Malicious site blocking still working?

eastavin

Senior Member
Hi. For a few months now I have not been seeing any blocks being reported under malicious site blocking under AI Protection. I reset it to clear the count in late summer and from there on it has been 0. I thought maybe it was broken or maybe a new update would fix it. It used to be a weekly snow storm of blocks prior to that. I would like to think that the internet suddenly became safe but perhaps that is not so :)

I installed 386.4 the day it came it out but I still see 0 . I use cloudflare 1111 for a dns. Is cloudflare blocking them from reaching me? I am not even close to being an expert here :)

Any thoughts? Thanks.

Edward
 

Suzib6sw

Regular Contributor
I am seeing 64 blocks since nov 5th 2021 with the latest on 9th Jan 22 .. Using Cloudflare.. 1.1.1.1 and 1.1.1.2.. RT-AX58U Main Router and two AX-58U nodes all with 386.4 .
I can trigger some with those false ads in facebook feeds.. Also try " http://stlwall[dot]com " Be careful my router throws up the Warning! This Website contains Malware .
I also got a similar response to " URL: www.sdecorshop[dot].com"
I would highly recommend you use a non daily driver that can be wiped to test these.
1643247835676.png
 

RMerlin

Asuswrt-Merlin dev
You can also test it with this (perfectly safe) test URL:

 

eastavin

Senior Member
I am seeing 64 blocks since nov 5th 2021 with the latest on 9th Jan 22 .. Using Cloudflare.. 1.1.1.1 and 1.1.1.2.. RT-AX58U Main Router and two AX-58U nodes all with 386.4 .
I can trigger some with those false ads in facebook feeds.. Also try " http://stlwall[dot]com " Be careful my router throws up the Warning! This Website contains Malware .
I also got a similar response to " URL: www.sdecorshop[dot].com"
I would highly recommend you use a non daily driver that can be wiped to test these.
View attachment 38951
sdecorshop.com throws up the router block page but does not record the event under malicious site blocking.
stlwall.com also throws up the router block page but does not record the event either.

So I am satisfied that Trendnet still seems to be working. Though the malicious site blocking log is still empty. Is that a reason to be concerned?
 

Sander_H

Occasional Visitor
I think the feature is partially broken. Yes, AI Protection is still working as it is blocking Malicious Sites BUT it is not longer registering these. So the counter will remain 0.
It has been broken for quite a while, I noticed this somewhere halfway last year.
 

RocketJSquirrel

Senior Member
I agree. It seems to be working, but logs nothing. My most recently blocked malicious site action is dated 2021-02-22, i.e., 11 months ago, even though I just triggered it purposely using the Trendmicro link above.
 

RMerlin

Asuswrt-Merlin dev
The database where it stores the logs may be corrupted.

1) Disable AiProtection/Malicious Website Blocking
2) Delete the database. Over SSH:

Code:
rm /jffs/.sys/AiProtectionMonitor/*

3) Re-enable the features
 

Skiron

Occasional Visitor
AS an aside I use the Opendns family shield dns:


Works really good and also you hit a 'blocked' page if trying to visit a dodgy site. Also they are quick to respond ( < 4 days) to add an entry if you report it (when mail2world went down the other other week I typo'ed ' www.mail2worl.com ' that resolves to a dodgy Chinese site). Also pretty fast too, and saves running overheads on the router.
 

eastavin

Senior Member
The database where it stores the logs may be corrupted.

1) Disable AiProtection/Malicious Website Blocking
2) Delete the database. Over SSH:

Code:
rm /jffs/.sys/AiProtectionMonitor/*

3) Re-enable the features

Thanks. I tried this. In about 5 minutes I saw it report 2 protection events. So that is a solution. I notice in another post you use the -rf switches. I am not an expert at all in this mode. Does the extra parameters do anything extra that is useful?
 

RMerlin

Asuswrt-Merlin dev
Thanks. I tried this. In about 5 minutes I saw it report 2 protection events. So that is a solution. I notice in another post you use the -rf switches. I am not an expert at all in this mode. Does the extra parameters do anything extra that is useful?
Code:
[email protected]:/tmp/home/root# rm --help
BusyBox v1.25.1 (2022-03-02 11:36:53 EST) multi-call binary.

Usage: rm [-irf] FILE...

Remove (unlink) FILEs

    -i    Always prompt before removing
    -f    Never prompt
    -R,-r    Recurse
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top