Page MenuHomeMy privacy DNS

About collaborating with Vietnamese Phishing Protection Community - ChongLuaDao.Vn
Closed, ResolvedPublic

Description

Moved Originally post in Q22 to this thread for open discussion as we are open source and the following have no secrets.

The original text:

Dear Spirillen,

Can you cooperate or partnership with our non-profit organization ChongLuaDao.vn - Vietnamese community commit to against phishers, scammers....??

we will provide you with all the blacklist URLs from Vietnam - so you can add to your database.

please let me know. here is my email: 7ones.com@gmail.com

From: Hieu Minh Ngo - Cybersecurity researcher at Viet Nam's National Computer Security Center

thank you.

Next there have been some conversation on the chat Z3 (All users with an account can see this)

Here is the write of, to make it easier to follow.


@Spirillen Z3#1051

Hi @7onez I'll take a look at your side 😃 and get back to you


@Spirillen Z3#1052

The first thing or problem is, you are using Tracking domains on your site

| +0 | /cdn-cgi/images/trace/*$important | -- | chongluadao.vn | 1 | image | `https://chongluadao.vn/cdn-cgi/images/trace/jschal/nojs/transparent.gif?ray=622ffeed297b7263` |
| +0 | /cdn-cgi/challenge-platform/*$script,important | -- | chongluadao.vn | 1 | script | `https://chongluadao.vn/cdn-cgi/challenge-platform/h/g/orchestrate/jsch/v1` |
| +0 | /cdn-cgi/images/trace/*$important | -- | chongluadao.vn | 1 | image | `https://chongluadao.vn/cdn-cgi/images/trace/jschal/js/transparent.gif?ray=622ffeed297b7263` |

@7onez Z3#1053

Yes, I have to use it through CloudFlare to protect my website, since it's been DDOS by others. But if you go to by Vietnam IP address then you will be fine. Except other countries IP, then CloudFlare will challenge a little bit before let visitor access the website. Currently, we are still new, we are working extension and an mobile app for Android and iOS. Our extension is still new and under way to be approved on Google Chrome Webstore and Firefox Addons.

I can get your DNS service expand the reputation in Viet Nam or Asia around.

I'm quite popular with nickname: Hieupc - in the cybersecurity world. And my Facebook profile with over 165.000 followers: https://www.facebook.com/hieupc.7onez/

I manage a Facebook group with over 120.000 members: https://www.facebook.com/groups/hieupcwithfriends

I really hope we can cooperate and make the global Internet much safer, and also for my country Viet Nam

I have a community constantly update or report website in Viet Nam about phishing, scamming, bad contents (adult content, child abuse, sex abuse...)


@Spirillen Z3#1059

Yeah not much was to be found on the internet 😒

But how are your data stored / provided and format, and not the last but do you store any kind of public log for records, this is kind of important to me, that any given user have access to why anything was added, so they have proper access to knowledge, in case they believe they should whitelist something..

But I'm very open for your suggestion


@7onez Z3#1060

https://api.chongluadao.vn/blacklist.json - this is our blacklist API based on reports of users - when an user report through our extension or website chongluadao.vn, we have a team to review based on our cybersecurity knowledge in the field, for e.g URLswhich are scamming people on Facebook, stealing credentials, or URLs are faking a legit Vietnam banking sites - these will be listed in this API.

not that link above

this is the correct link: https://api.chongluadao.vn/v1/blacklist

https://api.chongluadao.vn/v1/whitelist here is the whitelist API - where all legit URLs in VietNam is stored, when an URL is listed here - user can't report anymore. These whitelist URLs are popular sites in Viet Nam like: banking, newspapers, online shopping sites....


@7onez Z3#1064

thank you. If you want, we can setup an online meeting through Zoom

Event Timeline

Spirillen triaged this task as Wishlist priority.Feb 17 2021, 7:47 PM
Spirillen created this task.
Spirillen added a subscriber: AnonymousPoster.

thank you. If you want, we can setup an online meeting through Zoom

No, this is a open project. and if you are making it to the inner zone, we uses keybase.io.

Next we are very challenged about translating your site as it's only in Vietnamese.

From a first view of your blacklist, it looks rather mixed and un-categorized versus the way we are used to handle lists, by classification, not at least by request from @Somebodyisnobody the next thing is, I don't see any comments / note for WHY a records is stored.

