Category Archives: Mikrotik RouterOS Web Proxy

New Blacklist: A List of Terrorist & Extremist Domains.

We have been working to compile the initial release of a new blacklist, which we have now released in the members area of Squidblacklist.org. Available for immediate download, our new and unique “Terrorism and Extremism” Domain Blacklist. Available now for all current and new subscribers. As is always, we have formatted this blacklist for use with multiple platforms.

DNS Zone format, RouterOS DNS and Web Proxy *RSC import script, Squid Proxy Native ACL format, as well as plain text Dansguardian/SquidGuard Compatible format for use with all other web filtering platforms and applications.

Subscribe today and find out why so many have switched. Shouldnt you be using a higher class blacklist?

We are committed to continually evolve the technology we are using on the backend to produce ever increasingly better publications, We are proud to consistently bring ever more refined and simply the highest quality blacklists available.


Subscribe Now For Zone Access.

Flat rate subscription. For full access to all of our works, select a membership option & subscribe today.



Select Payment Option



  • You will be issued a username and password.
  • You will be granted access to our member area.
  • 5 Year Membership Option now available.
  • For lifetime membership options click here.clipart
  • Contact us if you would like a pre order invoice.

Disclaimer: All sales are final, we do not issue refunds. Cancel your subscription anytime.


Updates and Changes to Mikrotik RouterOS Blacklists

There have been some changes in the latest version of Mikrotik RouterOS, which meant we really had no choice but to make some minor changes, otherwise the old format simply would fail to work when you tried to load them into a current version of Mikrotik RouterOS ( version v6.37 or newer ).

It seems Mikrotik decided, for whatever reason, to change the way static dns entries are handled.

RouterOS DNS Static Entry Change - Side by Side Comparison
RouterOS DNS Static Entry Change – Side by Side Comparison

As you can see in the image above , the changes were significant enough to force us to make the changes, if you are havin any issues loading our blacklists then you should update to the latest version of RouterOS as soon as possible.

We also decided that it would be best to add a single line to the headers included in each blacklist, to remove old entries befoe loading the new ones. Of course any knowledgeable admin would know to do this, but we felt is was something that should already be included in the blacklists for your convenience.

NEW FORMAT:

# TiK-DNS-Ads: Blacklist compiled by SquidBlacklist.org 10-01-2016. -MADE IN USA-
:log info "tik dns ads blacklist script import started"
:local redirectIP "127.0.0.1"
/ip dns static remove [find comment="sbl ads"]
/ip dns static
add regexp="^(.*\\.)\?004\\.frnl\\.de\$" address="$redirectIP" comment="sbl ads"
add regexp="^(.*\\.)\?01s\\.net\$" address="$redirectIP" comment="sbl ads"
add regexp="^(.*\\.)\?01viral\\.com\$" address="$redirectIP" comment="sbl ads"
add regexp="^(.*\\.)\?0427d7\\.se\$" address="$redirectIP" comment="sbl ads"
add regexp="^(.*\\.)\?0702\\.de\$" address="$redirectIP" comment="sbl ads"
add regexp="^(.*\\.)\?0ca\\.net\$" address="$redirectIP" comment="sbl ads"

I hope this will help to clarify for those of you who are scratching your heads about the sudden changes.

Thank you for your support.

Signed,

Benjamin E. Nichols
http://www.squidblacklist.org


Blacklisting has Evolved. Subscribe Now!

Flat rate subscription. Select a membership option & subscribe.



Select Payment Option



  • You will be issued a username and password.
  • You will be granted access to our member area.
  • 5 Year Membership Option now available.
  • For lifetime membership options click here.clipart
  • Contact us if you would like a pre order invoice.

Disclaimer: All sales are final, we do not issue refunds. Cancel your subscription anytime.


Music website/domain blacklist for content filtering published.

We have had a video, and an image blacklist for a while now, so it only seemed right to include a music blacklist. This became clear as it was requested by one of our current members who is responsible for content filtering at an educational facility.

