search

uBlockOrigin / uAssets

Resources for uBlock Origin, uMatrix: static filter lists, ready-to-use rulesets, etc.
GNU General Public License v3.0
4.16k stars 772 forks source link

ibanking-services CNAME blocked causing 2FA #10919

Closed bakerboy448 closed 2 years ago

bakerboy448 commented 2 years ago

Prerequisites

I tried to reproduce the issue when...

URL(s) where the issue occurs

cibng.ibanking-services.com ppl.ibanking-services.com

Describe the issue

Blocking the above URLs results in users being constantly bugged for 2FA for their banking. These urls are used by FIS Institutions.

Screenshot(s)

N/A

Notes

Unblocking the two sites no longer results in a 2FA prompt for online banking blocking the sites ensures a 2FA prompt everytime.

Configuration

```yaml uBlock Origin: 1.39.2 Firefox: 95 filterset (summary): network: 4699 cosmetic: 0 scriptlet: 199 html: 5 listset (total-discarded, last updated): removed: ublock-filters: null easylist: null easyprivacy: null urlhaus-1: null plowe-0: null default: ublock-badware: 3543-401, 3d.4h.55m ublock-privacy: 187-12, 3d.4h.53m ublock-abuse: 72-0, 3d.3h.22m ublock-unbreak: 1724-210, 3d.3h.20m filterset (user): [array of 1085 redacted] trustedset: added: [array of 2 redacted] switchRuleset: added: [array of 5 redacted] removed: no-csp-reports: * true modifiedUserSettings: cloudStorageEnabled: true firewallPaneMinimized: false ignoreGenericCosmeticFilters: true parseAllABPHideFilters: false webrtcIPAddressHidden: true modifiedHiddenSettings: [none] supportStats: launchToReadiness: 6610 launchFromSelfie: true ```
mapx- commented 2 years ago
iam-py-test commented 2 years ago

Why is uBlock Filters, Easylist, Easyprivacy, and URLHaus disabled? 3 out of 4 of those are needed for the functioning of uBo?

bakerboy448 commented 2 years ago

Reset ublock origin to defaults and confirms the sites being blocked is a bug in that it breaks functionality on financial institution sites.

This impacts at minimum the following banks and likely hundreds of others.

image

    Barrington Bank & Trust Company, N.A.  (Hanover Park Community Bank, Hoffman Estates Community Bank, and Palatine Bank & Trust)
    Beverly Bank & Trust Company, N.A. (Brighton Park Community Bank, First National Bank of Evergreen Park, Hyde Park Bank, Oak Lawn Bank & Trust, and Pullman Bank & Trust)
    Crystal Lake Bank & Trust Company, N.A. (Algonquin Bank & Trust, Cary Bank & Trust, McHenry Bank & Trust)
    Hinsdale Bank & Trust Company, N.A. (Clarendon Hills Bank, Community Bank of Downers Grove, The Community Bank of Western Springs, Community Bank of Willowbrook, Lemont Bank & Trust, Proviso Community Bank, Riverside Bank, and Suburban Bank & Trust)
    Lake Forest Bank & Trust Company, N.A. (Bank of Highwood-Fort Sheridan, Highland Park Bank & Trust, North Chicago Community Bank, Waukegan Community Bank, and Wintrust Banking Center)
    Libertyville Bank & Trust Company, N.A. (Gurnee Community Bank, Mundelein Community Bank, Vernon Hills Bank & Trust, and Wauconda Community Bank)
    Northbrook Bank & Trust Company, N.A.(Buffalo Grove Bank & Trust, Deerfield Bank & Trust, Des Plaines Bank & Trust, Glenview Bank & Trust, and Northview Bank & Trust)
    Old Plank Trail Community Bank, N.A. (New Lenox) (Dyer Bank & Trust, First National Bank of Illinois, Joliet Bank & Trust, Markham Bank & Trust, Orland Park Bank & Trust, Shorewood Bank & Trust, South Holland Bank & Trust)
    St. Charles Bank & Trust Company, N.A. (Aurora Bank & Trust, Elgin State Bank, and Geneva Bank & Trust)
    Schaumburg Bank & Trust Company, N.A. (Addison Bank & Trust, Bloomingdale Bank & Trust, Elk Grove Village Bank & Trust, Roselle Bank & Trust, and Wood Dale Bank & Trust)
    State Bank of the Lakes, N.A.
    Town Bank, N.A.
    Village Bank & Trust, N.A.
    Wheaton Bank & Trust Company, N.A. (Bolingbrook Bank & Trust, Glen Ellyn Bank & Trust and Naperville Bank & Trust)
    Wintrust Bank, N.A. (Evanston Community Bank & Trust and North Shore Community Bank & Trust

updated details w/ defaults

