New Update uBlock Origin/Nano Adblocker - User Tips, Questions and Issues Thread

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,472
Being a lefty forced to write with my right hand at schools (yes I am that old), I tend look differently at things than most people. Not surprisingly I have figured out a light intermediate mode, which breaks less websites as medium mode (blocking third-party frames) and a dare to say is safer than the default medium mode many people use.

My Rules
With advanced mode enables you can see what domains are blocked. In case you want to allow a HTTP website
----
no-cosmetic-filtering: * true
no-large-media: behind-the-scene false
no-scripting: behind-the-scene false
* * * noop


My Filter
The idea is to block third-party request of all unsecure/unencryptes HTTP websites. When you have a look at
hXXp://vxvault.net/URL_List.php or hXXps://www.malwaredomainlist.com/mdl.php you see that most of the malware comes from HTTP websites. So blocking third-party requests from unsecure websites is good practise.
----
HTTP://*^$third-party,object,script,subdocument,ping,websocket,xmlhttprequest

Filterlists
As an advocate of light blocklists, I only have enabled Disconnect Malvertising list. This is the reason why I have disabled cosmetic filtering also (so please remove " no-cosmetic-filtering: * true" when you do use cosmetic filtering).
I don't quite understand.
How do you block scripts and frames now?
Do you allow 3rd party by * * * noop ?
The only rule now is the filter HTTP://*^$third-party,object,script,subdocument,ping,websocket,xmlhttprequest ?
 

Handsome Recluse

Level 23
Verified
Top Poster
Well-known
Nov 17, 2016
1,242
As an advocate of light blocklists, I only have enabled Disconnect Malvertising list.
Why not just use Disconnect Advertising List or Peter Lowe's when you're also a believer of the sucking of community-based malware lists. Halves the list -- assuming the number of rules is the real metric we should focus on.
 

Windows_Security

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
I don't quite understand.
How do you block scripts and frames now?
Do you allow 3rd party by * * * noop ?
The only rule now is the filter HTTP://*^$third-party,object,script,subdocument,ping,websocket,xmlhttprequest ?
Sorry, I had to go a liberation/freedom party and made a mistake by removing to much. Have edited the original post again. Hope this explains.
 

Windows_Security

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
Okay, that explains it. Hope you enjoyed the party.
One question remains for me what does "* * * noop" do and is it needed?
Yes thanks, met my son and we had time to talk in between artists and drink a beer (was cold though, only 12 C)
Good to see 5th of May turned from second WW liberation to general 'enjoy & celebrate' freedom national party in the Netherlands also celebrated by younger people. Hope you enjoyed it also.
-------------

NOP or NOOP is in assembly language a program instruction that does nothing :) NOOP disables the dynamic (uBlock) rules, with the advantage that any static (Adblock) rule still are applied. I will explain line by line

EDIT: See post #30 below
 
Last edited:

Windows_Security

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
Why not just use Disconnect Advertising List or Peter Lowe's when you're also a believer of the sucking of community-based malware lists. Halves the list -- assuming the number of rules is the real metric we should focus on.
Disconnect advertising is not a standard list in uBlock, but overlaps for 95% with Disconnect Malvertising, so feel free to use Disconnect Advertising instead. Peter low and Malvertising overlap for 80%, so choose the one you like, but Peter Low is a one man band operation and Disconnect gets the feedback of all Firefox users, that is why I think Disconnect Advertising (or Malvertising) are better than Peter Low's list.

Malvertising filter of Disconnect has less than 3K rules and it filters out 15-25% of the web rquests on the websites I visit, but mileage may vary depending on your location and/or surfing habits.
 

Attachments

  • 1557088963366.png
    1557088963366.png
    105.4 KB · Views: 895
Last edited:

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,472
Yes thanks, met my son and we had time to talk in between artists and drink a beer (was cold though, only 12 C)
Good to see 5th of May turned from second WW liberation to general 'enjoy & celebrate' freedom national party in the Netherlands also celebrated by younger people. Hope you enjoyed it also.
-------------

NOP or NOOP is in assembly language a program instruction that does nothing :) NOOP disables the dynamic (uBlock) rules, with the advantage that any static (Adblock) rule still are applied. I will explain line by line

My Rules
* * * NOOP (do nothing for all)
* * 3p-frame BLOCK (block third-party frames)
* * 3p-script BLOCK(block third-party scripts)
com * 3p-frame NOOP (ignore 3p-frame block for all COM domains)
com * 3p-script NOOP (ignore 3p-script block for all COM domains)
...
...
NL * 3p-frame NOOP (ignore 3p-frame block for all NL = Dutch domains)
NL * 3p-script NOOP (ignore 3p-script block for all NL = Dutch domains)

NOOP needed?
Because II don't use allow but NOOP the static (adBlock) in My filters still applies, so it is essential in this setup (and has the advantage to get the ' advanced info' with very little rules tweaking. The single line in My filters simply blocks third-party request to HTTP sites for objects (e.g. flash), scripts, subdocuments (frames), ping, websocket requests and XML HTTP requests (which all can redirect to or trigger malicious code). By using NOOP the thord-party requests on for instance COM and NL domains are still blocked when they refer to HTTP (unsecure) domains

