curben
/
vn-badsite-filter
mirror of https://gitlab.com/malware-filter/vn-badsite-filter
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Initial commit

This commit is contained in:
Ming Di Leom 2022-03-20 06:00:54 +00:00
commit 0b2f980fe8
No known key found for this signature in database
GPG Key ID: 32D3E28E96A695E8
11 changed files with 953 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
.github/workflows/pages.yml vendored Normal file
View File

@ -0,0 +1,59 @@
name: Pages
on:
schedule:
- cron: "0 0 * * 6"
workflow_dispatch:
jobs:
pages:
runs-on: ubuntu-latest
container: node:lts-alpine
steps:
- uses: actions/checkout@v2
- name: Install Dependencies
run: |
apk update
apk add brotli curl git grep
- name: Build
run: sh ./src/script.sh
- name: Compress
run: |
find public -type f -regex '.*\.\(txt\|conf\|tpl\|rules\)$' -exec gzip -f -k -9 {} \;
find public -type f -regex '.*\.\(txt\|conf\|tpl\|rules\)$' -exec brotli -f -k -9 {} \;
- name: Deploy
uses: peaceiris/actions-gh-pages@v3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./public
force_orphan: true
- name: 'Upload Public Folder'
uses: actions/upload-artifact@v2
with:
name: public
path: ./public
retention-days: 30
- name: 'Upload Tmp Folder'
uses: actions/upload-artifact@v2
with:
name: tmp
path: ./tmp
retention-days: 30
- name: Check GitLab Status
env:
GITHUB_ENV: ${{ env.GITHUB_ENV }}
run: sh ./src/gitlab_status.sh
- name: Cloudflare Pages
env:
CLOUDFLARE_BUILD_HOOK: ${{ secrets.CLOUDFLARE_BUILD_HOOK }}
if: ${{ env.CLOUDFLARE_BUILD_HOOK != 0 && env.GITLAB_STATUS == 'down' }}
run: curl -X POST "https://api.cloudflare.com/client/v4/pages/webhooks/deploy_hooks/${{ env.CLOUDFLARE_BUILD_HOOK }}"
- name: Netlify
env:
NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }}
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
if: ${{ env.NETLIFY_SITE_ID != 0 && env.GITLAB_STATUS == 'down' }}
run: |
npm install netlify-cli -g
netlify --telemetry-disable
netlify deploy --dir=public --prod

4
.gitignore vendored Normal file
View File

@ -0,0 +1,4 @@
tmp/
.vscode/
node_modules/
public/

70
.gitlab-ci.yml Normal file
View File

@ -0,0 +1,70 @@
image: node:lts-alpine
include:
- template: Security/Secret-Detection.gitlab-ci.yml
# Only run pipeline when scheduled or "Run pipeline" in the main branch
workflow:
rules:
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && ($CI_PIPELINE_SOURCE == "schedule" || $CI_PIPELINE_SOURCE == "web")'
build_job:
stage: build
before_script:
- apk update && apk add brotli curl git grep
script:
- sh src/script.sh
- find public -type f -regex '.*\.\(txt\|conf\|tpl\|rules\)$' -exec gzip -f -k -9 {} \;
- find public -type f -regex '.*\.\(txt\|conf\|tpl\|rules\)$' -exec brotli -f -k -9 {} \;
artifacts:
paths:
- tmp
- public
pages:
stage: deploy
dependencies:
- build_job
script:
- echo
artifacts:
paths:
- public
cloudflare:
stage: deploy
before_script:
- apk update && apk add curl
script:
- curl -X POST "https://api.cloudflare.com/client/v4/pages/webhooks/deploy_hooks/$CLOUDFLARE_BUILD_HOOK"
rules:
- if: $CLOUDFLARE_BUILD_HOOK
netlify:
stage: deploy
dependencies:
- build_job
before_script:
- npm install netlify-cli -g
- netlify --telemetry-disable
script:
- netlify deploy --dir=public --prod
cache:
paths:
- node_modules/
rules:
- if: $NETLIFY_SITE_ID

