vn-badsite-filter/README.md

28 KiB

VN Malicious Domains Blocklist

A blocklist of malicious (malware, scam, phishing) websites that are targeting Vietnamese users. Sourced from api.chongluadao.vn.

Client mirror 1 mirror 2 mirror 3 mirror 4 mirror 5 mirror 6
uBlock Origin link link link link link link
Pi-hole link link link link link link
AdGuard Home link link link link link link
AdGuard (browser extension) link link link link link link
Vivaldi link link link link link link
Hosts link link link link link link
Dnsmasq link link link link link link
BIND zone link link link link link link
BIND RPZ link link link link link link
dnscrypt-proxy names.txt, ips.txt names.txt, ips.txt names.txt, ips.txt names.txt, ips.txt names.txt, ips.txt names.txt, ips.txt
Internet Explorer link link link link link link
Snort2 link link link link link link
Snort3 link link link link link link
Suricata link link link link link link
Splunk link link link link link link

For other programs, see Compatibility page in the wiki.

Check out my other filters:

URL-based

Import the URL into uBO to subscribe.

AdGuard Home users should use this blocklist.

URL-based (AdGuard)

Import the following URL into AdGuard browser extensions to subscribe.

URL-based (Vivaldi)

Requires Vivaldi Desktop/Android 3.3+, blocking level must be at least "Block Trackers"

Import the URL into Vivaldi's Tracker Blocking Sources to subscribe.

Domain-based

This blocklist includes domains and IP addresses.

Domain-based (AdGuard Home)

This AdGuard Home-compatible blocklist includes domains and IP addresses.

Hosts-based

This blocklist includes domains only.

Dnsmasq

This blocklist includes domains only.

Save the ruleset to "/usr/local/etc/dnsmasq/vn-badsite-filter-dnsmasq.conf". Refer to this guide for auto-update.

Configure dnsmasq to use the blocklist:

printf "\nconf-file=/usr/local/etc/dnsmasq/vn-badsite-filter-dnsmasq.conf\n" >> /etc/dnsmasq.conf

BIND

This blocklist includes domains only.

Save the ruleset to "/usr/local/etc/bind/vn-badsite-filter-bind.conf". Refer to this guide for auto-update.

Configure BIND to use the blocklist:

printf '\ninclude "/usr/local/etc/bind/vn-badsite-filter-bind.conf";\n' >> /etc/bind/named.conf

Add this to "/etc/bind/null.zone.file" (skip this step if the file already exists):

$TTL    86400   ; one day
@       IN      SOA     ns.nullzone.loc. ns.nullzone.loc. (
               2017102203
                    28800
                     7200
                   864000
                    86400 )
                NS      ns.nullzone.loc.
                A       0.0.0.0
@       IN      A       0.0.0.0
*       IN      A       0.0.0.0

Zone file is derived from here.

Response Policy Zone

This blocklist includes domains only.

Unbound

This blocklist includes domains only.

Save the rulesets to "/usr/local/etc/unbound/vn-badsite-filter-unbound.conf". Refer to this guide for auto-update.

Configure Unbound to use the blocklist:

printf '\n include: "/usr/local/etc/unbound/vn-badsite-filter-unbound.conf"\n' >> /etc/unbound/unbound.conf

dnscrypt-proxy

Save the rulesets to "/etc/dnscrypt-proxy/". Refer to this guide for auto-update.

Configure dnscrypt-proxy to use the blocklist:

[blocked_names]
+  blocked_names_file = '/etc/dnscrypt-proxy/vn-badsite-filter-dnscrypt-blocked-names.txt'

[blocked_ips]
+  blocked_ips_file = '/etc/dnscrypt-proxy/vn-badsite-filter-dnscrypt-blocked-ips.txt'

Tracking Protection List (IE)

This blocklist includes domains only. Supported in Internet Explorer 9+.

Snort2

Not compatible with Snort3.

Save the ruleset to "/etc/snort/rules/vn-badsite-filter-snort2.rules". Refer to this guide for auto-update.

Configure Snort to use the ruleset:

printf "\ninclude \$RULE_PATH/urlhaus-filter-snort2-online.rules\n" >> /etc/snort/snort.conf

Snort3

Not compatible with Snort2.

Save the ruleset to "/etc/snort/rules/vn-badsite-filter-snort3.rules". Refer to this guide for auto-update.

Configure Snort to use the ruleset:

# /etc/snort/snort.lua
ips =
{
  variables = default_variables,
+  include = 'rules/vn-badsite-filter-snort3.rules'
}

Suricata

Save the ruleset to "/etc/suricata/rules/vn-badsite-filter-suricata.rules". Refer to this guide for auto-update.

Configure Suricata to use the ruleset:

# /etc/suricata/suricata.yaml
rule-files:
  - local.rules
+  - vn-badsite-filter-suricata.rules

Splunk

A CSV file for Splunk lookup. This ruleset includes online URLs only.

Either upload the file via GUI or save the file in $SPLUNK_HOME/Splunk/etc/system/lookups or app-specific $SPLUNK_HOME/etc/YourApp/apps/search/lookups.

Or use malware-filter add-on to install this lookup and optionally auto-update it.

Columns:

host path message updated
example.com vn-badsite-filter malicious website detected 2022-12-21T12:34:56Z
example2.com /some-path vn-badsite-filter malicious website detected 2022-12-21T12:34:56Z

Compressed version

All filters are also available as gzip- and brotli-compressed.

FAQ and Guides

See wiki

CI Variables

Optional variables:

  • CLOUDFLARE_BUILD_HOOK: Deploy to Cloudflare Pages.
  • NETLIFY_SITE_ID: Deploy to Netlify.

Repository Mirrors

https://gitlab.com/curben/blog#repository-mirrors

License

Creative Commons Zero v1.0 Universal and MIT License

api.chongluadao.vn (operated by Hieu Minh Ngo): CC0