AdBlock Plus rule to neuter Forbes "AdBlock detection"

README.md

Forbes Is Irrelevant

an AdBlock Plus filter list

Installation

1. Right-click the "ABP" icon in yoru browser toolbar.
2. Select "Options".
3. Click the "Add Filter Subscription" button.
4. Select "Add a different subscription..." from the drop-down menu.
5. Enter "Forbes Is Irrelevant" for the subscription title, and http://bit.ly/forbes-sucks for the filter list location.
6. Click the "Add" button.

That's it! You're done! Now you can browse Forbes securely, without falling prey to the Forbes automated extortion of AdBlock users, and without permitting Forbes malware on your computer.

Why Forbes Has Lost the Trust of the Technical Community

Forbes has declared war on AdBlock users, denying the very real security threat their ads pose, and painting all AdBlock users as freeloaders. However, in the past, there have been numerous incidents of malware being served to a large number of users via ads included in the Forbes website. Forbes has proven incapable of policing the advertisers it uses.

Forbes has implemented a system which blocks some users of ad-blocking software from using their site. If a user is selected to be part of the "test group", this system instead continually nags him to disable his ad-blocker, promising an "ad light experience". If the user complies with the extortion, he will find that not only is the experience not "ad-light" (taking over a minute to completely load a single article and its accompanying ads on a residential cable internet connection), Forbes has done nothing (despite long protestations to the contrary) to ensure their readers' security.

In a stroke of supreme irony, as soon as Forbes implemented the complete block of many AdBlock users, users who complied with the absurd demands were infected with malware by ads incorporated in Forbes's "ad-light experience".

What You Can Do

While ideally all readers would simply get their news elsewhere while Forbes throws their Luddite little tantrum, it's a fact that there are many great writers producing content through Forbes's platform. However, complying with Forbes's demands to permit their malware on your computer is simply a foolish trade for a bit of news.

With the "Forbes Is Irrelevant" filter list for AdBlock Plus, you can protect yourself from Forbes malware while appearing to Forbes to have disabled AdBlock Plus. This permits you full access to the site without letting your guard down and exposing your computer and your identity to hijacking and theft.

Simply add the URL http://bit.ly/forbes-sucks to your AdBlock Plus filters, and AdBlock will be masked from detection by Forbes automated extortion software.

How Forbes's Extortion Works

The attack Forbes uses is a "False Positive Attack". In a False Positive Attack, an attacker uses a carefully-crafted piece of non-threatening data to determine if security software is present. It uses this fake to trick security software into acting to protect the user. If the data is blocked, the attacker knows that the security software exists.

In the case of the Forbes extortion software, the Forbes website sends a bit of JavaScript to your browser which contains a list of commonly-blocked advertising code properties. This script then picks a random selection of between 5 and 10 of these properties. It attempts to create a fake ad using those properties, and if the fake ad creation fails, it knows that an ad-blocker is being used. This "False Positive" is to action Forbes extortion software has tricked the ad-blocker into taking, which results in the ad-blocker "tipping its hand" and revealing its existence.

Once it determines an ad-blocker is being used, it prevents you from accessing the site by recording identifiable information about your browser both in cookies and on the Forbes server. It uses this information to continually block you until you have disabled your ad-blocker.

How "Forbes Is Irrelevant" Protects You

"Forbes Is Irrelevant" protects you from detection by the Forbes extortion software by using knowledge of the malicious "fake ads" it creates. It then creates exceptions in the AdBlock filtering system just for those precise fake ads. Since AdBlock Plus is now able to correctly identify the fake ads as not being advertisements, and thus, not blocking them, it no longer reveals its presence to the Forbes extortion software.

This is a general technique that works for many malicious ad-blocker detection and extortion systems. However, due to the knowledge required of the specific attack being used against the ad-blocker (in this case, the specific list of code properties and the structure of the fake ad itself), it is difficult to implement a general-purpose solution.

"Forbes Is Irrelevant" thus only protects you from the Forbes extortion software, and even then, only until Forbes changes how their extortion software attacks security software. However, "Forbes Is Irrelevant" has been written specifically to ensure that, if it fails, it will not expose the user to Forbes malware. If "Forbes Is Irrelevant" fails due to changes in the Forbes extortion software, you will simply be directed again to the Forbes demand that you disable your ad-blocker. If this happens, please report the bug here on GitHub, so that I can perform the forensics necessary to determine the new attack, and how to hide AdBlock Plus from it.

adblock-detection-snippets.js

/*

AdBlock detection component of Forbes extortion software

Note that the string fbs_settings.classes, set in the code of the Forbes "welcome"
page is used by the checkAdBlock function to compose its attack data.