42
LICENSE.md Normal file
View File

@ -0,0 +1,42 @@
CC0 1.0 Universal
==================
Statement of Purpose
---------------------
The laws of most jurisdictions throughout the world automatically confer exclusive Copyright and Related Rights (defined below) upon the creator and subsequent owner(s) (each and all, an "owner") of an original work of authorship and/or a database (each, a "Work").
Certain owners wish to permanently relinquish those rights to a Work for the purpose of contributing to a commons of creative, cultural and scientific works ("Commons") that the public can reliably and without fear of later claims of infringement build upon, modify, incorporate in other works, reuse and redistribute as freely as possible in any form whatsoever and for any purposes, including without limitation commercial purposes. These owners may contribute to the Commons to promote the ideal of a free culture and the further production of creative, cultural and scientific works, or to gain reputation or greater distribution for their Work in part through the use and efforts of others.
For these and/or other purposes and motivations, and without any expectation of additional consideration or compensation, the person associating CC0 with a Work (the "Affirmer"), to the extent that he or she is an owner of Copyright and Related Rights in the Work, voluntarily elects to apply CC0 to the Work and publicly distribute the Work under its terms, with knowledge of his or her Copyright and Related Rights in the Work and the meaning and intended legal effect of CC0 on those rights.
1. Copyright and Related Rights.
--------------------------------
A Work made available under CC0 may be protected by copyright and related or neighboring rights ("Copyright and Related Rights"). Copyright and Related Rights include, but are not limited to, the following:
i. the right to reproduce, adapt, distribute, perform, display, communicate, and translate a Work;
ii. moral rights retained by the original author(s) and/or performer(s);
iii. publicity and privacy rights pertaining to a person's image or likeness depicted in a Work;
iv. rights protecting against unfair competition in regards to a Work, subject to the limitations in paragraph 4(a), below;
v. rights protecting the extraction, dissemination, use and reuse of data in a Work;
vi. database rights (such as those arising under Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, and under any national implementation thereof, including any amended or successor version of such directive); and
vii. other similar, equivalent or corresponding rights throughout the world based on applicable law or treaty, and any national implementations thereof.
2. Waiver.
-----------
To the greatest extent permitted by, but not in contravention of, applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and unconditionally waives, abandons, and surrenders all of Affirmer's Copyright and Related Rights and associated claims and causes of action, whether now known or unknown (including existing as well as future claims and causes of action), in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each member of the public at large and to the detriment of Affirmer's heirs and successors, fully intending that such Waiver shall not be subject to revocation, rescission, cancellation, termination, or any other legal or equitable action to disrupt the quiet enjoyment of the Work by the public as contemplated by Affirmer's express Statement of Purpose.
3. Public License Fallback.
----------------------------
Should any part of the Waiver for any reason be judged legally invalid or ineffective under applicable law, then the Waiver shall be preserved to the maximum extent permitted taking into account Affirmer's express Statement of Purpose. In addition, to the extent the Waiver is so judged Affirmer hereby grants to each affected person a royalty-free, non transferable, non sublicensable, non exclusive, irrevocable and unconditional license to exercise Affirmer's Copyright and Related Rights in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "License"). The License shall be deemed effective as of the date CC0 was applied by Affirmer to the Work. Should any part of the License for any reason be judged legally invalid or ineffective under applicable law, such partial invalidity or ineffectiveness shall not invalidate the remainder of the License, and in such case Affirmer hereby affirms that he or she will not (i) exercise any of his or her remaining Copyright and Related Rights in the Work or (ii) assert any associated claims and causes of action with respect to the Work, in either case contrary to Affirmer's express Statement of Purpose.
4. Limitations and Disclaimers.
--------------------------------
a. No trademark or patent rights held by Affirmer are waived, abandoned, surrendered, licensed or otherwise affected by this document.
b. Affirmer offers the Work as-is and makes no representations or warranties of any kind concerning the Work, express, implied, statutory or otherwise, including without limitation warranties of title, merchantability, fitness for a particular purpose, non infringement, or the absence of latent or other defects, accuracy, or the present or absence of errors, whether or not discoverable, all to the greatest extent permissible under applicable law.
c. Affirmer disclaims responsibility for clearing rights of other persons that may apply to the Work or any use thereof, including without limitation any person's Copyright and Related Rights in the Work. Further, Affirmer disclaims responsibility for obtaining any necessary consents, permissions or other rights required for any use of the Work.
d. Affirmer understands and acknowledges that Creative Commons is not a party to this document and has no duty or obligation with respect to this CC0 or use of the Work.
For more information, please see
https://creativecommons.org/publicdomain/zero/1.0/