Here Adult Contents and Phishing is mixed into one list

image.png (449×300 px, 28 KB)

These are things that will need some work from @7onez site, as we by default do not blocks Adult Contents in our #dns_server we only offer it purely as a RPZ List

🤔

Is there any of you who knows more about this project? and what do you think about this, I all open minded.

There is a few things that strikes me

On the website there is a screenshot of a repo

paste.png (388×707 px, 124 KB)

But when you look at GH the reality seems entirely different...

paste (1).png (388×707 px, 34 KB)

On https://github.com/7onez the are not much activities despite the many screenshots indicating a heavy activity.

Note: I really hope that with mypdns.org can block these URLs (of course not Porn URLs, just need to block those Vietnamese sites). We determine an URL is blacklist:

+ when the team got raw evidences from user
+ when it appears as a fake site like a real website (banking, facebook, online shopping...) to steal other people identity (PII)
+ when it appears to be a scam site, when it tries to ask users for donation, buying something which is not real, or investing into something that is not even existence.

(P/S: The phishing + scamming sites in Viet Nam right now is a big issue. That's the reason I try to build a community like mywot.com for VietNam, focus only for Vietnamese languages.

This is how we can cooperate, every time ChongLuaDao.Vn has more URL in blacklist API (of course, except porn sites), I will send over mypdns to update and I will promote mypdns in Viet Nam to spread the news. And the more people uses mypdns, the safer for everyone on the Internet, especially is with my country Viet Nam.

Thank you.

image.png (815×1 px, 124 KB)

The repo is currently private on github - during development to have a stable version before going to public. It will be published soon for everyone to contribute. Thank you.

Your blacklist only contains 311 records, and if we cut them down to domains, this is a way lower number.

wget -qO- 'https://api.chongluadao.vn/v1/blacklist' | jq '. | . [] | .url' | wc -l
311

A test of your provided blacklist, adult included, indicates you are providing ~257 new domains.

My suggestion for finding a way in the middle that can satisfy all's happiness, is that you incorporate our API to this board, where one thread is = one domain, including any subdomain, if duplicate is found, lowest ID wins, see also T2475, T2358 & T1395: Contributing to the web frontend?

Link to API documentation: https://secure.phabricator.com/book/phabricator/article/conduit/

If you have a desire for DNS server which also blocks Adult Contents I'm open minded to maintain a network of these, but the hardware/VPS most be provided from others, as my allowances is used on the existing setups.

VPS = 4* 1 vCPU and 2 GB ram OR 2* 2 vCPU + 4GB ram

With the above setup, i'll can trim them to handle about 500.000qps which would be something between 2 and 10 million devices depending on OS)

(@DaniV5 it's here you should comment 😄 )

@Spirillen my main purpose to contact you - is about adding my blacklist URLs to your DNS server, and since my project is till new that's why I need your help. I believe my database is continue going to get bigger each day. I'm also going to add your database into mine as well. Here is a news article about my new project ChongLuaDao.Vn, it's in English: https://e.vnexpress.net/news/news/set-a-former-thief-to-catch-new-thieves-a-cybercrime-story-4236419.html

Hi @7onez I'm fully understand you, and as said, we very open to help you and integrate your lists, but just importing domains without any notes is beyond this project.

Need data

@Somebodyisnobody even started this project T3776 of creating a standard for data exchange to help us all, to accomplice that. It's initiate over a log period of time he have been thinking and small talking about this, but now we are actually doing something about it, thanks to you reaching out for a corporation between our idea's. The trick is to make the matrix right, so it is as small as possible and yet cover all the use cases we can think of like Dnsdist (RegEx/wildcard) / RPZ (wildcard) / hosts files(needs all records) / Squid(RegEx/Url/wildcard) / AdBlockers(RegEx) and not at last make it as simple as possible, so even script kiddies can work with it.

You are welcome to participate like everyone else...

Missing for import

Currently your blacklist: https://api.chongluadao.vn/v1/blacklist are missing some very important information's as WHY, Category and Where to read more, remember, non of us (in the west) can understand what is written on the Vietnamese, Japanese, Thai sites, that is why information is crucial.

This is where I offered you to use this site to store these information, as I have been unable to locate them online. You have to remember that Matrix and My Online Privacy are two separated projects whereof matrix.rocks will be the knowledge and availability test central for why any records have been added and mypdns.org is extracting the data from, based on categories + weighting.

Once you provide access to the why (+ where to read more) + Category we can integrate and incorporate your lists.

