CSS History Hack Used To Ban Torrent Users
Back from a very long four weeks of nearly constant travel. SecTor was great, and definitely one of those high quality cons I’ll be returning to. I was really impressed. But anyway, I ran across an interesting thread today as I was perusing my logs. Users have been being banned for using certain Trackers if they are seen having come from certain sites. This is the first time I have seen the CSS history hack actually used in a production environment.
We’ve often talked about the implications of using the CSS History hack for tracking purposes, but this is another take - banning users. It will be interesting to see how this evolves over time. The other interesting implication here is that CSRF DoS is an amusing way to abuse the trust in a client side script. I wonder if the trackers are smart enough to whitelist their own IPs from that script!
October 9th, 2009 at 11:19 am
the hack works on Opera :/
October 9th, 2009 at 12:06 pm
Well, the hack works in anything that obeys the spec, so it’s not surprising Opera is “vulnerable.”
I can’t figure out from following that link who is blocking and who is being blocked, though. Anyone familiar with the torrent culture willing to clue in us old fogies?
October 9th, 2009 at 2:17 pm
@Dan
“It has come to our attention that certain trackers, including x264, are utilizing an internet browser exploit to identify and ban TI members. The”
October 9th, 2009 at 4:29 pm
It appears that the website you are linking to is providing free invites for “invite only” torrent trackers, which the trackers don’t like, so anyone who has that website in their history gets banned because these trackers assume you are either giving away invites or got your invite from that site.
October 9th, 2009 at 7:28 pm
I think he was more impressed that it “actually worked” on opera.
October 9th, 2009 at 9:03 pm
Nice demo of the Streisand Effect. How many are going to find out about that site from posts like this?
October 9th, 2009 at 11:14 pm
I would guess that torrent-invites.com is a forum for sharing invitations to private BitTorrent trackers (the latest incarnation of private ratioed warez BBSes) and those trackers are blocking anyone who comes from torrent-invites.com. Maybe they want to encourage their users to get invitations “honestly” or something.
October 10th, 2009 at 6:02 am
@Dan: several trackers blocks users that have visited http://www.torrent-invites.com/ (T-I == torrent-invites).
October 10th, 2009 at 7:03 am
Step 1: set browser to remember 0 days of history.
Step 2: clear history.
Step 3: profit.
It’s amazing how little you miss privacy-threatening features of your web browser after they’ve been disabled for just a few days.
October 10th, 2009 at 7:08 am
Do they use this already to target ads ?
October 11th, 2009 at 10:42 am
The link (forum) mention use of Java .. it’s javascript obviously.
October 13th, 2009 at 3:20 am
thanks ha.ckers !
October 14th, 2009 at 3:09 am
I WAS BAN IN CSS , BECUSE THE OTHER PLAYER THINK I USE CHEATING , BUT I NOT , HOW CAN I HACK BAN .
October 22nd, 2009 at 1:03 am
DARKMASTER, please, shoot yourself now.
Thanks for the informative post, ha.ckers.org
November 25th, 2009 at 1:21 am
Don’t download illegal torrents and you’d have nothing to worry about
November 25th, 2009 at 2:52 pm
@anom - from this exact variant, maybe. It doesn’t have to be illegal torrents though. Any torrent site, or any site at all for that matter, could implement this type of technology.
December 2nd, 2009 at 7:52 am
My idea to avoid this is to make a browser plugin/extension that just blocks this for any other domain than the current one, so that link colors can’t be detected for anything outside the site.