Malicious site blocking still working?

[eastavin]

Hi. For a few months now I have not been seeing any blocks being reported under malicious site blocking under AI Protection. I reset it to clear the count in late summer and from there on it has been 0. I thought maybe it was broken or maybe a new update would fix it. It used to be a weekly snow storm of blocks prior to that. I would like to think that the internet suddenly became safe but perhaps that is not so

I installed 386.4 the day it came it out but I still see 0 . I use cloudflare 1111 for a dns. Is cloudflare blocking them from reaching me? I am not even close to being an expert here

Any thoughts? Thanks.

Edward

 

[Suzib6sw]

I am seeing 64 blocks since nov 5th 2021 with the latest on 9th Jan 22 .. Using Cloudflare.. 1.1.1.1 and 1.1.1.2.. RT-AX58U Main Router and two AX-58U nodes all with 386.4 .
I can trigger some with those false ads in facebook feeds.. Also try " http://stlwall[dot]com " Be careful my router throws up the Warning! This Website contains Malware .
I also got a similar response to " URL: www.sdecorshop[dot].com"
I would highly recommend you use a non daily driver that can be wiped to test these.

 

[RMerlin]

You can also test it with this (perfectly safe) test URL:

DCX

 

[bbunge]

You should use Cloudflare Secure. 1.1.1.2 and 1.0.0.2 or Quad9.

 

[eastavin]

You can also test it with this (perfectly safe) test URL:

DCX

This ones throws up the block page from the router... but does not record the event in the malicious site tracking.

 

[eastavin]

I am seeing 64 blocks since nov 5th 2021 with the latest on 9th Jan 22 .. Using Cloudflare.. 1.1.1.1 and 1.1.1.2.. RT-AX58U Main Router and two AX-58U nodes all with 386.4 .
I can trigger some with those false ads in facebook feeds.. Also try " http://stlwall[dot]com " Be careful my router throws up the Warning! This Website contains Malware .
I also got a similar response to " URL: www.sdecorshop[dot].com"
I would highly recommend you use a non daily driver that can be wiped to test these.
View attachment 38951

sdecorshop.com throws up the router block page but does not record the event under malicious site blocking.
stlwall.com also throws up the router block page but does not record the event either.

So I am satisfied that Trendnet still seems to be working. Though the malicious site blocking log is still empty. Is that a reason to be concerned?

 

[Sander_H]

I think the feature is partially broken. Yes, AI Protection is still working as it is blocking Malicious Sites BUT it is not longer registering these. So the counter will remain 0.
It has been broken for quite a while, I noticed this somewhere halfway last year.

 

[RocketJSquirrel]

I agree. It seems to be working, but logs nothing. My most recently blocked malicious site action is dated 2021-02-22, i.e., 11 months ago, even though I just triggered it purposely using the Trendmicro link above.

 

[Gary_Dexter]

Likewise. Used the test site - block page.
But stay counter not updating since last report on 17th Jan

 

[RMerlin]

The database where it stores the logs may be corrupted.

1) Disable AiProtection/Malicious Website Blocking
2) Delete the database. Over SSH:

rm /jffs/.sys/AiProtectionMonitor/*

3) Re-enable the features

 

[Paliv]

I have 11 recorded on my network this month.

 

[Skiron]

AS an aside I use the Opendns family shield dns:

https://support.opendns.com/hc/en-us/articles/228007127-FamilyShield-Computer-Configuration-Instructions

Works really good and also you hit a 'blocked' page if trying to visit a dodgy site. Also they are quick to respond ( < 4 days) to add an entry if you report it (when mail2world went down the other other week I typo'ed ' www.mail2worl.com ' that resolves to a dodgy Chinese site). Also pretty fast too, and saves running overheads on the router.

 

[eastavin]

The database where it stores the logs may be corrupted.

1) Disable AiProtection/Malicious Website Blocking
2) Delete the database. Over SSH:

rm /jffs/.sys/AiProtectionMonitor/*

3) Re-enable the features

Thanks. I tried this. In about 5 minutes I saw it report 2 protection events. So that is a solution. I notice in another post you use the -rf switches. I am not an expert at all in this mode. Does the extra parameters do anything extra that is useful?

 

[RMerlin]

Thanks. I tried this. In about 5 minutes I saw it report 2 protection events. So that is a solution. I notice in another post you use the -rf switches. I am not an expert at all in this mode. Does the extra parameters do anything extra that is useful?

admin@stargate88ax:/tmp/home/root# rm --help
BusyBox v1.25.1 (2022-03-02 11:36:53 EST) multi-call binary.

Usage: rm [-irf] FILE...

Remove (unlink) FILEs

    -i    Always prompt before removing
    -f    Never prompt
    -R,-r    Recurse