My content-security-policy has blocked more malicious ads

I see a lot of entries for countmake.cool (purposely not linked) in my Content-Security-Policy logs. These are folks who have some malware installed on their desktop, when they surf to my blog, they get redirected and advertising injected. Except that my CSP forbids this (since I don’t allow them img-src or script-src permission).

I wrote about this earlier. I’m appalled that such things exist. I’m also saddened that its come to this, a spy-vs-spy one-upmanship games where people like me spend time adding rules to prevent malware writers from taking advantage of folks.

Once again, I’ll suggest an action. Head to https://observatory.mozilla.org. Enter a site name that you use. If it doesn’t get a great score, write to the owner: get it fixed.

 


Posted

in

by

Tags:

Comments

One response to “My content-security-policy has blocked more malicious ads”

  1. Alex Leyn

    Re: spy-vs-spy: ICE and ultimately Black ICE are inevitable (regardless the “electronics” misnomer): https://en.m.wikipedia.org/wiki/Intrusion_Countermeasures_Electronics

Leave a Reply

Your email address will not be published. Required fields are marked *