Closed SystemJargon closed 1 year ago
Hi, thanks for the heads up. False positives do occasionally make it to Google's database. I do not pre-emptively filter out suspected false positives to keep the list consistent with upstream at time of list upload, even for obvious ones like akamai.net
or google.com
.
As this list is automatically updated once a day, the above false positives should disappear in about 3 hours.
Google blocks itself, not bad either. There are more false positives in the DB. E.g. Cosmote, the #1
ISP in Greece (cosmote.net). Probably a few others.
As of this comment, cosmote.net
is still marked as malicious (https://transparencyreport.google.com/safe-browsing/search?url=cosmote.net&hl=en) :shrug:
Lists have not yet been updated, dolby.com
is also blocked.
I'd like to report that a big Indonesian E-commerce sites also got blocked.
shopee.co.id
Yes and there are many more.
After poking around the API, it appears that Google has recently added their own whitelisted URLs as an undocumented threatType, which is likely why all these benign URLs have been showing up. I'll patch this shortly.
{
"threatType": "CSD_DOWNLOAD_WHITELIST",
"platformType": "WINDOWS",
"threatEntryType": "URL"
},
{
"threatType": "CSD_DOWNLOAD_WHITELIST",
"platformType": "LINUX",
"threatEntryType": "URL"
},
{
"threatType": "CSD_DOWNLOAD_WHITELIST",
"platformType": "OSX",
"threatEntryType": "URL"
},
{
"threatType": "CSD_DOWNLOAD_WHITELIST",
"platformType": "WINDOWS",
"threatEntryType": "CERT"
},
{
"threatType": "CSD_DOWNLOAD_WHITELIST",
"platformType": "LINUX",
"threatEntryType": "CERT"
},
{
"threatType": "CSD_DOWNLOAD_WHITELIST",
"platformType": "OSX",
"threatEntryType": "CERT"
},
Thanks, let me know when you have fixed it. Then I'll reactivate the lists in my Threat Intelligence Feeds list.
@hagezi The false positives should be gone now.
Thanks @elliotwutingfeng
https://raw.githubusercontent.com/elliotwutingfeng/Inversion-DNSBL-Blocklists/main/Google_hostnames.txt
This list linked above recently updated to contain, "google.com" and also "akamai.net", possibly others.
With usage of this list, it actually blocks legitimate traffic of some domains (Examples above) if using that list.
Suggestion / issue raised, to review list and clean-up legitimate domains where possible.