Spyderturbo007 19 Posted December 14, 2020 Posted December 14, 2020 I know this isn't really an Emby issue, but I'm wondering if Open Subtitles is really something Emby wants to be associated to. I'm posting this here in case the the developers might not know what they are doing over there. I've been trying to get it to work. I'm using the link inside of Emby to try and "Sign up". http://www.opensubtitles.org/ I get to the site and about 2 seconds later, I'm redirected to https://watchmovies4k.vip/watch/tt0156323/?st=opensubtitles.org&cv1=rd_ Once redirected, there is no way to get back. If I manage to actually hit the register button and fill out the registration form, I'm redirected to yet another pay site which caused Malwarebytes to have a heart attack. I think my registration might have went through, but now I can't even get to the sign-in page. Like I said, this isn't an Emby issue, but I'm not sure I would want to be recommending this site to anyone. 1 1
Luke 42081 Posted December 14, 2020 Posted December 14, 2020 Hi, Yea we'll be happy to drop it when better sources become available.
Beebo 4 Posted December 14, 2020 Posted December 14, 2020 I've never had any issues like this with the website. It's legit, and I humbly suggest the OP check for malware and install an ad blocker such as uBlock Origin.
Spyderturbo007 19 Posted December 14, 2020 Author Posted December 14, 2020 (edited) There is definitely not any malware or BHOs on my machine. I already run an adblocker for Firefox. So are we saying that no one else is getting redirected when navigating to the https://www.opensubtitles.org website? I can't even get registered. Edit -> I just logged into my computer at work and tried it, same redirect. Edited December 14, 2020 by Spyderturbo007
RokuGuys 10 Posted December 14, 2020 Posted December 14, 2020 Just tried the link and as the OP suggested, it redirected to the watchmovies site and the browser back button was disabled as well. It takes you to random sites each time on mouse click, with pop up malware and stuff. Kinda scary. Even my AVG antivirus showed a pop up stating blocked some sites as blacklisted. Once I installed the uBlock add on, it fixed the redirect and now I can browse and search for movies. But the add on counter already shows as it blocked over 650 links in under 3 minutes. Not very reliable site I would say if this is how it behaves. Use at your own risk. 1
Spyderturbo007 19 Posted December 14, 2020 Author Posted December 14, 2020 Thanks for the confirmation RokuGuys. A script blocker did it for me. I'm not quite sure I want to sign up. Seems like it might not be a good idea for Emby to be directing users to sites filled with malware, but that's just my opinion. 1 1
RokuGuys 10 Posted December 14, 2020 Posted December 14, 2020 34 minutes ago, Spyderturbo007 said: Thanks for the confirmation RokuGuys. A script blocker did it for me. I'm not quite sure I want to sign up. Seems like it might not be a good idea for Emby to be directing users to sites filled with malware, but that's just my opinion. I am not sure how these ad block add ons work with emby server. Your browser handles the redirect but what about emby? I dont want these malwares getting pulled down into my PC when emby makes a request. Correct me if I am wrong.
speechles 2055 Posted December 14, 2020 Posted December 14, 2020 (edited) https://www.opensubtitles.org/en/search/subs Does not it redirect you here? It sounds like DNS hijacking to me. They have been hacked and some of their name servers are sending users to the wrong location. EDIT: nope looks like they are selectively choose who to abuse... <script type="09e2719fb3147ad0679973c3-text/javascript"> var fcn_imdbid = document.body.innerHTML.match(/(tt)[0-9]\w+/); var fcn_url_tmp = "https://pl.moviesflix4k.work/?st=opensubtitles.org&plcm=fb"; if(fcn_imdbid) { fcn_url_tmp = "https://watchmovies4k.vip/watch/"+fcn_imdbid[0]+"/?st=opensubtitles.org"; } var fcnparams = {u:fcn_url_tmp,c:"Movie",sz:"120",p:"min",d:"3",nt:"3",oint:"false",sm:"true",pos:"bottom",m:"Watch or Download the Movie in HD? ",vid:"83b21a3b-cc5d-40ea-a97b-b22952123d83"}; </script> That is the segment from their website doing the maliciousness.. Edited December 14, 2020 by speechles
RokuGuys 10 Posted December 14, 2020 Posted December 14, 2020 1 minute ago, speechles said: https://www.opensubtitles.org/en/search/subs Does not it redirect you here? It sounds like DNS hijacking to me. They have been hacked and some of their name servers are sending users to the wrong location. If you don't have the ublock plugin, it goes to a third party site - watchmovies4k.
