What's new

Malicious site blocking still working?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

eastavin

Senior Member
Hi. For a few months now I have not been seeing any blocks being reported under malicious site blocking under AI Protection. I reset it to clear the count in late summer and from there on it has been 0. I thought maybe it was broken or maybe a new update would fix it. It used to be a weekly snow storm of blocks prior to that. I would like to think that the internet suddenly became safe but perhaps that is not so :)

I installed 386.4 the day it came it out but I still see 0 . I use cloudflare 1111 for a dns. Is cloudflare blocking them from reaching me? I am not even close to being an expert here :)

Any thoughts? Thanks.

Edward
 
I am seeing 64 blocks since nov 5th 2021 with the latest on 9th Jan 22 .. Using Cloudflare.. 1.1.1.1 and 1.1.1.2.. RT-AX58U Main Router and two AX-58U nodes all with 386.4 .
I can trigger some with those false ads in facebook feeds.. Also try " http://stlwall[dot]com " Be careful my router throws up the Warning! This Website contains Malware .
I also got a similar response to " URL: www.sdecorshop[dot].com"
I would highly recommend you use a non daily driver that can be wiped to test these.
1643247835676.png
 
You can also test it with this (perfectly safe) test URL:

 
You should use Cloudflare Secure. 1.1.1.2 and 1.0.0.2 or Quad9.
 
I am seeing 64 blocks since nov 5th 2021 with the latest on 9th Jan 22 .. Using Cloudflare.. 1.1.1.1 and 1.1.1.2.. RT-AX58U Main Router and two AX-58U nodes all with 386.4 .
I can trigger some with those false ads in facebook feeds.. Also try " http://stlwall[dot]com " Be careful my router throws up the Warning! This Website contains Malware .
I also got a similar response to " URL: www.sdecorshop[dot].com"
I would highly recommend you use a non daily driver that can be wiped to test these.
View attachment 38951
sdecorshop.com throws up the router block page but does not record the event under malicious site blocking.
stlwall.com also throws up the router block page but does not record the event either.

So I am satisfied that Trendnet still seems to be working. Though the malicious site blocking log is still empty. Is that a reason to be concerned?
 
I think the feature is partially broken. Yes, AI Protection is still working as it is blocking Malicious Sites BUT it is not longer registering these. So the counter will remain 0.
It has been broken for quite a while, I noticed this somewhere halfway last year.
 
I agree. It seems to be working, but logs nothing. My most recently blocked malicious site action is dated 2021-02-22, i.e., 11 months ago, even though I just triggered it purposely using the Trendmicro link above.
 
The database where it stores the logs may be corrupted.

1) Disable AiProtection/Malicious Website Blocking
2) Delete the database. Over SSH:

Code:
rm /jffs/.sys/AiProtectionMonitor/*

3) Re-enable the features
 
AS an aside I use the Opendns family shield dns:


Works really good and also you hit a 'blocked' page if trying to visit a dodgy site. Also they are quick to respond ( < 4 days) to add an entry if you report it (when mail2world went down the other other week I typo'ed ' www.mail2worl.com ' that resolves to a dodgy Chinese site). Also pretty fast too, and saves running overheads on the router.
 
The database where it stores the logs may be corrupted.

1) Disable AiProtection/Malicious Website Blocking
2) Delete the database. Over SSH:

Code:
rm /jffs/.sys/AiProtectionMonitor/*

3) Re-enable the features

Thanks. I tried this. In about 5 minutes I saw it report 2 protection events. So that is a solution. I notice in another post you use the -rf switches. I am not an expert at all in this mode. Does the extra parameters do anything extra that is useful?
 
Thanks. I tried this. In about 5 minutes I saw it report 2 protection events. So that is a solution. I notice in another post you use the -rf switches. I am not an expert at all in this mode. Does the extra parameters do anything extra that is useful?
Code:
admin@stargate88ax:/tmp/home/root# rm --help
BusyBox v1.25.1 (2022-03-02 11:36:53 EST) multi-call binary.

Usage: rm [-irf] FILE...

Remove (unlink) FILEs

    -i    Always prompt before removing
    -f    Never prompt
    -R,-r    Recurse
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top