RE: Opera Touch cannot be used to test local web pages on iphone.

@antimech As a workaround, if the whole URL is entered, it works, eg: http://192.168.1.2:8080

When I enter 192.168.1.2:8080 in the address bar in order to make Opera Touch connect wirelessly to the localhost server running on my computer (in order to test websites that I develop), the URL is considered a search query and Opera Touch searches the web instead. This is a usability bug that prevents testing of local PC pages on mobile. I can do such tests in Safari, Firefox and Chrome that work correctly on iphone, but not in Opera Touch (I haven't tried Opera Mini).

@john021 I experienced once more that issue from another website (the malicious page was identical), so I did what you suggested and it worked - I was able to close that page, thanks. Still, that is just a workaround that almost nobody knows.

BTW, Kapersky found a couple of Trojans on my system, one of them was on a program I had downloaded recently for an iphone app, as I was searching for iphone apps these days. Assuming that every file that is created is checked, the Trojan was added at a later time, most likely by that website -despite the browser, the Ublock Origin and the antivirus. Also, another (legit) adware app caused my iphone to stop charging just after I accidentally opened one of its ads (and it took me some time to think of a solution which was to reset all settings and re-enter them one-by-one). So the websites are not prevented from causing harm, the web standards are - kindergarten-level to say the least....

@blackbird71 said in So it is impossible to natively block a malicious website in Opera, right?:

Given that in current chromium rendering engines, extensions potentially have the ability to hook a browser's 'internals' before the browser actually processes the site code, the browser may not be able to "escape" what an extension does. This is how Ublock Origin, Ghostery, and many other similar extensions are able to block sites (or portions thereof) effectively. A malicious extension can use the same hooking mechanisms to inject ad pages into the browser data stream, and there is little that can be done in the browser itself to over-ride the behavior other than disabling/removing the offending extension. There is currently much controversy over chromium developers' recent efforts to reduce the scope of some of the extension hooking since that would also make ad blockers less effective, though it would tend to reduce the attack surface used by rogue extensions.

That is the problem, browser, page code and extensions almost run on the same level.
Obviously, the whole browser-extension architecture (all browsers) is flawed and primitive.

Instead, the user should always have the highest level of control and priority, next should come the browser and last the page code and the "extensions". The page code and the extensions should run completely isolated from the real world and whenever they need to "communicate" they should only be able to request high-level features implemented, provided and supervised by the browser with a safe protocol.
So there will be only one specific entity responsible for the implementation: the browser, and no harm should be possible by any code running inside a web-page or extension.

All data (sensitive or not) should only exit the browser in an encrypted (useless) form and local access should be highly restricted.

The ads should have a specific user-friendly standard. Non-standard ads reported should cause the ban of the website. So if the user doesn't want ads, there will be no ads -no ad-blocker extension required.

If and when a nasty behavior is noticed by the user, both the effect and the cause would be easily identified by the middle guy -the browser and blocked by the user, eg, not just the URL, but also the page or extension that opened it.

That I would call a user-centered browser -just a few ideas.

It was an aggressive adware/malware of the sort "you are the lucky winner" that was called by some specific website or installed without my consent.
In both cases a browser should not allow full control without an escape method, by any website and any addon when the code itself is not infected.
That is perfectly feasible. Period.

Each time I forced shut down of the Opera via task manager and cleared all history -except logins, but it appeared again. I had left tens of websites open though, so most likely one of them was calling that site again. Not one was of the "suspicious" kind though. The malware website had the same basic domain, hotbaby.tk. or hotbabyp.tk -I think it was the later. At some point I closed many sites and now has stopped appearing for more than 24 hours.

If Opera provided a user-defined blacklist, other than the "malware block" blacklist that is not editable, I could have get rid of that site in seconds.

Despite it was not a virus, I have started a full Kapersky scan but it will take many hours to scan those terrabytes.

The last three days while browsing I'm getting about once per day an annoying malicious website popup that takes control of the browser and I have only two options:
a) click on it's malicious popup and say "yes" I want to leave (and who knows what it is going to use my click for)
b) force shutdown of the Opera browser via using the windows task manager.

I can't help but noticing the lack of protection for such websites:
a) Where is Opera's protection? Why a website should take control of the browser and not allowing me to click any of its buttons, other than what that site wants me to click?
b) Why there is no option to block a specific website from loading?

Unless I'm missing something.

*I also have the apparently useless addon 'Ublock Origin' and the Kapersky Internet Security, The later ensures that there is no virus.