Go to file
Ming Di Leom 35cc0a091e
fix: skip invalid url
2022-11-05 01:54:51 +00:00
.github/workflows ci(ga): schedule to run twice daily 2022-03-21 06:45:04 +00:00
src fix: skip invalid url 2022-11-05 01:54:51 +00:00
.gitignore Initial commit 2022-03-20 06:00:54 +00:00
.gitlab-ci.yml ci(gl): expires job artifacts 2022-08-09 00:29:34 +00:00
.nvmrc ci: downgrade to node 16 2022-11-02 07:59:34 +00:00
LICENSE.md Initial commit 2022-03-20 06:00:54 +00:00
README.md docs: toc & mention compressed version 2022-11-02 10:35:32 +00:00
package.json Initial commit 2022-03-20 06:00:54 +00:00

README.md

VN Malicious Domains Blocklist

A blocklist of malicious (malware, scam, phishing) websites that are targeting Vietnamese users. Sourced from api.chongluadao.vn.

There are multiple formats available, refer to the appropriate section according to the program used:

Not sure which format to choose? See Compatibility page in the wiki.

Check out my other filters:

URL-based

Import the following URL into uBO to subscribe:

Mirrors

AdGuard Home users should use this blocklist.

URL-based (AdGuard)

Import the following URL into AdGuard browser extensions to subscribe (includes online and offline malicious websites):

Mirrors

URL-based (Vivaldi)

Requires Vivaldi Desktop/Android 3.3+, blocking level must be at least "Block Trackers"

Import the following URL into Vivaldi's Tracker Blocking Sources to subscribe (includes online and offline malicious websites):

Mirrors

Domain-based

This blocklist includes domains and IP addresses.

Mirrors

Domain-based (AdGuard Home)

This AdGuard Home-compatible blocklist includes domains and IP addresses.

Mirrors

Hosts-based

This blocklist includes domains only.

Mirrors

Dnsmasq

This blocklist includes domains only.

Install

# Create a new folder to store the blocklist
mkdir -p /usr/local/etc/dnsmasq/

# Create a new cron job for daily update
printf '#!/bin/sh\ncurl -L "https://malware-filter.gitlab.io/malware-filter/vn-badsite-filter-dnsmasq.conf" -o "/usr/local/etc/dnsmasq/vn-badsite-filter-dnsmasq.conf"\n' > /etc/cron.daily/vn-badsite-filter

# cron job requires execution permission
chmod 755 /etc/cron.daily/vn-badsite-filter

# Configure dnsmasq to use the blocklist
printf "\nconf-file=/usr/local/etc/dnsmasq/vn-badsite-filter-dnsmasq.conf\n" >> /etc/dnsmasq.conf
Mirrors

BIND

This blocklist includes domains only.

Install

# Create a new folder to store the blocklist
mkdir -p /usr/local/etc/bind/

# Create a new cron job for daily update
printf '#!/bin/sh\ncurl -L "https://malware-filter.gitlab.io/malware-filter/vn-badsite-filter-bind.conf" -o "/usr/local/etc/bind/vn-badsite-filter-bind.conf"\n' > /etc/cron.daily/vn-badsite-filter

# cron job requires execution permission
chmod 755 /etc/cron.daily/vn-badsite-filter

# Configure BIND to use the blocklist
printf '\ninclude "/usr/local/etc/bind/vn-badsite-filter-bind.conf";\n' >> /etc/bind/named.conf

Add this to "/etc/bind/null.zone.file" (skip this step if the file already exists):

$TTL    86400   ; one day
@       IN      SOA     ns.nullzone.loc. ns.nullzone.loc. (
               2017102203
                    28800
                     7200
                   864000
                    86400 )
                NS      ns.nullzone.loc.
                A       0.0.0.0
@       IN      A       0.0.0.0
*       IN      A       0.0.0.0

Zone file is derived from here.

Mirrors

Response Policy Zone

This blocklist includes domains only.

Mirrors

Unbound

This blocklist includes domains only.

