Pi-hole: Dead default blocklist link

Created on 12 Jul 2019 · 5Comments · Source: pi-hole/pi-hole

In raising this issue, I confirm the following: {please fill the checkboxes, e.g: [X]}

[X] I have read and understood the contributors guide.
[X] The issue I am reporting can be replicated.
[X] The issue I am reporting isn't a duplicate (see FAQs, closed issues, and open issues).

How familiar are you with the the source code relevant to this issue?:

Expected behaviour:

Blocklist showing a list of hosts to block

Actual behaviour:

URL Shows ?php
echo "# ZeuS Tracker has been discontinued on Jul 8th, 2019";
exit();
?

Steps to reproduce:

{Steps of what you have done to fix this}

Checked URL https://zeustracker.abuse.ch/byebye.php?download=domainblocklist
Site shows
?php
echo "# ZeuS Tracker has been discontinued on Jul 8th, 2019";
exit();
?

Confirmed Issue

Source

phzang

👍4

Most helpful comment

Yes. Just as an idea: How about adding the lists, which are avaiable to pihole as default?

Feodo Tracker
Feodo Tracker is a project of abuse.ch with the goal of sharing botnet C&C servers associated with the Feodo malware family (Dridex, Emotet/Heodo). It offers various blocklists, helping network owners to protect their users from Dridex and Emotet/Heodo.
Ransomware Tracker
Ransomware Tracker offers various blocklists. These blocklists allows enterprises to block malicious traffic towards known Ransomware infrastructure at the network edge, e.g. by blocking them on the corporate firewall, web proxy or in the local DNS server. As any data provided by Ransomware Tracker are being offered for free (incl. the blocklists), antivirus vendors and vendors of security solutions may also implement Ransomware Tracker blocklists within their products.
SSL Blacklist (SSLBL)
The SSL Blacklist (SSLBL) is a project of abuse.ch with the goal of detecting malicious SSL connections, by identifying and blacklisting SSL certificates used by botnet C&C servers. In addition, SSLBL identifies JA3 fingerprints that helps you to detect & block malware botnet C&C communication on the TCP layer.
URLhaus
URLhaus is a project from abuse.ch with the goal of sharing malicious URLs that are being used for malware distribution.

xopez on 31 Aug 2019

👍5

Error 503 Backend unavailable, connection failed
Backend unavailable, connection failed

Guru Mediation:
Details: cache-fra19128-FRA 1566323403 1387466377

pheiduck on 20 Aug 2019

I Think the Server is up again?

pheiduck on 22 Aug 2019

The list is no longer 503 but it is empty so there's no need to include it.

dschaper on 22 Aug 2019

👍2

Yes. Just as an idea: How about adding the lists, which are avaiable to pihole as default?

Feodo Tracker
Feodo Tracker is a project of abuse.ch with the goal of sharing botnet C&C servers associated with the Feodo malware family (Dridex, Emotet/Heodo). It offers various blocklists, helping network owners to protect their users from Dridex and Emotet/Heodo.
Ransomware Tracker
Ransomware Tracker offers various blocklists. These blocklists allows enterprises to block malicious traffic towards known Ransomware infrastructure at the network edge, e.g. by blocking them on the corporate firewall, web proxy or in the local DNS server. As any data provided by Ransomware Tracker are being offered for free (incl. the blocklists), antivirus vendors and vendors of security solutions may also implement Ransomware Tracker blocklists within their products.
SSL Blacklist (SSLBL)
The SSL Blacklist (SSLBL) is a project of abuse.ch with the goal of detecting malicious SSL connections, by identifying and blacklisting SSL certificates used by botnet C&C servers. In addition, SSLBL identifies JA3 fingerprints that helps you to detect & block malware botnet C&C communication on the TCP layer.
URLhaus
URLhaus is a project from abuse.ch with the goal of sharing malicious URLs that are being used for malware distribution.