########################################################################################## ADBLK-28: Review blocking of img1.wsimg.com ########################################################################################## Issue Type: Bug ----------------------------------------------------------------------------------------- Issue Information ==================== Priority: Major Status: Closed Resolution: Done (2021-08-19 09:11:51) Project: Adblock Lists (ADBLK) Reported By: btasker Assigned To: btasker Time Estimate: 0 minutes Time Logged: 0 minutes ----------------------------------------------------------------------------------------- Issue Description ================== The domain img1.wsimg.com was added to my blocklists quite a while ago in 423a33d. It's used to host images for GoDaddy hosted sites, but _crucially_ was also being used to inject unwanted tracking code without the site owner (much less the user) giving consent as part of GoDaddy's Real User Metrics (RUM) program. At the time it came to my attention, the result was that it had broken a whole load of people's sites, preventing other scripts and images from loading. More details here: https://www.igorkromin.net/index.php/2019/01/13/godaddy-is-sneakily-injecting-javascript-into-your-website-and-how-to-stop-it/ That was a couple of years ago, and blocking that domain does cause collateral damage - GoDaddy users will find their dashboard doesn't work properly, and blogs hosted with GoDaddy may not be able to serve images (as per https://github.com/bentasker/adblocklists/issues/3). It'd be worth having a poke about and seeing whether GoDaddy still do this, with an eye to either - Removing the block completely - Refining the block so it catches their injected JS *without* blocking images/desirable content ----------------------------------------------------------------------------------------- Issue Relations ================ - Github #3 (https://github.com/bentasker/adblocklists/issues/3) - Commit 423a33d (https://github.com/bentasker/adblocklists/commit/423a33d467304589c5756e987add60d16d4d6fc7) ----------------------------------------------------------------------------------------- Activity ========== ----------------------------------------------------------------------------------------- 2021-08-19 08:55:29 btasker ----------------------------------------------------------------------------------------- Based on this comment (https://www.holycowonlinemarketing.com/website-development/godaddy-hacks-wordpress-sites-says-monitoring-performance/#comment-21467) it looks like GoDaddy are still doing this. They were serving their code from https://img1.wsimg.com/tcc/ so we can adjust to blocking that path. It submits to a domain under secureserver.net but the specific subdomain used seems to change. Best bet then is to just block that path. ----------------------------------------------------------------------------------------- 2021-08-19 09:02:10 git ----------------------------------------------------------------------------------------- -- BEGIN QUOTE -- Repo: adblocklists Commit: 77a1ec49719e1207f2978fcc271d7871edc4aa4f Author: B Tasker