The new Music domain blacklist for web filtering purposes has been added to our existing line up and is available in the ‘all’ archive as well as standalone download, just as you would expect any other blacklist that we offer, this blacklist is also available in multiple formats for broad compatibility with most content filters and url filtering platforms and applications.

Enhance your web filtering strategy with enhanced blacklists and subscribe today.


Blacklisting has Evolved. Subscribe Now!

Flat rate subscription. Select a membership option & subscribe.



Select Payment Option



  • You will be issued a username and password.
  • You will be granted access to our member area.
  • 5 Year Membership Option now available.
  • For lifetime membership options click here.clipart
  • Contact us if you would like a pre order invoice.

Disclaimer: All sales are final, we do not issue refunds. Cancel your subscription anytime.


Updating Blacklists For RouterOS From Squidblacklist.org

Content filtering using domain name blacklists on Mikrotik RouterOS devices.

To automatically download or update your blacklists from Squidblacklist.org onto your RouterOS devices, there are several methods, but the most straightforward is going to likely be using winbox and the system scheduler.

To update your blacklists we can use the following example to fetch tik-ads.rsc:


/tool fetch address=www.squidblacklist.org host=www.squidblacklist.org mode=http src-path=/downloads/squidblacklists/tik/dns/tik-dns-ads.rsc user=some-username password=some-password

Scheduled Automatic Blacklist Download.
Scheduled Automatic Blacklist Download.

Now that we have scheduled a task to download the blacklists, we need to also add a task to actually import the blacklists. Its a good idea to schedule this to run a few minutes later.

Scheduled RouterOS Blacklist Import
Scheduled RouterOS Blacklist Import

:log warning "Disabling system Logging";
import tik-dns-ads.rsc
/system logging enable 0


Also see our other RouterOS related materials. Mikrotik RouterOS Malicious IP Blacklist – Firewall Import Script – Gratis
Mikrotik RouterOS Blacklist Validation Testing & Compatibility Chart Update Posted.
Mikrotik RouterOS Blacklists


Get a username and password – Subscribe now.

Flat rate subscription. Select a membership option & subscribe.



Select Payment Option



  • You will be issued a username and password.
  • You will be granted access to our member area.
  • 5 Year Membership Option now available.
  • For lifetime membership options click here.clipart
  • Contact us if you would like a pre order invoice.

Disclaimer: All sales are final, we do not issue refunds. Cancel your subscription anytime.


Mikrotik RouterOS Malicious IP Blacklist – Firewall Import Script – Gratis

Happy New Year! @Mikrotik @RouterOS fans!

logo_new800

We have published a malicious ip blacklist for free! Combined dshield and spamhaus malicious blacklists formatted for Mikrotik RouterOS .rsc import script to firewall address list, updated daily and formatted by our servers for easy import and download into your Mikrotik Router.

It can be downloaded directly here. Or follow the instructions below to setup firewall rules and schedule automatic daily updates on any Mikrotik Router.


To automatically download, update, and apply the combind Dshield, Spamhaus ip blacklists on your Mikrotik Router:

First: Log into Winbox.

Open a terminal and add the following three firewall rules

/ip firewall filter add chain=input src-address-list=drop.dshield action=drop log=drop.dshield
/ip firewall filter add chain=input src-address-list=drop.spamhaus1 action=drop log=drop.spamhaus1
/ip firewall filter add chain=input src-address-list=drop.spamhaus2 action=drop log=drop.spamhaus2


Now we need to schedule the automated update: Go to system scheduler and create a new task.

Update spamhaus dshield routeros blacklists.
/tool fetch address=www.squidblacklist.org host=www.squidblacklist.org mode=http src-path=/downloads/drop.malicious.rsc


Now we schedule the import task: Go to system scheduler and create a new task.
 /tool fetch address=www.squidblacklist.org host=www.squidblacklist.org mode=http src-path=/downloads/drop.malicious.rsc
/tool fetch address=www.squidblacklist.org host=www.squidblacklist.org mode=http src-path=/downloads/drop.malicious.rsc


Support Our Efforts – Subscribe Today.