455
README.md Normal file
View File

@ -0,0 +1,455 @@
# VN Malicious Domains Blocklist
A blocklist of malicious (malware, scam, phishing) websites that are targeting Vietnamese users. Sourced from [api.chongluadao.vn](https://chongluadao.vn).
There are multiple formats available, refer to the appropriate section according to the program used:
- uBlock Origin (uBO) -> [URL-based](#url-based) section (recommended)
- Pi-hole -> [Domain-based](#domain-based) or [Hosts-based](#hosts-based) section
- AdGuard Home -> [Domain-based (AdGuard Home)](#domain-based-adguard-home) or [Hosts-based](#hosts-based) section
- AdGuard (browser extension) -> [URL-based (AdGuard)](#url-based-adguard)
- Vivaldi -> [URL-based (Vivaldi)](#url-based-vivaldi)
- [Hosts](#hosts-based)
- [Dnsmasq](#dnsmasq)
- BIND -> BIND [zone](#bind) or [RPZ](#response-policy-zone)
- [Unbound](#unbound)
- [dnscrypt-proxy](#dnscrypt-proxy)
- Internet Explorer -> [Tracking Protection List (IE)](#tracking-protection-list-ie)
- [Snort2](#snort2)
- [Snort3](#snort3)
- [Suricata](#suricata)
Not sure which format to choose? See [Compatibility](https://gitlab.com/curben/malware-filter/wikis/compatibility) page in the wiki.
Check out my other filters:
- [urlhaus-filter](https://gitlab.com/curben/urlhaus-filter)
- [phishing-filter](https://gitlab.com/curben/phishing-filter)
- [pup-filter](https://gitlab.com/curben/pup-filter)
- [tracking-filter](https://gitlab.com/curben/tracking-filter)
## URL-based
Import the following URL into uBO to subscribe:
- https://curben.gitlab.io/malware-filter/vn-badsite-filter.txt
<details>
<summary>Mirrors</summary>
- https://curbengh.github.io/malware-filter/vn-badsite-filter.txt
- https://curbengh.github.io/vn-badsite-filter/vn-badsite-filter.txt
- https://curben.gitlab.io/vn-badsite-filter/vn-badsite-filter.txt
- https://malware-filter.pages.dev/vn-badsite-filter.txt
- https://vn-badsite-filter.pages.dev/vn-badsite-filter.txt
</details>
**AdGuard Home** users should use [this blocklist](#domain-based-adguard-home).
## URL-based (AdGuard)
Import the following URL into AdGuard browser extensions to subscribe (includes online and **offline** malicious websites):
- https://curben.gitlab.io/malware-filter/vn-badsite-filter-ag.txt
<details>
<summary>Mirrors</summary>
- https://curbengh.github.io/malware-filter/vn-badsite-filter-ag.txt
- https://curbengh.github.io/vn-badsite-filter/vn-badsite-filter-ag.txt
- https://curben.gitlab.io/vn-badsite-filter/vn-badsite-filter-ag.txt
- https://malware-filter.pages.dev/vn-badsite-filter-ag.txt
- https://vn-badsite-filter.pages.dev/vn-badsite-filter-ag.txt
</details>
## URL-based (Vivaldi)
_Requires Vivaldi Desktop/Android 3.3+, blocking level must be at least "Block Trackers"_
Import the following URL into Vivaldi's **Tracker Blocking Sources** to subscribe (includes online and **offline** malicious websites):
- https://curben.gitlab.io/malware-filter/vn-badsite-filter-vivaldi.txt
<details>
<summary>Mirrors</summary>
- https://curbengh.github.io/malware-filter/vn-badsite-filter-vivaldi.txt
- https://curbengh.github.io/vn-badsite-filter/vn-badsite-filter-vivaldi.txt
- https://curben.gitlab.io/vn-badsite-filter/vn-badsite-filter-vivaldi.txt
- https://malware-filter.pages.dev/vn-badsite-filter-vivaldi.txt
- https://vn-badsite-filter.pages.dev/vn-badsite-filter-vivaldi.txt
</details>
## Domain-based
This blocklist includes domains and IP addresses.
- https://curben.gitlab.io/malware-filter/vn-badsite-filter-domains.txt
<details>
<summary>Mirrors</summary>
- https://curbengh.github.io/malware-filter/vn-badsite-filter-domains.txt
- https://curbengh.github.io/vn-badsite-filter/vn-badsite-filter-domains.txt
- https://curben.gitlab.io/vn-badsite-filter/vn-badsite-filter-domains.txt
- https://malware-filter.pages.dev/vn-badsite-filter-domains.txt
- https://vn-badsite-filter.pages.dev/vn-badsite-filter-domains.txt
</details>
## Domain-based (AdGuard Home)
This AdGuard Home-compatible blocklist includes domains and IP addresses.
- https://curben.gitlab.io/malware-filter/vn-badsite-filter-agh.txt
<details>
<summary>Mirrors</summary>
- https://curbengh.github.io/malware-filter/vn-badsite-filter-agh.txt
- https://curbengh.github.io/vn-badsite-filter/vn-badsite-filter-agh.txt
- https://curben.gitlab.io/vn-badsite-filter/vn-badsite-filter-agh.txt
- https://malware-filter.pages.dev/vn-badsite-filter-agh.txt
- https://vn-badsite-filter.pages.dev/vn-badsite-filter-agh.txt
</details>
## Hosts-based
This blocklist includes domains only.
- https://curben.gitlab.io/malware-filter/vn-badsite-filter-hosts.txt
<details>
<summary>Mirrors</summary>
- https://curbengh.github.io/malware-filter/vn-badsite-filter-hosts.txt
- https://curbengh.github.io/vn-badsite-filter/vn-badsite-filter-hosts.txt
- https://curben.gitlab.io/vn-badsite-filter/vn-badsite-filter-hosts.txt
- https://malware-filter.pages.dev/vn-badsite-filter-hosts.txt
- https://vn-badsite-filter.pages.dev/vn-badsite-filter-hosts.txt
</details>
## Dnsmasq
This blocklist includes domains only.
### Install
```
# Create a new folder to store the blocklist
mkdir -p /usr/local/etc/dnsmasq/