Install

# Create a new folder to store the blocklist
mkdir -p /usr/local/etc/unbound/

# Create a new cron job for daily update
printf '#!/bin/sh\ncurl -L "https://malware-filter.gitlab.io/malware-filter/vn-badsite-filter-unbound.conf" -o "/usr/local/etc/unbound/vn-badsite-filter-unbound.conf"\n' > /etc/cron.daily/vn-badsite-filter

# cron job requires execution permission
chmod 755 /etc/cron.daily/vn-badsite-filter

# Configure Unbound to use the blocklist
printf '\n  include: "/usr/local/etc/unbound/vn-badsite-filter-unbound.conf"\n' >> /etc/unbound/unbound.conf
Mirrors

dnscrypt-proxy

Install

# Create a new folder to store the blocklist
mkdir -p /etc/dnscrypt-proxy/

# Create a new cron job for daily update
printf '#!/bin/sh\ncurl -L "https://malware-filter.gitlab.io/malware-filter/vn-badsite-filter-dnscrypt-blocked-names.txt" -o "/etc/dnscrypt-proxy/vn-badsite-filter-dnscrypt-blocked-names.txt"\n' > /etc/cron.daily/vn-badsite-filter
printf '\ncurl -L "https://malware-filter.gitlab.io/malware-filter/vn-badsite-filter-dnscrypt-blocked-ips.txt" -o "/etc/dnscrypt-proxy/vn-badsite-filter-dnscrypt-blocked-ips.txt"\n' >> /etc/cron.daily/vn-badsite-filter

# cron job requires execution permission
chmod 755 /etc/cron.daily/vn-badsite-filter

Configure dnscrypt-proxy to use the blocklist:

[blocked_names]
+  blocked_names_file = '/etc/dnscrypt-proxy/vn-badsite-filter-dnscrypt-blocked-names.txt'

[blocked_ips]
+  blocked_ips_file = '/etc/dnscrypt-proxy/vn-badsite-filter-dnscrypt-blocked-ips.txt'
Mirrors

Tracking Protection List (IE)

This blocklist includes domains only. Supported in Internet Explorer 9+.

Mirrors

Snort2

This ruleset includes online URLs only. Not compatible with Snort3.

Install

# Download ruleset
curl -L "https://malware-filter.gitlab.io/malware-filter/vn-badsite-filter-snort2.rules" -o "/etc/snort/rules/vn-badsite-filter-snort2.rules"

# Create a new cron job for daily update
printf '#!/bin/sh\ncurl -L "https://malware-filter.gitlab.io/malware-filter/vn-badsite-filter-snort2.rules" -o "/etc/snort/rules/vn-badsite-filter-snort2.rules"\n' > /etc/cron.daily/vn-badsite-filter

# cron job requires execution permission
chmod 755 /etc/cron.daily/vn-badsite-filter

# Configure Snort to use the ruleset
printf "\ninclude \$RULE_PATH/vn-badsite-filter-snort2.rules\n" >> /etc/snort/snort.conf
Mirrors

Snort3

This ruleset includes online URLs only. Not compatible with Snort2.

Install

# Download ruleset
curl -L "https://malware-filter.gitlab.io/malware-filter/vn-badsite-filter-snort3.rules" -o "/etc/snort/rules/vn-badsite-filter-snort3.rules"

# Create a new cron job for daily update
printf '#!/bin/sh\ncurl -L "https://malware-filter.gitlab.io/malware-filter/vn-badsite-filter-snort3.rules" -o "/etc/snort/rules/vn-badsite-filter-snort3.rules"\n' > /etc/cron.daily/vn-badsite-filter

# cron job requires execution permission
chmod 755 /etc/cron.daily/vn-badsite-filter

Configure Snort to use the ruleset:

# /etc/snort/snort.lua
ips =
{
  variables = default_variables,
+  include = 'rules/vn-badsite-filter-snort3.rules'
}
Mirrors

Suricata

This ruleset includes online URLs only.

Install

# Download ruleset
curl -L "https://malware-filter.gitlab.io/malware-filter/vn-badsite-filter-suricata.rules" -o "/etc/suricata/rules/vn-badsite-filter-suricata.rules"

# Create a new cron job for daily update
printf '#!/bin/sh\ncurl -L "https://malware-filter.gitlab.io/malware-filter/vn-badsite-filter-suricata.rules" -o "/etc/suricata/rules/vn-badsite-filter-suricata.rules"\n' > /etc/cron.daily/vn-badsite-filter

# cron job requires execution permission
chmod 755 /etc/cron.daily/vn-badsite-filter

Configure Suricata to use the ruleset:

# /etc/suricata/suricata.yaml
rule-files:
  - local.rules
+  - vn-badsite-filter-suricata.rules
Mirrors

Compressed version

All filters are also available as gzip- and brotli-compressed.

FAQ and Guides

See wiki

CI Variables

Optional variables:

  • CLOUDFLARE_BUILD_HOOK: Deploy to Cloudflare Pages.
  • NETLIFY_SITE_ID: Deploy to Netlify.

License

Creative Commons Zero v1.0 Universal

api.chongluadao.vn (operated by Hieu Minh Ngo): CC0