How to block undesirable Localhost access

[andyprough]

An interesting Ghacks article today mentioned that Brave is building Localhost access controls into the browser, which intrigued me. I don't know much about Localhost probing, but a search of our forum brought up a post by MC about it that made me wonder if it could be blocked or controlled on Pale Moon also: viewtopic.php?p=233858#p233858

Some websites make requests to localhost to probe for malware. It's a very controversial practice and IMHO of very limited use.

I don't see any obvious configuration option in about:config to try to control this for Pale Moon. But I found that uBlock has a filter called "Block Outsider Intrusion into LAN" that is supposed to block or control this type of activity: https://raw.githubusercontent.com/uBloc ... -block.txt

I've added the filter to eMatrix, and I'm assuming it can be added just as easily to uBlock Origin for Firefox Legacy. I'm trying it out to see if it massively breaks web browsing, or if it doesn't seem to cause problems. I'll post more here as I find out more, and I'd be interested in comments or insights from anyone else that knows more about Localhost probing.

And if no one else is interested, at least this post will be here so I can find the uBlock filter for my other systems. Peace out.

[Blacklab]

Filter list 'Block Outsider Intrusion into LAN' now comes as one of the standard pre-installed blocklists with latest uBlock Origin (uBO) v1.50.0 for Firefox, Chrome, and their various clones/rebuilds/derivatives.

The 'Block Outsider Intrusion into LAN' list is not 'active/selected' on uBO v1.50.0 initial installation... but it is immediately available as one of the filter list options under the 'Privacy' section:

uBO v 1.50.0 filter lists - Privacy subsection.jpg

uBO v 1.50.0 filter lists activated on installation - Privacy subsection

Unsure if the syntax of 'Block Outsider Intrusion into LAN' list is compatible with the legacy uBO v1.16.4.30 available for Pale Moon? When added as a custom filterlist the filter's info line shows '0 used out of 0'

[vannilla]

I'd like to know if that filter is compatible with eMatrix at all, too.

[andyprough]

I'd like to know if that filter is compatible with eMatrix at all, too.

eMatrix reports "48 used out of 62". I don't know if that's a real affirmation that it is truly doing some blocking. Is there a good way to check?

lan-block-eMatrix.png

[vannilla]

eMatrix reports "48 used out of 62". I don't know if that's a real affirmation that it is truly doing some blocking. Is there a good way to check?

Oh, neat.
Unless there's a bug a number higher than 0 means the rules are being applied in one way or another.

[andyprough]

Oh, neat.
Unless there's a bug a number higher than 0 means the rules are being applied in one way or another.

Excellent! I haven't noticed any bad effects at all in browsing today, so I think I'm going to stick with it. I've read that some big sites such as eBay in the past have been caught doing a bunch of this Localhost probing for no apparent good reason, so using this filter looks like a useful privacy hack.

[Likestofish]

This is good stuff. I'll just note that while it appears to work in eMatrix, uBlockOrigin Firefox Legacy reports 0 out of 62 filters used, both in Pale Moon and Basilisk. I don't know if its time for someone to fork uBlock or not, but...

Thanks, Andy.

[vannilla]

Just to clarify, I don't know if the rules are being applied correctly as I don't know any place to test them on.
However, knowing that something is being applied is still better than having a big fat 0, so in the worst case it should be possible to work on the actual matrix (the toolbar popup) and fix things as needed.

[sidology]

Just to clarify, I don't know if the rules are being applied correctly as I don't know any place to test them on.

Maybe these: https://github.com/brave/adblock-lists/ ... w-list.txt

[therube]

Granted I don't know what I'm saying in my post, Brave Browser boosts privacy with new local resources restrictions (but I'm sure Moonchild will correct what is wrong ).

(Yeah, yeah, I know, "it's all wrong!".)


And while we're at it, see, Problem with Warsaw detection.

[Moonchild]

And while we're at it, see, Problem with Warsaw detection.

So that will never work in Brave, then

[andyprough]

Granted I don't know what I'm saying in my post, Brave Browser boosts privacy with new local resources restrictions

I think a good example is in this Ghacks article from a few years ago, when Martin Brinkmann caught eBay port scanning a series of Localhost 127.0.0.1 connections on the local computer when people visited the site: https://www.ghacks.net/2020/05/25/ebay- ... e-webpage/

eBay doesn't seem to be doing that right now, so the negative publicity of this Ghacks article and of other tech sites that picked up on eBay doing this probably caused them to change their ways.