# Create a new cron job for daily update
printf '#!/bin/sh\ncurl -L "https://curben.gitlab.io/malware-filter/vn-badsite-filter-dnsmasq.conf" -o "/usr/local/etc/dnsmasq/vn-badsite-filter-dnsmasq.conf"\n' > /etc/cron.daily/vn-badsite-filter
# cron job requires execution permission
chmod 755 /etc/cron.daily/vn-badsite-filter
# Configure dnsmasq to use the blocklist
printf "\nconf-file=/usr/local/etc/dnsmasq/vn-badsite-filter-dnsmasq.conf\n" >> /etc/dnsmasq.conf
```
- https://curben.gitlab.io/malware-filter/vn-badsite-filter-dnsmasq.conf
<details>
<summary>Mirrors</summary>
- https://curbengh.github.io/malware-filter/vn-badsite-filter-dnsmasq.conf
- https://curbengh.github.io/vn-badsite-filter/vn-badsite-filter-dnsmasq.conf
- https://curben.gitlab.io/vn-badsite-filter/vn-badsite-filter-dnsmasq.conf
- https://malware-filter.pages.dev/vn-badsite-filter-dnsmasq.conf
- https://vn-badsite-filter.pages.dev/vn-badsite-filter-dnsmasq.conf
</details>
## BIND
This blocklist includes domains only.
### Install
```
# Create a new folder to store the blocklist
mkdir -p /usr/local/etc/bind/
# Create a new cron job for daily update
printf '#!/bin/sh\ncurl -L "https://curben.gitlab.io/malware-filter/vn-badsite-filter-bind.conf" -o "/usr/local/etc/bind/vn-badsite-filter-bind.conf"\n' > /etc/cron.daily/vn-badsite-filter
# cron job requires execution permission
chmod 755 /etc/cron.daily/vn-badsite-filter
# Configure BIND to use the blocklist
printf '\ninclude "/usr/local/etc/bind/vn-badsite-filter-bind.conf";\n' >> /etc/bind/named.conf
```
Add this to "/etc/bind/null.zone.file" (skip this step if the file already exists):
```
$TTL 86400 ; one day
@ IN SOA ns.nullzone.loc. ns.nullzone.loc. (
2017102203
28800
7200
864000
86400 )
NS ns.nullzone.loc.
A 0.0.0.0
@ IN A 0.0.0.0
* IN A 0.0.0.0
```
Zone file is derived from [here](https://github.com/tomzuu/blacklist-named/blob/master/null.zone.file).
- https://curben.gitlab.io/malware-filter/vn-badsite-filter-bind.conf
<details>
<summary>Mirrors</summary>
- https://curbengh.github.io/malware-filter/vn-badsite-filter-bind.conf
- https://curbengh.github.io/vn-badsite-filter/vn-badsite-filter-bind.conf
- https://curben.gitlab.io/vn-badsite-filter/vn-badsite-filter-bind.conf
- https://malware-filter.pages.dev/vn-badsite-filter-bind.conf
- https://vn-badsite-filter.pages.dev/vn-badsite-filter-bind.conf
</details>
## Response Policy Zone
This blocklist includes domains only.
- https://curben.gitlab.io/malware-filter/vn-badsite-filter-rpz.conf
<details>
<summary>Mirrors</summary>
- https://curbengh.github.io/malware-filter/vn-badsite-filter-rpz.conf
- https://curbengh.github.io/vn-badsite-filter/vn-badsite-filter-rpz.conf
- https://curben.gitlab.io/vn-badsite-filter/vn-badsite-filter-rpz.conf
- https://malware-filter.pages.dev/vn-badsite-filter-rpz.conf
- https://vn-badsite-filter.pages.dev/vn-badsite-filter-rpz.conf
</details>
## Unbound
This blocklist includes domains only.
### Install
```
# Create a new folder to store the blocklist
mkdir -p /usr/local/etc/unbound/
# Create a new cron job for daily update
printf '#!/bin/sh\ncurl -L "https://curben.gitlab.io/malware-filter/vn-badsite-filter-unbound.conf" -o "/usr/local/etc/unbound/vn-badsite-filter-unbound.conf"\n' > /etc/cron.daily/vn-badsite-filter
# cron job requires execution permission
chmod 755 /etc/cron.daily/vn-badsite-filter
# Configure Unbound to use the blocklist
printf '\n include: "/usr/local/etc/unbound/vn-badsite-filter-unbound.conf"\n' >> /etc/unbound/unbound.conf
```
- https://curben.gitlab.io/malware-filter/vn-badsite-filter-unbound.conf
<details>
<summary>Mirrors</summary>
- https://curbengh.github.io/malware-filter/vn-badsite-filter-unbound.conf
- https://curbengh.github.io/vn-badsite-filter/vn-badsite-filter-unbound.conf
- https://curben.gitlab.io/vn-badsite-filter/vn-badsite-filter-unbound.conf
- https://malware-filter.pages.dev/vn-badsite-filter-unbound.conf
- https://vn-badsite-filter.pages.dev/vn-badsite-filter-unbound.conf
</details>
## dnscrypt-proxy
### Install
```
# Create a new folder to store the blocklist
mkdir -p /etc/dnscrypt-proxy/
# Create a new cron job for daily update
printf '#!/bin/sh\ncurl -L "https://curben.gitlab.io/malware-filter/vn-badsite-filter-dnscrypt-blocked-names.txt" -o "/etc/dnscrypt-proxy/vn-badsite-filter-dnscrypt-blocked-names.txt"\n' > /etc/cron.daily/vn-badsite-filter
printf '\ncurl -L "https://curben.gitlab.io/malware-filter/vn-badsite-filter-dnscrypt-blocked-ips.txt" -o "/etc/dnscrypt-proxy/vn-badsite-filter-dnscrypt-blocked-ips.txt"\n' >> /etc/cron.daily/vn-badsite-filter
# cron job requires execution permission
chmod 755 /etc/cron.daily/vn-badsite-filter
```
Configure dnscrypt-proxy to use the blocklist:
``` diff
[blocked_names]
+ blocked_names_file = '/etc/dnscrypt-proxy/vn-badsite-filter-dnscrypt-blocked-names.txt'
[blocked_ips]
+ blocked_ips_file = '/etc/dnscrypt-proxy/vn-badsite-filter-dnscrypt-blocked-ips.txt'
```
- https://curben.gitlab.io/malware-filter/vn-badsite-filter-dnscrypt-blocked-names.txt
- https://curben.gitlab.io/malware-filter/vn-badsite-filter-dnscrypt-blocked-ips.txt
<details>
<summary>Mirrors</summary>
- https://curbengh.github.io/malware-filter/vn-badsite-filter-dnscrypt-blocked-names.txt
