How to block ISP injected advertisements in webpages

johnpoz · Oct 16, 2014, 2:39 PM

Clearly they think it is.. did you see the to copies of the page he showed. The left side clearly has been altered, while the right side shows not such modifications.

kejianshi · Oct 16, 2014, 3:17 PM

I agree something is up, for sure.

I just don't think the ISP has that much control to be able to inject whatever they want into whatever web page they like easily.

Nor do I feel its in their interest to do so.

Thats why I'm wondering about other explanations.

Normally I suspect a hijacked browser when I see stuff like this.

He says its across a variety of devices, so then I start thinking maybe its a DNS issue.

If its really as bad as the ISP screwing with their own customers, then VPN is the way to go I think.

Or dump the ISP and try another?

stephenw10 · Oct 16, 2014, 3:30 PM

Did you follow Supermule's link to the report that Comcast are doing this. The OP is using MTNL so I'm guessing they're in India, not Comcast anyway. Technically it's not difficult at all if they are running any sort of proxy. For example:
http://www.ex-parrot.com/pete/upside-down-ternet.html

Steve

KOM · Oct 16, 2014, 5:06 PM

I just don't think the ISP has that much control to be able to inject whatever they want into whatever web page they like easily.

It is trivially easy for an ISP to do this. Why? The universal answer to all questions: money. Same reason why some ISPs are hijacking NXDOMAIN DNS responses and feeding people loaded ad pages in their place?

shebang1234 · Oct 16, 2014, 8:49 PM

I can confirm that this is something that the ISP is doing. The ads are provided by adphonso (something that I forgot to mention earlier.) They very proudly talk about their "solutions" to make communication between ISPs and customers easier. (wtf?)

There are records of MTNL customers complaining about adphonso ads all over the internet. Never became a hype though.
The ISP is government controlled so I doubt if they really care whether or not they lose customers (I mean they've never behaved like it.) I don't have a choice here; I'd have switched to a different ISP long ago, if I could have.

EDIT: I have blocked both adphonso and adtech. Purpose of this message was to check if there was a way for it to not spoil my layout either.
EDIT2: Removed link.

Derelict · Oct 16, 2014, 5:35 PM

That's really unfortunate. Tunnel all your traffic through a VPN I guess.

(suppress desire to rant libertarian.)

I set up vpnbook.com last night to test something. They have free OpenVPN servers on UDP 53, UDP 25000, TCP 80, TCP 443. Three of those will be pretty hard to block with a generic rule. TCP/80 is probably going to be worthless to you. Depends on how locked down/proxied your outbound traffic is.

johnpoz · Oct 16, 2014, 6:19 PM

"EDIT: I have blocked both adphonso and adtech. Purpose of this message was to check if there was a way for it to not spoil my layout either."

You would have to tunnel so they can not inject for that to happen, or have something that removed the injected code - proxy could do something like that. But easy solution is to just tunnel past them so they can not inject.

To me the best vpn solution for something like this is a low end vps, CHEAP – I have a couple of them, one on west cost other on east coast I use for testing - they cost $15 a year each. 500GB a month bandwidth so make great little vpn exit points.

kejianshi · Oct 16, 2014, 6:29 PM

What is going on there is incredibly stupid on the part of the ISP. Sorry to seem so unbelieving before. It just seems crazy.

Thats the sort of crap I'd maybe expect on free wifi in a mall or something.

I'd almost say move!

The weather is quit nice tonight in manila… And.... No ads.

Cino · Oct 16, 2014, 6:40 PM

@KOM:

It is trivially easy for an ISP to do this. Why? The universal answer to all questions: money. Same reason why some ISPs are hijacking NXDOMAIN DNS responses and feeding people loaded ad pages in their place?

I know TWC does this. Other then redirecting you to a search page if the domain can't be found; the main reason is for them to direct your traffic is if you account is flagged. Example would be lack of payment (happen at a friends house, they had to acknowledge that they were over due before being routed to the internet), secuity reasons…

If an ISP is going to inject ads, there service should be free then! This kinda reminds me of the Juno email....

Derelict · Oct 16, 2014, 6:56 PM

You might also want to make sure tunneling your internet around the government network won't land you in jail.

kejianshi · Oct 16, 2014, 7:08 PM

Is this China? North Korea? Iran?

Who else is making a huge fuss about VPNs?

I've used VPNs is and around china and the middle east.

Didn't go to jail… But then again, I wasn't leading an insurrection either.

Haven't tried North Korea. They lock people away for taking a deep breath.

Derelict · Oct 16, 2014, 7:08 PM

Looks like Mumbai, India. I was just sayin… Aren't they the ones that made Blackberry give them the ability to MITM?

Guest · Oct 16, 2014, 7:10 PM

@shebang1234:

I can confirm that this is something that the ISP is doing. The ads are provided by adphonso (something that I forgot to mention earlier.) They very proudly talk about their "solutions" to make communication between ISPs and customers easier. (wtf?)
http://adph_onso.com/

DON'T click this adphonso link, I get a phising and a virus warning when clicking…

kejianshi · Oct 16, 2014, 7:14 PM

MITM in India?

People do that?

https://www.youtube.com/watch?v=o66FUc61MvU