Closed gwire closed 5 years ago
Presumably we can cross reference against DNS lookups for Quad9 and OpenDNS.
We do have some patterns for malware interception products in use by plusnet and virginmedia, though there aren't any in the current result set. The detection patterns may be out of date.
Are we able to separate out this category in terms of the blocking statistics?
Yes.
Are we potentially pointing people to malware-hijacked sites from, e.g., the front page?
We don't currently have any ISP-malware-warning sites in the system, but we could (and should) exclude them from the frontpage lists.
Added an OpenDNS phish site rule
@gwire @dantheta – Can this be closed?
I think so - we've got a status code for any site that matches one of the patterns, though there are relatively few examples.
I've added the site status to the filters for the search index and keyword/category search.
Most of the network filter providers will have an option to block "malicious sites", e.g. phishing scams, malware sources, botnet command and control, etc.