- https://curbengh.github.io/vn-badsite-filter/vn-badsite-filter-dnscrypt-blocked-names.txt
- https://curben.gitlab.io/vn-badsite-filter/vn-badsite-filter-dnscrypt-blocked-names.txt
- https://malware-filter.pages.dev/vn-badsite-filter-dnscrypt-blocked-names.txt
- https://vn-badsite-filter.pages.dev/vn-badsite-filter-dnscrypt-blocked-names.txt
- https://curbengh.github.io/malware-filter/vn-badsite-filter-dnscrypt-blocked-ips.txt
- https://curbengh.github.io/vn-badsite-filter/vn-badsite-filter-dnscrypt-blocked-ips.txt
- https://curben.gitlab.io/vn-badsite-filter/vn-badsite-filter-dnscrypt-blocked-ips.txt
- https://malware-filter.pages.dev/vn-badsite-filter-dnscrypt-blocked-ips.txt
- https://vn-badsite-filter.pages.dev/vn-badsite-filter-dnscrypt-blocked-ips.txt
</details>
## Tracking Protection List (IE)
This blocklist includes domains only. Supported in Internet Explorer 9+.
- https://curben.gitlab.io/malware-filter/vn-badsite-filter.tpl
<details>
<summary>Mirrors</summary>
- https://curbengh.github.io/malware-filter/vn-badsite-filter.tpl
- https://curbengh.github.io/vn-badsite-filter/vn-badsite-filter.tpl
- https://curben.gitlab.io/vn-badsite-filter/vn-badsite-filter.tpl
- https://malware-filter.pages.dev/vn-badsite-filter.tpl
- https://vn-badsite-filter.pages.dev/vn-badsite-filter.tpl
</details>
## Snort2
This ruleset includes online URLs only. Not compatible with [Snort3](#snort3).
### Install
```
# Download ruleset
curl -L "https://curben.gitlab.io/malware-filter/vn-badsite-filter-snort2.rules" -o "/etc/snort/rules/vn-badsite-filter-snort2.rules"
# Create a new cron job for daily update
printf '#!/bin/sh\ncurl -L "https://curben.gitlab.io/malware-filter/vn-badsite-filter-snort2.rules" -o "/etc/snort/rules/vn-badsite-filter-snort2.rules"\n' > /etc/cron.daily/vn-badsite-filter
# cron job requires execution permission
chmod 755 /etc/cron.daily/vn-badsite-filter
# Configure Snort to use the ruleset
printf "\ninclude \$RULE_PATH/vn-badsite-filter-snort2.rules\n" >> /etc/snort/snort.conf
```
- https://curben.gitlab.io/malware-filter/vn-badsite-filter-snort2.rules
<details>
<summary>Mirrors</summary>
- https://curbengh.github.io/malware-filter/vn-badsite-filter-snort2.rules
- https://curbengh.github.io/vn-badsite-filter/vn-badsite-filter-snort2.rules
- https://curben.gitlab.io/vn-badsite-filter/vn-badsite-filter-snort2.rules
- https://malware-filter.pages.dev/vn-badsite-filter-snort2.rules
- https://vn-badsite-filter.pages.dev/vn-badsite-filter-snort2.rules
</details>
## Snort3
This ruleset includes online URLs only. Not compatible with [Snort2](#snort2).
### Install
```
# Download ruleset
curl -L "https://curben.gitlab.io/malware-filter/vn-badsite-filter-snort3.rules" -o "/etc/snort/rules/vn-badsite-filter-snort3.rules"
# Create a new cron job for daily update
printf '#!/bin/sh\ncurl -L "https://curben.gitlab.io/malware-filter/vn-badsite-filter-snort3.rules" -o "/etc/snort/rules/vn-badsite-filter-snort3.rules"\n' > /etc/cron.daily/vn-badsite-filter
# cron job requires execution permission
chmod 755 /etc/cron.daily/vn-badsite-filter
```
Configure Snort to use the ruleset:
``` diff
# /etc/snort/snort.lua
ips =
{
variables = default_variables,
+ include = 'rules/vn-badsite-filter-snort3.rules'
}
```
- https://curben.gitlab.io/malware-filter/vn-badsite-filter-snort3.rules
<details>
<summary>Mirrors</summary>
- https://curbengh.github.io/malware-filter/vn-badsite-filter-snort3.rules
- https://curbengh.github.io/vn-badsite-filter/vn-badsite-filter-snort3.rules
- https://curben.gitlab.io/vn-badsite-filter/vn-badsite-filter-snort3.rules
- https://malware-filter.pages.dev/vn-badsite-filter-snort3.rules
- https://vn-badsite-filter.pages.dev/vn-badsite-filter-snort3.rules
</details>
## Suricata
This ruleset includes online URLs only.
### Install
```
# Download ruleset
curl -L "https://curben.gitlab.io/malware-filter/vn-badsite-filter-suricata.rules" -o "/etc/suricata/rules/vn-badsite-filter-suricata.rules"
# Create a new cron job for daily update
printf '#!/bin/sh\ncurl -L "https://curben.gitlab.io/malware-filter/vn-badsite-filter-suricata.rules" -o "/etc/suricata/rules/vn-badsite-filter-suricata.rules"\n' > /etc/cron.daily/vn-badsite-filter
# cron job requires execution permission
chmod 755 /etc/cron.daily/vn-badsite-filter
```
Configure Suricata to use the ruleset:
``` diff
# /etc/suricata/suricata.yaml
rule-files:
- local.rules
+ - vn-badsite-filter-suricata.rules
```
- https://curben.gitlab.io/malware-filter/vn-badsite-filter-suricata.rules
<details>
<summary>Mirrors</summary>
- https://curbengh.github.io/malware-filter/vn-badsite-filter-suricata.rules
- https://curbengh.github.io/vn-badsite-filter/vn-badsite-filter-suricata.rules
- https://curben.gitlab.io/vn-badsite-filter/vn-badsite-filter-suricata.rules
- https://malware-filter.pages.dev/vn-badsite-filter-suricata.rules
- https://vn-badsite-filter.pages.dev/vn-badsite-filter-suricata.rules
</details>
## FAQ and Guides
See [wiki](https://gitlab.com/curben/malware-filter/-/wikis/home)
## License
[Creative Commons Zero v1.0 Universal](LICENSE.md)
[api.chongluadao.vn](https://chongluadao.vn) (operated by Hieu Minh Ngo): [CC0](https://creativecommons.org/publicdomain/zero/1.0/)

