nyr's one here: https://github.com/Nyr/openvpn-install

      Thanked by 1Nyr

      This signature wasted 121 bytes of your data allocation.

      https://nixstats.com/report/56b53d6465689e44598b4567

    • rokokrokok Member
      edited December 2014

      lol dont upload to imgur, Indonesian ISP block it ;p (stupid pornography reason)

      most major ISP 'intercept' DNS, check dnsleaktest https://www.dnsleaktest.com/

      first media subscriber still can use openic or level3 DNS

      http://pcsupport.about.com/od/tipstricks/a/free-public-dns-servers.htm

      use VPN :)

      Thanked by 1linuxthefish

      CEO of PT. Rokok Kopi Internet Tidur Tbk.

    • Sadly, 9 of 11 my Friend's Adsense account has disable cause another ads beside adsense :( this because Sapidi sucks..

    • @Ndha said:
      Sadly, 9 of 11 my Friend's Adsense account has disable cause another ads beside adsense :( this because Sapidi sucks..

      that is not exactly correct. Adsense do support another ad network in one page: https://support.google.com/adsense/answer/9728?hl=en

      but you must be sure that the placement is adhering to the guidelines: https://support.google.com/adsense/answer/1346295#Placing_Google_ads_on_the_same_page_with_other_ads

      thus i can only say that the injection ad by speedy is still probably the cause but there maybe another reasons.

      Thanked by 1Ndha
    • VPN, Remote Desktop, Proxy with forced SSL. All of them should do it.

      ¦ x64Dash ¦

    • Have signed the petition just now.. :)

    • signed it too (and share it), lucky me stop speedy services 2 years ago

    • what about using a different dns? such as google's? not sure if it would make a difference or not but its a suggestion.

    • utamautama Member
      edited December 2014

      telkom uses transparent dns proxy, so changing dns server will do nothing unfortunately.

    Sign In or Register to comment.