Külföldi torrent oldalak MyAnonaMouse | MAM News

A témát ebben részben 'Torrent oldalak hírei' Dark Angel hozta létre. Ekkor: 2014. május 19..

  1. Dark Angel / Guest

    Heya all,

    First of all bear with me for the length of this post and let me know if there is anything I can add that will help non techy members!!! This is VERY difficult to explain in short without going into technical details but thankfully our members have helped explain better in all the replies!

    We have introduced a new feature in the last few weeks which im sure some of you have noticed in your profile.

    This feature is called "content security policy". There is a lot involved, but basically what it does is look for malitious code on your pc when you browse the site and deny access to us. (trying to make this as simple as possible so please bear with me). Please also check Myah's post HERE and Madcatters post HERE as they give wonderful explanations that might make a lot more sense

    If you want a bit more info please check http://en.wikipedia.org/wiki/Content_Security_Policy

    If you click on your profile the 6th and 7th links (CSP Violations and CSP classified violations) are the ones you need to check (dont worry if you dont see them, it just means we havent picked any up from you).

    If you don't have any CSP Violations or CSP classified violations, you will not see the rows/links in your profile. This was posted way down by lrmst17 but I think it needs to be here also. RN

    These could be anything from malware to legitimate software that you are happy running so please dont panic if you see one. Its up to the site to set what is allowed and what is a no no. This is running in realtime for us (when you browse the site we have to check the CSP manually) though so taking WAYYYY too long set the yay and nay. We are looking at over 100k atm.

    You will see something like:


    Time threat id threat name threat level threat description user raw report
    2014-05-14 01:05:14 5 Superfish 5 Comes from one of many extensions or malware. Possible help with removal http://forums.mozillazine.org/viewtopic.php?f=38&t=1979591" target="_blank">here document-uri => http://www.myanonamouse.net/faq.php
    referrer => http://www.myanonamouse.net/
    violated-directive => default-src 'self' 'unsafe-inline' 'unsafe-eval' http://cdn.myanonamouse.net http://www.myanonamouse.net http://myanonamouse.net http://irc.myanonamouse.net http://irc.myanonamouse.net http://cdn.myanonamouse.net http://www.myanonamouse.net http://myanonamouse.net
    original-policy => default-src 'self' 'unsafe-inline' 'unsafe-eval' http://cdn.myanonamouse.net http://www.myanonamouse.net http://myanonamouse.net http://irc.myanonamouse.net http://irc.myanonamouse.net http://cdn.myanonamouse.net http://www.myanonamouse.net http://myanonamouse.net; img-src *; media-src 'none'; object-src 'none'; report-uri /json/CSPreport.php?uid=81905;
    blocked-uri => https://www.superfish.com
    source-file => data
    line-number => 27
    column-number => 42
    status-code => 200




    The most important one you are looking for is highlighted in red above, it is the blocked url (web link we found the problem). Basically the site has seen a something trying to get info where we dont want it getting info, or injecting a script where we dont want it to. Most of the time this is completly harmless software you have installed, but we have found more than one instance of a member with malware/spyware.

    We are adding more info into each one we can, ie: " this is malware from xxx and you can fix it by going to zzzz". This will be loaded on each CSP once we get/find them.

    We are looking for members to help let us know what the links are if possible. I know its a pain but in the long run can only help ALL our members and the site!

    What we need is for members to let us know what the CSP violation is. The link is not good enough im afraid, and it takes some detective work to find out exactly what is causing the CSP, escpecially if its malware. What we need to know is exactly what is causing the violation. as an example above the link is superfish.com, if we go to that link it doesnt give us much information, so we have to go to a search engine and search for it. Not all of them are this straightforward and we fully understand if you are unable/unwilling to help out. We will continue updating the CSP threat descriptions as fast as possible in the meantime.

    I have created a new announcement thread that will allow you to add any info you find for us, We are also adding a bounty of 500 points on all CSP that you can identify and another 1000 points if its malware/spyware etc... and you can give us a solution

    Im pretty sure I have not given anywhere near enough info for un-techy (is that a word?) members, so please pm me if you think there is anything you think I need to change in the post or just reply with info you can add!!!