Add fingerprint for blockpages in MY #35
Comments
|
Does a fingerpint need to be added for each verified blocked site? If so should I provide a list known list of Inputs? |
|
@kaerumy only if the blockpages are different, it would be useful though to have a list of the known blocked website if you have that available so I can verify that. |
|
@hellais two more blocked sites confirmed by web connectivity tests
Will add some more known blocked sites to the test list so they can be picked up by OONI |
|
The following on global test lists are also detected by ooni tests and redirected to Malaysia Communications and Multimedia Commission (MCMC) notice page: Porn: Gambling: |
|
I'm not sure what what would be an accurate fingerprint for the blockpage, at first I thought about this: It seems that the blockpage in AS4788, AS4818 and AS17971 have the following unique fingerprint: |
|
This fingerprint will also fail if the test url includes additional page specific url and not just the domain. In this case, you will get a 404 from that server because, the notice server is badly configured. You will also get 404 if they haven't configured the vhost yet on newly added domains. What is common however so far on 3 ISPs and 4 networks (3rd ISP tests for Malaysia should show in today's reports) is that for this notice server the IP address returned is always: 175.139.142.25 regardless of network or ISP DNS server. The headers for this server serving notices is also consistent, it is always IIS/8.4 and ASP.NET http://www.sarawakreport.org vs http://www.sarawakreport.org/tag/1mdb |
|
The 404 errors will be cached by the pipeline's filter http-diff (as in your example). Using the IIS/8.4 and ASP.NET headers will trigger a big number of false positives. |
|
What I mean is that the following query: ip: 175.139.142.25 AND headers: {Server: Microsoft-IIS/8.5, X-Powered-By: ASP.NET} Is unique on 4 different networks, when there is an MCMC notice or 404. The block directive on how to block sites seems to be universal across ISPs ie. for X in domain, redirect to 175.139.142.25 which is an IIS/8.5 webserver. I'm not sure how the fingerprinting works, but if it's by conditions, there should not be any false positives, this is a specific server IP and type of web server that all blocked sites of this type are redirected to. |
|
Xref: citizenlab/blockpages#1 — where I mined MY blockpage from the data. |
|
Pushed a pull request with the most common blockpage fingerprint: #68 @kaerumy in your #35 (comment) the blocked report shows a 403 HTTP error response which is not (currently) supported by the pipeline. |
|
According to @kaerumy we should be using as a fingerprint for MY the fact that DNS resolves to the IP |
|
Added these to: #289 |
1 similar comment
|
Added these to: #289 |
In https://github.com/TheTorProject/ooni-explorer/issues/96 @kaerumy pointed out a blockpage for Malaysia: https://explorer.ooni.torproject.org/measurement/20160802T205955Z_AS4788_3omRbM1JA9BYIMF5O5uiKEsdmUqy4kdunnKn7exzBlM2ebboDh?input=http:%2F%2Fwww.sarawakreport.org.
We should be adding a fingerprint for it to the data processing pipeline.
In more recent times this is done via DNS by resolving to the IP 175.139.142.25.
See:
https://explorer.ooni.io/measurement/20160817T033110Z_AS4788_jk5ghw4QwieT2JOFiIqto9Z2LzCFhP05v3U0sCcaetBr50NxuU?input=http:%2F%2Fwww.sarawakreport.org%2Ftag%2F1mdb
The text was updated successfully, but these errors were encountered: