Closed ehnwebmaster closed 1 year ago
spirillen
commented
2 years ago This most be a long running issue I I can find a 3 years old import of the domain in my RPZ zone
| id | domain_id | name | type | content |
|---|---|---|---|---|
| 926889 | 36 | ns2.elhacker.net.rpz.mypdns.cloud | CNAME | . |
| 940700 | 36 | elhacker.net.rpz.mypdns.cloud | CNAME | . |
MinusFour
commented
2 years ago @spirillen it's a recurrent issue with false positives I'm afraid but they've all been cleared up in their own time. The very nature of the site doesn't help much with it but its purpose is merely educational really. It is a safe site to browse.
Seems like the entry was first added to this repo early on. It was on the original list for malware.txt. Was this perhaps an import from some other list? It'd be nice if we could track the source of said false positive(s).
spirillen
commented
2 years ago Hi @MinusFour
First off, you should open a removal request here https://mypdns.org/my-privacy-dns/matrix/-/issues/new?issuable_template=Whitelist, more or less copy/paste the text of this one.
Was this perhaps an import from some other list?
Secondly, yes, it was a import from other projects, such as the untrustworthy and useless stevenbalcks/hosts, but that stopped as I found several thousands of FP's, and that is why my lists are "handmade", no further automatic import is ever happening to any of my lists.
It'd be nice if we could track the source of said false positive(s).
Sorry I can't help you better than this, to where it might come from. but you can try in @funilrys & @mitchellkrogza Ultimate.Hosts.Blacklist, you can find a link to there sometimes working DB over imported sources, in one of the issues (closed). That might be a good appendix to search the origin of records.
hosts-sources$ git grep 'elhacker.net'
data/blocklist_abuse/domain.list:exploits.elhacker.net
data/blocklist_abuse/domain.list:ns2.elhacker.net
data/blocklist_malware/domain.list:exploits.elhacker.net
data/blocklist_malware/domain.list:ns2.elhacker.net
ehnwebmaster
commented
2 years ago Can't create an account for My Privacy DNS removal because request is "Pending approval":
Your account is pending approval from your GitLab administrator and hence blocked. Please contact your GitLab administrator if you think this is an error.
MinusFour
commented
2 years ago @spirillen I'm sorry, I just realized that's not gitlab.com and you might have two accounts requests. Thought it needed my gitlab account for some reason.
Edit:
elhacker.net
www.elhacker.net
foro.elhacker.netThese domains were listed on Ultimate.Hosts.Blacklist but were all deleted from the list here. They no longer appear there.
They were added to the repo on Sun Jun 9 16:30:50 2019 +0000 and removed on Sun Sep 8 17:12:40 2019 +0000.
ns2.elhacker.net
exploits.elhacker.netThese were added on Import-External-Sources/host-sources sometime after.
I looked at other repos but I couldn't find anything.
ehnwebmaster
commented
2 years ago How many days you need to remove ns2.elhacker.net from your list?
iam-py-test
commented
2 years ago How many days you need to remove ns2.elhacker.net from your list?
Based on past experience, @blocklistproject @cryptogap doesn't often check this repo. Just a reminder, we are all volunteers and do this in our spare time. There is nothing @spirillen or I can do anyway as neither of use has access to this repo
I don't see any issues with your website in a very quick check, apart from the fact that I can SSH in with the username admin. I wasn't able to get past the password check, but that probably is because I'm a horrible security researcher.
ehnwebmaster
commented
2 years ago I don't see any issues with your website in a very quick check, apart from the fact that I can SSH in with the username admin. I wasn't able to get past the password check, but that probably is because I'm a horrible security researcher.
Yes, you can login if you want SSH with admin, root or whatever user at third intent, because it's a HoneyPot (cowrie dockerized) and your IP will be logged and reported here https://www.abuseipdb.com/user/52197
Also RDP 3389 is "fake", Telnet, MySQL, port and many, many others. But 80 and 443 (https) are "real" and working and not hosting malware.
iam-py-test
commented
2 years ago I don't see any issues with your website in a very quick check, apart from the fact that I can SSH in with the username admin. I wasn't able to get past the password check, but that probably is because I'm a horrible security researcher.
