PfBlockerNG v2.0 w/DNSBL
-
I have setup DNSBL EasyList but when browsing to YouTube I'm getting an invalid certificate error.
ad.doubleclick.net: root certificate is not trusted.How can I prevent this?
-
I have setup DNSBL EasyList but when browsing to YouTube I'm getting an invalid certificate error.
ad.doubleclick.net: root certificate is not trusted.What browser are you using? Is it up-to-date?
What URL are you using for Youtube that reports that message? Or is this in a Youtube App?
-
I tried Safari on OSX and Internet Explorer (11) on Windows 10.
They are up to date.https://www.youtube.com
See attached image.
 -
I tried Safari on OSX and Internet Explorer (11) on Windows 10.
Chrome and FF do not have this issue, as they silently drop those connections to a non-secure site. I suspect over time that Safari and IE (didn't test Edge) will get their act in gear … Not much I can do to fix that issue...
-
Edge is having the same issue. But thanks for clearing that out.
That's probably the reason why I didn't notice this problem before.
I've been using Chrome for ages but recently I re-installed my GF's laptop with Win10 and she uses IE. -
Recent Malvertising Campaign hits several Top Websites… bbc.com, msn.com, nfl.com, aol.com, answers.com:
https://blog.malwarebytes.org/malvertising-2/2016/03/large-angler-malvertising-campaign-hits-top-publishers/
http://blog.trendmicro.com/trendlabs-security-intelligence/malvertising-campaign-in-us-leads-to-angler-exploit-kitbedep/
https://www.trustwave.com/Resources/SpiderLabs-Blog/Angler-Takes-Malvertising-to-New-Heights/These malicious domains are not currently listed by the DNSBL blocklists in use.
I have added them to my DNSBL Gist:
https://gist.githubusercontent.com/BBcan177/4a8bf37c131be4803cb2/raw -
These malicious domains are not currently listed by the DNSBL blocklists in use.
I have added them to my DNSBL Gist:
https://gist.githubusercontent.com/BBcan177/4a8bf37c131be4803cb2/rawToo cool, thank you!
Rick
-
Hello,
Only me who has crash problem on my pfSense?
PHP Errors: [20-Mar-2016 07:15:00 Europe/Stockholm] PHP Fatal error: Maximum execution time of 900 seconds exceeded in /usr/local/pkg/pfblockerng/pfblockerng.inc on line 902 -
@varazir, are you on the latest version of pfBlockerNG? If not, please update and see if that fixes your issue.
-
-
@varazir, are you on the latest version of pfBlockerNG? If not, please update and see if that fixes your issue.
I don't have any newer in the System: Package Manager, 2.0.4
Line 902 has code for the Alexa database conversion… If this only happened once, then discard it, but if its happening more often please provide some additional details on your hardware.
Do you see these two files:
ls /var/db/pfblockerng/top* /var/db/pfblockerng/top-1m.csvCan you open the top-1m.csv file?
When you run this command, it will show how many Alexa TLDs are being used… The count should match the Alexa count that you defined in the DNSBL tab (Number of Alexa Top Domains to Whitelisting):
wc -l /var/db/pfblockerng/pfbalexawhitelist.txtYou can also review the error.log file, to see if the Alexa Database is failing…
-
I tried Safari on OSX and Internet Explorer (11) on Windows 10.
Chrome and FF do not have this issue, as they silently drop those connections to a non-secure site. I suspect over time that Safari and IE (didn't test Edge) will get their act in gear … Not much I can do to fix that issue...
I think you're right- I've never seen a certificate warning when using Edge. Though, I've only done a small amount of testing- Chrome is my usual browser.
-
@varazir, are you on the latest version of pfBlockerNG? If not, please update and see if that fixes your issue.
I don't have any newer in the System: Package Manager, 2.0.4
Line 902 has code for the Alexa database conversion… If this only happened once, then discard it, but if its happening more often please provide some additional details on your hardware.
Do you see these two files:
ls /var/db/pfblockerng/alexa* /var/db/pfblockerng/alexa-top1m.zip /var/db/pfblockerng/alexa_1mCan you open the alexa_1m file?
When you run this command, it will show how many Alexa TLDs are being used… The count should match the Alexa count that you defined in the DNSBL tab (Number of Alexa Top Domains to Whitelisting):
wc -l /var/db/pfblockerng/alexa_1mYou can also review the error.log file, to see if the Alexa Database is failing…
Can't find the files and I get it several times a day. almost every time I check pfsense I see a crash log.
