patrick.net
An Antidote to Corporate Media
1,362,044 comments by 15,736 users - MolotovCocktail, Patrick, thenuttyneutron online now
This page is asking you to confirm that you want to leave...
2015 Mar 19, 4:27pm 2,530 views 6 comments
Comments 1 - 6 of 6 Search these comments
Tenpoundbass
2015 Mar 19, 4:54pm
I add that IP 000.000.000.0000 host rectod for every asshole site that pulls that shit.
I don't even want to accidentally hit them again.
Dan8267
2015 Mar 19, 7:13pm
Another annoyance common on the web today is clipboard hijacking. That's when you copy some text on a website and the website overwrites the clipboard. It could add, remove, or change the text being copied. It could also send the text copied to another server, a clear security hole. Remember that the next time you select and copy your bank account number or credit card number.
Anyway, I decided to write a script to stop the hijacking. It won't prevent nefarious code from intercepting and sending the contents, but it will prevent it from altering the contents like Tynt does.
Again, install Grease Monkey if you haven't already. Then add the following script. It's a bit more complex than the "onbeforeunload" blocker because there can be any number of copy event listeners. Also, I've implemented it as a self-executing function to prevent attacks against the script by Tynt. Its state data is effectively private.
Here's the code
// ==UserScript==
// @namespace http://javascript.about.com
// @author dan8267
// @name Clipboard Hijack Blocker
// @description Prevents clipboard hijacking.
// @include *
// ==/UserScript==var body = document.getElementsByTagName('body')[0];
var s = document.createElement('script');
s.setAttribute('type','text/javascript');s.innerHTML = "\
(function() \n\
{ \n\
var text = ''; \n\
\n\
document.addEventListener('copy', function() \n\
{ \n\
text = window.getSelection().toString(); \n\
}); \n\
\n\
window.setTimeout (function () \n\
{ \n\
document.addEventListener('copy', function() \n\
{ \n\
var div = document.createElement('div'); \n\
document.body.appendChild(div); \n\
div.innerHTML = text; \n\
window.getSelection().selectAllChildren(div); \n\
\n\
window.setTimeout(function () \n\
{ \n\
document.body.removeChild(div); \n\
}, 100); \n\
}); \n\
}, 1000); \n\
})();";body.appendChild(s);
Unfortunately, Patrick.net doesn't respect the pre tag, so the formatting is a bit off. So here's a fiddle of the script properly formatted for easy copy-n-paste.
If you want to test it, run this fiddle with and without the script.
Dan8267
2015 Mar 20, 8:14am
I add that IP 000.000.000.0000 host rectod for every asshole site that pulls that shit.
Here's a list of domains to block in your .hosts file. On Windows, that's the file \Windows\System32\drivers\etc\hosts
0.0.0.0 static.hupso.com
0.0.0.0 tcr.tynt.com
0.0.0.0 ic.tynt.com
0.0.0.0 de.tynt.com
0.0.0.0 tynt.com
0.0.0.0 b.scorecardresearch.com
0.0.0.0 sharethis.com
0.0.0.0 l.sharethis.com
0.0.0.0 seg.sharethis.com
0.0.0.0 w.sharethis.com
0.0.0.0 wd.sharethis.com
0.0.0.0 a.disquscnd.com
0.0.0.0 referrer.disquscnd.com
0.0.0.0 leadpages.net
0.0.0.0 my.leadpages.net
0.0.0.0 doubleclick.net
0.0.0.0 ad.doubleclick.net
0.0.0.0 ocsp2.globalsign.com
0.0.0.0 serving-sys.com
0.0.0.0 bs.serving-sys.com
0.0.0.0 scorecardresearch.com
0.0.0.0 b.scorecardresearch.com
0.0.0.0 adnxs.com
0.0.0.0 d.adnxs.com
0.0.0.0 secure.adnxs.com
0.0.0.0 burstnet.com
0.0.0.0 www.burstnet.com
0.0.0.0 rad.msn.com
0.0.0.0 c.bing.com
0.0.0.0 ocsp.entrust.net
0.0.0.0 secure-us.imrworldwide.com
0.0.0.0 global.fncstatic.com
0.0.0.0 widgets.outbrain.com
0.0.0.0 global.fncstatic.com
0.0.0.0 assets.tapad.com
0.0.0.0 tapestry.tapad.com
0.0.0.0 static.parsely.com
0.0.0.0 partner.googleadservices.com
0.0.0.0 adsonar.com
0.0.0.0 visualrevenue.com
0.0.0.0 scorecardresearch.com
0.0.0.0 googlesyndication.com
0.0.0.0 livefyre.com
0.0.0.0 demdex.net
0.0.0.0 moatads.com
0.0.0.0 ads.cnn.com
0.0.0.0 t.co
0.0.0.0 t1.visualrevenue.com
rooemoore
2015 Mar 20, 9:29am
Here ya go:
http://someonewhocares.org/hosts/ using 127.0.0.1
and the alternate 0.0.0.0 version can be found here: http://someonewhocares.org/hosts/zero/
Updated regularly.
Dan8267
2015 Mar 20, 9:53am
http://someonewhocares.org/hosts/ using 127.0.0.1
and the alternate 0.0.0.0 version can be found here: http://someonewhocares.org/hosts/zero/
I'd recommend using 0.0.0.0 instead of 127.0.0.1 for blocking domains. The all-zeros is an effective "drop the outgoing packet immediately" mechanism, not to be confused with opening a server socket at 0.0.0.0, which means listens to all network adapters. In contrast, 127.0.0.1 is the IPv4 localhost loopback, which will send your traffic to port 80 of your own network adapter. It's not a big deal, but using 0.0.0.0 won't result in any delays as the AJAX calls on the websites you visit will fail immediately rather than waiting for a timeout and potentially making the page load more slowly.
Actually, it's some asshole who wants to hold you captive and is making it a pain in the butt to leave their page. There is no legitimate reason to forcing a user to click such a dialog. It's like slapping someone in his face with your dick. It's just discourteous.
Thankfully, if you're running Firefox, there is a simple and easy way to never see that message again. Go to Tools/Add-Ons and install Grease Monkey. Then install this script.
To test that it works, go to W3Schools page on "onbeforeunload" and try to leave the page or click the link with this script enabled and disabled. The script works beautifully. It simply sets the event handler for the onbeforeunload page to an empty function. Clean, simple, elegant.