BSNL is inserting ads in websites, sending their users to malware sites through malware code injection

[tomatosmoothie]

That would make sense if you are running one PC.

It wont be possible to block on Android and other devices as easily.

DD-WRT will block it via the source, at the router.

Javascript injection will use an if/else approach, if you block a few sites it's not going to stop the script from finding and executing sites that will load.

It's not as simple as it seems.

Just sharing thoughts!

 

[abbyck]

BSNL advt. Injection is a real thing. I've been experiencing it for the past couple of days.
I'm on an FTTH connection. Whenever I visit an HTTP only website I get a pop ups and redirect to Flipkart, some other random online portals, crapy advts. etc.

I could see a span element in those web pages. Nested inside is a script tag with an id attribute which appears to be some random collection of characters and numbers. The script they are running is an obfuscated one. Here is a link to it: https://pastebin.com/QnwwVWDs .

 

[Sushubh]

This should be reported to flipkart!

 

[abbyck]

I think there is no use of it. Since they would simply return by saying that is not done by them or they have no control over the advt. agency which does this.
Raising a complaint on pgportal is our best hop IMO. The more users complaining about this, the more sooner they will take

 

[Sushubh]

Their affiliate program would most likely considered this as abusive behavior.

 

[Sushubh]

on related note... it would be useful for someone to create a screencast of redirection leading to flipkart with the affiliate id visible so that i can at least report it to them.

 

---

[abbyck]

Another script: http:[]//decademical[dot]com/rztmZfL5gx92TNclo/6921

Took me to: http:[]//free.internetspeedtracker[dot]com/index.jhtml?partner=^BBQ^xpu514&s1=21997&s2=02A8C8E0-F7F8-11E8-A0C7-D1B15DED89C0
The method was the same. A span tag was injected into the body. Inside the span tag this script.

 

[pothi]

Thanks, @abbyck .

Updated OP with the latest domain.

 

[abbyck]

@Sushubh Will try. But the thing is that the ad. injection is random. You may or may not see it on every non-https website. When we refresh the page the injected span will be gone till next time.

 

[rajujayaraman]

Hi, admin, do you think that it is actual flipkart site. No , i do not think. When you just open filpkart, it shows different set of pages. i once checked. Will check.
Router control is the best , than hosts file.
The futility of the MVP hosts is a pointer in the case.
Did you check the link, i gave for mvphost file.
It is not usual Host file, but mvphost file, which is including suspicious sites one by one from reporting users.
I think it goes to more thousands sites as the day increases and they are updating their data base in the hosts file.
So, If a site could be blocked, it is effective in router, as it stops access to the page for all the devices at once time.
But, i think that http hacking technique allows unscruplous people to plan these kind of suspicious attacks.
Every country is thus connected thro internet, but we are now reaping the other side benefits of the actual internet users.
World internet authority has to do something about it.
I see articles of how to hack http pages, when i search for block http help.
PG site may be a thing to try.
This redirect is experienced even if you change your server to public dns.
Google is not safe any more.
Edit: today http redirect
http://naganoadigei.com/imp/7257/?s...I6ISZu1SVTJCLiQnI60yMzADLionI6kzMzQDLismI6QTf
This is the worst site being used for redirection.
As i have filtered this site, it is not loading allowing me to copy this link. If i do not filter, then , it is millisecond that this will flash then loading suspicious and fake sites.
If filpkart is doing this , then it is a disservice and i would not buy a thing from this.
But to my surprise, amazon.com is the server owner of this site, any clue..
We are writing, but cert in says it is a different department'\'a ssue..