On 11/23/19, EE <[email protected]> wrote: > Lee wrote: >> On 11/22/19, EE wrote: >>> Rich Gray wrote: >>>> EE wrote: >>>>> Richard Owlett wrote: >>>>>> Caveat Lector: I know the subject line is poor. Best I could do >>>>>> >>>>>> Environment: >>>>>> Mozilla/5.0 (X11; Linux i686; rv:52.0) ... SeaMonkey/2.49.4 >>>>>> Debian 9.8 >>>>>> >>>>>> When going to a URL, at the bottom of the screen there may be URLs of >>>>>> multiple sites. It goes by too fast to absorb. >>>>>> >>>>>> Does SeaMonkey log these URLs? >>>>>> Is there any way to know what information is exchanged? >>>>> >>>>> What gets loaded along with a web page may be images, external >>>>> stylesheets >>>>> and scripts, multimedia, occasionally .xml files. If you want to see >>>>> what >>>>> got loaded, you can see the multimedia files in Page Info. For >>>>> stylesheets >>>>> and scripts, the JSView extension can show you those. I also have >>>>> bookmarklets that can access external scripts and anything loaded from >>>>> link >>>>> tags, including images and stylesheets. >>>> >>>> What I've always wanted to figure out when I get one of those "YOUR >>>> MACHINE >>>> HAS BEEN HACKED! CLICK HERE TO FIX IT" scam pages is to figure out >>>> where >>>> it >>>> came from, in the sense of trying to figure out the chain of urls from >>>> the >>>> page I requested to the scam page. This would allow me to identify and >>>> report >>>> the compromised/scummy ad/analytics server to the site I'm accessing >>>> with >>>> the >>>> strong suggestion that they stop doing business with said ad/analytics >>>> site. >>>> >>>> I've never been able to figure this out from the available tools, but >>>> could >>>> easily be missing something. I suspect that the use of scripting >>>> allows >>>> the >>>> bad guys to cover their tracks. Some sort of logging mechanism that >>>> recorded >>>> each loaded url along with the url the load was called from would do >>>> the >>>> trick. >>>> >>> I have not been seeing those messages. What site pops up one of those? >>> You >>> should be able to find out where it comes from if you use uBlock Origin >>> and >>> use element picker mode. >> >> You're probably not seeing those messages because the sites doing that >> crap are blocked by uBlock Origin or some other addon. >> >> How many of the 'Malware Domains' and 'Multipurpose' filters do you >> have enabled? >> Any custom filter lists imported? >> >> For whatever it's worth, I haven't seen any "YOUR MACHINE HAS BEEN >> HACKED!" messages either and I'm using both uBlock Origin and uMatrix >> >> Lee >> > I have all the uBlock filters enabled, plus: > Adblock Warning Removal List > EasyList > EasyPrivacy > Malware domains > Fanboy's Annoyance List > hpHosts' Ad and tracking servers > Peter Lowe's Ad and tracking server list > https://hostfiles.frogeye.fr/firstparty-obly-trackers-hosts.txt > https://raw.githubusercontent.com/jspenguin2017/uBlockProtectorList.txt > NoCoin Filter List
I'm a bit surprised these aren't on your list: https://github.com/StevenBlack/hosts https://github.com/lightswitch05/ Getting back to the OPs' question > Is there any way to know what information is exchanged? Are you just curious, trying to decide what should/could be blocked or ??? Lee _______________________________________________ support-seamonkey mailing list [email protected] https://lists.mozilla.org/listinfo/support-seamonkey