Examples

For example, why is this record blacklisted??

_id:	"60224d5e38805954ff3d7e5b"
url:	"https://tricker.vn/*"
meta:

And why is this one whitelisted??

_id:	"602130e6adb87f9af4b294e4"
url:	"http://websosanh.vn/*"
meta:	Object

Without any of those information's nobody can follow the trail to the decision for adding these records and it isn't uncommon that competitors are adding each other to different blacklists, It can also just be a honest human mistake that got it added.

End note

Hoping this help you understand the situation a bit, for why we not just can accept your list as it is, but it needs a bit of work.

We are looking forward to continue processing the integration of our common projects and interest for a safer and better internet for everyone.

Spirillen mentioned this in Unknown Object (Maniphest Task).Feb 21 2021, 4:55 PM

Hi @7onez as we are in the process of coding a script to include your records into an RPZ zone, for inclusion to our DNS, we noticed you was changing the URL field to id in your black list, why did this happen, was it a mistake, or are you in the process of making some changes to it??

cc: @Somebodyisnobody

Hi @7onez as we are in the process of coding a script to include your records into an RPZ zone, for inclusion to our DNS, we noticed you was changing the URL field to id in your black list, why did this happen, was it a mistake, or are you in the process of making some changes to it??

cc: @Somebodyisnobody

Sorry for the delay, been so busy with jobs. First of all, I'm so grateful that you can start to help us.

I just updated today for the blacklist API which means now only security threats URL and no more Porn URLs. I also used some of your porn URLs and other sources to make a new pornlist API. However the most important thing is the blacklist API - I hope you added it to your current DNS. I also want to share some good news that our extension ChongLuaDao is just got approved on Google Chrome Webstore and CloudFlare 1.1.1.1 is also integrating our blacklist API into their 1.1.1.1 service.

Please get back to me whenever your DNS is updated with our blacklist API and the instruction for users on how to use your DNS - then I can start to arrange for a news announcement to get MypDNS be known in Asia area.

Inconclusion, our blacklist API is constantly updated daily, normally is about 5 - 10 URLs per day based on our security team + community reports.

Thank you so much for everything and I really appreciate it!

The repository with the connector is available here: https://github.com/matrix-rocks/chongluadao-jdk-import

it's amazing good job brother. Thank you

In T3681#59333, @7onez wrote:

I just updated today for the blacklist API which means now only security threats URL and no more Porn URLs.

My invested time with getting the application to compare your domains against our porn-lists:

In the long run it would be very helpful if you could provide the DLE-format (T3776 -> P38) to create more transparency. Surely you have the lists categorized in the backend and even more information available. Using DLEF-files guarantees transparency in the blocking and unblocking process. It still has time, but maybe have a look if you would have the necessary data available in your infrastructure, so you won't be surprised later when I ask you about it :) If you have any comments or questions about the fields in DLEF feel free to share them.

Hey @7onez as @Somebodyisnobody here (https://github.com/matrix-rocks/chongluadao-jdk-import/pull/1/files#diff-a340a55a574f46593fab9ce6d4554d0b54072485f27d2955216c63b498539670R173) by default is going to block for anything below a current record, it springs to my attention, is this advised, or how are you records exactly provided, are they 1 on 1 match, or are some to me used as wildcard?

@7onez while checking agains our porn lists there appeared always one domain. Sure that lustylist.com is no adult domain?

grafik.png (194×292 px, 5 KB)

@7onez while checking agains our porn lists there appeared always one domain. Sure that T3631: lustylist.com is no adult domain?

grafik.png (194×292 px, 5 KB)

Please use back-ticks ` around any domain names to avoid they at some point should bexome active. IE, Chrome and for history and easy for readers adding the refs to the current issue is helpful and leaves a nice "mentioned in", Just a friendly note 😃

Hey @7onez are you there??

We would like to know how we should be treating your blacklist data.

  1. Can we wildcard blocking them all? ie:
2021-lmht.gq   CNAME .
*.2021-lmht.gq    CNAME .
  1. Should we treat then literally. ie
2021-lmht.gq   CNAME .
  1. What is the way to contact your project, if any users have question about any of the records?
  1. Should we treat then literally. ie
2021-lmht.gq   CNAME .

don't forget the www. foreach 😉

image.png (181×1 px, 17 KB)
I sent the invitation on Github to @Spirillen and @Somebodyisnobody . We also have a Trello board, if you could, please join if you guys want to contribute the project. At the current, we are rebuilding a lot of things in the backend API to fit in the requirements from mypdns.org and also from CloudFlare. And I, personally, very appreciate and happy to collaborate with you guys. Thank you for welcome me and my project ChongLuaDao. At the end of the day, no matter what, we are on same boat, that are together fight against the phishers and scammers - not only in Viet Nam but around the world.

