127.0.0.1 groups-beta.google.com
127.0.0.1 groups.google.com
Both hosts have been removed from list.
I have some more:
br.geocities.com
geocities.com
it.geocities.com
# make sure you don't inadvertently remove visit.geocities.com - it is a GIF tracker. I should know.
# Their server tacks it onto the end of my HTML files. I
MUST block anything I can use to track you!
I was thinking that you are actually technically correct if one of their pages still leads to somebody's machine getting infected. If you have the time I would put out the hosts file with the block and why you are blocking it in comments. At the same time point out the problem to their tech people. The instant they cleared up the problem I would shove out a new hosts file (sin bloque). That is a double edged sword - it may turn off your users to block their hosts. And you have to have the time - I don't. That was what I was thinking about when I put the original post out. I will have my updated hosts file out in just a few days - you will probably want to look at the header for some possible removals, but since you mostly block malware there may be nothing of interest. I did completely block NPR.org's music files. They are using an ad service to supply their files now! I don't block it any more (u.npr.org aka npr.adbureau.net). But since I am a long-hair, maybe I should. Oh, I like folk music too - especially Bluegrass music. I just don't like it as much as Pyotr Ilyich Tchaikovsky (my favorite composer). I also love Opera - my favorite opera is Rossini's Il Barbiere Di Siviglia with Maria Callas.
If you are interested in the Omniture / 2o7.net tracking service blocks I can provide you with the aliases. My PAC filter rules have stopped them cold (which doesn't explain the threatening phone calls I have been getting - have I made the Russian crackers mad at us?). IOW, I don't care what Omniture's host names are for their DNSWCD *.2o7.net names since my BadDomains rule stops all of them. Their aliases are stopped by the IP rules (and the *.2o7.net names too since the IP rule comes first in blocking - the BadDomains rule is just a failure point in case the IP rules become invalid). It is those IP rules that are generating my alias lists. At least you know when the aliases go out of DNS! Not so for the *.2o7.net hosts. I wrote a script for Rodney and Airelle to detect if the Google Blog hostname that was bad was still alive or not:
http://www.securemecca.com/MalwareDomainList/BlogSpotRodney.7zI am giving it to you since you DO have some DNSWCDs (DNS WildCard Domains) in your lists and AFAIK, this is the only way to detect when they are gone. You cannot use a DNS lookup since like *.2o7.net, blogspot.com is also a DNSWCD. A DNS lookup of AnythingIWant.blogspot.com is going to give you BlogSpot's IP address. You would be amazed at how outlandish of a name you can pick and it turns out there is a valid blog by that name already! For example, this one exists! Well, how about 4Cs-GodsCountry.blogspot.com? That one doesn't exist but it has an IP address. I used a wget failure to let me know when the bloggers Airelle was blocking were gone. All you need to do is create your own input file and feed that to the script for any of the DNSWCDs you have.
Speaking of BlogSpot.com, I am proposing a standardized renaming of our (my?) PAC filter files:
http://securemecca.blogspot.com/After all, I DO use the Français version of the filter regularly. IOW, I am already using these modified names to keep from running over myself. It became a little embarassing when Rodney pointed out that I made both the Anglais and Français version of the file itself Français on both hostsfile.org and securemecca.com. I didn't see a problem with it but I imagine the 5-10 English users (I joke about it since I have no way of knowing how many people are using our PAC filter - I do not monitor who visits my web-site out of principle) using the Anglais version of the PAC filter may have objected. Then again maybe they liked it "en Français". I will probably make the name changes over Christmas if nobody objects and so far nobody has objected. After all, certainly (that word comes from French) the French won't complain. The English using people need to know that I think the other languages are just as important as English. Using another language modifies your thinking in positive ways. Well, it does if you use the good words. I use the good words most of the time - unless I get angry. That word (angry) has a very complex etymology. It twists and turns all the back through Flemish to German (related to angst I believe) to Latin and then to Greek (if I am not mistaken). Look up the noun "anger" rather than the adjective "angry". What I am pointing out is that I am NOT anti-Russian! I AM anti-malware! I don't care where the malware, browser abuses, or tracking comes from. They are all bad. So are some ads - I don't need male enhancement medication that didn't exist five years ago and doesn't work anyway. What I need is more sleep. Bonne nuit.
Привет
Topic: False Positives - Innocents (Read 16285 times)