BSNL is inserting ads in websites, sending their users to malware sites through malware code injection

[rajujayaraman]

Hi, Please see these links.
I have shown the present open dns actual servers in routercheck
the actual dns of bsnl server on every connection, at present i have just erased the ip server no.of bsnl, but it shows green in the next figure, where i enclosed the general results page in routercheck.
The configured dns is shown as gateway ip, as router here acts as gateway.
These i enclose to show, that Bsnl may not have been hacked, but the web pages.It is only my assumption. From the artcle link i posted, it may be seen that all the http sites are vulnerable to attack by the js script writers.
If it is BSNL service, then they have to look in to their servers weakness and correct the problem.
How much entries you will add to the hosts file or router.
bsnlactualdns
resultsroutercheck

routercheck-actual-dns
Please see this link. airtel too has
Content Injection on Airtel Broadband | Airtel V-Fiber

 

[demberto]

Seems like this is a problem in India. If it would be a worldwide problem, there would be many posts about it on the net. This is not a DNS problem for sure. DNS is local. It is different for different ISPs. Other ISPs too have been affected, no idea why government is taking no step. Until then block those two URLs I mentioned earlier. After blocking them your issue is fixed for your router only. HTTPS websites need digital signed SSL certificates. This requires money. Hence not all websites are HTTPS. I don't care about bsnl just try my method and see the result

 

[rajujayaraman]

Hi, dem, did you read java script malware article in the link in the post before the previous .So only way is to ask every website owners to change it to https:
Do they charge some amount for changing to https website from http
the link decadecimal.com belongs to Amazon server as i posted
Just imagine , that you go to a http site, which is downloading stuff to your computer, without any click .
Just imagine that so much users of broadband has only admin.. and password as their gateway access.
Just that even time server inside the router is attacked by the third party.
so, no internet is the only solution to get rid of any such annoyance.
There will be intelligent persons who will find solution to this
Until then no solution in sight.
Your another suspicious link web details show that it is another amazon
anotheramazon

 

[demberto]

Using a VPN (Kaspersky Secure Connection), these redirections do not take place even when URL Filter is off. Don't blame it on website owners, not their fault either. Websites CANNOT access your router's configuration page. The IP 192.168.1.XXX is a local IP. If website tries that address it will redirect to the router/server page of its own server and not ours. Our router is not COMPROMISED.

 

[rajujayaraman]

Hi, did you see the link i just attached after your reply.
I am not blaming the website, but only the third party who just compromize all http sites.
Servers are just giving mechine language to direct you to the page.
The script is the culprit.
Did you notice that two of the random sites that you tried to diable in host file belongs to the Amazon servers.
I asked you how to add the websites in hosts file, please
where to add 127.0.0.1 and where to add the website name

 

[demberto]

Hosts method is same as URL Filter Method, but hosts method will only work for your PC. If you use your router's Internet for other device then hosts method will not work. Btw, URL Filter method is easy and u already know how to do it

Hosts Method :
1. Open CMD in Admin Mode.
2. Type cd drivers\etc . Press ENTER.
3. Type write hosts . Press ENTER.
4. Wordpad will open.
5. On a new line enter the entries as written in this image.
6. Save the file and close all Wordpad and CMD.

Use Tor Browser if you care too much of info being lost.

 

---

[Sushubh]

Do they charge some amount for changing to https website from http

https these days can be attained for free. let's encrypt has basically disrupted the entire industry. i am using let's encrypt here on this website.

the thing is that most people running http websites either do not have a good reason to switch or have no idea that https is a thing. i do not think i visit many http websites these days. things have changed a lot for the better in the last 2 years. but yeah, there are still tons of http websites out there and they are likely to remain for a long time to come.

 

[rajujayaraman]

Hi, admin, thanks for the tips. I was informed by cert in that this matter relates to local law agencies. I again replied to them that cert in is the proper authority for security related things. i have not received any reply from bsnl officials. i do not think law in the security matter and local authorities have nothing to do in internet service. i think.
Now the flash intrusion is more. When i open the web pages in android video shown in google pages automatically starts playing without you opt for play button like in youtube videos.

 

[tomatosmoothie]

This is just crazy, if BSNL is hacked, we need to get some official statement from them. It actually looks like someone in BSNL is allowing this to make some money via clicks on ads.

I found a script stopper for Firefox (NoScript Security Suite – Get this Extension for Firefox (en-US)) which helps but is not a solution. Hosts file changing seems the smartest atm.

Is there a way to block the scripts at the source as I am using a DD-WRT firmware based router, any advice on that would be great.

Update1:
Or if there is a way to only allow "https" and not open "http"

Update2:
Ad blocking with DD-WRT, follow this: Ad blocking - DD-WRT Wiki
An extensive hosts list for blocking ads: http://winhelp2002.mvps.org/hosts.txt

 

[demberto]

just block the two sites i mentioned earlier and use adblock plus extension in chrome/firefox.