Respectfully,

Hieu Ngo

@7onez while checking agains our porn lists there appeared always one domain. Sure that T3631: lustylist.com is no adult domain?

grafik.png (194×292 px, 5 KB)

Please use back-ticks ` around any domain names to avoid they at some point should bexome active. IE, Chrome and for history and easy for readers adding the refs to the current issue is helpful and leaves a nice "mentioned in", Just a friendly note 😃

Can you help me on the development of the backend API for ChongLuaDao.Vn, please?, I already sent the Github invitation, and when you need to access the backend API, I'm well pleased to share it with you. Thank you

  1. Should we treat then literally. ie
2021-lmht.gq   CNAME .

don't forget the www. foreach 😉

Some domains are needed to be blocked with wildcard, actually!. My backend dev team is working to make ChongLuaDao platform to recognize blocking the wildcard - subdomain of the domains. If you guys, please join. We really welcome you guys! Thank you

In T3681#66583, @7onez wrote:

Some domains are needed to be blocked with wildcard, actually!. My backend dev team is working to make ChongLuaDao platform to recognize blocking the wildcard - subdomain of the domains. If you guys, please join. We really welcome you guys! Thank you

Hey @7onez I did join your repository, but I only see one, wish only contains, for what I could see, a reporting tool for chrome J4, wish isn't on my fan list, as it since it the day it was developed is designed as Spyware, not that many other more modern and widely used browsers are any better, but they do allow one to be using add-ons that can and will enhance your rights to privacy.
This said, I can understand if you have chosen this, approach as chrome is the most used browser, while I (personally) would have build it to something like Palemoon & Firefox (Tor-project) to encourage people to switch the primary browser.

By adding the Tor-browser (Firefox) add-on, you would also enhance the number of different unwanted wares found, as most of these are living in the white web of .onion TLD

However I was hoping to find some repo's that would be about the maintenance of your ChongLuaDao Anti Phishing project.

In T3681#66582, @7onez wrote:

Can you help me on the development of the backend API for ChongLuaDao.Vn, please?

I would love to, but:

  1. As mentioned above, I can only see a chrome plugin
  2. The one issue that i could see open was in Vietnamese, wish I don't understand.

Let me give you the suggestion, that to follow the RFC 1034 RPZ styling, as:

  1. It will be the future way of doing DNS manipulation
  2. Your project is aiming to be blocking at the DNS level (OSI 3). and with the right tool you can get down to the OSI level 2 for Blacklisting.
  3. By following the RFC1034 you will not be braking the DNS structure, only manipulate the replies given.
In T3681#66583, @7onez wrote:

Some domains are needed to be blocked with wildcard, actually!. My backend dev team is working to make ChongLuaDao platform to recognize blocking the wildcard - subdomain of the domains. If you guys, please join. We really welcome you guys! Thank you

Hey @7onez I did join your repository, but I only see one, wish only contains, for what I could see, a reporting tool for chrome J4, wish isn't on my fan list, as it since it the day it was developed is designed as Spyware, not that many other more modern and widely used browsers are any better, but they do allow one to be using add-ons that can and will enhance your rights to privacy.
This said, I can understand if you have chosen this, approach as chrome is the most used browser, while I (personally) would have build it to something like Palemoon & Firefox (Tor-project) to encourage people to switch the primary browser.

By adding the Tor-browser (Firefox) add-on, you would also enhance the number of different unwanted wares found, as most of these are living in the white web of .onion TLD

However I was hoping to find some repo's that would be about the maintenance of your ChongLuaDao Anti Phishing project.

In T3681#66582, @7onez wrote:

Can you help me on the development of the backend API for ChongLuaDao.Vn, please?

I would love to, but:

  1. As mentioned above, I can only see a chrome plugin
  2. The one issue that i could see open was in Vietnamese, wish I don't understand.

Let me give you the suggestion, that to follow the RFC 1034 RPZ styling, as:

  1. It will be the future way of doing DNS manipulation
  2. Your project is aiming to be blocking at the DNS level (OSI 3). and with the right tool you can get down to the OSI level 2 for Blacklisting.
  3. By following the RFC1034 you will not be braking the DNS structure, only manipulate the replies given.

