Google.com and Akamai.net are being blocked by Google_hostnames.txt - Githubissues

elliotwutingfeng / Inversion-DNSBL-Blocklists

Malicious URLs identified by scanning various public URL sources using the Google Safe Browsing API (over 6 billion URLs scanned daily)

Other

52 stars 2 forks source link

Google.com and Akamai.net are being blocked by Google_hostnames.txt #4

Closed SystemJargon closed 1 year ago

SystemJargon commented 1 year ago

https://raw.githubusercontent.com/elliotwutingfeng/Inversion-DNSBL-Blocklists/main/Google_hostnames.txt

This list linked above recently updated to contain, "google.com" and also "akamai.net", possibly others.

With usage of this list, it actually blocks legitimate traffic of some domains (Examples above) if using that list.

Suggestion / issue raised, to review list and clean-up legitimate domains where possible.

elliotwutingfeng commented 1 year ago

Hi, thanks for the heads up. False positives do occasionally make it to Google's database. I do not pre-emptively filter out suspected false positives to keep the list consistent with upstream at time of list upload, even for obvious ones like akamai.net or google.com.

As this list is automatically updated once a day, the above false positives should disappear in about 3 hours.

hagezi commented 1 year ago

Google blocks itself, not bad either. There are more false positives in the DB. E.g. Cosmote, the #1 ISP in Greece (cosmote.net). Probably a few others.

elliotwutingfeng commented 1 year ago

As of this comment, cosmote.net is still marked as malicious (https://transparencyreport.google.com/safe-browsing/search?url=cosmote.net&hl=en) :shrug:

hagezi commented 1 year ago

Lists have not yet been updated, dolby.com is also blocked.

rfxcll commented 1 year ago

I'd like to report that a big Indonesian E-commerce sites also got blocked. shopee.co.id

hagezi commented 1 year ago

Yes and there are many more.

elliotwutingfeng commented 1 year ago

After poking around the API, it appears that Google has recently added their own whitelisted URLs as an undocumented threatType, which is likely why all these benign URLs have been showing up. I'll patch this shortly.

    {
        "threatType": "CSD_DOWNLOAD_WHITELIST",
        "platformType": "WINDOWS",
        "threatEntryType": "URL"
    },
    {
        "threatType": "CSD_DOWNLOAD_WHITELIST",
        "platformType": "LINUX",
        "threatEntryType": "URL"
    },
    {
        "threatType": "CSD_DOWNLOAD_WHITELIST",
        "platformType": "OSX",
        "threatEntryType": "URL"
    },
    {
        "threatType": "CSD_DOWNLOAD_WHITELIST",
        "platformType": "WINDOWS",
        "threatEntryType": "CERT"
    },
    {
        "threatType": "CSD_DOWNLOAD_WHITELIST",
        "platformType": "LINUX",
        "threatEntryType": "CERT"
    },
    {
        "threatType": "CSD_DOWNLOAD_WHITELIST",
        "platformType": "OSX",
        "threatEntryType": "CERT"
    },

hagezi commented 1 year ago

Thanks, let me know when you have fixed it. Then I'll reactivate the lists in my Threat Intelligence Feeds list.

elliotwutingfeng commented 1 year ago

@hagezi The false positives should be gone now.

hagezi commented 1 year ago

Thanks @elliotwutingfeng