I am felling a little cantankerous.

There are a few ways to get around the AdBlock Firefox plugin, and I’ve yet to see any site do it. For a hoot, here is one way to get around Adblock. (My teaser post a year ago gets a heck of a lot of traffic, and no one offered me 5 million for this – doh)

(If this post makes you upset: While this isn’t really an exploit, it can kind of be seen that way. Isn’t publishing exploits good for security? This should just make AdBlock stronger in the end.)

One flaw of Adblock is that you have to deny images, or explicitly block ads. Adblock makes this easy by letting you do regular expressions to block ads, but this also means that you have to find patterns in the ad URL. So the simplest way around Adblock is to never create ad URLs that have a pattern.

This will become an arms race at some point, but as long as you can keep URLs random – file name, directory name, and directory levels – it should be near impossible to create a regular expression to stop the ads. In the example, the URL is only mildly random, and using a real word every once in a while should make it even more difficult to defend against (though I think even the example would be hard to keep ads from showing up).

One other thing required for this technique to work is the ads have to be served from the same domain as the other content – or at least appear that way. If you use an ad server that supports RPC calls to get the ads to display, or if you serve your own ads you can use this technique.

The reason the ads need to come from the same domain is because it makes creating a rule like http://robrohan.com/* a bad thing. Doing a rule like that will stop the ads, but it will also stop every image on the site. If you have at least somewhat interesting content (say an image in the article), they are less likely to create that rule.

So here is how you use the technique. (This stuff is not really new, just applied in an effort to subvert adblock)

The example uses Apache mod_rewrite to force URLs that look a certain way to the ad generation page.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^([a-zA-Z0-9\/]+)/([a-zA-Z0-9]+)(.*)$ ad.php
</IfModule>

You can tweak this to your liking / needs, but, again, you’ll want the randomness to start at the root of the site. Most frameworks hit the index page on the root and delegate work out from there. If you are using a framework like that you should be golden, else it should still work with a bit of tweaking. In the example, it calls another php page with no problems for example.

You could do the mod rewrite stuff with straight php, asp, cf, ruby or whatever too if you want (or if you use IIS).

Once the when-you-get-some-random-stuff-send-the-request-to-the-ad-generation-page process is setup, you can write some sort of random url generation function that will cause that rule to fire. Then use this function everywhere you want to show an ad. In the example I am using:

<

pre> function ad_url($base) { $levels = rand(1,10); $fake_dir = ”;

for( $x=0; $x<$levels; $x++ ) {
    $bit_o_stuff = md5(uniqid());

    $part = substr($bit_o_stuff, rand(1, strlen($bit_o_stuff)), rand(1,strlen($bit_o_stuff)) );
    $fake_dir .= $part . '/';
}

return $base . $fake_dir;

}

Which basically just creates a path that could be between 1 and 10 levels deep with random directory names. The urls it spits out would look something like:

http://robrohan.com/UnAdblock/4e9800998ecf8427e/0b204e9800998ecf8427e/800998ecf8427e/8/98ecf8427/8f00b204e9800998ecf8427e/0998ecf/f8427e/204e9800998/204e9800998ecf8427e/

or

http://robrohan.com/UnAdblock/27e/04e9800998ecf8427e/

or

http://robrohan.com/UnAdblock/b20/8ecf8427e/9//998ecf8427e/427e/e/98f00b204e9800998ecf8427e/427e/

(remember for the example it's in a subdirectory, but you'd want the URL from the root when doing it for real)

The last part is the ad.php file which just loads and shows some ad:

header('Content-Type: image/jpeg');
//lots of hardcoded stuff, but you get the idea
$x = 0;
$images = array();
    
//get a listing of files from a directory or from a database
for ( $x=0; $x<=3; $x++) {
    $images[] = $x . '.jpg';
}
    
$full_path_start = str_replace('ad.php', '', $_SERVER['SCRIPT_FILENAME']);
$dsp_image = rand(0,3);
echo file_get_contents($full_path_start . 'images/' . $images[$dsp_image]);

The result can be seen on the example page.

Using this in the real world you'd have to have a way to know which ad you were showing to create the proper anchor tag - you could have the first number of each subdirectory be a digit of the ID or something, but remember patterns are your enemy.

Anyway, I hope that was fun. And I eagerly look forward to being bombarded with ads.