1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mpsnare? iesnare?

Discussion in 'Black Hat SEO' started by loclhero, May 1, 2008.

  1. loclhero

    loclhero Supreme Member

    Joined:
    Jun 11, 2007
    Messages:
    1,453
    Likes Received:
    2,414
    Gender:
    Male
    Location:
    Copperhead Road
    What are these?
     
  2. diego99

    diego99 Registered Member

    Joined:
    Jan 1, 2008
    Messages:
    85
    Likes Received:
    30
    Location:
    Southern Hemisphere
    spyware??...
     
  3. caretaker2007

    caretaker2007 Power Member

    Joined:
    Dec 20, 2007
    Messages:
    720
    Likes Received:
    454
    Occupation:
    To create income streams
    Location:
    In a 6 by 3 plot
    Home Page:
    c:\documents and settings\[username]\Application Data\Macromedia\#shared objects\ which holds mpsnare.iesnare.com

    A file called stm.sol seems to be created, I guess this has a signature of your PC.

    Something about bookies, do you do online betting?

    EDIT TO ADD:
    ieSnare is a back-end fraud protection system that matches distinct device identities to online accounts. A database matching system, called the Device Reputation Authority, links devices and accounts allowing merchants to identify and flag fraudsters without revealing personal information. Once these devices are identified, forensic information can be shared with all organizational networks protected by ieSnare. This allows subscribed networks to make business decisions about individual connections, and allow, limit, or prevent access based on the reputation of the devices involved."

    Bodog uses it.
     
    Last edited: May 2, 2008
  4. loclhero

    loclhero Supreme Member

    Joined:
    Jun 11, 2007
    Messages:
    1,453
    Likes Received:
    2,414
    Gender:
    Male
    Location:
    Copperhead Road
    Thanks caretaker. I did some more research and saw it's used by a lot of online gambling sites for fraud protection but no, this comes up in my browser at the bottom when I try to log onto a site I'm using for bh purposes. Unrelated to gambling.

    I use ccleaner to clear up stuff like that but this seems pretty smart. I create an account and then within seconds the site logs me off and when I try to log on I see hxxp://3w.mpsna*re.ie*snare.c0m at the bottom of the browser.

    Do you think something like Spycatcher would get rid of it? I haven't run it yet but am going to now.
     
  5. finalanswer

    finalanswer Newbie

    Joined:
    Apr 4, 2008
    Messages:
    21
    Likes Received:
    6
    If it's a flash cookie, i.e. *.sol file, you need to delete it. If you use firefox install the "objection" plugin found here.

    LSO objects never get cleaned with your standard clear cookies command.

    Code:
    objection.mozdev.org/index.html
    It will let you remove LSO - aka flash cookies.

    finalanswer
     
    • Thanks Thanks x 1
  6. loclhero

    loclhero Supreme Member

    Joined:
    Jun 11, 2007
    Messages:
    1,453
    Likes Received:
    2,414
    Gender:
    Male
    Location:
    Copperhead Road
    Fukme there are some smart, cool people on here. I don't know where the rep button ever went but big props buddy.
     
  7. dons

    dons Newbie

    Joined:
    Jan 19, 2009
    Messages:
    1
    Likes Received:
    0
    Will deleting the stm.sol, prevent the sites from correctly identifying my computer or do I have to change my mac address to make sure they will not be able to track my computer?
     
  8. mehtuus

    mehtuus Newbie

    Joined:
    Nov 2, 2009
    Messages:
    1
    Likes Received:
    0
    On linux (in my case Ubuntu) this path:
    Code:
    c:\documents and settings\[username]\Application Data\Macromedia\#shared  objects\
    will look something like this:
    Code:
    home/[username]/.macromedia/Flash_Player/#SharedObjects/
    You will also find "*.sol" objects in:
    Code:
    home/[username]/.macromedia/Flash_Player/macromedia.com/support/flashplayer/sys/
    Depending you your distro, ymmv. You must enable "view hidden objects" in order to see files and directories that start with a "."
     
    Last edited: Nov 2, 2009
  9. AngelCalicoratte

    AngelCalicoratte Newbie

    Joined:
    Nov 14, 2009
    Messages:
    1
    Likes Received:
    0
    Well these posts seem rather old and when I tried to load the plugin it said it doesn't work with Firefox version 3.5.5 - anyone have any suggestions? :confused:
     
  10. litas

    litas Newbie

    Joined:
    Nov 14, 2009
    Messages:
    1
    Likes Received:
    0
    Hey, I use BetterPrivacy on my firefox!
     
