Alex-302
commented
1 year ago Is blocked nhidong315.com only?
@bigdargon Hi. Could you please take a look?
Closed Hexalyse closed 1 year ago
Alex-302
commented
1 year ago Is blocked nhidong315.com only?
@bigdargon Hi. Could you please take a look?
Hexalyse
commented
1 year ago Is blocked nhidong315.com only?
I'm not sure I understand your question, but blocking dns.ladipage.com would block every single website hosted using their service and having a CNAME record in their DNS zone pointing to dns.ladipage.com - which is the recommended way to do it in their documentation. I can only suppose that there are dozens, hundreds, or more websites (I hope most of which aren't shady websites, I don't know anything about this hoster) using this setup, that this filter list would thus block.
Alex-302
commented
1 year ago I need more examples or affected sites. Also want to know why that domain was blocked in https://github.com/bigdargon/hostsVN
ameshkov
commented
1 year ago We can ask @bigdargon :)
Hexalyse
commented
1 year ago I need more examples or affected sites.
Well, I ran a dig on dns.ladipage.com. It points on ladi-ladipage-dns-nlb-prod-2-33c473f14a5d5c08.elb.ap-southeast-1.amazonaws.com. which in turns resolves to those two IPs: 18.138.206.213 and 18.142.208.246
When using virus total to know some domains that point to those IPs, here is what we find: https://www.virustotal.com/gui/ip-address/18.138.206.213/relations and https://www.virustotal.com/gui/ip-address/18.142.208.246/relations
I tried some of those domains, and indeed, they just have a CNAME pointing to dns.ladipage.com. So, here you have a lot more examples of websites that would be blocked by this rule. I didn't check if they seem like legitimate or dangerous websites, tho. I just confirmed that a lot of domains use this hoster and this CNAME record.
Alex-302
commented
1 year ago We can ask @bigdargon :)
Asked in previous message.
@Hexalyse Are they related to dangerous sites?
Hexalyse
commented
1 year ago No idea... I'm not Vietnamese, not do I speak or read Vietnamese. I opened some of those domains randomly. Some of them seem to be completely legit websites, but indeed I see quite a lot of detected files (although, to be fair, when you search for an IP of a mutualized web-hosting server from any hoster anywhere in the world, you end up with flagged files, just because I guess some of them end up being hacked and serve as some kind of repositories to serve malware). Just for fun, here is the report I get with the IP that I got when resolving github.com : https://www.virustotal.com/gui/ip-address/140.82.121.3/relations
Maybe this hoster is known for having a lot of malicious or misleading websites hosted on it, so someone chose to flag the entire hoster DNS domain? I can only guess. @bigdargon might know more indeed.
The only thing I know is that the domain I provided first is supposed to be a legitimate website of a company trying to improve the medical system in Vietnam. I can only suppose there are lots of other legitimate websites hosted on their servers. After all, their website looks like any other hosting company.
This won't be a problem for me because I don't usually visit Vietnamese websites. But I just thought blocking an entire hosting company seemed to be a bit "aggressive" and overkill, and could risk rendering lots of legit websites unreachable..
bigdargon
commented
1 year ago Hi @Hexalyse
Thanks @Alex-302 @ameshkov
Homepage: https://ladipage.vn
First, I need to clarify that Ladipage is a landing page service. Responsible for providing advertising, marketing and communication services. The domain names will point to CNAME dns.ladipage.com, then run ads on social networks (like facebook..) to sell online. dns.ladipage.com can be understood as a domain name to click ads in search results like www.googleadservices.com.
Ladipage provides the service of creating advertising pages based on available libraries, free hosting, even users who do not know about web design. Because it's easy and free, many people have taken advantage of the service as a website to scam.
For example, the active loan scam website www.vaytiennhanh20.com (archived here)
In addition, Ladipage also inserts a tracking domain into the landing page to track users when accessing with the domain name a.ladipage.com (Example here)
Finally, if domain blocking affects Adguard's user experience and Adguard's DNS filter. I will move the domain name dns.ladipage.com to the file adserver-all.txt to not update to the DNS filter. Yes, I just moved it, not removed it!
The above is my opinion, if you have any problems please ask me. Thank you!
Hexalyse
commented
1 year ago Thank you @bigdargon for the detailed analysis. Yeah, from what you say, Ladipage seems to be including tracking by-default on all their "landing pages" (ie. client websites), and be used by a lot of scammers, as well as for advertising.
If so, I guess it's justifiable to indeed block all domains using Ladipage, even if it risks blocking some websites.
Or maybe, if the tracking script comes from a.ladipage.com, we could block this domain instead of dns.ladipage.com ? Would it work to avoid the main problem here: tracking? It would leave another problem on the table: scammer websites. Do we have any idea on the ratio of scam/advertising websites vs "acceptable" websites hosted by Ladipage ?
bigdargon
commented
1 year ago @Hexalyse It's hard to calculate the ratio of scam/advertising websites vs "acceptable" websites. However, you can refer to the report from virustotal that you linked above. https://www.virustotal.com/gui/ip-address/18.138.206.213/relations https://www.virustotal.com/gui/ip-address/18.142.208.246/relations
Before, without blocking it, I saw ads (using Ladipage service) on my facebook. I'm not interested, so I'm just going to see them as company ads and it's "acceptable".
But, my mother also saw the advertisement for sale, she was interested and ordered it. Do you know? It's horrible that the item received is absolutely terrible. When she contacted that sales page again, you know what the next horrible thing was? They blocked my mom's facebook and I used my facebook to contact them but they continued to block me. From there, I started blocking dns.ladipage.com CNAMEs to help keep people away from similar scam sellers.
I understand, many companies still want to advertise their good products to reach more people but want to save costs, so they have come to a service like Ladipage. But to be honest, in Vietnam, online scams are pretty common.
Anyway, I would move the CNAME dns.ladipage.com to the file adserver-all.txt and just leave the domain name a.ladipage.com so as not to affect the user experience. Maybe, there are still companies that really need Ladipage.
Alex-302
commented
1 year ago Thanks!
Prerequisites
What DNS server do you use?
AdGuard Home
Version
AdGuard Home v0.107.13
What DNS upstream(s) do you use in AdGuard apps or AdGuard Home?
No response
What DNS filters do you have enabled?
AdGuard DNS filter (https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt)
What browser or app do you use?
Other app
Which device type do you use?
Desktop
What type of problem have you encountered?
Website or app doesn't work properly
Where did you encounter the problem?
https://www.nhidong315.com/
Add your comment and screenshots
When trying to navigate to https://www.nhidong315.com/, which is supposed to be a legitimate website hosted by https://ladipage.vn/, the DNS request is blocked by AdGuard.
I've ran a
digon the domainwww.nhidong315.com, and here is the result:I've checked the DNS filter list I use, which is the default one, and indeed,
dns.ladipage.comis in the list.I guess it's because this hoster hosts a lot of shady websites, but it seems to be the CNAME used by all websites hosted by ladipage (cf. https://help.ladipage.vn/ten-mien), so I think blocking it might be a bit too radical, since it could block a lot of legitimate websites too.
Privacy