So what happened with this? By the time I went to bed everyone was shitting themselves...

So what happened with this? By the time I went to bed everyone was shitting themselves. Did you guys ever figure out what the fuck ekansovi is?

Other urls found in this thread:

reddit.com/r/technology/comments/3lw2g6/imgur_is_being_used_to_create_a_botnet_and_ddos/
github.com/gorhill/uBO-Extra/wiki/Sites-on-which-uBO-Extra-is-useful
twitter.com/NSFWRedditVideo

botnet

Is this some kind of Sup Forums x shit? I've never seen that domain on here before

It's a 1x1 image that tracks you.

Pretty sure some people without Sup Forums X were getting it as well
I think it only shows up on certain boards like Sup Forums

i have it right now on Sup Forums with 4chanx

just checked and i do as well

i use appchan x and i don't get it on Sup Forums. can't be bothered to try other boards.

even with 4chanx disabled i still have it
i don't know what is it but i blocked it with ublock origin and umatrix

If this whole thing blows over, which I hope to god it does, I'll have learned to never express overly Sup Forums or /r9k/ -tier views here again. Even if only ironically.

Yeah I'm fucked if it's what people are making it out to be

EVERYTHING I HAVE EVER POSTED ON THIS WEBSITE WAS IRONIC AND DOES NOT REFLECT MY REAL LIFE VIEWS OR BELIEFS. I WAS MERELY "TROLLING"

I wonder if this is one of those botnets that stick themselves into your browser's cache like what happened to imgur a few years back.

reddit.com/r/technology/comments/3lw2g6/imgur_is_being_used_to_create_a_botnet_and_ddos/

THIS DESU

this. i actually LOVE blacks and jews. they have such nice cultures

Why can't I block this in uBlock Origin?
No matter how much I block it, it still appears in the logger when I refresh the page.

doesn't the red thing on the left mean it's blocked

>I think it only shows up on certain boards like Sup Forums
It's blue boards, I think.

jej

works on my machine

I think it's working now.
Odd.

What are people making it out to be?

Sup Forums isn't a blue board and it shows on Sup Forums for me

You guys have tried clearing ALL of your temporary internet files right? Clear the ones from IE and Flash and of course clear the ones from your primary browser.

logging your posts with your IP to tie them to your name

why would Sup Forums need separate domain to do that?

Nothing. You retards are infected with some botnet shit!

It's blue boards + Sup Forums afaik.

it wouldn't be Sup Forums doing it, presumably
it's another company using an exploit

ITT: Tinfoil hats, its just another ad-thing, they cannot do shit with ad-info they gather from me because I don't buy shit I don't need or that its on fucking internet ads of all places.

Well it DOES save a cookie to uniquely identify you.

Check for ekansovi in your cookies, that's were I found it.

Click on "+All"

pls no bully

Yeah, but how did it get here?

Clearly an admin has put it there - why

ekans is backwards for snake
Coincidence?

...

>Not using self destructing cookies

I think every cloudflare server does that

Done. Nothing.

if i'm infected i should have it for every site i visit, but i have it only on Sup Forums

Still don't have this.

Weird
I have Sup Forums X and OneeChan installed btw.

What country are you located in? I'm on a fresh windows install(literally within the last 24 hrs) and have it. I'm in the US.
If it really is another ad service, has it been spotted on any other websites?

What are we doing now? Is it still safe to post?
How can they tie your IP with your name?
What other risks are we dealing with?

Maybe that's why? I only have these extensions

It's the NSA

EVERYTHING I HAVE EVER POSTED ON THIS WEBSITE WAS IRONIC AND DOES NOT REFLECT MY REAL LIFE VIEWS OR BELIEFS. I WAS MERELY JOKING

Ovi means EGG SNAKES LAY EGGS

Browser cookies are basically website eggs! Your computer will hatch into a snake and EAT your data and privacy and genitals!

check the ub log "behind the scene" for websockets

Money, duh

Ukraine

Same for me. Does that mean that I am safe?