Flat rate subscription. Select a membership option & subscribe.



Select Payment Option



  • You will be issued a username and password.
  • You will be granted access to our member area.
  • 5 Year Membership Option now available.
  • For lifetime membership options click here.clipart
  • Contact us if you would like a pre order invoice.

Disclaimer: All sales are final, we do not issue refunds. Cancel your subscription anytime.


Domain Whitelist For Content Filtering Published

Our domain whitelist for content filtering purposes is now available for public access.

 

This whitelist does not contain any torrent or porn sites and should provide a good baseline  whitelist for general audiences.

 

It can be downloaded here.


Subscribe Today – Paypal or Credit Card Accepted.

Flat rate subscription. Select a membership option & subscribe.



Select Payment Option



  • You will be issued a username and password.
  • You will be granted access to our member area.
  • 5 Year Membership Option now vvailable.
  • For lifetime membership options click here.clipart
  • Contact us if you would like a pre order invoice.

Disclaimer: All sales are final, we do not issue refunds. Cancel your subscription anytime.

Mikrotik RouterOS Blacklist Validation Testing & Compatibility Chart Update Posted.

logo_new800

CCR1036-12G-4S & Porn Blacklist
CCR1036-12G-4S & Porn Blacklist

We have retooled our backend logic which has had a dramatic impact on the size and contents of our blacklists, just another reason for us to retest the RouterBoards we have available to see which blacklists are able to run on them and which ones cannot.  We posted the results of our findings in the following chart.

Mikrotik 951G-2HnD
Mikrotik 951G-2HnD

We also added two new routers to the chart, the map2n and 951G-2HnD.  Which we recently received for testing. We have prepared a compatibility chart for your review.

Mikrotik RBmAP2n
Mikrotik RBmAP2

 

 

Mikrotik compatible conversions of our blacklists are available to all subscribers in .rsc import script formats for both Mikrotik Web Proxy Access Blacklist and Mikrotik DNS Access Blacklist. Subscribe Now.

Test it for yourself! Download this sample Mikrotik Web Proxy blacklist tik-ads.rsc


Subscribe Today – Paypal or Credit Card Accepted.

Flat rate subscription. Select a membership option & subscribe.



Select Payment Option



  • You will be issued a username and password.
  • You will be granted access to our member area.
  • 5 Year Membership Option now vvailable.
  • For lifetime membership options click here.clipart
  • Contact us if you would like a pre order invoice.

Disclaimer: All sales are final, we do not issue refunds. Cancel your subscription anytime.

Free blacklists suck , and heres why.

Squidblacklist.org – Blacklisting Has Evolved.

Normally I would believe free is great, free as in, gratis. However, when it comes to the blacklists freely available online, specifically, blacklists tailored for consumption as an important web filtering component used in various content filter hardware platforms and software applications. The free solutions just dont cut it. And If you as an administrator can find as many holes within just a few simple Google searches using the free blacklists, just imagine how easy it will be for a determined end user on your network to find and access unauthorized content.

snakeoil
One can easily load up their content control platform of choice with any of the freely available blacklists and with just a few simple Google searches, one can easily find many websites not included in those free blacklists. Many websites will easily load, exposing the fact that many of these blacklists are poorly maintained, and result in an unreliably poor degree of quality.

Not only are these blacklists highly inadequate, they are generally, all filled with errors, erroneous characters, blank spaces, formatting issues, capitalization mistakes,  etc, etc.

It is not uncommon for many administrators who fail to achieve an effective degree of content control using open source platforms, combined with low cost solutions, such as free domain blacklists. Many times concluding their efforts in frustration at the lack of efficacy and are forced to turn to much more expensive content control solutions from large vendors. This is why we believe that the world is primed and ready for a higher quality value added blacklist solution, and Squidblacklist.org intend’s to fill this gap.