14
package.json Normal file
View File

@ -0,0 +1,14 @@
{
"name": "tracking-filter",
"private": true,
"scripts": {
"build": "node src/build.js"
},
"dependencies": {
"extract-zip": "^2.0.1",
"got": "^11.8.3"
},
"engines": {
"node": ">= 14.15.0"
}
}

73
src/build.js Normal file
View File

@ -0,0 +1,73 @@
'use strict'
// for deployment outside of GitLab CI, e.g. Cloudflare Pages and Netlify
const { stream: gotStream } = require('got')
const got = require('got')
const unzip = require('extract-zip')
const { join } = require('path')
const { mkdir } = require('fs/promises')
const { createWriteStream } = require('fs')
const { pipeline } = require('stream/promises')
const rootPath = join(__dirname, '..')
const tmpPath = join(rootPath, 'tmp')
const publicPath = join(rootPath, 'public')
const zipPath = join(tmpPath, 'artifacts.zip')
const artifactsUrl = 'https://gitlab.com/curben/vn-badsite-filter/-/jobs/artifacts/main/download?job=pages'
const pipelineUrl = 'https://gitlab.com/curben/vn-badsite-filter/badges/main/pipeline.svg'
const ghMirror = 'https://nightly.link/curbengh/vn-badsite-filter/workflows/pages/main/public.zip'
const pipelineStatus = async (url) => {
try {
const svg = await got(url).text()
if (!svg.includes('passed')) throw new Error('last gitlab pipeline failed')
} catch ({ message }) {
throw new Error(message)
}
}
const f = async () => {
let isMirror = false
await mkdir(tmpPath, { recursive: true })
console.log(`Downloading artifacts.zip from "${artifactsUrl}"`)
try {
await pipeline(
gotStream(artifactsUrl),
createWriteStream(zipPath)
)
await pipelineStatus(pipelineUrl)
} catch ({ message }) {
console.error(JSON.stringify({
error: message,
link: artifactsUrl
}))
console.log(`Downloading artifacts.zip from "${ghMirror}"`)
isMirror = true
try {
await pipeline(
gotStream(ghMirror),
createWriteStream(zipPath)
)
} catch ({ message }) {
throw new Error(JSON.stringify({
error: message,
link: ghMirror
}))
}
}
console.log('Extracting artifacts.zip...')
if (isMirror === false) {
await unzip(zipPath, { dir: rootPath })
} else {
await mkdir(publicPath, { recursive: true })
await unzip(zipPath, { dir: publicPath })
}
}
f()

