Do you have a script to generate those files? about ukrainian-security-filter HOT 9 CLOSED

Not everyone uses Google Safe Browsing (i.e. M$ Edge)

Over the past 30 days, six additional domain names with a similar 'perevod-[letter of the Latin alphabet]' pattern have been registered in the .shop domain zone. All of them are marked as 'unsafe' in the Safe Browsing database, so neither Firefox nor Chromium-based browsers can open them. By your logic, we should add them to our filter as well. If we followed this approach, our filter would already have thousands of entries. And it still wouldn't make sense, since hundreds of new domain names are created every day to be used in phishing campaigns targeting Ukrainian citizens. That's why, for example, our filter contains a separate section of rules called 'PATTERN-BASED FILTERING RULES'. So, for example, only two rules were able to fully protect users during the active phase of UAC-0102 (CERT-UA), and we did not need to add dozens of domain names used in this campaign to the filter. This is our approach. So the problem is not in the automation of processes on GitHub, but in the fact that we have not yet met other teams that systematically study phishing campaigns (in Ukraine) and are ready to share data on the basis of which we could create patterns (domain names, content of phishing resources).

from ukrainian-security-filter.

I would like to add a phishing site to the list. Recently I've received a message that was related to my advertisement on olx.ua. The link was: https://perevod-a.shop/194904995

Not everyone uses Google Safe Browsing (i.e. M$ Edge). Thanks

@iam-py-test @anti-social Today we discovered additional active domain names used in this campaign (TAG-47), so we created two universal rules that block access to all of them (filter update 20231030.02)

from ukrainian-security-filter.

Do you have a script to generate those files?

Filter generation is a semi-automatic process. Blocks of new rules are generated automatically in four formats. However, the sorting and subsequent duplicate checking is performed manually using the built-in IDE tools.

from ukrainian-security-filter.

I would like to add a phishing site to the list. Recently I've received a message that was related to my advertisement on olx.ua. The link was: https://perevod-a.shop/194904995 . But of course they removed it after I started spamming it with some random data.

And I think it would be nice to have a single list with domains thus people could easily create PRs.

from ukrainian-security-filter.

I would like to add a phishing site to the list. Recently I've received a message that was related to my advertisement on olx.ua. The link was: https://perevod-a[.]shop/194904995

This site (perevod-a[.]shop) is already marked as 'Deceptive', so there is no need to add it to the filter.

And I think it would be nice to have a single list with domains thus people could easily create PRs

Our filter is available in 4 formats, as some people use it in browsers (AdBlock syntax), and some people want to be able to use it in third-party content filtering software. Almost all popular filters are available in these formats.

from ukrainian-security-filter.

This site (perevod-a[.]shop) is already marked as 'Deceptive'

Where is it marked as Deceptive? I don't see it in the lists. I can open the site without any warnings using Firefox and Chromium.

Our filter is available in 4 formats

I mean we have a single list with domains, when the list changes github action starts and generates all the formats for using in browsers, dns servers etc. As I understand you have the list somewhere and you generate the formats manually, then you commit changes. I would like to automate this process.

from ukrainian-security-filter.

Also people will be able to add a new phishing site via a PR. Then you can check the PR, approve it and all the formats will be generated automatically after a commit.

from ukrainian-security-filter.

Where is it marked as Deceptive? I don't see it in the lists. I can open the site without any warnings using Firefox

I can confirm: Firefox is blocking this site with the message "Deceptive site ahead"

from ukrainian-security-filter.

I can confirm: Firefox is blocking this site with the message "Deceptive site ahead"

Not everyone uses Google Safe Browsing (i.e. M$ Edge).
Thanks

from ukrainian-security-filter.