*/

// From http://www.forbes.com/forbes/welcome/

fbs_settings = {
	mobile: 'false',
	preview: 'false',
	test: 'false',
	data: {"channel":"channel_0","section":"section_0","location":"welcomead_default","panel":"welcome_ad","contentPositions":[{"position":1,"title":"Quote of the Day ","description":"\"It is not enough to be busy; so are the ants. The question is: What are we busy about?\"","following":false,"byline":"Henry David Thoreau"}],"panelId":"panel8","limit":0,"swimlane":false,"more":false,"enableAds":false,"removeBVPrepend":false,"brandvoiceHeader":false},
	classes: "WyJhZGFtYXpvbiIsInNwb25zb3JlZC1wb3N0X2FkIiwiZ29vZ2xlLXNwb25zb3JlZC1saW5rcyIsImFkMzAweDI1MFJpZ2h0IiwiZW0tYWQiLCJmb290ZXJfdGV4dF9hZCIsImR5bmFtaWMtYWRzIiwicmlnaHRfc2lkZS1wYXJ0eWFkIiwidG9wX2FkYm94MiIsInJpZ2h0LXRha2VvdmVyLWFkLXN0aWNreSIsInNwb25zb3JlZHRleHRsaW5rX2NvbnRhaW5lcl9vdnQiLCJvemFkdG9wMyIsImFkLWdycCIsImNMZWZ0VGV4dEFkVW5pdCIsImNzY1RleHRBZCIsImFkX21yZWNfdGl0bGVfYXJ0aWNsZSIsInR4dC1hZHMiLCJvdXRnYW1lYWRib3giLCJ6ZXJnbmV0LXdpZGdldC1jb250YWluZXIiLCJzcXVhcmVBZFdyYXAiLCJzbF9hZDciLCJ0cnVlYWRzIiwiYWQtcmVsYXRlZGJvdHRvbSIsImFkdmJpZyIsImhpZGVQYXVzZUFkWm9uZSIsImFkTXB1SG9sZGVyIiwiYWQtZmFkZWluIiwicmlnaHRjb2xfZGl2X29wZW54MiIsImFkc0JveCIsImFkc2Vuc2U3Mjh4OTAiXQ=="
};

// From http://i.forbesimg.com/welcomead/scripts/a2091f79.main.js

checkAdBlock: function() {
	for (var a, b = Math.random(), c = $(".ads-container>div"), d = c.length, e = Math.floor(b * d), f = window.fbs_settings && window.fbs_settings.classes ? JSON.parse(base64.decode(fbs_settings.classes)) : ["dynamic-ads"], g = [], h = 0; 5 > h || Math.random() < .7 && 10 > h; h++) g.push(f[Math.floor(Math.random() * f.length)]);
	$(c[e]).before(a = $("<div>", {
		"class": g.join(" ")
	})), this.adBlockChecker.triggerAdBlockState("none" === a.css("display")), a.remove()
},

checkAdBlock-commented.js

// comments denote the function of each section of the raw checkAdBlock function
// depends on the 

checkAdBlock: function() {
	for (var a, // dom element placeholder
			b = Math.random(), // random float
			c = $(".ads-container>div"), // get all ads
			d = c.length, // count ads
			e = Math.floor(b * d), // compute random ad index
			f = window.fbs_settings && window.fbs_settings.classes ? JSON.parse(base64.decode(fbs_settings.classes)) : ["dynamic-ads"], // retrieve ad class names
			g = [], //create output array
			h = 0; //iterator
			
			5 > h || Math.random() < .7 && 10 > h; // pick between 5 and 10 classes
			
			h++)
			g.push(f[Math.floor(Math.random() * f.length)]); // pick random class name
			