This is why we founded Squidblacklist.org, as a paid service, which allows us to allocate our resources to pursue and continue producing blacklists of a much higher quality, with a level of sophistication in our production and validation processes that is seriously lacking in other, competing solutions..

Regardless of whether it is paid or gratis, we intend to beat our competition, as we continue to uphold our reputation as The Worlds Leading Publisher of Blacklists Tailored Specifically for use with Content Filering platforms.


Subscribe Today – Paypal or Credit Card Accepted.

Flat rate subscription. Select a membership option & subscribe.



Select Payment Option



  • You will be issued a username and password.
  • You will be granted access to our member area.
  • 5 Year Membership Option now vvailable.
  • For lifetime membership options click here.clipart
  • Contact us if you would like a pre order invoice.

Disclaimer: All sales are final, we do not issue refunds. Cancel your subscription anytime.

Gaming Blacklist For Content Filtering

Gaming Blacklist.

 

So you want a blocklist to use to control access to gaming related websites and content? Maybe you need to prevent students or employees from accessing such content to keep productivity up.

No problem, our gaming blacklist contains over 165,000+ gaming domain names.  Everything you could consider a game, from online poker websites, to video game consoles, board games, and everything in between our gaming blacklist is ready for production.


 

This list and others are currently available from Squidblacklist.org.  A valid username and password is required to download.

http://www.squidblacklist.org/downloads/squidblacklists/squid-gaming.tar.gz

 

SAMPLE:

This is just a small sample of the gaming blacklist, this port is formatted for use with Squid Proxy.

# Squid-Gaming: Blacklist compiled by SquidBlacklist.org                    -MADE IN USA-
#
# Note: This list is fully compatible and will work fine in combination with our other lists.
#
# FEATURES:
# Any sort of website that hosts online game or video game related content.
#
# Additions or amendments that should be made to this list, email us at submit@squidblacklist.org
#
# Blacklists by Squidblacklist.org  licensed under  Creative Commons Attribution 3.0 License.
# Based on a works located at http://www.squidblacklist.org .

.xboxonekaufen.net
.xboxonekeys.net
.xboxonekinect.net
.xboxonekinectone.net
.xboxonekopen.net
.xboxonelife.net
.xboxonelive.net
.xboxonemagazine.net
.xboxone-magazin.net
.xboxonemicrosoft.net
.xboxone.mobi
.xboxonemod.net
.xboxonemods.net
.xboxonemusic.net
.xbox-one.net
.xboxone.net
.xbox-one-news.net
.xboxoneofficial.net
.xboxoneombouw.net
.xboxone.org
.xboxoneoyunlari.net
.xboxoneoyun.net
.xbox-one-paris.net
.xboxoneplus.net
.xboxonepoints.net
.xboxone.pro
.xboxoneproducts.net
.xboxone-promotion.net
.xboxonerelease.net
.xboxonerepair.net
.xboxonerepairs.net
.xboxonerevealed.net
.xboxonereview.net
.xbox-onereviews.net
.xboxone-reviews.net
.xboxonereviews.net
.xboxone.ru
.xboxonesales.net
.xboxonescene.net
.xboxonesearch.net
.xboxonesecondterms.net
.xboxonesmartglass.net


Subscribe Today – Paypal or Credit Card Accepted.

Flat rate subscription. Select a membership option & subscribe.



Select Payment Option



  • You will be issued a username and password.
  • You will be granted access to our member area.
  • 5 Year Membership Option now vvailable.
  • For lifetime membership options click here.clipart
  • Contact us if you would like a pre order invoice.

Disclaimer: All sales are final, we do not issue refunds. Cancel your subscription anytime.

Web filtering with RouterOS web proxy leveraging domain blacklists – how to.