speechles 2055 Posted December 14, 2020 Posted December 14, 2020 (edited) Looks like they are selecting when to send users to that other site depending on the regular expression sees an imdb id. Once it does off you go to the redirect to earn them money for refer you there. It looks like a trap. Maybe that is malicious advertisers inserting that stuff? It looks hand inserted though if you inspect the html. Like it is on purpose not by accident. The fact it is trap/block the back button means it might be malicious advertising. That is what those nefarious things do. But again it also might be on purpose to make you think they are being DNS poisoned/hijacked or an advertising trap when in reality it is them doing it all along. <Insert conspiracy theory here /> Edited December 14, 2020 by speechles
RokuGuys 10 Posted December 14, 2020 Posted December 14, 2020 4 minutes ago, speechles said: Looks like they are selecting when to send users to that other site depending on the regular expression sees an imdb id. Once it does off you go to the redirect to earn them money for refer you there. It looks like a trap. Maybe that is malicious advertisers inserting that stuff? It looks hand inserted though if you inspect the html. Like it is on purpose not by accident. Are you saying someone hacked into their server and modified the html?
speechles 2055 Posted December 14, 2020 Posted December 14, 2020 (edited) I am saying it is either their advertising doing this.. or.. they are doing it on purpose. They use advertising to insert html into the webpage. That advertising appears to be malicious in itself and is quite similar to what other torrent sites use. The ad itself is causing the redirect it appears. Not opensubtitles themselves. But the fact they need money. They sometimes use advertising. That advertising is not checking validity of exploits in the code against certain browsers. The current version of Firefox is immune to this advertising redirect hijacking. Other browsers may not be. That is what this looks like it is. The advertising is stealing users from the site and force them to visit theirs. This is user hijacking via ad tracking/placement of javascript inserted into the html of the webpage. The other browsers will eventually become wise to this as Firefox has. The problem is opensubtitles needs funding. To get funding you sometimes tie in advertising to unscrupulous people who will steal your users to make them their own. This is all an attempt to get you to sign up on that other site. That other site likely is riddled with different types of browser exploits to try to infect you to steal your bitcoins/wallet/paypal/passwords/etc or even worse they will encrypt all your files and demand a ransom. Not saying opensubtitles is the bad guy. I am saying their choice of partners is seriously a concern. @Luke You may want to abandon use of them post haste and contact them to ask about abuse of your users. I am quite serious. This is a concern. Edited December 14, 2020 by speechles
pwhodges 2012 Posted December 14, 2020 Posted December 14, 2020 I am using Opera with the built-in ad-blocker enabled, and I have never seen this redirect. Paul
crusher11 1101 Posted December 14, 2020 Posted December 14, 2020 Never happened to me either, but I can't download anything. The download button just refreshes the page.
speechles 2055 Posted December 14, 2020 Posted December 14, 2020 (edited) See that nonsense on the right side of the page? See how they want to hide your identity and sell you a VPN. BTW that isn't my IP it is just a random IP from the VPN I was using at that time. They are a mockery now. They are a joke. But nobody is laughing.. except us.. LOL. Edited December 14, 2020 by speechles
Beebo 4 Posted December 14, 2020 Posted December 14, 2020 Most curious...! I've never had issues using Firefox, but I just visited opensubtitles.org using Microsoft Edge (the new one) which has no extensions and no blockers of any kind installed, and sure enough, I got the same ads and near-instant redirect to that movies4k site. I did manage once to go back to opensubtitles.org and stop the page loading before the redirect took place, though. It must be some kind of third-party hijack, otherwise it would just be opensubtitles shooting themselves in the foot... just as speechles explained. Having said all that, Emby Server is just using the site to download subtitles directly...it won't respond the same way a web browser does and act upon all of the HTML code. I'm just not really worried something malicious is going to get into the server that way. Or maybe I'm just naive.
Spyderturbo007 19 Posted December 20, 2020 Author Posted December 20, 2020 Looks like they are completely down now.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now