Cenzic 232 Patent
Paid Advertising
web application security lab

CSS History Hack Used To Ban Torrent Users

Back from a very long four weeks of nearly constant travel. SecTor was great, and definitely one of those high quality cons I’ll be returning to. I was really impressed. But anyway, I ran across an interesting thread today as I was perusing my logs. Users have been being banned for using certain Trackers if they are seen having come from certain sites. This is the first time I have seen the CSS history hack actually used in a production environment.

We’ve often talked about the implications of using the CSS History hack for tracking purposes, but this is another take - banning users. It will be interesting to see how this evolves over time. The other interesting implication here is that CSRF DoS is an amusing way to abuse the trust in a client side script. I wonder if the trackers are smart enough to whitelist their own IPs from that script!

17 Responses to “CSS History Hack Used To Ban Torrent Users”

  1. Anon Says:

    the hack works on Opera :/

  2. Dan Weber Says:

    Well, the hack works in anything that obeys the spec, so it’s not surprising Opera is “vulnerable.”

    I can’t figure out from following that link who is blocking and who is being blocked, though. Anyone familiar with the torrent culture willing to clue in us old fogies?

  3. Anonymous Says:

    @Dan

    “It has come to our attention that certain trackers, including x264, are utilizing an internet browser exploit to identify and ban TI members. The”

  4. Skuld Says:

    It appears that the website you are linking to is providing free invites for “invite only” torrent trackers, which the trackers don’t like, so anyone who has that website in their history gets banned because these trackers assume you are either giving away invites or got your invite from that site.

  5. Anon is a dipshit Says:

    I think he was more impressed that it “actually worked” on opera.

  6. Wornstrom Says:

    Nice demo of the Streisand Effect. How many are going to find out about that site from posts like this?

  7. Wes Felter Says:

    I would guess that torrent-invites.com is a forum for sharing invitations to private BitTorrent trackers (the latest incarnation of private ratioed warez BBSes) and those trackers are blocking anyone who comes from torrent-invites.com. Maybe they want to encourage their users to get invitations “honestly” or something.

  8. Bruno Says:

    @Dan: several trackers blocks users that have visited http://www.torrent-invites.com/ (T-I == torrent-invites).

  9. David W Says:

    Step 1: set browser to remember 0 days of history.
    Step 2: clear history.
    Step 3: profit.

    It’s amazing how little you miss privacy-threatening features of your web browser after they’ve been disabled for just a few days.

  10. Picci Says:

    Do they use this already to target ads ?

  11. h3xStream Says:

    The link (forum) mention use of Java .. it’s javascript obviously.

  12. Aliakbar Says:

    thanks ha.ckers !

  13. DARKMASTER Says:

    I WAS BAN IN CSS , BECUSE THE OTHER PLAYER THINK I USE CHEATING , BUT I NOT , HOW CAN I HACK BAN .

  14. DARKMASTER_FAN Says:

    DARKMASTER, please, shoot yourself now.

    Thanks for the informative post, ha.ckers.org

  15. anom Says:

    Don’t download illegal torrents and you’d have nothing to worry about

  16. RSnake Says:

    @anom - from this exact variant, maybe. It doesn’t have to be illegal torrents though. Any torrent site, or any site at all for that matter, could implement this type of technology.

  17. Natanael L Says:

    My idea to avoid this is to make a browser plugin/extension that just blocks this for any other domain than the current one, so that link colors can’t be detected for anything outside the site.