[nSLUG] Annoying Eastlink Notices

Daniel AJ Sokolov daniel at falco.ca
Sun Feb 28 01:01:49 AST 2016


I've just figured it out, and they do as Gurjeet says: live JavaScript
injection.

http://24.222.0.93/dyn/bg/Movable_Copyright_Eastlink_v2/index.js?

If I understand this correctly (and I'm not an expert), they load
the abovereferenced javascript which changes the URL displayed in the
browser to the URL of the original webpage, creates an iFrame, and
finally adds HTML-code to the original HTML-page. This puts the text and
link into the iFrame.

I guess that it also checks the OS and does not insert the "notice" on
Android and maybe other mobile OS.

I do not use Citywide's DNS. For my testing, I've used Google's DNS.

Yes, I can get around by using VPN and https. Thank you, Gurjeet.

This is nasty.
Daniel AJ


On 2016-02-28 12:30 AM, Gurjeet Clair wrote:
> If its city wides DNS you are using , it could be that is still fed by
> eastlink upstream. I'd start with a switch to googles DNS. However I'm
> fairly certain they are doing live http JavaScript injection. I'm going to
> guess its AdPhonso . You can get around this with VPN or use https
> everywhere. https://www.eff.org/HTTPS-EVERYWHERE
> 
> On Sat, Feb 27, 2016 at 6:49 PM, Daniel AJ Sokolov <daniel at falco.ca> wrote:
> 
>> On 2016-02-27 at 18:32, Evan Lowry wrote:
>>> https://en.wikipedia.org/wiki/DNS_hijacking
>>>
>>> I'm fairly certain, unless they've changed tactics.
>>
>> That's what I've found mentioned online, but I do not use the Eastlink
>> DNS. So it has to be something different.
>>
>> BR
>> Daniel AJ
>>
>>>
>>> On Sat, Feb 27, 2016 at 6:29 PM, Daniel AJ Sokolov <daniel at falco.ca
>>> <mailto:daniel at falco.ca>> wrote:
>>>
>>>     Hello,
>>>
>>>     this week, Eastlink has started to bombard me with copyright
>>>     infringement notices under the "Notice and Notice"-regime of the
>>>     Copyright Act.
>>>
>>>     However, they do not send emails. Rather, they insert these notices
>> into
>>>     (seemingly) random websites. It doesn't stop and blocks parts of the
>>>     pages.
>>>
>>>     How do they do that? I can't find it in the source code.
>>>
>>>     I am not even a direct Eastlink customer, but a customer of their
>>>     reseller Citywide Communications.
>>>
>>>     TNX
>>>     Daniel AJ
>>>
>>>     PS: Needless to say, I did not infringe the Copyright. It is a scam
>> by
>>>     purported Copyright holders who want to bully us into paying
>>>     "settlements".
>>>     _______________________________________________
>>>     nSLUG mailing list
>>>     nSLUG at nslug.ns.ca <mailto:nSLUG at nslug.ns.ca>
>>>     http://nslug.ns.ca/mailman/listinfo/nslug
>>>
>>>
>>>
>>>
>>> --
>>> Evan Lowry
>>> CTO, PitchPlay Inc (https://pitchplay.io)
>>> 902.403.5244
>>> www.exitiumonline.com <http://www.exitiumonline.com> |
>>> https://github.com/Lykathia
>>>
>>>
>>> _______________________________________________
>>> nSLUG mailing list
>>> nSLUG at nslug.ns.ca
>>> http://nslug.ns.ca/mailman/listinfo/nslug
>>>
>>
>> _______________________________________________
>> nSLUG mailing list
>> nSLUG at nslug.ns.ca
>> http://nslug.ns.ca/mailman/listinfo/nslug
>>
> 
> 
> 
> _______________________________________________
> nSLUG mailing list
> nSLUG at nslug.ns.ca
> http://nslug.ns.ca/mailman/listinfo/nslug
> 


More information about the nSLUG mailing list