Will this entry work in block sites?

Discussion in 'ESET NOD32 Antivirus' started by Escalader, Jan 22, 2012.

Thread Status:
Not open for further replies.
  1. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    "*.artrocker.com " is in my list... will this work? I got no error message?

    The Nod help on this feature has always confused me:oops:

    Do I include the "?

    will the entry block the whole domain?

    It says I can import sites to block and then asks where the list is.
    Open then says "txt" as a file extention, does that mean the list to import is a txt file, I think yes BUT what format rules apply to the text file?
     
  2. dwomack

    dwomack Eset Staff Account

    Joined:
    Mar 2, 2011
    Posts:
    588
    Do not include the quotation marks in the listing. The asterisk at the beginning includes whatever you type in and anything else that comes before it. The asterisk at the end does the same for what comes after.
     
  3. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    You need to add in the trailing asterisk.

    *.artrocker.com*

    Keep in mind this will only block subdomains of artrocker.com (www.artrocker.com, etc). If content and pages are being served out of the base domain, those might still load in which case you should use *artrocker.com*
     
  4. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    TY, so then

    *.ru

    will block all Russian sites ending in .ru

    if I use

    *.ru* this will block any sites containing .ru.

    and *ru* would block any site with the letters ru in it?
     
  5. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    Thanks, I'm looking to use this feature to block whole countries with single masks

    For example here is one from china

    adwords.google.com.zkcjl.cn so my try on this is

    *.cn*

    or do I need

    *.com.o_O??.cn*

    I find this stuff hard, :oops:
     
  6. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    I apologize, you don't need the asterisk at the end (and probably don't want it, your filtering rules can become too ambiguous). The documentation they give is a little unclear because their sample of blocking an entire domain is "*domain.com*" which would also match against something like domain.company.com and that would be bad.

    So if you're looking to block all Chinese domains then this blocking rule should do the job for you.

    *.cn

    Make sure you hit the check box so it notifies you when it hits a URL from the blocked list. It is useful when you are creating and testing your wildcard rules.
     
  7. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    The ESET article using wildcards to block domains is here - a bit difficult to understand but something to work with for the purposes of your query.

    If I was going to block an entire domain, I would add an entry as follows:
    The latter are probably sufficient variables to do so though I may be incorrect since I have never attempted address management this way.

    Good luck.
     
    Last edited: Jan 25, 2012
  8. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Thanks.

    Here is a quote from the ESET article that is useful:



    I'm going to look at the ESET list now on recommended domains.

    More later:D
     
  9. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    What about actual ip addys like say:

    199.93.44.113
     
  10. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Here is some Eset documnentation:



     
  11. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    Just type in the IP address, no wildcards required.
     
  12. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    Thanks, I have many of those.

    Would an ip range work?
     
  13. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Note that the sites Eset recommends to be blocked are related directly to the following quote from the MS blog:


    ominique Alexander Piatti, dotFREE Group SRO and John Does 1-22 owned a domain cz.cc and used cz.cc to register other subdomains such as lewgdooi.cz.cc used to operate and control the Kelihos botnet.

    so in the Eset block list suggest we add

    lewgdooi.cz.cc
    *.cz.cc
    *.cc.cz



     
  14. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    Unfortunately it isn't really designed for IP ranges in the conventional sense, but I'm guessing you could block whole class b or c network easily using

    192.168.1.* or 192.168.*.*

    as your syntax format. If you need to block more specific IPs than that then you're going to have to enter them individually. Or you should look at products like ESS which has a firewall product that should allow for easier management of outbound blocking to a range of IPs or managing the outbound software firewall settings on Win7 assuming you can get group policy to them.
     
Thread Status:
Not open for further replies.