Compromised ad network is a more likely explanation. Doesn't seem to be a part of Sup Forums x, I searched for the url in the code and it turned up nothing.

FUCK

Nothing

just check where else your IP has logged in
it's not complicated bud

Like it can't be obfuscated in any way.
Odd, anyone outside of the US/ have this?

You have to select "behind the scene" and browse Sup Forums for a bit.

If I use private browsing mode and self destructing cookies as well as block it in noscript am I safe?

i'm in Italy

It's not all bad, user O3o

:)

Weird.
When I load the page Sup Forums x removes the script that makes the websocket thing work.
It tries to load then gets rekt.

I'm seeing it now in the "behind-the-scenes" view on ublock. ublock sees it but it seems to be incapable of blocking it for some reason.

I think you have to delete the behind-the-scene entry from the whitelist. Then it blocks it.

No it wont block it just like that.

Confirmed for me at least.

Deleting behind-the-scene from the whitelist and then adding

||ekansovi.com$domain=Sup Forums.org
||a.ekansovi.com/wsm$websocket,domain=behind-the-scene

to the filters worked for me.

You can use
||$websocket

to block all future attempts at using websockets like this.

>Deleting behind-the-scene from the whitelist
Will make uBlock Origin unable to update the filterlists. Don't suggest this to anyone.

it's ad tracking

Are you sure? The update seems to work fine. How can we block it then?

We hack it.

Shouldn't you be able to do the "even if whitelisted" thing?

>Are you sure?
Yes. It's on gorhill's github described.

>How can we block it then?
0.0.0.0 ekansovi.com
in your hosts file.

>ad.doubleclick.net
why is that allowed on mine? i have nearly all the filters activated, even the hosts files

Has anybody actually bothered to find out what script actually tries to set up the websocket and what it tries to transfer?

>why is that allowed on mine?
Because of this. It's there I assume it breaks something, You can create a rule:
* doubleclick.net * block
to block it.

Firefox has a websockets inspector plugin that you could use. I'd try to figure it out but I don't have this

uMatrix does it automatically

>Because of this
Silly, I forgot to attatch image

has anyone actually looked at the site yet?

Even if this is some bullshit ad fuckery, it made me realise I let my guard down.

uMatrix 4lyfe - reminds me of NoScript for Firefox, only less shitty, and easier to use

also don't use chrome, use iridium

am i safe

Best way to check to be 100% sure:

Go to Settings>Advanced Settings>Privacy>Content Settings>All Cookies and Site Data

Search for "ekansovi"

chanpink doesn't have this problem

It's not working. I tried to block it dynamically but it failed too.

So, uh, there's a bunch of obfuscated javascript at the top of every page that's opening the websocket.

>not stealing your neighbors Wi-Fi for Sup Forums usage
lol
enjoy having your racist/sexist virginal shitposts exposed if you or your family ever become of interest

So is this just some ad tracking garbage that tinfoil hats are sperging over or something to actually he concerned about

wtf is chanpink?

both arent good desu senpai

i have this showing up on ublock, but no cookie? also running pi-hole

I'd prefer ad tracking over potential employers and family reading my shitposts

uMatrix blocks websockets, at least in Firefox (in Chrom{e,ium} there's a need to add an uBlock companion to fix websockets)
>>github.com/gorhill/uBO-Extra/wiki/Sites-on-which-uBO-Extra-is-useful
and I never investigated what's the situation for uMatrix but I'd guess that it can't fix websockets there

Cookies/Dom Storage cleaned, no occurrences of this ekans stored anywhere (and I'm a GNU/Linux turboautist) still ekansovi strives to sneak in

Do we have any official word on this?

>
it never ends, does it ?

b.u and b.a look like they're the functions for decoding obfuscated strings

I got it with uMatrix. Only wants to runs 1 script and XHR.

OP here. I got it as well
I'm more worried about what it was, though