```yaml uBlock Origin: 1.39.2 Firefox: 95 filterset (summary): network: 77683 cosmetic: 39189 scriptlet: 16117 html: 598 listset (total-discarded, last updated): default: ublock-filters: 30283-107, never ublock-badware: 3494-1, never ublock-privacy: 183-0, never ublock-abuse: 74-0, never ublock-unbreak: 1707-0, never easylist: 60746-79, never easyprivacy: 25518-27, never urlhaus-1: 8813-0, never plowe-0: 3689-560, never filterset (user): [empty] modifiedUserSettings: [none] modifiedHiddenSettings: [none] supportStats: launchToReadiness: 1872 launchFromSelfie: false ```

After adding 

cibng.ibanking-services.com
ppl.ibanking-services.com

to trusted sites using ublock defaults, I can confirm that no 2FA prompt is received.

x-ref https://github.com/WaLLy3K/wally3k.github.io/issues/147#issuecomment-985257560

iam-py-test commented 2 years ago

Can you show a screenshot of the uBo logger or click this button and copy the result: image

gwarser commented 2 years ago

image

image

gwarser commented 2 years ago 
@@||cibng.ibanking-services.com^$cname
@@||ppl.ibanking-services.com^$cname

Update: ^.

gwarser commented 2 years ago

I forget the caret ^, fixed.

gwarser commented 2 years ago

BTW, I tried this by fetch('https://content.ibanking-services.com/fp.swf?session_id=asdf&org_id=adsfu') from dev tools console.

gwarser commented 2 years ago

Some lists are blocking this domain deliberately:

1597_OISD.txt.zst:content.ibanking-services.com
1598_OISD (Hosts).txt.zst:0.0.0.0 content.ibanking-services.com
1734_1Hosts Pro.txt.zst:0.0.0.0 content.ibanking-services.com
1735_1Hosts Pro (Domains).txt.zst:content.ibanking-services.com
1746_Energized Basic Protection (Domains).txt.zst:content.ibanking-services.com
1748_Energized Ultimate Protection (Domains).txt.zst:content.ibanking-services.com
1749_Energized Unified Protection (Domains).txt.zst:content.ibanking-services.com
1757_Energized Basic Protection (Adblockers).txt.zst:||content.ibanking-services.com^
1759_Energized Ultimate Protection (Adblockers).txt.zst:||content.ibanking-services.com^
1760_Energized Unified Protection (Adblockers).txt.zst:||content.ibanking-services.com^
1868_BlockConvert (Adblockers).txt.zst:||content.ibanking-services.com^
1869_BlockConvert (Hosts).txt.zst:0.0.0.0 content.ibanking-services.com
1870_BlockConvert (Domains).txt.zst:content.ibanking-services.com
1955_1Hosts Pro (Adblockers).txt.zst:||content.ibanking-services.com^
2055_Frogeye - Multi-party whole trackers.txt.zst:content.ibanking-services.com
2056_Frogeye - Multi-party whole trackers (Hosts).txt.zst:0.0.0.0 content.ibanking-services.com
2155_OISD (Adblocker domains).txt.zst:||content.ibanking-services.com^
2281_1Hosts Pro (Domains with wildcards).txt.zst:*.content.ibanking-services.com
2284_Goodbye Ads Ultra.txt.zst:0.0.0.0 content.ibanking-services.com
2285_Goodbye Ads Ultra (AdGuard).txt.zst:||content.ibanking-services.com^
2383_OISD (Domains with wildcards).txt.zst:*.content.ibanking-services.com
484_Energized Basic Protection.txt.zst:0.0.0.0 content.ibanking-services.com
486_Energized Ultimate Protection.txt.zst:0.0.0.0 content.ibanking-services.com
487_Energized Unified Protection.txt.zst:0.0.0.0 content.ibanking-services.com
iam-py-test commented 2 years ago

Maybe they all get it from one FP in one source

bakerboy448 commented 2 years ago

Some lists are blocking this domain deliberately:

Likely related to

For lists https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt and https://hostfiles.frogeye.fr/multiparty-trackers-hosts.txt, they have an entry for #content.ibanking-services.com.

iam-py-test commented 2 years ago

I don't see that domain in that list though: image

bakerboy448 commented 2 years ago

I don't see that domain in that list though:

it's on https://hostfiles.frogeye.fr/multiparty-trackers-hosts.txt