Closed ghost closed 3 years ago
Thanks @Prajwal-Koirala - I'm well aware of these wildcard domain issues, unfortunately there isn't a way for me to really know which subdomains in my list are valid and which aren't when the root domain is wild-carded.
I'm happy to add a 0.0.0.0
exclusion filter to solve these specific ones
Removed
@lightswitch05 Take a look at this list, https://github.com/EFForg/privacybadger/blob/master/src/data/cname_domains.json you might want to add this too.
Neat, I scrolled through an added a few of the common CNAMEs. Not interested in pulling in the whole list, because privacy badger operates within the browser and can make smart decisions about 1st party vs. 3rd party, but still a neat resource!
and all those hostmaster.hostmaster.....
domains are registered in the 127.0.0.0/8
private range and therefore can not enter any system. I'm still not sure why you keeping them.You have like....7000 of them.
Just for example:
You have like....7000 of them.
š I think that might be a bit of an exaggeration. I do have a system in place to ensure all the entries resolve, but I never considered ensuring they resolve to a non-local address. Interesting idea! I'll have to think about it more.
You have like....7000 of them.
š I think that might be a bit of an exaggeration. I do have a system in place to ensure all the entries resolve, but I never considered ensuring they resolve to a non-local address. Interesting idea! I'll have to think about it more.
Same, but the problem with this is that since they are so easy to change an attacker can launch an attack and than remove all the records and ghost the domain
maybe I should just whitelist ^hostmaster\.\S+
?
š I think that might be a bit of an exaggeration.
Sorry.....4008 to be exact:
maybe I should just whitelist ^hostmaster.\S+?
That will be the best solution,no doubt š result.txt
Done, it will be in the next release
Done, it will be in the next release
Can't you make it whatever resolves in the private range just to be ignored,or that's just to much of a hassle?
Same, but the problem with this is that since they are so easy to change an attacker can launch an attack and than remove all the records and ghost the domain
@Prajwal-Koirala you have a point here but so far that didn't happened. I'm comparing it to another list,which contain similiar entries for a long long time and all of them resolve in that private range. The thing is that,the curator is hard to argue with so i just stoped using it: https://gitlab.com/ZeroDot1/CoinBlockerLists/-/raw/master/hosts
@lightswitch05 only by doing nslookup
š
P.S. Further reading showed that those domains are created and registered in the private range to be used for local testing.
@lightswitch05
Why are u blocking ublock.org?
thinkqanon.com
is on sale.
Ublock is in my hate and junk list for being junk. It's not owned by ubllock origin.
I'm ok with thinkqanon.com
staying on the list even if it is for sell
They all have catch-all SSL certificates or catch-all redirects, which means they'll accept any sub-domain, even if it's completely fake, as long as the domain name is correct and links to nothing.
For instance, I randomly generated the string
vxd50kalrruejc18d486
and then put it in front of the domain namevxd50kalrruejc18d486.cdn.adx1.com
, which is still legal.Another example
fgldkjfdlkjhfdlkfghdlkjfdhlfkdnh.sedoparking.com
is still comletely valid.Global Cert