AdguardFilters icon indicating copy to clipboard operation
AdguardFilters copied to clipboard
verified publisher icon AdguardTeam

A script on www.qidian.com is consuming CPU and appears to be non-functional

Open ImBearChild opened this issue 1 year ago • 1 comments

Prerequisites

  • [X] This site DOES NOT contain sexually explicit material, otherwise use NSFW-specific form;
  • [X] Filters were updated before reproducing an issue;
  • [X] AdGuard product version is up-to-date;
  • [X] Browser version is up-to-date;
  • [X] If the site or app is broken, disabling AdGuard protection resolves an issue.

What product do you use?

AdGuard Browser Extension, Other ad blocker

AdGuard version

uBlock Origin 1.57.2

What type of problem have you encountered?

Missed ads or ad leftovers

Which browser(s) do you use?

Firefox

Which device do you use?

Desktop

Where is the problem encountered?

www.qidian.com

Ad Blocking

AdGuard Base filter

Privacy

AdGuard URL Tracking filter

Social Widgets

No response

Annoyances

No response

Security

No response

Other

No response

DNS filters

AdGuard DNS filter

Language-specific

AdGuard Chinese filter

What Stealth Mode options do you have enabled?

No response

Add your comment and screenshots

  1. This script from Qidian consumes user's CPU and appears to provide no actual functionality. This slows down the user's browser. I suspect that this script is either a mining script or an anti-ad blocker measure. This is confirmed both on Firefox and Chromium.

  2. Screenshots

Screenshot 1:

image

The script is obfuscated and makes a large number of recursive function calls. This can be confirmed using the browser's performance profiler.

Privacy

  • [X] I agree to follow this condition

ImBearChild avatar Apr 30 '24 11:04 ImBearChild

@ImBearChild Hi. Probably it is used for site security.

Please try to block qidian.com/C2WF946J0/probev3.js in user rules.

I found some info about this script, but translation from Chinese is unclear for me: https://www.52pojie.cn/thread-1916130-1-1.html

Alex-302 avatar May 02 '24 17:05 Alex-302

I found some info about this script, but translation from Chinese is unclear for me: https://www.52pojie.cn/thread-1916130-1-1.html

Thanks for your information; While the linked webpage discusses a script seemingly hosted on another website (mafengwo.cn, a tourism website) based on the content (which I can understand in Chinese), both scripts appear to be similar.

Here's what I can glean from the webpage: the script appears to be a fingerprint script. It collects fingerprint vectors, hashes them using MD5, combines the fingerprint data with timestamps and other information, encrypts it with RC4, and then sends it to a server. This goes beyond typical "site security".

If the script on Qidian behaves similarly (analytics or tracking), I believe it should be blocked.

ImBearChild avatar May 04 '24 12:05 ImBearChild

This issue has been automatically marked as stale because it has been open for 4 days with no activity. Unfortunately, our resources are limited and we can not always take the time to respond to requests about websites that are not popular enough. The issue will be closed if no further activity occurs. Please note, that AdGuard Filters is an open-source project that is used by different content blockers and we welcome contributions. If you have some technical knowledge about how websites work, you are welcome to create a pull request following these instructions.

github-actions[bot] avatar May 08 '24 13:05 github-actions[bot]

@ImBearChild Behaviour of anti-bots is also similar to tracking, they also do fingerprinting. I think this is 3p script, just hosted on this site.

Alex-302 avatar May 20 '24 11:05 Alex-302