[Garland]

I added the filter list from the opening post to eMatrix. When I go to https://www.spectrum.net/ and click the "Sign In" button, I see that eMatrix has blocked 16 XHR by site 127.0.0.1. Thanks @andyprough for creating this thread!
This site may serve as a test for other Pale Moon users.

[frostknight]

127.0.0.1

8118 in http and ssl ports

What does this do?

Have privoxy working in the background and it will block annoying stuff if you have the level of privoxy on a high enough level.

edit /etc/privoxy/config changing this:

enable-edit-actions 0

to a 1 and then do this:

http://config.privoxy.org/show-status

When you have changed your settings properly, restart privoxy and change /etc/privoxy/config enable-edit-actions back to a 1

This is what I do currently.

I set the protection to medium

You are free to do whatever though.

Changed these 3 below in web interface to medium protection:

/etc/privoxy/match-all.action
/etc/privoxy/default.action
/etc/privoxy/user.action

Could be a more advanced way to protect though, but for some it seems worth it.

[Raava]

Filter list 'Block Outsider Intrusion into LAN' now comes as one of the standard pre-installed blocklists with latest uBlock Origin (uBO) v1.50.0 for Firefox, Chrome, and their various clones/rebuilds/derivatives.
[…]
Unsure if the syntax of 'Block Outsider Intrusion into LAN' list is compatible with the legacy uBO v1.16.4.30 available for Pale Moon? When added as a custom filterlist the filter's info line shows '0 used out of 0'

Since I use Pale Moon uBO v1.16.4.30 is seemingly the only available version for me?

Did you manage getting 'Block Outsider Intrusion into LAN' working with legacy uBO v1.16.4.30?
─────────────────────────────────────────────────
Oh well, since I also have eMatrix - I will have to add it though eMatrix. I presume it is made like so:
When I click eMatrix (ηMatrix) V5.03 mechanical gear icon I get in tab [Host files] this
chrome://ematrix/content/dashboard.html#hosts-files

One URL per line. Lines prefixed with ‘#’ will be ignored. Invalid URLs will be silently ignored. The inserted URL must point to a hosts file (including local files); do not use the hosts file syntax here.

So I copy the URL https://raw.githubusercontent.com/uBloc ... -block.txt into the area and pressed [Apply Changes]
After a few seconds it appears in its list as so

https://raw.githubusercontent.com/uBloc ... lock.txt​​ ​​​55 used out of 70​​

I am presuming that means it is working?

[vannilla]

I am presuming that means it is working?

I am not aware of any bug pertaining to this after so many years of use and development, so until further notice it is safe to assume it is indeed working.

[Garland]

I am presuming that means it is working?

See viewtopic.php?p=244572#p244572

Please try the test site I provided and report back to us whether eMatrix blocks the access by 127.0.0.1 for you in Europe.

[Raava]

Hi Garland,

Please try the test site I provided and report back to us whether eMatrix blocks the access by 127.0.0.1 for you in Europe.

I opened https://www.spectrum.net/ and clicked the "Sign In" button. I did not allow any scripts via eMatrix - eMatrix is in its standard mode when it comes to spectrum.net.

I opened the eMatrix logger and selected

Code: Select all

Sign In to Get Started | ID.spectrum.net

Nothing is displayed at first.

After a while it says this:

(at the time of the screenshot these have been all its visible entries)

Do I have to look elsewhere to see the blocks for the access by 127.0.0.1 ?
In its "main display" that you get by clicking on the eMatrix icon there is no row for "127.0.0.1". I can make a screenshot of that "main display" as well if that would be helpful.

[Garland]

Today I noticed that the filter lists in uBlock Origin have been updated, so uBO blocks spectrum.net from local host access. I either disable uBO entirely or enable all accesses by spectrum.net in uBO, then refresh the page. Now I can see in the eMatrix main display a row for 127.0.0.1, where there are 16 XHR blocked.

Raava, does the same happen for you in Europe?

[Raava]

Raava, does the same happen for you in Europe?

Not really, but maybe silly me does something wrong?

I disabled uBO on spectrum.net and reloaded spectrum.net:


Then I opened what I call "main display" of eM:

No 127.0.0.1 to be seen.

I only censored the random looking URL at the very bottom since that one looked like it could identify my browser.

Would the 127.0.0.1 entry appear in what I call eM's "main display"?