Another block list, no? Yes

Discussion in 'other security issues & news' started by TNT, Mar 3, 2006.

Thread Status:
Not open for further replies.
  1. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Ok, since some of you use block lists, this is a block list I compiled in some time (I use this on web sites at work, where content managers can insert links: these are banned, so these are all forbidden to link anywhere on sites); please note that the list does not really include subdomains: an entry for "<site name>.biz" automatically means than any subdomain entry should be automatically banned, so for instance "<example>.<site name>.biz" is not included in the list but should actually be blocked (this is implemented code-wise on sites, feel free to implement this your own way).

    The list includes entries from various existing block lists, plus:

    - link spam and blog spam sites (sites that were found in guestbooks and forums around the web and which were CLEARLY only used to increase search engine rankings)

    - malware-hosting sites (excuding sites that host malware while CLEARLY specifying it is malware)

    - sites using exploits

    - sites related to known spammers

    - some "tracking-cookie" sites (not many)

    There are no IPs in the list (I personally forbid to link to IPs without a hostname).

    There are more than a few that I personally didn't find on other block lists. I personally checked all of those and they are ALL questionable sites for the reasons specified above.

    The list is a simple .txt file with a domain on each line.

    Maybe some of you will find it useful. If not, then well, too bad. :p

    banned.txt
     
    Last edited by a moderator: Jun 25, 2006
  2. dog [away]

    dog [away] Guest

    Nice list TNT. :) Thanks

    Steve
     
  3. trickyricky

    trickyricky Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    475
    Location:
    London, UK
    Thanks TNT. That is something I've been meaning to compile myself for a while now, yet never got around to. I'll have a look at yours and maybe merge it with all the others to make the mother of all block lists... (no, kidding) ;)
     
  4. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Updated blocklist. Many, many sites added. A few incorrectly formatted removed.

    Rules same as above (see first message): NOT for hosts file. Good for squid blocking rules. Enjoy. :)

    banned.txt
     
    Last edited by a moderator: Jun 25, 2006
  5. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Last edited by a moderator: Jun 25, 2006
  6. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Updated:

    + added 471 malware-hosting, malware-linking, or just plain annoying domains (such as spam-related and "tracking cookies" domains)
    + corrected a problem that caused certain altervista domains starting with "www" not to be restricted when added to the IE restricted zone with ZonedOut.

    PS: everyone is welcome to test this (such as adding these domains to his own IE "restricted" zone) and give his own impression, and especially everyone is welcome contributing to this list (frankly, I found both IE-SpyAd and Spywareblaster's restricted domains lists to be somewhat limited, that's why I started this thing).

    banned.txt
     
    Last edited by a moderator: Jun 25, 2006
  7. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    While I agree the quantity in regards to Spywareblasters Restricted Sites database is pale compared to the banned.txt of 25K + entries....the quality ain't half bad ;)

    As for IE-Spyad....~ 22K entries ain't half bad either :eek: :D

    Nice list by the way :thumb:
     
  8. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    I know, they are definitely pretty good lists (especially IE-SpyAd), but they did miss some of the domains I checked (mostly related to italian "dialer" trojans, but some real ugly CWS stuff as well). This list is not supposed to be a replacement for those two, just an addition. :)
    Thanks. :)
     
  9. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Updated. Some clean up (some subdomains removed for domains already present, a few "jump redirection" spam sites that were shut down removed, and most importantly quite a few nasty sites added).

    PS: what's up with the old one's downloads growing anyway? People, if you want to use it, download the last one, not the old one. ;)

    banned.txt
     
    Last edited by a moderator: Jun 25, 2006
  10. blondie70

    blondie70 Registered Member

    Joined:
    May 9, 2006
    Posts:
    1
    New to all of this, at this time I have Spyware Blaster; that's how I found this site, having on going problem with netster and click2begin popups, any suggestions on eliminating this problem? I am mostly using Mozilla however I have my email accounts(multiple) on sbc browser with IE. Can I custom block with Spyware Blaster? The only thing is I don't know what the CLSID is for these popups
     
  11. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Updated. More "clean up", and a lot of nasty sites added.

    banned.txt
     
    Last edited by a moderator: Jun 25, 2006
  12. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    TNT,
    Very nice list man !!!. Preventing is always better than curing. :cool:
     
  13. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Erik if you use IE you can ZonedOut to put the sites in the list in the "restricted" zone (actually, I don't recommend using IE, but it's just a solution for those who want to use it). The list was born at work as a "banned domains" for websites, meaning that linking to those domains (in forums, etc) is forbidden and will result in the link being killed, then we started using the same list a blocked "outbound" domains list for the squid proxy.

    So far it seems to work quite well. For those who don't have a solution like squid, t can be used with the ZonedOut as I said above to put all those domains in the "restricted zone" list. It is NOT for the Windows hosts file though, because it includes only domains, not the subdomains for that domain (it is impossible to create a hosts file large enough to include those as well): with squid and ZonedOut, for instance, the subdomains for a domain are automatically blocked, with the hosts file they must be all specified (no wildcards).

    Make sure you get always the latest one. I don't guarantee it will block all the nasty domains at all, but it should help.
     
  14. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    any solution for non-IE users?
     
  15. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Well, yes, Squid... :) But I guess that's a lot of work, and you need an extra machine... if your firewall supports importing block rules from text files that would be a solution. I don't use a block list at home 'cause I actually try to go on "nasty" sites most of the time, to send samples to AV/AT vendors. ;)

    I'm sure there are various solutions, but I never looked into them (as I said, we use Squid at work, so that blocks everything at network level). I'll see.
     
  16. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    I've updated it once again. People who wanna use it, download the latest: a new VERY DANGEROUS sites were added.

    banned.txt
     
    Last edited by a moderator: Jun 25, 2006
  17. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    "Special" update including distribution sites of the recent Zlob "fake codec" trojan epidemic (plus a few more).

    banned.txt
     
    Last edited by a moderator: Jun 25, 2006
  18. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Updated. Not much new stuff, but some are quite nasty.

    banned.txt
     
    Last edited by a moderator: Jun 25, 2006
  19. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Thanks TNT added it to my IE-SPYAD list.
     
  20. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Updated. 113 new entries, almost all related to actual exploit/malware pushing sites.

    banned.txt
     
    Last edited by a moderator: Jun 25, 2006
  21. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    TNT - Will you post updates to your block list in this thread?
     
  22. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Yes, I'll post another one very soon, probably tomorrow or the next day. ;)

    I was thinking of linking always the most up-to-date one somewhere on my blog, but I'm not sure how many people see it (myself, I don't even write that often on it anyway). ;)
     
  23. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Thanks TNT, I'll watch for it. What is the link for your blog?
     
  24. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
  25. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
Loading...
Thread Status:
Not open for further replies.