0
src/exclude.txt Normal file
View File

11
src/gitlab_status.sh Normal file
View File

@ -0,0 +1,11 @@
#!/bin/sh
ARTIFACT_STATUS=$(curl -sSIL "https://gitlab.com/curben/vn-badsite-filter/-/jobs/artifacts/main/download?job=pages" | grep -F "HTTP/2 200")
PIPELINE_STATUS=$(curl -sSL "https://gitlab.com/curben/vn-badsite-filter/badges/main/pipeline.svg" | grep -F "failed")
GITLAB_STATUS="up"
if [ -z "$ARTIFACT_STATUS" ] || [ -n "$PIPELINE_STATUS" ]; then
GITLAB_STATUS="down"
fi
echo "GITLAB_STATUS=$GITLAB_STATUS" >> "$GITHUB_ENV"

35
src/script.js Normal file
View File

@ -0,0 +1,35 @@
'use strict'
const { join } = require('path')
const { appendFile, readdir, readFile, rm, writeFile } = require('fs/promises')
const { parse } = JSON
const f = async () => {
// __dirname is src/
const outputFile = join(__dirname, '../tmp/domains-raw.txt')
await rm(outputFile, { force: true })
const domainsPath = join(__dirname, '../tmp/blacklistdomains.json')
const linksPath = join(__dirname, '../tmp/blacklistlinks.json')
const domainsStr = await readFile(domainsPath)
const domainsArray = parse(domainsStr)
const linksStr = await readFile(linksPath)
const linksArray = parse(linksStr)
const domains = new Set()
for (const { url } of domainsArray) {
const parsedUrl = new URL(url)
const domain = parsedUrl.hostname.replace(/\\/g, '').replace(/^(\*|www)\./, '')
domains.add(domain)
}
for (const { url } of linksArray) {
const parsedUrl = new URL(url)
const domain = parsedUrl.hostname.replace(/\\/g, '').replace(/^www\./, '')
domains.add(domain)
}
await writeFile(outputFile, Array.from(domains).join('\n'))
}
f()

