-kg- wrote:Tom T. wrote:.... Continue to disallow it.
I shall. In fact, it's going on my "Untrusted" list. Hopefully, it won't affect anything I wish to run, but so be it.
It had occurred to me in the previous post that placing it in Untrusted might be a good idea. I just did, and I don't expect anything to break, since nothing legitimate should be trying to access it.
-kg- wrote:Tom T. wrote:ABE FAQ describes a few situations in which web sites themselves (not advertisers) require modification of NoScript's ABE component to permit use of 127.0.0.1, sometimes with a port number appended, but always numerically, not as "localhost". And it does not cite any need to allow "localhost".
Again, hopefully I'm not doing "damage" by putting 'localhost' in my untrusted list.
Not at all. ABE can only tighten NoScript's permissions, never loosen them. So when you don't want NoScript to allow a script, ABE is irrelevant.
However, if you have time, you might wish to browse through the ABE FAQ. Its primary purpose is quite related to our issue here: To prevent the Internet from requesting/accessing/grabbing your local stuff. If you open NoScript Options > Advanced > ABE and click SYSTEM on the left-hand side, you will see the default system-wide rule that is ABE's primary purpose for being:
- # Prevent Internet sites from requesting LAN resources.
Site LOCAL
Accept from LOCAL
Deny
If we look at Section 1.3 of ABE Rules .pdf, we see that LOCAL represents your local or private network.
Therefore, this primary rule prevents any site outside of your local resources -- "local" referring to your LAN, devices on it, your computer, including its localhost, your router -- from requesting anything inside that barrier, while still allowing the devices on your LAN to share resources, print, access the router, etc. Hence the acronym for "Application Boundaries Enforcer".
-kg- wrote:Tom T. wrote:Unless Giorgio or anyone else can provide a legitimate reason why a site would attempt to load ads in this manner, it seems pretty slimy to me.
It seemed a bit off to me, as well.
As you know, the primary purpose of NoScript, and of this support site, is the *prevention* of malware, rather than being a malware-detection or -investigation site (of which there are some very good ones). But while not intending to dig any further, my gut is telling me that this is an attempt to install, at the least, adware, probably causing ad pop-ups at various times. Sheesh, there is no such domain as "localhost/ads".
-kg- wrote:... Now I have something else to research..."reeftank." Attempts to "advertise" to me usually have a reverse effect; I won't buy what they're selling even if I need it desperately and it's the only thing of its kind available. I'm not amenable to something being shoved down my throat!
Or into your local system or hard drive.
If you're so inclined, you might wish to inquire of that site master why there is an attempt by an ad script to access the machine's localhost, and let her/him know how you feel about the site allowing such practices, and what you said about blacklisting that advertised product forever. Please feel free to post the reply here -- it could be interesting.
Regards,
- Tom