-
Notifications
You must be signed in to change notification settings - Fork 758
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add domains #10647
Add domains #10647
Conversation
|
|
We certainly do not want to add every single URLs of these, the opposite has been discussed internally - bloating lists with entries few user actually access is a major concern and uBO is never meant to protect from all the bads on the Internet, we even discussed whether we should add traffic-limits for sites we'll address. you're free to keep lists for them on you side. |
Idea: |
Better to comment on uBlockOrigin/uBlock-issues#1116 or uBlockOrigin/uBlock-issues#984. The problem is there's no well-maintained list with good quality. urlhaus was chosen because only this was acceptable and the maintainer cooperated well. In any case blocking bad sites by uBO lists updated at best every 24h is more of a futile effort in the era most of scam sites doesn't live longer than 3 days. |
What do you think of @DandelionSprout's list? It does do most of it's blocking through blocklisting entire TLDs, but is maintained.
Why did uBo never implement support for hours? Doesn't AdBlock Plus support that? |
@iam-py-test expiration time in hours should work fine, It's the server problem. |
Ah. For some reason I thought that that was not supported. Thank you! |
@iam-py-test You have to convince @gorhill , not me. |
I need a link to that list to be able to look at it and form an opinion about it. |
|
IMO |
Examples of legit .top domains? I have only ever seen those two. Personally, I’d be more worried about blocking say, .tk (where I see many legit domains) |
I could make a uBO-inclusion list version without e.g. But the |
It doesn't take a minute finding a dozen of legit .top sites with
Search engine filters should be removed too, and whether to do so or not it's better to rewrite There seems to be quite redundancy with Badware list (e.g. |
In that case I can only presume that Japan is happier about
I'll take note of that for when there's a need to make a uBO-inclusion list version.
I'll put that on my to-do list for this weekend at earliest.
In 2 or 3 of the list's sections, domains remain even after being parked, because they're hardcoded in e.g. user guides or user manuals and can end up being bought in the future.
I'll take care of that pretty soon now.
Around 2019, MSN would occasionally have a top sticky banner that promoted an extension called "MSN New Tab". Those who remember various MSN IE toolbars, know that such an extension is a bad idea.
The entries were designed with AdGuard for Windows in mind, the only known major adblocker who can filter on privileged pages. If I don't remember completely wrong, |
After looking into it, I prefer to decline including it in the Malware domains section. |
Yep, written in comment and it's not priviledged on Chromium. I'll also open PR in your repo around this weekend or whenever I find time. |
I feel I could've been given a chance to make a special list version that address all or almost all of the uBO team's concerns; as I've got experience with making special list versions for other adblockers' syntaxes and policies. But I've had fatigue problems all autumn long and am unsure how quickly and consistently I'd be ready to initiate a "Feedback to me" process that'd likely last a week. 😅 |
On the topic of including lists, what about Legit URL Shortener? |
I can first-hand confirm that iam-py-test has been invaluable for Legitimate URL Shortener (even if I was hoping for this thread to focus more on Anti-Malware List), and that he is a full-time contributor with merge rights to it. I could've got a 3rd contributor if needed, but the only other position applicant focused too narrowly on PR-Chinese sites. |
Bigger is disadvantage too. There is a reason we (= AG maintainer) don't add some entries in LU to AGUTP. User don't always report problems. |
True. AdGuard has the advantage of an online issue reporter. |
Therefore, I think such a list should be optional and should not be enabled by default. Those who have chosen to use this filter list are more computer literate and more likely to identify and report problems. |
Ofc should not be enabled, changing default-enable list is a big event and can not happen that easily.
It has been repeteadly proven that this assumption is completely wrong. There's always people like |
URL(s) where the issue occurs
Describe the issue
Unblocked scam websites, and a password-stealing trojan
Screenshot(s)
Steps to reproduce (for the first three):
Steps to reproduce (3)
Versions
Settings
Notes
More info at https://github.com/iam-py-test/investigations/blob/main/2021/11/28/1.md and https://github.com/iam-py-test/investigations/blob/main/2021/11/28/2.md.
Judging by the fact that these two have the same UI & use the same domains in their redirects, they probably are related
The third one is the same as the two above, even redirects to the same domains:
The trojan is from https://scammer.info/t/password-stealer/84348 and has been reported at https://bazaar.abuse.ch/sample/462a689d171f543c10efa08e963996d382585b67a6b298ec40d64f924adfb47a/. For verification, look at https://bazaar.abuse.ch/sample/7984602d945d527e03c32cab6c7471ebf34ac8c74c400e318245a3ef24e419af/#intel