I'm running it as virtual so
Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Current: 388 MHz, Max: 3109 MHz
4 CPUs: 2 package(s) x 2 core(s)4GB ram
-
I have posted PR #1243, pfBlockerNG v2.0.5 (for pfSense v2.2.x)
and
I have also posted PR #87, pfBlockerNG v2.0.8 (for pfSense v2.3)Changelog can be seen in the attached links. If you have any issues, post back in the forum.
I highly recommend installing pfSense 2.3. Its nearing Release Candidate (RC) and is really looking sharp. Its getting harder to maintain pfBlockerNG in two different platforms, so I may concentrate my future efforts in pfSense 2.3. So it will most likely see all of the new upcoming features. I will however maintain pfBlockerNG in 2.2.x that are bug fixes.
Thanks!
-
Can the package be updated from the pfsense gui by clicking reinstall pfblockerng (pfsense 2.2.6)? Will my settings be kept? I can't find a download file on the github page on first look, which is normal, as github seems to make a point of confusing anyone who just wants to find a simple installer ;)
-
Can the package be updated from the pfsense gui by clicking reinstall pfblockerng (pfsense 2.2.6)? Will my settings be kept? I can't find a download file on the github page on first look, which is normal, as github seems to make a point of confusing anyone who just wants to find a simple installer ;)
Normally, I think packages get upgraded/updated through the package manager. You have to manually update the packages by clicking on the "reinstall the package" button. However, I did this and I'm still on 2.0.4.
Also, my settings didn't get removed, but it's always a good idea to backup the config first.
-
FOR PEOPLE WITH GIF ISSUES READ THIS
If your running WPAD and have on your navigator to auto detect proxy you WILL get the webGUI of pfSense instead of the GIF but disable the auto detect proxy on the navigator you then will see the GIF…It seems that WPAD overrides everything even when it comes to OpenVPN also...
-
Can the package be updated from the pfsense gui by clicking reinstall pfblockerng (pfsense 2.2.6)? Will my settings be kept? I can't find a download file on the github page on first look, which is normal, as github seems to make a point of confusing anyone who just wants to find a simple installer ;)
Normally, I think packages get upgraded/updated through the package manager. You have to manually update the packages by clicking on the "reinstall the package" button. However, I did this and I'm still on 2.0.4.
Also, my settings didn't get removed, but it's always a good idea to backup the config first.
The two PR (#87 and #1243) above are called "Pull Requests"… So basically, I submit my code changes to the pfSense Devs for review in Github. Each pfSense version has its own specific repository in Github.
Once the devs have time to review my changes, they can either request changes, or merge the code; at which time, you will see in pfSense packages: Installed Packages: that the package is available to be re-installed to the latest version.
There are some advanced methods to add the Github commits to System Patches, but its best to wait for the Devs to review and approve the changes…
I will also post a message once it has been approved.
-
FOR PEOPLE WITH GIF ISSUES READ THIS
If your running WPAD and have on your navigator to auto detect proxy you WILL get the webGUI of pfSense instead of the GIF but disable the auto detect proxy on the navigator you then will see the GIF…It seems that WPAD overrides everything even when it comes to OpenVPN also...
Thanks for that information. I am using WPAD with squid3 proxy. But I only get the WebUI with http websites. Is it working for you with httpS websites, too?
Can you describe if you configued something sepcidal to get pfblocker-NG + squid (http + https) working?For me it looks like it is not working fpr https and it ios not working for http and https to see the bad websites in the "Alerts" tab of pfblopcker-ng.
Regards
-
Well I have pfBlockerNG working just for IP I had to disable DNSBL because WPAD was overriding everything. Because WPAD files are hosted on pfSense I had to revert to HTTP on the webGUI of pfSense. But by disabling auto detect proxy then works DNSBL but then WPAD wont work BUT transparent proxy will. I guess having WPAD and DNSBL wont work at the same time. UNLESS somehow on the wpad.dat a way to direct or ignore the 10.10.10.1 something that i wish it can do with OpenVPN. You get the HTTPS sites i guess because WPAD overlaps that but the http that would be the transparent proxy which DNSBL does not have an issue. Also depends if your webGUI is HTTPS or HTTP
