Jump to content
Not connected, Your IP: 3.137.219.68
wintermute1912

What is the purpose of the aek_id variable at https://airvpn.org/entry?

Recommended Posts

Posted ... (edited)

You may well know that it's a DDoS protection mechanism. You may also be as far as knowing that aek_v is version (currently 14, as seen in your screenshot; your blur is ineffective, I'm afraid) and aek_url is where to redirect the browser after a successful check.

Now, the /entry webpage has some JavaScript code there which I didn't read too closely. But it suggests that the browser is to run some calculations, the result of which will be checked against what the server calculated. The aek_id might identify the calculation on the server against which the result of the browser is checked. If they match, you may pass. I assume this checks whether JavaScript runs and whether it runs correctly (as in, it's not a dummy/stub) on the client.

DDoS against web servers is usually not done by normal browsers but by automated programs mimicking them. As such, they don't usually run JavaScript. So those bots keep attacking the shell of a clam (that checking server) and the pearl inside is safe (AirVPN forums).

Edit: I found a related Stack Exchange question about CloudFront's protection mechanism (the infamous Checking your browser, you will be redirected in five seconds page).

Edited ... by giganerd
Stack Exchange

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
On 12/29/2019 at 12:11 PM, giganerd said:

You may well know that it's a DDoS protection mechanism. You may also be as far as knowing that aek_v is version (currently 14, as seen in your screenshot; your blur is ineffective, I'm afraid) and aek_url is where to redirect the browser after a successful check.

Now, the /entry webpage has some JavaScript code there which I didn't read too closely. But it suggests that the browser is to run some calculations, the result of which will be checked against what the server calculated. The aek_id might identify the calculation on the server against which the result of the browser is checked. If they match, you may pass. I assume this checks whether JavaScript runs and whether it runs correctly (as in, it's not a dummy/stub) on the client.

DDoS against web servers is usually not done by normal browsers but by automated programs mimicking them. As such, they don't usually run JavaScript. So those bots keep attacking the shell of a clam (that checking server) and the pearl inside is safe (AirVPN forums).

Edit: I found a related Stack Exchange question about CloudFront's protection mechanism (the infamous Checking your browser, you will be redirected in five seconds page).


Thank you for the reply. It didn't occur to me that it could be a DDoS protection mechanism but further investigation of the (beautifully obfuscated) JS certainly points in that direction.

It was only my intention to the obscure the aek_id with the blur btw but as it turns out I needn't have bothered as this variable is different with each browser instance. I can't claim to understand exactly what the entry JS does but it seems the aek_id is purely arbitrary. My only concern was it was static and unique and somehow generated from identifying elements of my browser.

All good!

Share this post


Link to post
2 hours ago, wintermute1912 said:

as this variable is different with each browser instance


Well, I had a weird issue on an old Waterfox profile where I wouldn't pass the test. The site was reloading continuously and everytime it did it would generate a new ID. Also, AirVPN is on a sticky tab, and after a few days its history would contain all the security checks I passed in the past. The ID is always different. That's how I know. :D

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
Guest
This topic is now closed to further replies.

×
×
  • Create New...