Closed ghost closed 3 years ago
lightswitch05
commented
3 years ago Thanks @Prajwal-Koirala - I'm well aware of these wildcard domain issues, unfortunately there isn't a way for me to really know which subdomains in my list are valid and which aren't when the root domain is wild-carded.
I'm happy to add a 0.0.0.0 exclusion filter to solve these specific ones
lightswitch05
commented
3 years ago Removed
ghost
commented
3 years ago @lightswitch05 Take a look at this list, https://github.com/EFForg/privacybadger/blob/master/src/data/cname_domains.json you might want to add this too.
lightswitch05
commented
3 years ago Neat, I scrolled through an added a few of the common CNAMEs. Not interested in pulling in the whole list, because privacy badger operates within the browser and can make smart decisions about 1st party vs. 3rd party, but still a neat resource!
dnmTX
commented
3 years ago and all those hostmaster.hostmaster..... domains are registered in the 127.0.0.0/8 private range and therefore can not enter any system. I'm still not sure why you keeping them.You have like....7000 of them.
Just for example:
lightswitch05
commented
3 years ago You have like....7000 of them.
š I think that might be a bit of an exaggeration. I do have a system in place to ensure all the entries resolve, but I never considered ensuring they resolve to a non-local address. Interesting idea! I'll have to think about it more.
ghost
commented
3 years ago You have like....7000 of them.
š I think that might be a bit of an exaggeration. I do have a system in place to ensure all the entries resolve, but I never considered ensuring they resolve to a non-local address. Interesting idea! I'll have to think about it more.
Same, but the problem with this is that since they are so easy to change an attacker can launch an attack and than remove all the records and ghost the domain
lightswitch05
commented
3 years ago maybe I should just whitelist ^hostmaster\.\S+?
dnmTX
commented
3 years ago š I think that might be a bit of an exaggeration.
Sorry.....4008 to be exact:
maybe I should just whitelist ^hostmaster.\S+?
That will be the best solution,no doubt š result.txt
lightswitch05
commented
3 years ago Done, it will be in the next release
dnmTX
commented
3 years ago Done, it will be in the next release
Can't you make it whatever resolves in the private range just to be ignored,or that's just to much of a hassle?
dnmTX
commented
3 years ago Same, but the problem with this is that since they are so easy to change an attacker can launch an attack and than remove all the records and ghost the domain
@Prajwal-Koirala you have a point here but so far that didn't happened. I'm comparing it to another list,which contain similiar entries for a long long time and all of them resolve in that private range. The thing is that,the curator is hard to argue with so i just stoped using it:
https://gitlab.com/ZeroDot1/CoinBlockerLists/-/raw/master/hosts
dnmTX
commented
3 years ago @lightswitch05 only by doing nslookup š
P.S. Further reading showed that those domains are created and registered in the private range to be used for local testing.
ghost
commented
3 years ago @lightswitch05
Why are u blocking ublock.org?
thinkqanon.com is on sale.
lightswitch05
commented
3 years ago Ublock is in my hate and junk list for being junk. It's not owned by ubllock origin.
lightswitch05
commented
3 years ago I'm ok with thinkqanon.com staying on the list even if it is for sell
They all have catch-all SSL certificates or catch-all redirects, which means they'll accept any sub-domain, even if it's completely fake, as long as the domain name is correct and links to nothing.
For instance, I randomly generated the string
vxd50kalrruejc18d486and then put it in front of the domain namevxd50kalrruejc18d486.cdn.adx1.com, which is still legal.Another example
fgldkjfdlkjhfdlkfghdlkjfdhlfkdnh.sedoparking.comis still comletely valid.Global Cert