User.js: PSA: TLD blocking [see wiki]

Yes, correct. For ABP-compatible syntax, this would be:

||cm^

Added to the wiki

I'm sorry, you also need this for uMatrix:

cm 1st-party * block

Because 1st-party is whitelisted in the global scope, and cm is always broader than base domain level.

@gorhill

I added * cm * block to my rules and committed it. I have everything disabled in uM except 1st party css+images, so I proceeded to box.cm and it was not blocked (it redirected me) to a .today domain so I could play for free money!! yay!

Am I misunderstanding something here

oooh, that gave me a fright .. your post came into view as I hit comment

so I need BOTH lines?

* cm * block
cm 1st-party * block

It's the way uMatrix works, narrow rules win over broader rules. So let's say we visit ask.cm: the rule * 1st-party * allow will win because it is narrower than * cm * block. So we have to override the 1st-party * allow with a block rule for cm scopes: cm 1st-party * block is narrower than * 1st-party * block, so it wins.

What about uBO: comment on krebs says

! *.cm TLD
||*.cm

||*.cm

I corrected the poster, the moderator chose to not allow by correction. ||*.cm is bad because this would cause false positives, for example, https://example.com/file.cm. It has to be ||cm^.

So is my wiki page ok to leave up the ABP syntax as is (one line)?

so I need BOTH lines?

Yes.

So is my wiki page ok

Yes, it's all ok as it is now, I had forgotten about needing cm 1st-party * block.

Thanks. I'll change the ccTLD to just TLD since this can be used for non-country ones.

Thanks for the help :kiss:

@gorhill FYI your comment on krebs went thru

My less aggressive approach using a regex pattern in Redirector:

Example URL: http://www.example.cm/kaboom.php
Include pattern: ^([a-z]+)://([^/]+)\.cm(/.*)*
Redirect to: $1://$2.com$3
_Example result: http://www.example.com/kaboom.php_

Not bullet-proof by any means, but covers typos.

@claustromaniac For years, I've used the following in Redirector:

Redirect: http(s?)://(.*)\.cm/
to: http$1://$2.com/

As you mention, not bullet-proof by any means, but covers typos. It also removes any parameters; given there was a typo, parameter sharing might not be desired, even to the .com domain.

@Gitoffthelawn That's easier to read and certainly handles typos.

Here's a somewhat more comprehensive alternative. It's harder to read, but should perform better most of the time.

Example URL: http://www.imsoevil.cm/?redirect=https%3A%2F%2Fexample.cm%2Fwahaha.cm
Include pattern: (?=\.cm).*http(s?)(?::|%3A)(?:/|%2F){2}([^/%]+)\.cm
Redirect to: http$1://$2.com/
_Example result: https://example.com/_

Breakdown of what this does:

• (?=\.cm)
  Lookahead, for performance. The assertion outright fails if .cm is not found anywhere in the URL.
• .*
  Match everything, so we can begin searching backwards from the end of the string.
• http(s?)(?::|%3A)(?:/|%2F){2}
  Match any combination of http or https with :// or %3A%2F%2F. The second group is non-capturing for performance (?:). I was using (?:://|%3A%2F%2F) until I came across some links that had mixed literal and encoded characters, so I edited this part again.
• ([^/%]+)\.cm
  Match as many characters as possible that are neither / nor % between the previous match and .cm.

Edit: Rewording, formatting, and minor changes to the regular expression and the example URL.

I know who to come to now for my regex questions

I know who to come to now for my regex questions

There are things I still don't know, though. But sure, If I can help, I'll be glad to. I'm sure there are some others around that can help with that, too.

Added to the wiki

a bit confusing that this under "uMatrix" when it's actually a rule for uBO and/or ABP:

For ABP-compatible syntax, this would be:

||cm^

And you only need cm 1st-party * block if you have the * 1st-party * allow rule.

^^ Even though it says ABP-compatible, I have made this clear now. As for having the second rule, I have made that clear. While technically they don't HAVE to have it (see your case above), the rule does no harm if added. FYI: * 1st-party * allow is in the default uM rules

FYI: https://krebsonsecurity.com/2018/06/bad-men-at-work-please-dont-click/

I am NOT saying this is the best way to defeat this sort of crap (more than 1,500 TLDs exist) - a hardened uM/uBO suffices IMO). I will update the wiki to point to the new article

I didn't list them all from the article

* gdn * block
gdn 1st-party * block
* men * block
men 1st-party * block
* work * block
work 1st-party * block
* click * block
click 1st-party * block
* loan * block
loan 1st-party * block
* top * block
top 1st-party * block
* cf * block
cf 1st-party * block
* gq * block
gq 1st-party * block
* ml * block
ml 1st-party * block
* ga * block
ga 1st-party * block
* stream * block
stream 1st-party * block
* download * block
download 1st-party * block
* xin * block
xin 1st-party * block
* racing * block
racing 1st-party * block
* win * block
win 1st-party * block
* bid * block
bid 1st-party * block
* vip * block
vip 1st-party * block
* ren * block
ren 1st-party * block
* party * block
party 1st-party * block
* review * block
review 1st-party * block
* date * block
date 1st-party * block
* trade * block
trade 1st-party * block

I wonder if something like this isn't already included in a ready made filter list?

you have loan listed twice

I know, I had to take a second mortgage

I listed those to my uBO deny list

||accountant^$important
||accountants^$important
||bid^$important
||cf^$important
||christmas^$important
||click^$important
||cm^$important
||country^$important
||cricket^$important
||date^$important
||download^$important
||faith^$important
||ga^$important
||gb^$important
||gdn^$important
||gq^$important
||jetzt^$important
||kim^$important
||link^$important
||loan^$important
||men^$important
||ml^$important
||mom^$important
||ninja^$important
||online^$important
||party^$important
||pro^$important
||racing^$important
||realtor^$important
||ren^$important
||review^$important
||science^$important
||space^$important
||stream^$important
||tech^$important
||tk^$important
||top^$important
||trade^$important
||vip^$important
||wang^$important
||win^$important
||work^$important
||xin^$important
||xyz^$important
||zip^$important

with my general allow/deny approach, I am thinking to make an uM deny list.

why the $important ?

Maybe overkill, but simply because I don't want some other list to overrule by allowance.
Not saying that this is common, but I have seen it before.

Here some.