BSNL is injecting ads into http websites

BSNL injects Javascript code into HTTP webpages, which makes them load ads and popups.

On my main computers/OSes, I use Linux with a firewall. The firewall allows only DNS (53), http (80) and https (443) outgoing requests. All other ports are blacklisted. When I send mail, I manually open the firewall and close it immediately afterward. The Javascript is loaded from a BSNL Internet Backbone IP on port number 3000. My firewall blocks all unwanted ports and this javascript was note loaded and I did not see any ads.

When browsing a newer version of Ubuntu where no firewall was installed, the ads got loaded. I have not installed the firewall because it has become obsolete and no available in newer Linux distributions. I use the new Ubuntu installation only when I have to book tickets on the IRCTC website, which does not work with old browsers.  After I looked up the syntax for IP tables, I blocked unwanted ports. Now, the ads do not get loaded.

But, this is still troublesome because most Linux users think that their OS is virus-free.

On the mobile, I have no firewall (and that is why I don’t do any financial transactions on the phone). I was surprised to see that my own website serving ads. My website does not have ads. It has no Google tracking/analytics code, social media sharing javascripts, and other junk that slows down websites. There is no Javascript other than what I had written on my own as part of my CMS – Subhash SqlSiteServer. One day when I was visiting my own website, I found the browser asking permission to open a popup. I examined the code of the web page and there was some Javascript in it. Who put it there? I noted that the URLs of the popup requests were similar to the ones I experienced on some other websites. On further examination, I found that these ads were injected by the ISP (BSNL) for all requests of http websites.

BSNL code injection

BSNL has injected Javacript code into my website, which is still on http.

I examined the Javascript code. It was obfuscated and downloads some of the c-r-a-p-p-i-e-s-t ads from several international and Indian ad sources. The Javascript encodes the BSNL subscriber’s IP, some unique subscriber ID, browser UA string, and some other data.

Ads are loaded from a dozen ad servers: Inmobi, Mobvista, Admaven, Adcash, etc.

Initially, I thought some hackers have taken control of BSNL DNS server. I emailed CERT-IN and got no response. It was clear that they knew what BSNL was doing and decided to be quiet.

Some years ago, I found that these ads also interfere with some files that Ubuntu or some application downloads for updates. This process was downloading a particular XML file and BSNL javascript code inside the XML made the program crash.

In the US too, ISPs tried this form of ads but I am not sure if it is still allowed. This problem affects HTTP sites and not HTTPS sites.

The HTTPS Everywhere propaganda people are using this to goad everyone to add SSL certificates to their sites. Google is the biggest beneficiary of this campaign. People are more likely to upgrade their Android phones the browsers are unable to access SSL sites and sites with newer certificates.

I have all forms of ad-blocking – ad-blocking HOSTS file, user scripts, user CSS, ad-safe DNS providers. All of this gets defeated if the ISP inject ads hosted from their own IP address. Lesson learned – never browse without a firewall. Block all unwanted ports. Constantly update your HOSTS files to ensure that no ads are ever displayed.

Good job, BSNL! Thanks for nothing.

Modi wants all Indians to conduct digital transactions and you are not helping, are you? What am I talking about? Even Modi’s app has been reported as a personal information stealer.

One comment

Make a comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s