Hi, this is a known issue for others, so please see the Apple Support Communities page.

If your question is resolved by this or another answer, please take a minute to let us know. Thank you.

Thanks so much for the guidance. I followed the instructions and so far so good.

It feels good to know help can be reached.

THANKS!

Having just received a PM from EmmaFirefox it seems that the problem has come back, so we are still looking for a definitive solution...

I've been tracking this "Great Cannon " thing since it started in February. Basically, (allegedly) via the Great Firewall some connections to javascript files (like facebook's sdk javascript) are redirected to a javascript file designed to turn browsers into bots for (presumably) the Chinese government.

This is possible because 1. the connections go through the firewall and 2. because the connections are not encrypted.

So what's the fix?

First of all, blocking http://wpkg.org/my.js and http://www.ptraveler.com/pt.js or even connect.facebook.net/en_US/sdk.js is not a long-term solution. These measures will work in the short term. But eventually the adversary will simply change the location of the my.js/pt.js file or start using a different js file for the redirection (Google's ga.js, for example).

So what's the real fix?

1. Using HTTPS Everywhere is a good start. With this add-on, Firefox will connect using HTTPS to any site that has the ability to use HTTPS. This is not a full solution. It may fail if the adversary forges SSL certificates for websites like Facebook using a trusted certificate authority, for example. But it is an easy one. If this add-on doesn't fix the issue, move on to fix #2.

2. Use a VPN (which exists outside of China) when accessing websites outside of China (and vis versa). This will allow all of your traffic to travel across the great firewall without tampering. If this does not fix the issue, you need to do #3 as well.

3. Change your DNS server settings to use non-compromized public DNS servers. Then clear your DNS cache to remove any bad records which are causing the redirection.

P.s. If you're wondering why this issue doesn't appear to happen in some browsers (ex. Opera). As best as I can tell, the redirection is still happening, and the affected browser is still becoming a bot; but the browser is handling it in a way that the user is able to continue browsing relatively unaffected.

Thank you so much Mark. Let me share my experience.

I use VPN, but there are times you need to access pages without it, then you open the chance for it to trap you.

I used the add-on AdBlock lite, but it worked for one day. Then I added Adblock plus and it did a better job. But it is as you said, to connect HTPPS when possible with the add-on.

Thanks to the guidance of Scri_uk, I also needed to purge the cookie of this wkpg page and clear the cache and reset.

Even though it worked in Opera, it would display a window about Java errors, but let me continue navigating.

Maybe this is not the place, but the news from China Daily of today says this was a rare direct attack to the servers of telecom carriers, mainly China Telecom, the biggest Internet service provider.

Once again, thanks to you all!