µBlock, a lean and fast blocker

You are right.
I mentioned this on Reddit almost a year ago; it wasn't acted upon.
https://old.reddit.com/r/uBlockOrig...re_domains_filterlist_not_updated_since_june/

I did the same you did:
Added the urlhaus filter:

Code:

 https://gitlab.com/curben/urlhaus-filter/raw/master/urlhaus-filter-online.txt

 

Is urlhaus-filter-online.txt the same as or different from urlhaus-filter.txt ?

Code:

https://gitlab.com/curben/urlhaus-filter/raw/master/urlhaus-filter.txt

Thanks

 

An image of what I have, is more explanatory:



With my browser in the absence of Google Safe Browsing I also added Firehol 2.
I have deactivated the 3 predefined lists.

 

You can read about that here:
https://gitlab.com/curben/urlhaus-filter/-/blob/master/README.md#url-based
They recommend urlhaus-filter.txt, but I chose urlhaus-filter-online.txt; it's up to you

 

Thanks!

 

Hey guys. I have to agree with @Sampei Nihira regarding the 3 malware lists in UBO...what are the best alternatives to replace the 3 that are out of date/not efficient?
Here's what I am using in UBO currently...



I am also using a hosts file...

 

Well...
You could start using the one I recommend, which is updated twice a day:
https://www.wilderssecurity.com/threads/ublock-a-lean-and-fast-blocker.365273/page-181#post-2923274
Source:
https://gitlab.com/curben/urlhaus-filter/-/blob/master/README.md

I'm sure there must be more; maybe someone else has a good idea...

 

What's the difference in these 4?



EDIT: The 1st and snd work with more apps/extensions and one is a hosts file?

 

I've been using the list from notracking for quite a while. It's a big list comprised of many other lists, among them several lists blocking malware domains (urlhaus is not among them, though).

The list is available in the AdBlockPlus format which is compatible with uBO. This has the advantage that a rule like

Code:

||doubleclick.net^

blocks all subdomains of doubleclick.net as well - while in a hosts file hundreds or thousands of entries are needed to cover them. In other words, a list like the notracking one using the AdBlockPlus syntax blocks with its about 180,000 entries probably more than a hosts file with a multiple of entries. Alternatively you can use lists which simply contain domains to be blocked with entries like

Code:

doubleclick.net

as this is interpreted by uBO like the AdBlockPlus-style rule above. This is the case for the above mentioned urlhaus list.

 

Everything is explained here.

 

Only the 3 predefined lists with malware/phishing content have poor performance.
It is necessary to consider whether to integrate customized lists with pure malware/phishing content.
In my opinion the best for phishing are:

1) Phishing Army or P.A. Extended
2) Phishing Bad Sites (Using data from www.phishtank.com = OpenDNS)

The best malware lists have already been named.

P.S. It would also be interesting to test the OpenPhish list.

 

Added this (135,844 of 182,168 ) alongside the full urlhaus list (145,818 of 147,631). Is that OK?

Still:
MDL has 1,104 of 1,104
Malware domains has 26,838 of 26,853

I have recently reset uBlock Origin (medium mode) back to defaults as I think I allowed many sites rather than nooping them.
But added back a number of custom filter lists I have added historically (coinblocker lists, StevenBlack fakenews, frogeye firstparty list, for example) - though some could be redundant now ...

Question: Is there generally a downside in adding lists above the 'medium mode' recommended ones, other than performance? e.g. Fanboy's Enhanced Tracking, Fanboy's Annoyances, Spam404, and other custom lists? (I am not really concerned if it's just a performance aspect).

If not: @summerheat Your choice re phishing lists? (I only have OpenPhish (14,201 of 15,619).

 

I have my doubts with the Spam404 list as well...
It hasn't been updated since May 20.

Code:

[Adblock Plus 2.0]
! Homepage: http://www.spam404.com/
! Title: Spam404
! Expires: 2 days
! Version: 7163
! Last modified: 20 May 2020
! Description: This filter protects you from online scams. This filter is regularly updated with data collected by Spam404.com.
!
! You can report unblocked content and direct general queries to us
! via e-mail - admin@spam404.com
!
! License: https://github.com/Spam404/lists/blob/master/LICENSE.md/LICENSE.md

 

hi
may i ask a question ?
to import

Code:

https://gitlab.com/curben/urlhaus-filter/raw/master/urlhaus-filter-online.txt

is enough ?

https://i.imgur.com/QhBtEmq.png

https://i.imgur.com/HlJs0X5.png

 

hi
may I ask 3 questions?

is

Code:

https://gitlab.com/curben/urlhaus-filter/raw/master/urlhaus-filter-online.txt

and

about number 1 , i can't find the list to add to ublock and about 2) how can i add the phishtank to ublock?
thanks

 

Yes

https://dl.dropboxusercontent.com/s/xmj1jzkg61khrbt/screenshot_UBO.png

Phishing Army Extended:

Code:

https://phishing.army/download/phishing_army_blocklist_extended.txt

Phishing Bad Sites:

Code:

http://phishing.mailscanner.info/phishing.bad.sites.conf

but I had to disable the last one because of a false positive:

Code:

feeds.feedburner.com

(prevented me from adding an RSS-feed...)

 

Yes, it is.

In general I think that those numbers don't really tell that much if a list is "worth" being added. The uBO wiki says:

Note the last sentence. The conclusion is that the number of filters used in each list can differ a lot depending on the order in which the lists are loaded. In other words, the absolute number of filters used in a list is not necessarily a reliable measure if that list is really "good", "worthless" or whatever.

I don't think so. But as a general note one should keep in mind that the risk of false positives increases the more lists are used.

There are some anti-phishing lists mentioned here which is a good site, IMO. The maintainer is a collaborator in the PiHole project.

 

1) https://phishing.army/download/phishing_army_blocklist.txt and https://phishing.army/download/phishing_army_blocklist_extended.txt
The first one is already included in the notracking list mentioned earlier.
2) You can't, IMO. The list is available, e.g., as a CSV file but in order to use it with uBO you would have to manipulate it first with sed or awk.

 

Thanks for the feedback guys. After adding the code, I can play the videos even with uBlock enabled, but strangely enough it only works with Firefox, Edge and Chrome. In Vivaldi I can't see the videos no matter if uBlock is enabled or not, so there is clearly something wrong with Vivaldi.

 

I forgot to mention that there is a rather large list with more than 430,000 entries which I'm using in dnscrypt-proxy. It's comprised of, e.g., the notracking a list and https://dbl.oisd.nl/ and some others. As it simply contains (sub-)domains it's usable in uBO (and uMatrix). Exceptions are some few rules (starting at line 398128 ) which use globbing with asterisks.

 

@2):
(as I mentioned here)
Phishing Bad Sites:

Code:

http://phishing.mailscanner.info/phishing.bad.sites.conf

 

I've long since eliminated Spam404.
It is out of date and many links are also blocked by DNS.
The OpenPhis list also lacks an update date.

 

Guys, consider also the decrease the Insecure Chipher Suites of the browser also contributes to greater browsing security.
In this way, many websites with malware and phishing content are unreachable.
Obviously where to leave those Insecure Cipher Suites that allow you to enter your favorite websites.
In my browser I left 2 of them active:

https://browserleaks.com/ssl



Sorry for this OT.

 

OpenPhish update frequency:
12 hours.
( mentioned here)
List:

Code:

https://openphish.com/feed.txt