And the attacker immediately started to override CSS rules. I made a counter attack again. See
REAL: http://msydqstlz2kzerdg.onion/ FAKE: http://msydqjihosw2fsu3.onion/ Let's see what is the next move from the attacker. He is probably reading this mailing list. -Juha On Tue, Mar 8, 2016 at 2:50 PM, Nurmi, Juha <[email protected]> wrote: > Hi, > > As you may have heard someone runs fake sites on a similar address to the > original ones and tries to fool people with that. Fake sites are transparent > proxies with MITM. > > I added this detection to ahmia.fi's onion site: > > REAL: http://msydqstlz2kzerdg.onion/ > FAKE: http://msydqjihosw2fsu3.onion/ > > This is a CSS trick and works without JavaScript. CSS checks the address > using regexp and if it is not correct it will activate warning text. > > @-moz-document > regexp('(?!https?://ahmia\\.fi|https?://localhost|https?://127\\.0\\.0\\.1| > http://msydqst.*2kzerdg\\.onion).*') { > > /* Alternative CSS content rules for fake site. */ > > } > > It's not perfect solution but again we can make the attacker's life hard. > > Peace, > Juha > -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