  11. n0+4c|u3

    n0+4c|u3 Newbie

    Joined:
    Nov 18, 2009
    Messages:
    3
    Likes Received:
    0
    The best way to eliminate iesnare as a problem, is to tell it where to go. Literally, LOL

    add these two lines to your hosts file
    172.0.0.1 iesnare.com
    172.0.0.1 http://www.iesnare.com

    in windows it be in windows/system32/drivers/ect/hosts
    in Linux it should just be ect/hosts

    this is what you get after that
     

    Attached Files:

  12. 4lt3rn1ty

    4lt3rn1ty Newbie

    Joined:
    Nov 22, 2009
    Messages:
    1
    Likes Received:
    1
    or..... block LSOs completely

    https://nodpi.org/forum/index.php/topic,1969.0.html

    Edit: @ no+4clu3 - I think if you use the hosts method entries should be 127.0.0.1
     
    • Thanks Thanks x 1
    Last edited: Nov 23, 2009
  13. n0+4c|u3

    n0+4c|u3 Newbie

    Joined:
    Nov 18, 2009
    Messages:
    3
    Likes Received:
    0
    EDIT: the above post is indeed correct, I'm not dyslexic or anything, noooo :p
    127.0.0.1 iesnare.com
    127.0.0.1 http://www.iesnare.com/
    Is the correct address to input to your hosts file

     
  14. MisterF

    MisterF Jr. VIP Jr. VIP

    Joined:
    Nov 29, 2009
    Messages:
    7,524
    Likes Received:
    5,994
    Occupation:
    Conference Organiser, Business Advisor.,
    Location:
    JADIP
    Home Page:
    I have found the best way to block IESnare is, and always has been, to:-

    • Click the Start button, enter notepad in the bar at the bottom
    • Right-click on the Notepad item which appears at the top of the list
    • Choose "Run as administrator"
    • Allow Notepad to run as Administrator
    • Open C:\Windows\System32\drivers\etc\hosts
    • Add the lines:
    127.0.0.1 iesnare.com
    127.0.0.1 www.iesnare.com
    127.0.0.1 mpsnare.iesnare.com
    127.0.0.1 ci-mpsnare.iesnare.com


    And save the file. These instructions are for Vista, but I'm 100% sure Windows 7 will work in the same way and 95% sure the files will be in the same place.

    Now, whenever IESnare attempts to phone home, your networking system will give it the wrong address (127.0.0.1 is always the address of your own computer), and its messages won't get through. You can check this has worked by trying to go to www.iesnare.com in your web browser: you shouldn't be able to get there.
     
  15. r3dn4x

    r3dn4x Newbie

    Joined:
    Jul 7, 2008
    Messages:
    30
    Likes Received:
    7
    It's pretty obvious that other site's are using their own "PROPRIETARY" version of Snare to detect device signatures. (or they will be shortly)

    So the real question here is, what are the "10" unique device identifiers they are collecting (at i*vati*n). That is what all other sites will be using in the future.

    It has also come to my attention the same things can be "taken" from your pc using activex/possibly ajax etc.

    And can these "device id's" be changed? Or possibly altered on the outgoing, something to spoof the data being sent out via flash that contains your pc's identifiers. :)

    I mean, everyone knows how to change their MAC address....and if you don't here you go..... http://www.gorlani.com/downloads/dlchk.asp?fname=macmakeup.zip

    However, simply changing your mac isn't enough. That's for sure.

    Anyone have some detailed information on which 10 unique identifiers they are using & how they can all be changed on the fly? Please PM me, it would no doubt be worth some $ via paypal.
     
  16. powpowmeow

    powpowmeow Newbie

    Joined:
    Apr 5, 2010
    Messages:
    5
    Likes Received:
    0
    Sorry for the old bump, but...

    Does anyone have updated solutions on how to block these "snares"?

    I have tried running the batch files linked from this thread, and also edited the hosts file as mentioned above.

    I run Firefox in privacy mode with noscript and flashblock.

    Web sites, like gambling sites, are still able to use snares to detect my computer as a unique machine, and match it on a "negative" db

    Thanks in advance.
     
  17. denimgirl

    denimgirl Newbie

    Joined:
    Mar 7, 2012
    Messages:
    1
    Likes Received:
    0
    If you have Google Chrome, go to the little wrench at the top right corner of the page and click on it, on the drop down menu, click on History. It will take you to your browser history page. At the top, click on "clear all browser data". It will take you to a back room page, and a little window will pop up to clear your browser history. At the bottom of this little pop up window is a line that says "adobe flash player storage settings" click on that and you will come to a helps page. There is a little box that says "website storage setting panel". It has a scroll bar on the side so you can scroll to the mpsnare iesnare line and highlight it, then, at the top of the scroll box, click "delete website". That should take care of the problem. You may find other websites in that scroll box you want to delete as well. You can download Google Chrome for free. Its great!
     
    Last edited: Mar 7, 2012
  18. felipino2345

    felipino2345 Newbie

    Joined:
    Dec 13, 2013
    Messages:
    1
    Likes Received:
    0
    Guys any help on hot to remove/disable and block this mpsnare iesnare thing from a Mac computer running safare and chrome??