I wish that I could add you on our Trello board, so you can see what's going on in our project. Please send me a private message your email, so I can add you to Trello board to see tasks, and hope you and others can join in to develop the project. Especially is the backend API, we are currently trying to build the backend API blacklist and other lists for ChongLuaDao based on nestjs. You can check it out here: https://github.com/7zones/chongluadao-extension/tree/new-backend-structure/backend/new/chongluadao-backend

At Github, currently, only having the extension for chrome, firefox, opera - and its backend. However, on Trello board, we have teams ChongLuaDao like mobile dev team and website dev team. I also understand the privacy concerns about popular browsers, actually we have the extension for Tor Browser and Brave, which is using the same extension on Google Chrome Webstore. Some browsers that we supported here:

image.png (767×1 px, 188 KB)

Some translated information about my project: "About the non-profit project ChongLuaDao ChongLuaDao (CLĐ) is a non-profit project that originated from a chat session among community lovers. The project officially started on December 27, 2020 - for the current development phase we are launching a security product with real-time alerts. Because the project is not-for-profit, there are still many incomplete points and hope to receive many comments from the community soon for development. Have you ever wondered how to check if a website is safe? Is the page with bad content? Is it a fake page? We carry a mission to lock and protect you from pages on Facebook, Youtube, TikTok, fake websites ... that contain malicious code, fake pages, phishing and bad content. ChongLuaDao is a project built on machine learning (Machine Learning) which is an area of ​​artificial intelligence involved in the research and construction of techniques that allow systems to "learn" automatically from data to solve specific problems. And at the same time with the community's contribution reporting to make the cyberspace greener. ChongLuaDao calls on the community to engage to protect everyone around it and at the same time protect itself against online threats that can only be detected by humans. Install the ChongLuaDao extension for your browser and stay protected while you search, shop, and surf the web by checking trusted websites with great security added included. with antivirus program." More information about development process of the project:

image.png (7×1 px, 4 MB)

Thank you very much. Have a good day!

A little PS to @7onez about @Somebodyisnobody last comment about the building of a list of default categories can be found in T3976

You and your team are most welcome to contribute.

In T3681#66581, @7onez wrote:

... We also have a Trello board, if you could, please join if you guys want to contribute the project...

Respectfully,

Hieu Ngo

Hi @7onez The reason for not joining you on Trello is very privacy related. And as you can see in the following screenshot, then it's not possible for me to login as the login button never will be active as I can't or won't accept any of there used privacy intrusive trackers, mostly T70 google.com, T3960: googletagmanager.com, T2887: google-analytics.com.

image.png (406×989 px, 58 KB)

If you and your team should be tempted, I can offer a closed environment here within this Phabricator installation.

A short note about the ChongLuaDao BlackList, I'm pleased to see you have fully integrated the DLEF 🇻🇳 And I only awaits for @Somebodyisnobody's modifying the import tool, and it will be live on our #dns_server's.

Stay healthy and Private

@Spirillen

I am really busy at the moment. But will take a look on the adapter the next days. @Spirillen how do we handle the wildcarding now?

  • www.domain.com and domain.com or
  • *.domain.com and domain.com

?

I am really busy at the moment. But will take a look on the adapter the next days. @Spirillen how do we handle the wildcarding now?

  • www.domain.com and domain.com or
  • *.domain.com and domain.com

?

@Somebodyisnobody

With the star * by using www it would be a fixed blocking that would allow ie: www1.$domain

Yeah and that's the question like T3681#59615. The application is working but you didn't told me the scope of blocking.
What shall e.g. http://2021-lmht.gq/" result in the RPZ-lists?

I am really busy at the moment. But will take a look on the adapter the next days. @Spirillen how do we handle the wildcarding now?

  • www.domain.com and domain.com or
  • *.domain.com and domain.com

?

We are working on this, we have task like this on trello. Our backend developer is working on.

Yeah and that's the question like T3681#59615. The application is working but you didn't told me the scope of blocking.
What shall e.g. http://2021-lmht.gq/" result in the RPZ-lists?

I just add more fields to blacklist API: https://api.chongluadao.vn/v1/blacklist

We will have the following categories as below: scam, phishing, impersonate_fake, dangerous_link, bad_sensitive_content

We will have the following threat_level as below: high, medium, low.

Thank you