190
src/script.sh Normal file
View File

@ -0,0 +1,190 @@
#!/bin/sh
# works best on busybox sh
set -efux -o pipefail
## Use GNU grep, busybox grep is too slow
. "/etc/os-release"
DISTRO="$ID"
if [ -z "$(grep --help | grep 'GNU')" ]; then
if [ "$DISTRO" = "alpine" ]; then
echo "Please install GNU grep 'apk add grep'"
exit 1
fi
alias grep="/usr/bin/grep"
fi
rm -rf "tmp/"
mkdir -p "tmp/"
cd "tmp/"
# Prepare datasets
curl -L "https://api.chongluadao.vn/v2/blacklistdomains" -o "blacklistdomains.json"
curl -L "https://api.chongluadao.vn/v2/blacklistlinks" -o "blacklistlinks.json"
# Extract tracking links
node "../src/script.js"
# Cleanup
cat "domains-raw.txt" | \
# exclude false positives
grep -F -vf "../src/exclude.txt" | \
sort -u > "domains.txt"
## Merge malware domains and URLs
CURRENT_TIME="$(date -R -u)"
FIRST_LINE="! Title: VN Malicious Domains Blocklist\n! Description: Block malicious domains targeting Vietnamese users"
SECOND_LINE="! Updated: $CURRENT_TIME"
THIRD_LINE="! Expires: 1 day (update frequency)"
FOURTH_LINE="! Homepage: https://gitlab.com/curben/vn-badsite-filter"
FIFTH_LINE="! License: https://gitlab.com/curben/vn-badsite-filter#license"
SIXTH_LINE="! Source: https://api.chongluadao.vn/v2/blacklistdomains & https://api.chongluadao.vn/v2/blacklistlinks"
COMMENT_UBO="$FIRST_LINE\n$SECOND_LINE\n$THIRD_LINE\n$FOURTH_LINE\n$FIFTH_LINE\n$SIXTH_LINE"
mkdir -p "../public/"
cat "domains.txt" | \
sort | \
sed '1 i\'"$COMMENT_UBO"'' > "../public/vn-badsite-filter.txt"
# Adguard Home
cat "domains.txt" | \
sort | \
sed -e "s/^/||/g" -e "s/$/^/g" | \
sed '1 i\'"$COMMENT_UBO"'' | \
sed "1s/Blocklist/Blocklist (AdGuard Home)/" > "../public/vn-badsite-filter-agh.txt"
# Adguard browser extension
cat "domains.txt" | \
sort | \
sed -e "s/^/||/g" -e "s/$/\$all/g" | \
sed '1 i\'"$COMMENT_UBO"'' | \
sed "1s/Blocklist/Blocklist (AdGuard)/" > "../public/vn-badsite-filter-ag.txt"
# Vivaldi
cat "domains.txt" | \
sort | \
sed -e "s/^/||/g" -e "s/$/\$document/g" | \
sed '1 i\'"$COMMENT_UBO"'' | \
sed "1s/Blocklist/Blocklist (Vivaldi)/" > "../public/vn-badsite-filter-vivaldi.txt"
## Hash comment
# awk + head is a workaround for sed prepend
COMMENT=$(printf "$COMMENT_UBO" | sed "s/^!/#/g" | awk '{printf "%s\\n", $0}' | head -c -2)
cat "domains.txt" | \
sort | \
sed '1 i\'"$COMMENT"'' > "../public/vn-badsite-filter-domains.txt"
## Hosts file blocklist
cat "domains.txt" | \
sed "s/^/0.0.0.0 /g" | \
sed '1 i\'"$COMMENT"'' | \
sed "1s/Domains/Hosts/" > "../public/vn-badsite-filter-hosts.txt"
## Dnsmasq-compatible blocklist
cat "domains.txt" | \
sed "s/^/address=\//g" | \
sed "s/$/\/0.0.0.0/g" | \
sed '1 i\'"$COMMENT"'' | \
sed "1s/Blocklist/dnsmasq Blocklist/" > "../public/vn-badsite-filter-dnsmasq.conf"
## BIND-compatible blocklist
cat "domains.txt" | \
sed 's/^/zone "/g' | \
sed 's/$/" { type master; notify no; file "null.zone.file"; };/g' | \
sed '1 i\'"$COMMENT"'' | \
sed "1s/Blocklist/BIND Blocklist/" > "../public/vn-badsite-filter-bind.conf"
## DNS Response Policy Zone (RPZ)
CURRENT_UNIX_TIME="$(date +%s)"
RPZ_SYNTAX="\n\$TTL 30\n@ IN SOA rpz.curben.gitlab.io. hostmaster.rpz.curben.gitlab.io. $CURRENT_UNIX_TIME 86400 3600 604800 30\n NS localhost.\n"
cat "domains.txt" | \
sed "s/$/ CNAME ./g" | \
sed '1 i\'"$RPZ_SYNTAX"'' | \
sed '1 i\'"$COMMENT"'' | \
sed "s/^#/;/g" | \
sed "1s/Blocklist/RPZ Blocklist/" > "../public/vn-badsite-filter-rpz.conf"
## Unbound-compatible blocklist
cat "domains.txt" | \
sed 's/^/local-zone: "/g' | \
sed 's/$/" always_nxdomain/g' | \
sed '1 i\'"$COMMENT"'' | \
sed "1s/Blocklist/Unbound Blocklist/" > "../public/vn-badsite-filter-unbound.conf"
## dnscrypt-proxy blocklists
# name-based
cat "domains.txt" | \
sed '1 i\'"$COMMENT"'' | \
sed "1s/Domains/Names/" > "../public/vn-badsite-filter-dnscrypt-blocked-names.txt"
# IPv4-based
cat "domains.txt" | \
sort | \
grep -E "^([0-9]{1,3}[\.]){3}[0-9]{1,3}$" | \
sed '1 i\'"$COMMENT"'' | \
sed "1s/Domains/IPs/" > "../public/vn-badsite-filter-dnscrypt-blocked-ips.txt"
## IE blocklist
COMMENT_IE="msFilterList\n$COMMENT\n: Expires=1\n#"
cat "domains.txt" | \
sed "s/^/-d /g" | \
sed '1 i\'"$COMMENT_IE"'' | \
sed "2s/Domains Blocklist/Hosts Blocklist (IE)/" > "../public/vn-badsite-filter.tpl"
set +x
## Snort & Suricata rulesets
rm -f "../public/vn-badsite-filter-snort2.rules" \
"../public/vn-badsite-filter-snort3.rules" \
"../public/vn-badsite-filter-suricata.rules"
SID="500000001"
while read DOMAIN; do
SN_RULE="alert tcp \$HOME_NET any -> \$EXTERNAL_NET [80,443] (msg:\"vn-badsite-filter vn-badsite website detected\"; flow:established,from_client; content:\"GET\"; http_method; content:\"$DOMAIN\"; content:\"Host\"; http_header; classtype:attempted-recon; sid:$SID; rev:1;)"
SN3_RULE="alert http \$HOME_NET any -> \$EXTERNAL_NET any (msg:\"vn-badsite-filter vn-badsite website detected\"; http_header:field host; content:\"$DOMAIN\",nocase; classtype:attempted-recon; sid:$SID; rev:1;)"
SR_RULE="alert http \$HOME_NET any -> \$EXTERNAL_NET any (msg:\"vn-badsite-filter vn-badsite website detected\"; flow:established,from_client; http.method; content:\"GET\"; http.host; content:\"$DOMAIN\"; classtype:attempted-recon; sid:$SID; rev:1;)"
echo "$SN_RULE" >> "../public/vn-badsite-filter-snort2.rules"
echo "$SN3_RULE" >> "../public/vn-badsite-filter-snort3.rules"
echo "$SR_RULE" >> "../public/vn-badsite-filter-suricata.rules"
SID=$(( $SID + 1 ))
done < "domains.txt"
set -x
sed -i '1 i\'"$COMMENT"'' "../public/vn-badsite-filter-snort2.rules"
sed -i "1s/Blocklist/Snort2 Ruleset/" "../public/vn-badsite-filter-snort2.rules"
sed -i '1 i\'"$COMMENT"'' "../public/vn-badsite-filter-snort3.rules"
sed -i "1s/Blocklist/Snort3 Ruleset/" "../public/vn-badsite-filter-snort3.rules"
sed -i '1 i\'"$COMMENT"'' "../public/vn-badsite-filter-suricata.rules"
sed -i "1s/Blocklist/Suricata Ruleset/" "../public/vn-badsite-filter-suricata.rules"
cd ../