	$(c[e]).before(a = $("<div>", {"class": g.join(" ")})); // try inserting a div with the random "suspicious" classes before the randomly-selected ad
	this.adBlockChecker.triggerAdBlockState("none" === a.css("display")); // check if the div is visible
	a.remove(); // remove the div
}

checkAdBlock-standalone.js

/* Standalone version of the checkAdBlock function used by the Forbes extortion
   software, rearranged slightly to be more readable. Rather than directly calling the
   ad-block notification component of the Forbes extortion software, this simply returns
   a true/false value denoting whether an ad-blocker was detected.
*/

function checkAdBlock() {

	// ad class names retrieved from the main page
	var testClasses = ["adamazon","sponsored-post_ad","google-sponsored-links",
	"ad300x250Right","em-ad","footer_text_ad","dynamic-ads","right_side-partyad",
	"top_adbox2","right-takeover-ad-sticky","sponsoredtextlink_container_ovt",
	"ozadtop3","ad-grp","cLeftTextAdUnit","cscTextAd","ad_mrec_title_article",
	"txt-ads","outgameadbox","zergnet-widget-container","squareAdWrap","sl_ad7",
	"trueads","ad-relatedbottom","advbig","hidePauseAdZone","adMpuHolder",
	"ad-fadein","rightcol_div_openx2","adsBox","adsense728x90"];
	
	var el = null; // dom element placeholder
	var ads = $(".ads-container>div"); // get all ads
	var adIndex = Math.floor(Math.random() * ads.length); // pick random ad index
	var selectedClasses = [];
		
	for (var i = 0;
			5 > i || Math.random() < .7 && 10 > i; // pick between 5 and 10 classes
			i++)
			selectedClasses.push(testClasses[Math.floor(Math.random() * testClasses.length)]); // pick random class name
			
// try inserting a div with the random "suspicious" classes before the randomly-selected ad
	$(ads[adIndex]).before(el = $("<div>", {"class": selectedClasses.join(" ")}));

// check if the div is visible
	var out = ("none" === el.css("display"));
	
// remove the div
	el.remove();
	
	return out;
}

forbes-sucks.abp

[Adblock Plus 2.0]
! Checksum: qCpiP1vCWRbkOpfFHCwMlQ
! Title: Forbes Is Irrelevant
! Homepage: https://gist.github.com/sehrgut/0191cb5d0a1c3d5a4694
! Location: https://gist.githubusercontent.com/sehrgut/0191cb5d0a1c3d5a4694/raw/forbes-sucks.abp
! Version: 0017
! Last modified: Mon, 11 Jan 2016 19:03:08 +0000
! Expires: 1 days
! *** permit probe elements created by Forbes checkAdBlock() ***
forbes.com#@#div.adamazon:empty
forbes.com#@#div.sponsored-post_ad:empty
forbes.com#@#div.google-sponsored-links:empty
forbes.com#@#div.ad300x250Right:empty
forbes.com#@#div.em-ad:empty
forbes.com#@#div.footer_text_ad:empty
forbes.com#@#div.dynamic-ads:empty
forbes.com#@#div.right_side-partyad:empty
forbes.com#@#div.top_adbox2:empty
forbes.com#@#div.right-takeover-ad-sticky:empty
forbes.com#@#div.sponsoredtextlink_container_ovt:empty
forbes.com#@#div.ozadtop3:empty
forbes.com#@#div.ad-grp:empty
forbes.com#@#div.cLeftTextAdUnit:empty
forbes.com#@#div.cscTextAd:empty
forbes.com#@#div.ad_mrec_title_article:empty
forbes.com#@#div.txt-ads:empty
forbes.com#@#div.outgameadbox:empty
forbes.com#@#div.zergnet-widget-container:empty
forbes.com#@#div.squareAdWrap:empty
forbes.com#@#div.sl_ad7:empty
forbes.com#@#div.trueads:empty
forbes.com#@#div.ad-relatedbottom:empty
forbes.com#@#div.advbig:empty
forbes.com#@#div.hidePauseAdZone:empty
forbes.com#@#div.adMpuHolder:empty
forbes.com#@#div.ad-fadein:empty
forbes.com#@#div.rightcol_div_openx2:empty
forbes.com#@#div.adsBox:empty
forbes.com#@#div.adsense728x90:empty
! *** block malware areas not caught by EasyList ***
forbes.com##div[speed-bump]
! *** Forbes cannot be trusted with iframes of any description ***
forbes.com##iframe
! *** for good measure, hide GQ's idiotic non-dismissable flyover
gq.com###abnm

mirrored just in case: https://pacn.in/ab/

Reporting here that forensics is needed.

Review: http://www.forbes.com/sites/trangho/2017/01/04/stock-market-strategies-why-you-should-buy-emerging-markets-now/

It is much easier to just add these two filters.

||forbes.com*.js
||i.forbesimg.com/welcomead/scripts/*

If you want to be even more thorough do this.
||forbes.com^$script