Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something wrong with NoScript,sites allowing themselves


  • Please log in to reply
25 replies to this topic

#1 rp88

rp88

  • Members
  • 3,022 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:54 PM

Posted 30 March 2015 - 02:02 PM

There appears to be something wrong with NoScript. I usually have it set to by default block everything and then i temporarily allow certain sites when needed, today i visited several sites and found that domains such as

ajax.googleapis.com
googlesyndication.com

had allowed themselves. I also saw that domains such as

gstatic.com
google-analytics.com
buysellads.com

had changed the style of the text where you can click to allow and made it bold rather than the usual normla font size. Scarily this lot are mainly advertising related domains, although some (ajax and gstatic)are legitimate google domains used widely on many sites. Does anyone know what is going on here, It seems pretty creepy.

Can any other NoScript users visit sites such as (these were the two pages where i was browsing when I first noticed the phenomenon) http://www.blendswap.com/ and http://what-if.xkcd.com/ and tell me if they see the same thing with bolded text and some things allowing themselves? Has NoScript recently turned on some sort of whitelist (and a badly judged one if it allows advertising domains) for the domains which have either self-allowed or come up bold?
Thank You

Edited by rp88, 30 March 2015 - 02:04 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:05:54 PM

Posted 30 March 2015 - 02:13 PM

This will be of interest to you: Attention NoScript Users - Adblock Plus

Regards,
Alex

#3 rp88

rp88
  • Topic Starter

  • Members
  • 3,022 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:54 PM

Posted 30 March 2015 - 02:17 PM

How do i get at it's whitelist and cut the cr*p out of there. I'm at risk without NoScript and I can't let it allow advertists either.

EDIT: the adblockplus page seems old and links to what seems to be an apology by NoScript's developer, i think it indicates he stopped doing that, maybe i misinterpreted it though.

Edited by rp88, 30 March 2015 - 02:20 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:05:54 PM

Posted 30 March 2015 - 02:18 PM

How about using something like uBlock? It's a general purpose blocker which can block both ads and scripts.

#5 rp88

rp88
  • Topic Starter

  • Members
  • 3,022 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:54 PM

Posted 30 March 2015 - 02:33 PM

NoScript has worked properly in the past. What's happening now. It never gave me issues before. I looked at the whitelist under options-->whitelist and found some things listed(gravatar, pingdom, wp) (which i removed) but none of the concrning domains here were mentioned in that list.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:05:54 PM

Posted 30 March 2015 - 02:35 PM

They probably pulled the same thing as the Adblock Plus devs - whitelist certain non-intrusive ads and analytic services.

#7 rp88

rp88
  • Topic Starter

  • Members
  • 3,022 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:54 PM

Posted 30 March 2015 - 02:42 PM

Do you know where to find the whitelist, it must be stored somewhere on my computer in a folder somewhere. if i knew where it ws i could open it up and take out any sneakily hidden entries for those [insert expletive] advertising domains.

Could this have other causes as well as NoScript having gone rogue?

EDIT: the last time NoScript upadtes was march 21st, i didn't see this happen until today. Could something else on my computer be interfering in something to stop NoScript working properly?

Edited by rp88, 30 March 2015 - 02:46 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#8 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:05:54 PM

Posted 30 March 2015 - 02:48 PM

Since I don't use NoScript myself I'm not exactly sure, but if they followed Adblock Plus then there is no way to blacklist it.

Global Moderator quietman7 switched to Adblock Edge (ABP without the whitelist) after they pulled that.

Edited by Alexstrasza, 30 March 2015 - 02:49 PM.


