http://www.reddit.com/r/China/comments/33wpk3/anyone_else_almost_all_websites_in_both_chrome/
ช่วงบ่ายเมื่อวานนี้เกิดปรากฏการณ์ เว็บไซท์ที่แปะลิงค์ลอกอินเข้าเฟสบุค โดนรีไดเรคไปที่เว็บ
http://wpkg.org/
In china right now, figured out the problem. Seems likely to me to be another Great Cannon. Any website that has a "facebook connect" button on it will redirect to wpkg.org. The reason being is that the Facebook Connect button uses "connect.facebook.net/en_US/sdk.js" Going to this from a China IP redirects immediately to "
http://wpkg.org/my.js" instead of giving the correct javascript facebook SDK. You can try it out yourself.
The "my.js" file has only one line which sets your browser to go to wpkg.org instead.
window.location.href = 'http://wpkg.org/';
Can't figure out why wpkg.org would have a javascript file name my.js that redirects to itself, but regardless, definitely a case of GFW purposefully redirecting websites that have "Facebook Connect" embedded to hit wpkg.org instead.
If you want a really quick fix for the problem, simply add "
http://wpkg.org/my.js" to your favorite adblocker (like uBlock origin, adblock plus, etc.) and you can browse all those websites again with no problem! (you can also add connect.facebook.net/en_US/sdk.js to your adblocker, but this will also prevent legitimate facebook connect sites once the Great Cannon is done"
Anybody know why wpkg.org or ptraveler.com would be a target? Hoping for an answer at
http://www.reddit.com/r/technology/comments/33xc0u/wpkgorg_currently_undergoing_possible_attack_from/
EDIT: Code has suddenly changed and is now targeting
http://ptraveler.com. Same conditions as above, "connect.facebook.net/en_US/sdk.js" now redirects to
http://www.ptraveler.com/pt.js
EDIT2: You should probably just adblock "connect.facebook.net/en_US/sdk.js". The redirect seems to be changing constantly, so blocking the end-domains is only a temporary stopgap. You just have to remember to unblock it once the spoof stops.
EDIT3: Seems to be either A) I forgot something or B) its evolving, but now "connect.facebook.net/en_US/all.js" is compromised as well. Block that as well, or just block connect.facebook.net as a whole for a bit!
ฮามั๊ยละ บางคนบอก รบ จีนทำ บางคนบอก great firewall โดนลองของ
Great Cannon + Great Firewall : หรือ ict ไทยจะโดน "พิษ" Great Firewall
ช่วงบ่ายเมื่อวานนี้เกิดปรากฏการณ์ เว็บไซท์ที่แปะลิงค์ลอกอินเข้าเฟสบุค โดนรีไดเรคไปที่เว็บ http://wpkg.org/
In china right now, figured out the problem. Seems likely to me to be another Great Cannon. Any website that has a "facebook connect" button on it will redirect to wpkg.org. The reason being is that the Facebook Connect button uses "connect.facebook.net/en_US/sdk.js" Going to this from a China IP redirects immediately to "http://wpkg.org/my.js" instead of giving the correct javascript facebook SDK. You can try it out yourself.
The "my.js" file has only one line which sets your browser to go to wpkg.org instead.
window.location.href = 'http://wpkg.org/';
Can't figure out why wpkg.org would have a javascript file name my.js that redirects to itself, but regardless, definitely a case of GFW purposefully redirecting websites that have "Facebook Connect" embedded to hit wpkg.org instead.
If you want a really quick fix for the problem, simply add "http://wpkg.org/my.js" to your favorite adblocker (like uBlock origin, adblock plus, etc.) and you can browse all those websites again with no problem! (you can also add connect.facebook.net/en_US/sdk.js to your adblocker, but this will also prevent legitimate facebook connect sites once the Great Cannon is done"
Anybody know why wpkg.org or ptraveler.com would be a target? Hoping for an answer at http://www.reddit.com/r/technology/comments/33xc0u/wpkgorg_currently_undergoing_possible_attack_from/
EDIT: Code has suddenly changed and is now targeting http://ptraveler.com. Same conditions as above, "connect.facebook.net/en_US/sdk.js" now redirects to http://www.ptraveler.com/pt.js
EDIT2: You should probably just adblock "connect.facebook.net/en_US/sdk.js". The redirect seems to be changing constantly, so blocking the end-domains is only a temporary stopgap. You just have to remember to unblock it once the spoof stops.
EDIT3: Seems to be either A) I forgot something or B) its evolving, but now "connect.facebook.net/en_US/all.js" is compromised as well. Block that as well, or just block connect.facebook.net as a whole for a bit!
ฮามั๊ยละ บางคนบอก รบ จีนทำ บางคนบอก great firewall โดนลองของ