Yes, you can login if you want SSH with admin, root or whatever user at third intent, because it's a HoneyPot (cowrie dockerized) and your IP will be logged and reported here https://www.abuseipdb.com/user/52197
Also RDP 3389 is "fake", Telnet, MySQL, port and many, many others. But 80 and 443 (https) are "real" and working and not hosting malware.
Ah. I'm an idiot, sorry. It was a smart idea to set up a honeypot :)
spirillen
commented
2 years ago Can't create an account for My Privacy DNS removal because request is "Pending approval":
Your account is pending approval from your GitLab administrator and hence blocked. Please contact your GitLab administrator if you think this is an error.
Pending approval... is it a gmail account you are using? is so, you should be cleared yesterday
PS: sorry for the slow response, but github just don't like my anti adult projects
MinusFour
commented
2 years ago Pending approval... is it a gmail account you are using? is so, you should be cleared yesterday
I was using my Github account and got the same message. I then thought it didn't go through because I needed to use a gitlab.com account. Then I realized it's a self-hosted gitlab instance. But anyway, we both have our accounts approved now, though it doesn't seem to do us any good until this issue gets resolved since as I understand it you import the site list from here.
spirillen
commented
2 years ago Hey @MinusFour As I mentioned here (https://mypdns.org/my-privacy-dns/matrix/-/issues/4306#note_33149) then the hosts.source was never thought to be used for blacklisting, but mostly as a lookup library.
On the other hands you are right, as long as it is in these lists, you should add it to your own whitelists
About the signup
If I understand it correct, then you tried to signup with both github and gitlab oauth but not a mail address, is that correct?
I'm because the documentation is directly misleading and all you can do is the trial and error
MinusFour
commented
2 years ago I can't speak for @ehnwebmaster but I tried using both github and gitlab oauth as you said and I was greeted with the same error which was the same as @ehnwebmaster.
After figuring out it was a self hosted gitlab instance, I just thought that account creation had to be validated by someone. I don't know if that's specified anywhere else. I tried looking on some of the repos around but couldn't find much about it. I got an email sometime later saying my account had been approved and shortly after @ehnwebmaster was also approved.
So as I understand it now, the site is not in your repository as part of a blacklist? But we can still have it on your whitelist right?
spirillen
commented
2 years ago So as I understand it now, the site is not in your repository as part of a blacklist?
Right
But we can still have it on your whitelist right?
Nope your own, I only import external sources here.
But how do you use the list?
Maybe I can think of something that can help you
The login oauth
Ok... I don't know what to do then... But i'm guessing I should make a ticket at gitlab about it. as the intention was you should be able to signup/login via the oauth.
MinusFour
commented
2 years ago But how do you use the list?
We don't use my-privacy-dns but I'd figure if anyone else was using your list then at least the domain would be marked as valid even though it appears on other blacklists because of false positives. At the very least someone could have found out that it's a safe domain by looking at it.
Anyway, I guess we'll just keep up clearing up false positives wherever we found them. No magic bullet about it.
Ok... I don't know what to do then... But i'm guessing I should make a ticket at gitlab about it. as the intention was you should be able to signup/login via the oauth.
Wouldn't be able to help much here but it seems to me that it's on your side rather than on gitlab. At the very least there's such a configuration for it.
spirillen
commented
2 years ago At the very least there's such a configuration for it.
The error and setup actually happens in the /etc/gitlab/gitlab.rb https://docs.gitlab.com/ee/integration/omniauth.html and if you follows that guide, any login generates 503 errors
well this is getting of topic.
blocklistproject
commented
1 year ago This has been fixed
ns2.elhacker.net
Hello,
I can't understand how ns2.elhacker.net can be a "malware" site... Online since 2001 has a big active forum with more than 1,5 million posts. We use differents subdomains, like blog, forum and ns2 is for downloads.
elhacker.net never hosted malware according to Google Safe Browsing Tool: http://www.google.com/safebrowsing/diagnostic?site=ns2.elhacker.net https://quttera.com/detailed_report/ns2.elhacker.net
Also remove exploits.elhacker.net
We don't use actually, but this subdomain i can understand was added, because contained some source code "exploits"
AdGuard is blocking ns2.elhacker.net https://github.com/AdguardTeam/AdguardFilters/issues/104581
Thank you very much.
https://github.com/blocklistproject/Lists/blob/master/malware.txt
Other info you think we should know:
elhacker.net has been online since 2001, and is a spanish website about security and computers related.