 

Web filtering with a RouterOS enabled device leveraging domain blacklists from Squidblacklist.org is not difficult to achieve.  By simply converting our existing blacklists that we publish for other platforms, into a Mikrotik *.rsc script , we can then reliably filter web traffic using a RouterOS enabled device, as well as many low cost RouterBoard devices.

 

 

What does a RouterOS web proxy blacklist look like?

Piracy rsc blacklist.
Piracy rsc blacklist script.

 

I will quickly walk you through a brief illustrated description of how one would upload a blacklist script via winbox and schedule its execution on an RB750gl. Download  and test drive a copy of this  blacklist from the links we have provided at the bottom of this article.

 

Upload the blacklist via winbox (drag n drop)

Upload blacklist rsc
Uploading the piracy blacklist rsc via winbox.

 

Of course in production you could and likely would be using automated procedures to do this, using ftp, ssh, or whatever you like for file transfer,  but for this demonstration we are just going to drop and drop.

 

 Open the system scheduler and create a task.

Create task in system scheduler
Create a task.

Here we create a task in system scheduler and pick a time to execute it.  In this case, we are running the following  ‘import tik-piracy.rsc’  command.

 

RB750gl CPU load during import and duration.

Cpu load during run, RB750g
Cpu load during tik-piracy run, RB750g.

 

It is important for me to point out that the cpu on this RB750GL was under 100% load during this import process, and lasted approximately 2-3 minutes in duration.  Around 14,000 domains were loaded from this particular blacklist.

 

System log after blacklist script run completion.

RouterOS Syslog after loading blacklist
RouterOS syslog after loading piracy blacklist.

 

RouterOS Web Proxy access list after blacklist import.

Access list after Loading.
RouterOS web proxy access list after loading piracy blacklist.

Here we can see over 14,000 domains successfully imported into the RB750gl’s web proxy access list, which is now ready to filter against piracy related domains.

System Requirements – Memory Limitations

tikchart
Blacklist compatibility chart.

It is important for us to mention that the system memory, ram usage, is very high using our blacklists, in this example we used one of our smaller size lists, and most of our blacklists are comparable in size and line count, however. The most sought after lists that we publish will not run on a low cost Routerboard device such as the RB750gl, and would result in memory exhaustion, a kernel panic  and thereafter a resulting watchdog timer reboot.  If you attempted to load more than one of these blacklists on a small device such as an RB411/532/133/112/950x type device, this failure would likely be the result. Therefore, we recommend that an x86/x64 PC based platform be used for serious web filtering purposes using RouterOS web proxy.  Alternatively,  one of the more sophisticated, higher end Mikrotik RouterBoard platforms might also suffice.  RouterOS has been proven to have an inherent flaw, or set of flaws that make running our larger lists, porn, proxies, malicious, and prime difficult.  A minimum of 6gb ram is required before attempting to run these lists, and a recommended 8gb. Running these four blacklists on a RouterOS device should be considered experimental until Mikrotik fixes the problems challenging RouterOS.

Obtaining blacklists for RouterOS Web proxy.

These blacklists and more are available for download to our members immediately. A subscription to squidblacklist.org is required.

 Footnotes:


 

  • Blacklist immediate availability from squidblacklist.org for all subscribed members.
  • A Routerboard compatibility chart can be found here.
  • A sample RouterOS web proxy blacklist is available for download here.
  • Mikrotik blacklist conversion tool for windows is available for download gratis.
  • Update script examples are available for download.
  • If you have any questions contact us.

Subscribe Today – Paypal or Credit Card Accepted.

Flat rate subscription. Select a membership option & subscribe.



Select Payment Option



  • You will be issued a username and password.
  • You will be granted access to our member area.
  • 5 Year Membership Option now vvailable.
  • For lifetime membership options click here.clipart
  • Contact us if you would like a pre order invoice.

Disclaimer: All sales are final, we do not issue refunds. Cancel your subscription anytime.