How is this site bypassing pfBlocker (and Adblock)
-
Not sure where I should be digging further into this, but SlickDeals.net is somehow displaying ads from Google (I think?) when I am running pfBlocker and the Wipr adblocker on my local system. This is a recent change - it used to be "clean" loading. I'd normally just give it a pass, but the first time it happened I got a browser hijack ad - go figure.
Mousing over the ad in the right column shows the link going to googleads.g.doubleclick.net - and when I go to ping that domain a terminal output gives what I expect when pfBlocker is working:
PING googleads.g.doubleclick.net (10.10.10.1): 56 data bytes
In the alerts tab of pfBlocker I see an entry for googleads.g.doubleclick.net, though it also has a list name of "no match" which seems odd.
Any ideas?
-
@atlan said in How is this site bypassing pfBlocker (and Adblock):
In the alerts tab of pfBlocker I see an entry for googleads.g.doubleclick.net, though it also has a list name of "no match" which seems odd.
Maybe the CNAME is being blocked? Am going to add some code in the next release to check for CNAME blocks:
drill @8.8.8.8 googleads.g.doubleclick.net;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 693 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; googleads.g.doubleclick.net. IN A ;; ANSWER SECTION: googleads.g.doubleclick.net. 228 IN CNAME pagead46.l.doubleclick.net. pagead46.l.doubleclick.net. 228 IN A 172.217.1.2 ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 34 msec ;; SERVER: 8.8.8.8 ;; WHEN: Sun Nov 25 16:23:53 2018 ;; MSG SIZE rcvd: 86 -
I've been digging into this further - this may fall outside of the scope of this pfSense package, but here is what I understand so far. This particular issue I am running into is from a specific anti Adblock technology. The tell is the "g00" part of the URL as a subdomain of the site you are visiting.
The subdomain looks random other than the g00 portion...
c-7npsfqifvt34x24dmjfoux2eobopwjtpsx2ejp.g00.slickdeals.netIs there a way to do a partial match in a blacklist on domains in pfBlockerNG?
Some links with more information:
- https://github.com/gorhill/uBO-Extra/wiki/Sites-on-which-uBO-Extra-is-useful
- https://www.reddit.com/r/pihole/comments/76a6pn/instart_logic_offers_an_adblocker_circumvention/
-
Not at the moment; however, when the Unbound Resolver python integration is added, we will be able to do regex blocking amongst many other new features.
I have been waiting for the devs to add the python integration so that the package could easily integrate with the Resolver without unnecessary backend workarounds.
-
This post is deleted!
