Surface information on "malicious site" blocks

openrightsgroup / blocked-org-uk

Template front-end code, markup, style-sheets, images and other assets for the Censorship Monitoring Project (blocked.org.uk)

https://www.blocked.org.uk/

GNU General Public License v3.0

13 stars 5 forks source link

Surface information on "malicious site" blocks #324

Closed gwire closed 5 years ago

gwire commented 6 years ago

Most of the network filter providers will have an option to block "malicious sites", e.g. phishing scams, malware sources, botnet command and control, etc.

Do we have the ability to see the difference between under-18 blocks and security blocks based on the ISP response?
If not, would it be worth having probes that do security blocks only?
Are we able to separate out this category in terms of the blocking statistics?
Are we potentially pointing people to malware-hijacked sites from, e.g., the front page?

gwire commented 6 years ago

Presumably we can cross reference against DNS lookups for Quad9 and OpenDNS.

dantheta commented 6 years ago

We do have some patterns for malware interception products in use by plusnet and virginmedia, though there aren't any in the current result set. The detection patterns may be out of date.

dantheta commented 6 years ago

Are we able to separate out this category in terms of the blocking statistics?

Yes.

Are we potentially pointing people to malware-hijacked sites from, e.g., the front page?

We don't currently have any ISP-malware-warning sites in the system, but we could (and should) exclude them from the frontpage lists.

dantheta commented 6 years ago

Added an OpenDNS phish site rule

edjw commented 5 years ago

@gwire @dantheta – Can this be closed?

dantheta commented 5 years ago

I think so - we've got a status code for any site that matches one of the patterns, though there are relatively few examples.

I've added the site status to the filters for the search index and keyword/category search.