Google Blocks Domains of Hack-for-Hire Groups in Russia, India, UAE
Google Blocks Domains of Hack-for-Hire Groups in Russia, India, UAE
Home › Cyberwarfare
Google Blocks Domains of Hack-for-Hire Groups in Russia, India, UAE
By Eduard Kovacs on July 01, 2022
Tweet
A blog post published by Google’s Threat Analysis Group on Thursday describes the activities of hack-for-hire gangs in Russia, India and the United Arab Emirates.
The internet giant has added more than 30 domains used by these threat groups to its Safe Browsing…
BlueLife Hosts editor is a Portable freeware to simplify "hosts" file editing Process, you can Speed up most visited webpages or block unwanted domain names.
Background: As a long term geek, I've been manually updating hosts file on all my computers to block iffy websites - great, however I have a number of iDevices at home which you can't update get at the hosts file. (Yes, I know jailbreak, yes I know Android and root – but I'm not going there…) I also have been using OpenDNS for a long time as my ISPs DNS isn't the best shall we say, but OpenDNS doesn't offer a iffy DNS blocking service. (Or they might do, but I haven't looked properly, as the geek in me needs an excuse to do the following)
Before we get too far, a very, very quick 101 on domains and DNS services* (for a full description: http://en.wikipedia.org/wiki/Domain_name is your friend):
When your web browser makes a request for google.com, it goes to the nearest defined DNS server and asks for the IP address for google.com. The DNS server will reply with a response telling the web browser where to find google.com and off it goes. Simple eh? Having my own DNS server helps improve the speed of internet requests as web browsers are querying the local LAN, rather than having go off on the internet every time.
In a nutshell, my Raspberry Pi DNS server works, in general, as follows.
Upon receiving a domain lookup request:
Look in my cache to see domain has already been recently requested. If found, quickly return a response.
Look in my local database/files for a matching domain entry. If found, quickly return a response.
Failing that, go off to a specified internet DNS service (in my case OpenDNS) and ask them. Once they've replied, save the response in my cache for next time and return it the response as normal.
By inserting a list of iffy websites in step 2 above, and fixing the response to be 127.0.0.1, we are quickly and effectively stopping the web browser from accessing the internet. (Check out http://en.wikipedia.org/wiki/127.0.0.1 and http://winhelp2002.mvps.org/hosts.htm for good descriptions on how this works – trust me it does)
I've written a Python script to download the lists iffy websites from http://winhelp2002.mvps.org/hosts.htm & http://www.malwaredomains.com, parse the results and create a bind9 formatted ready for step 2 above. (Following blog posts will give a blow by blow guide on how to get and implement it.) I've included functionality so you can manually block specific domains as I wanted to block Russian and Chinese websites. (Why? Well they don't have a good reputation and I have no need ever to go to these websites, so why not block them to prevent accidental visits or nasty software going there on the quiet.)
To block all these websites, I simple put 'RU' and 'CN' in a configuration file and then all *.rn and *.cn domains are blocked. If I wanted to block all Facebook domains, such as www.facebook.com, chat.facebook.com, settings.facebook.com etc etc, all I need to enter in the configuration file is facebook.com. This wildcards everything left of and including facebook.com. (You might not be aware of is domain names are parsed from right to left. For example: www.google.com, is read as: com.google.www)
Final note: there's no point running this script too regularly as the source iffy websites data doesn't get updated all too often, and they're providing you with a free service which costs them the more it's used.
* It is taken for granted I have got something(s) wrong, but at the moment it works for me so I'm happy. I am also more than happy to take constructive criticism on my work here, as long as it drives forward a better solution...