Lists icon indicating copy to clipboard operation
Lists copied to clipboard
verified publisher icon blocklistproject

[Remove Request] - mirror.truenetwork.ru

Open ramazansancar opened this issue 1 year ago β€’ 5 comments

URL you wish to be removed:

mirror.truenetwork.ru

Why you believe this to be a false positive:

Mirror connection for Russia-based repos and distributions

List it is on:

https://blocklist.sefinek.net/generated/0.0.0.0/malicious/blocklistproject.abuse.txt

Other info you think we should know:

ramazansancar avatar Dec 27 '24 12:12 ramazansancar

Hi there! It looks like you're using blocklist.sefinek.net. Unfortunately, you've submitted your issue in the wrong place πŸ˜‰

The domain mirror.truenetwork.ru will not be added to the whitelist on my side, as it is hosted on a server located in Russia. The Sefinek-Blocklist-Collection includes domains associated with geopolitical risks, potential security threats, or generally low levels of trust.

However, if blocklistproject decides to remove this subdomain, it will also be removed from the Sefinek-Blocklist-Collection.

Additionally, on VirusTotal, the subdomain mirror.truenetwork.ru is flagged as malicious.

sefinek avatar Mar 29 '25 16:03 sefinek

The Sefinek-Blocklist-Collection includes domains associated with geopolitical risks, potential security threats, or generally low levels of trust.

So you blocked all of US? that is properly the biggest geopolitical treat the world have ever seen.

spirillen avatar Mar 29 '25 18:03 spirillen

The blocking criteria do not refer to specific countries as a whole, but rather to individual domains that meet certain conditions – for example, being hosted in countries with elevated geopolitical risk and being flagged as malicious (e.g., by VirusTotal).

The subdomain mirror.truenetwork.ru is a Russian mirror server distributing copies of popular open source projects. The key word here is copies. There is no guarantee that these files haven’t been modified in a way that compromises user security.

So, this subdomain:

  • has been flagged as malicious,
  • is listed in: malicious/blocklistproject/malware.fork.txt and abuse/blocklistproject/hosts.fork.txt,
  • hosts files associated with the trojan threat category. Analysis of these files confirms that the subdomain either distributes or is directly linked to malicious software:
    • https://www.virustotal.com/gui/file/1778533c5095e4b52252da0c3f71e42b71975b1d348a82bb966bd96663b7b02d
    • https://www.virustotal.com/gui/file/10b856a23d5d1d5ee1d8f3b4e16505a0968582f94be5d34c8b0f92bd56816a78
    • https://www.virustotal.com/gui/file/c87a097fbeb4174a6fdbb71dced20183e31c46a90e9949c5eff619d5545eb7af
    • https://www.virustotal.com/gui/file/2fc9fc5bf00a6e0164eacb28baf5e1189714c30b1bcc4dcea4682f0d64ef9013
      Threat category: trojan

Therefore, there is no basis for removing this subdomain from the blocklist. As you can see yourself – further analysis appears unnecessary in this case.

Unofficial mirrors (i.e., copies of repositories or file servers maintained by entities other than the original software developers) may appear to be legitimate sources, but in reality, they offer no guarantee that the distributed files are authentic and unmodified.

When such a mirror operates in a country that lacks:

  • transparency in law enforcement,
  • independent institutions,
  • and effective international cooperation in the field of cybersecurity,

...the risk that someone will deliberately modify files and distribute malicious software increases significantly. Therefore, such sources are not trustworthy – even if they offer something seemingly well-known, like ffmpeg, nginx, vlc etc.

So you blocked all of US?

I am not the creator of the lists that contain malicious domains ):

sefinek avatar Mar 29 '25 19:03 sefinek

As this is off-topic, I'll keep this brief, and we ought to have this discussion in your repository. My response wasn't related to truenetwork.ru, as those Russians should be sent to Siberia and left to die...

The key word here is copies. There is no guarantee that these files haven’t been modified in a way that compromises user security.

IF [ Copies == TRUE ]; then
    they are unaltered and same as source πŸ€·β€β™‚ 
else
    Altered and manipulated version πŸ› 
fi

When such a mirror operates in a country that lacks:

  • transparency in law enforcement,
  • independent institutions,
  • and effective international cooperation in the field of cybersecurity,

You keep sending me gifts 🎁 πŸ’, and I absolutely love them.

So, based on any of these criteria, you ought to be blacklisting the entire USA! It's simply a fact. Thanks to Captain MAGA and the DOGE brothers

PS: This is mostly meant as a bit of fun πŸ‘‹πŸ»

spirillen avatar Mar 29 '25 19:03 spirillen

Image

Totally unprofessional behavior on your part. GitHub is not 4chan. If you have nothing meaningful to contribute to this discussion, allow me to end it here. Have a good night! 😴

sefinek avatar Mar 29 '25 20:03 sefinek