#9 psloss

psloss

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 AM

Posted 30 March 2015 - 03:00 PM

Can any other NoScript users visit sites such as (these were the two pages where i was browsing when I first noticed the phenomenon) http://www.blendswap.com/ and http://what-if.xkcd.com/ and tell me if they see the same thing with bolded text and some things allowing themselves? Has NoScript recently turned on some sort of whitelist (and a badly judged one if it allows advertising domains) for the domains which have either self-allowed or come up bold?
Thank You

Unable to reproduce that behavior for those two sites; I tried NoScript 2.6.9.19 installed on basically new installs of FF 36.0.4 and PaleMoon x64 25.3.1.  Windows 7 Home Premium SP1 x64.  I removed all the domain whitelist entries (leaving behind about:, etc.) in the Whitelist tab of the NoScript Options dialog.  With NoScript as the only installed add-on, I opened both URLs in separate tabs and I didn't see any additional entries indicated in the aforementioned Whitelist tab or in the popup menu.

 

Edit: grammar.


Edited by psloss, 30 March 2015 - 03:16 PM.


#10 rp88

rp88
  • Topic Starter

  • Members
  • 3,022 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:54 PM

Posted 30 March 2015 - 03:05 PM

Thanks psloss, very strange, i have the same version and i see the two effects (boldening of the "allow example.com") and self-allowing of some google domains.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:54 PM

Posted 30 March 2015 - 05:58 PM

I don't use NoScript either. As Alex stated, uBlock is a general purpose blocker which can block both ads and scripts...that would be my recommendation.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 rp88

rp88
  • Topic Starter

  • Members
  • 3,022 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:54 PM

Posted 30 March 2015 - 07:05 PM

Has Noscript turned to dark tactics then? I read the article alexstrasza linked to and the articles it linked to and got the impression that all that business was over in 2009. this ublock program/extension/add-on you discuss, is it as powerful as noscript? what are it's differences?
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:54 PM

Posted 30 March 2015 - 07:23 PM

NoScript

...when you use NoScript, you’re breaking the Internet. Not only do you drag webpages 10 years into the past, but you prevent essential modern page components from loading – hit counters and such – which again, hurts our bottom line by not giving us an accurate picture of who visits our page; as well as obviously blocking ads. From a user perspective, you’re going to find a whole host of features that don’t work as expected.

 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 rp88

rp88
  • Topic Starter

  • Members
  • 3,022 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:54 PM

Posted 30 March 2015 - 07:36 PM

I don't mind those feature not working, if I need particular ones to then I allow scripts from particular sites then and there. As for the argument about adverts, the advertising industry will have to clean up it's act (as in utterly wipe out all the many malvertising attacks whwich we hear about daily) before I'll trust any ad network with anything at all. I see no reason I should risk being victim to a drive-by exploit attack because ad networks are unable to properly police the things they are showing, or because some sites get unfortunately compromised and start delivering malware to unsupecting visitors. I don't mind pages being "10 years in the past" because if I need them to be more modern I can allow scripts, but most of the time text and images is all one actually needs. I have seen before the page you refer to quietman, it sounds like it's author is trying to get people to infect themselves, I personally disagree with that article about as far as I possibly can.


I take it though that NoScript is still a trustworhty and effective means of doing what it is supposed to (that is blocking any scripts the user doesn't wish to allow), or has it been somehow compromised or turned against this goal?

Edited by rp88, 30 March 2015 - 07:38 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#15 rp88

rp88
  • Topic Starter

  • Members
  • 3,022 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:54 PM

Posted 31 March 2015 - 06:25 PM

I'm not sure exactly what went on here, but it seems to have stopped today, and after the most recent update of noscript (which happened today) it hasn't re-occured. It seems strange and unsettling that this happened, but I can't see any issues now. Nothing has self-allowed itself since the events I posted this about, and after some discussion on the NoScript forums I found that the bold text and some of the symbols I was seeing were normal, I must have just never noticed them before. I'll continue using NoScript for now, I beleive it is acting as a decent piece of protection, but I'll keep a watch for anything weird like this happening again. My "magic bullet" of a shield seems a little less protective, due to that short period of weirdness I experienced.

Edited by rp88, 31 March 2015 - 06:26 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users