Paypal Purposefully Killing Performance?

Praetor

Praetor

Administrator
Staff member
Preface
For anyone trying to verify here are the criticals:
- OS Windows XP (5.1.2600.2868).
- Browser IE (6.0.2900.2180.xpsp.060315-1524)
- Firewall Kerio Personal Firewall 4.22.911
- ISP Anomaly confirmed on multiple ISPs each with a connection in excess of 4Mbit/s downstream

Firewall Configuration
- "Allow IE outbound access for port 80"
- Everything else (and I do mean every-single-thing) is whitelisted by Host IPAddress + port (using ranges and masks as appropriate).
- Everything (and i do mean everything) is white listed with respect to javascript, activex, referrers, cookies blah blah

Issue
  • Opening Paypal via http://www.paypal.com is fairly quick and straight forward. No complaints here
  • Now if I open Paypal via https://www.paypal.com some interesting things happen
    • Numerous connection attempts are made on port 443 to 216.73.86.61, 216.73.87.61 (both belong to doubleclick.net). These connection attempts are blocked.
    • Numerous connection attempts made to 216.52.17.206, 216.52.17.225, 216.52.17.134 (all of which belong to 2o7.net). These connection attempts are blocked.
    • Load time is significantly increased (on the order of 15 seconds as compared to the http version which was virtually instantaneous)
  • Now, it seems that if I allow those two above offending connection attemps, the load time is back to "virtually instantaneous"

One might infer that Paypal (directly or indirectly) is purposefully throttling performance for people who dont load the stupid adverts. Comments, questions, theories and postulations welcome.
 
https = secure right? I didn't know that going secure would block advertising. My first thought was that paypal was trying to secure the connection or something.
 
443 = https = secure yes

My hypoths would be that Paypal is "sneaking" this 2nd tier stuff (doubeclick, 2o7) in through 443 (because most people who run something more advanced than say ZoneAlarm/ICF might be "intimidated" into allowing anything "secure" through)
 
Well I clicked your links, but nothing different happened. Norton Firewall did not pick up anything connections that weren't supposed to be there, and loading time was normal. I'll run a scan and see if there was anything "sneaked"
 
Oh its most definitely making some connection of some sort. It gets stuck on the top bar for a bit (which seems to be what is taking so bloodly long to load) and then loads everything else. As for the Kerio alert in the bottom right of the screenshot, all 9 instances are to the same IP and span a period of just under 1minute (told you it was long load time :P).
 

Attachments

That's strange...

I ran a Ad-aware scan and found some wee bitty tracking cookies. Since they could come from anysite, I will now open the paypal site again, and run an other scan, and see if there planting them tracking cookies.

Back in a flash

EDIT: Nope no bugs planted. It just doesn't seem like anything happening (using my firefox as internet program)

Looks like paypal don't like you :P
 
Last edited:
EDIT: Nope no bugs planted. It just doesn't seem like anything happening (using my firefox as internet program)
Click to expand...
I never said that bugs were getting through :) I dont think NIS is robust enough to give you proper IP-redirection alerts so it would slip by but rest assured there are connections being made (dont think NIS support it but if you can flag specific ip ranges, you'll note it that way)
 
they recommend u to use the secure one cuz there are alot of paypal spoof sites.
Click to expand...
Im aware of that however it doesnt explain why there is a slowdown if i packet filter out trash like doubleclick.net and 2o7.net -- that and one would think the fancy secure site would be void of that kinda user tracking garbage.

As for spoofing, Paypal has it own issues -- the IP addies used by paypal.com dont match what is listed there -- and you would think a financial institution (abstract as it may be) such as paypal would be concerned enough about security to keep the list accurate
 
Last edited:
I don’t think you guys get what he is saying (Unless it’s me who doesn't get it?)


He is saying there are adverts on https, and if you use something to BLOCK the IPs where the ads come from the page time is significantly slower. So if you block their advertisements page loading is slow. If you let them through then page time is very fast again.
Am I right Praetor? Or at least somewhere along the right lines...
 
Last edited:
Really?

Well, hey does this explain why..

For me, whenever I make a payment, like for example through paypal. It seems as if their server take forever to respond.

However, when I log in and just check manually, it is actually quite quick.

I never really thought about it until now, since I use wireless and I always assumed since I am on wireless, things like this happen.
 
I wonder if they havent upgraded thier servers lately, or they may not have enough stuff for all the users they have. I dont have paypal, but my dad does and he has problems a lot.
 
Heya

Well I have tried it and it does take about 10 seconds before the page loads up for me as well. There is definitely something not right as you have suggested Prae. I have allowed IE to do stuff on the Internet without asking so I do not get any warnings :)

JAN :D
 
Praetor said:
Preface
For anyone trying to verify here are the criticals:
- OS Windows XP (5.1.2600.2868).
- Browser IE (6.0.2900.2180.xpsp.060315-1524)
- Firewall Kerio Personal Firewall 4.22.911
- ISP Anomaly confirmed on multiple ISPs each with a connection in excess of 4Mbit/s downstream

Firewall Configuration
- "Allow IE outbound access for port 80"
- Everything else (and I do mean every-single-thing) is whitelisted by Host IPAddress + port (using ranges and masks as appropriate).
- Everything (and i do mean everything) is white listed with respect to javascript, activex, referrers, cookies blah blah

Issue
  • Opening Paypal via http://www.paypal.com is fairly quick and straight forward. No complaints here
  • Now if I open Paypal via https://www.paypal.com some interesting things happen
    • Numerous connection attempts are made on port 443 to 216.73.86.61, 216.73.87.61 (both belong to doubleclick.net). These connection attempts are blocked.
    • Numerous connection attempts made to 216.52.17.206, 216.52.17.225, 216.52.17.134 (all of which belong to 2o7.net). These connection attempts are blocked.
    • Load time is significantly increased (on the order of 15 seconds as compared to the http version which was virtually instantaneous)
  • Now, it seems that if I allow those two above offending connection attemps, the load time is back to "virtually instantaneous"

One might infer that Paypal (directly or indirectly) is purposefully throttling performance for people who dont load the stupid adverts. Comments, questions, theories and postulations welcome.
Click to expand...

Thats interesting...
 
He is saying there are adverts on https, and if you use something to BLOCK the IPs where the ads come from the page time is significantly slower. So if you block their advertisements page loading is slow. If you let them through then page time is very fast again.
Am I right Praetor? Or at least somewhere along the right lines...
Click to expand...
Thats precisely what I mean.

For me, whenever I make a payment, like for example through paypal. It seems as if their server take forever to respond.
However, when I log in and just check manually, it is actually quite quick.
Click to expand...
Possibly related but what I was referring to was simply loading the paypal website - once you've logged in and such I think I recall the same IPs poppingup from time to time again but ive not gotten around to logging in and stuff yet (not until the rest of the firewall rules are built up)
 
Interestingly enough, these extraneous spam connections are made whenever there is a paypal button ... and there are TONS of websites out there with paypal buttons....

and thanks to the joys of automatic page refreshing, the site (which has a paypal button) constantly tries to connect to these IPs
 
Sounds fun.....Is there a way when you have the paypal button you could take out the code in it that does it? Or is the the actully paypal server that does it?
 
You must log in or register to reply here.
Back
Top