|
Originally Posted by jiejie
(Post 17966142)
The DNS traffic is definitely being sent through the VPN. The VPN client configuration for China includes auto-flushing the DNS cache upon access and upon shutdown.
Try manually changing your DNS servers for your network device, not just your VPN client, to something like 8.8.8.8 and 8.8.4.4. This would conclusively eliminate the possibility that it's a DNS issue, which is what I suspect given your current explanation and some of the code in the popup you linked previously. |
Originally Posted by Scifience
(Post 17973349)
The DNS cache may be getting flushed upon connect, but if your computer is still, for whatever reason, sending DNS requests to China Unicom's servers through the VPN, this could explain why you're still seeing the ads.
Try manually changing your DNS servers for your network device, not just your VPN client, to something like 8.8.8.8 and 8.8.4.4. This would conclusively eliminate the possibility that it's a DNS issue, which is what I suspect given your current explanation and some of the code in the popup you linked previously. |
Originally Posted by Taiwaned
(Post 17974033)
Does this mean that the VPN is not that secure without this adjustment? Or visible to others?
|
Originally Posted by tauphi
(Post 17974629)
Indeed, if you're using an untrusted DNS server then even if you're going through a VPN you may end up sending your non-HTTPS traffic to an untrusted web server.
|
Originally Posted by Scifience
(Post 17976051)
This is mostly correct; the untrusted DNS server would never be able to see the content transmitted over your VPN, only the domains you visit. In fact, this would apply not only to HTTP traffic, but to any protocol accessed via a domain rather than IP, including HTTPS. For instance, China Unicom wouldn't know your credit card number or what you ordered, but they could see you visited Amazon.com even if the entire communication was over HTTPS.
HTTPS would at least warn you if they tried it, of course many people ignore such warnings, in which case even HTTPS can be hijacked. There have also been cases where the CA issuing authority itself has been compromised and bogus certificates issued (e.g., gmail in Iran) in which case if your browser is not up-to-date then you won't even get a warning with HTTPS. |
Haven't fiddled yet with suggestions above but may do so. Haven't seen a pop-up with or without VPN in about 4 days. This may be due to ISP taking a break from these Ad Attacks. I'm less inclined to believe that due to massive anger from the Chinese netizens, the government has shut this practice down....but I can still dream.
Thanks for comments provided so far. |
@Moondog Thanks :)
@jiejie I don't think we're quite that lucky. I've been trying to figure out some rhyme or reason as to how often the pop-ups occur. Unfortunately, they seem to be extremely random. They may appear a few times an hour or once every few days. |
It's not a virus. It's a DNS JavaScript injection by the ISP. You can get rid of it on Firefox by installing the NoScript Ad-on. The ad-on will even allow you to permit the script or not permit.
|
| All times are GMT -6. The time now is 5:05 am. |
This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2026 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.