Hrxn
commented
6 years ago Hmm.. and what do you propose?
Adding every single domain out there serving malware into the list?
Closed stonecrusher closed 6 years ago
Hrxn
commented
6 years ago Hmm.. and what do you propose?
Adding every single domain out there serving malware into the list?
stonecrusher
commented
6 years ago That's the purpose of the badware risks list, isn't it? The domains are not random but clearly deceiving. It's not very different from the attempt to block "every single ad out there", just that ads aren't as bad as scam sites.
Hrxn
commented
6 years ago Yes and No. These domains are used for deception, true, but that is not my point. Because if you want to go gotta block 'em all here, you are in for an endless game of whack-a-mole. So far uBO's Badware list has been put to good use in combating something else, and far more problematic, if you'd ask me: Abusive or scam-like behaviour ("PUP", etc.) done by major sites like Sourceforge with their side-loading installers, and CNET's Download.com and so on. Because those are big names, and the hypothetical unsuspecting user might come to the conclusion that big names also means reputable names, which is obviously not true, unfortunately.
[..] the attempt to block "every single ad out there" [..]
If you think that's what happening, you've clearly not been paying attention. Because this very repository here, on which we are exchanging our commentary, is testament to the fact that this is a never-ending effort, only made possible by the work of numerous volunteers. Without this circumstance pretty much nothing would be blocked at all. The only thing that can be done (until some fundamental change happens to the underlying standards and technology that make the Web) is resorting to a bit more radical measures like blocking third-party JS in general, which has the unfortunate consequence of risking site breakage. But you have to take some bullet here, either one way or the other.
I know, the WWW was a mistake. Not really. Although it has more than just a kernel of truth.
stonecrusher
commented
6 years ago you are in for an endless game of whack-a-mole [...] never-ending effort
That's what we do and all the other filter lists that have specific filters. I'm one of the volunteers you called out, no?
far more problematic
I get the idea that you think it's another category because of the difference between collective downloadsites and single scam sites. As those domains imho are still worth blocking, should I open a request for a new filterlist?
I'd just add it to "badware risks". What's the downside of adding those?
It can help ruining and spreading those sites by not making them successful and protecting users. And actually I didn't come across too many of those sites so far and I don't think it's as endless and dynamic as you think. I'm here for maintenance if you fear that.
uBlock-user
commented
6 years ago As long as they're not random domains and display a webpage when browsed to, they should get added.
stonecrusher
commented
6 years ago My proposal:
! https://github.com/uBlockOrigin/uAssets/issues/3060
! https://www.virustotal.com/#/file/a5616985e92ca7c1df3b132d2da2ef33c64f38ba2dca40445017037473d7d014/detection
||7zip.fr^$document
||appdownloads.co^$document
||azureus.es^$document
||bluestacksdownloads.com^$document
||celestia.es^$document
||celestia.fr^$document
||clonezilla.es^$document
||clonezilla.fr^$document
||garagebandforpc.org^$document
||gimp.es^$document
||gparted.fr^$document
||greenshot.fr^$document
||handbrake.es^$document
||inkscape.es^$document
||inkscape.fr^$document
||keepass.com^$document
||keepass.fr^$document
||notepad2.com^$document
||paintnet.es^$document
||paintnet.fr^$document
||scribus.fr^$document
||stellarium.fr^$document
||thunderbird.es^$document
||unetbootin.net^$document
||unetbootin.org^$documentBy the way, I think using # or ! for comments should be consistent, but that's another discussion (similarity of ! and | but lines beginning with # used for cosmetic filters)
okiehsch
commented
6 years ago collective downloadsites and single scam sites. As those domains imho are still worth blocking, should I open a request for a new filterlist?
The badware-list already includes websites that use legitimately-looking domain names to trick victims into downloading popular software and by doing so possibly "infecting" the user with adware.
krystian3w
commented
4 years ago adwcleaner.pl - fan mirror; We don't know if he'll ever stick something to an EXE file.
AlainRnet
commented
4 years ago Hi.
How to remove http://scribus.fr from uBlock filters – Badware risks please ?
stonecrusher
commented
4 years ago @AlainRnet It's an inofficial site that served malware / PUPs in the past. However they changed the shipping of the files to go through cdndownloadpr.com which is also known for spreading PUPs.
Go to the official site https://www.scribus.net/downloads/
krystian3w
commented
4 years ago @AlainRnet
try:
||scribus.fr^$document,badfilter
https://github.com/gorhill/uBlock/wiki/Dashboard:-My-filters
AlainRnet
commented
4 years ago @stonecrusher :Thank you very much for that clarification. Since Scribus is already installed on my system, I had not noticed the passage by cdndownloadpr.com but I had however seen the clear mention that this is not the official site and the legal mentions appeared to me also sufficiently developed. Thank you again.
@krystian3w : No need, I just clicked Disable strict domain blocking permanently Thank you.
Inspired by https://twitter.com/JusticeRage/status/1021815597972291591
All from the same scammer:
URL(s) where the issue occurs
Describe the issue
The old trick:
Notes
I checked every single one manually with at least one download (Windows x64 installer) and it always points to the same downloadmanager (just with different filenames but same hash):
Downloadserver mostly is
http://www.femmfa-gis.com/so maybe block that too. https://www.virustotal.com/#/url/b5a4709f12b139aa77ac3a34ee6d4a7f6c107f0f3c5b811fc9a77a6d780ae616/detection