My filters
HTTP://*^$third-party,object,script,subdocument,ping,websocket,xmlhttprequest



Note
when you (a member) speak a broad world language like English, Spanish or French what is spoken i several countries it is adviced to add the country domains for the countries you read/visit websites (e.g. english speaking could besides UK, you could also add US, CA, AU, NZ, ZA)
View attachment 213258


View attachment 213256
View attachment 213259
Yes, we enjoyed the 5th of May too.
Slightly different because we had the birthday of my now 4-year old niece.
It's always nice when you have time to catch up with family and or friends.

Thank you for this detailed and clear post.
I'm familiar with the noop rule used in uBlock Origin.
Only I still don't understand the need for * * * NOOP (do nothing for all) when you have the rules com * 3p-frame NOOP and com * 3p-script NOOP (and for the other domains like nl) in place.
Can you explain that to me?
 

Windows_Security

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
@Gandalf_The_Grey

Okay, now I understand. I have figured out this some time ago, when uMatrix got a overhaul. uMatrix has a default deny. When you don't specify * * * BLOCK, it still blocks stuff. I assumed uBlock had the same behavior (programmers usually apply same standards in all their programs), that is why I added the * * * NOOP.

Because you kept on asking, I tried my rules set without the * * * NOOP and it still kept working as intended, so I stand corrected the * * * NOOP is not essential. Thanks for (keeping) asking (y). It also works without.

This opens the option to combine uBlock Easy mode with Chrome's javascript site permissions (has the advantage of getting a warning in the browser when javascript is blocked), see next post,
 
Last edited:

Windows_Security

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
CROSS OVER OF EASY MODE AND MEDIUM MODE OF UBLOCK
This uBlock0 tweak combines uBlock's EASY mode (blocking third-party farmes) with the idea used by many members to use Chrome's internal script site permissions to only allow scripts on some Top Level Domains.

BENEFITS: IS EASIER THAN EASY MODE AND NEARLY AS SAFE AS MEDIUM MODE.
This setting block all scripts from unsecure websites (Chrome's site permissions) and all third-party frames from unsecure (HTTP) websites (with static adblock filter in uBlock's My Filters). So on HTTP websites it is 100% AS SAFE ublock in MEDIUM mode in relation to third-party frames and SAFER in relation to scripts than uBlock's MEDIUM mode, because it blocks both FIRST and THIRD-party scripts on unsecure websites :emoji_clap:.

Just have a look at VX-VAULT (link), Malcode (link) or Malware Domains (link) to check for yourself that most (95%) malware comes from (unsecure) HTTP websites. Only on a few explicitly specified HTTPS Top Level Domains scripts and frames are allowed to execute. So in real world practice this setting is 95% AS SAFE as uBlock's MEDIUM mode on HTTPS websites. :emoji_innocent:

It is also EASIER to maintain than uBlock's EASY mode. Because it causes less website breakage (excludes the third-party frames to be blocked on the HTTPS Top Level Domains you normally visit) and provides a visual feedback when something is blocked ( explained at bottem of post) :cool:.

CHROME - SITE PERMISSIONS: block javascript and allow specific TLD's (in my case top level domains COM, INF, NET, ORG and country code NL)
213264


uBlock - My Rules: in EASY mode, but more relaxed due to the NOOP 3P-FRAME for the same TLD's as allowed in above SITE PERMISSIONS
no-large-media: behind-the-scene false
no-scripting: behind-the-scene false
behind-the-scene * * noop
behind-the-scene * 1p-script noop
behind-the-scene * 3p noop
behind-the-scene * 3p-frame noop
behind-the-scene * 3p-script noop
behind-the-scene * image noop
behind-the-scene * inline-script noop

* * 3p-frame block
com * 3p-frame noop
inf * 3p-frame noop
net * 3p-frame noop
nl * 3p-frame noop
org * 3p-frame noop


uBlock - My Filters: Only block third-party subdocuments (is Adblock lingo for frames) on unsecure (HTTP) websites.
HTTP://*^$third-party,subdocument

Filter Lists
I only enable Disconnect malvertising because I don't see the added value of 300.000 rules compared to 3000 rules (see explanation). Disconnect Malvertising overlaps for 95% with Disconnect simple ad filter. This Disconnect simple ad filter is used in Firefox, so gets a lot of (user) feedback on website breakage. This is the reason I asume it is a wel maintained and effective blocklist.

213266


Enable as many filters as you like, i only use Malvertising of Disconnect.

VISUAL FEEDBACK WHEN SOMETHING IS BLOCKED
The advantage of using Chrome site permissions in stead of uBlock MEDIUM mode, is that you get a visual indication when Chrome blocks scripts on a website (so you know you might need to enable a 3p-frame also).

1557124954406.png


NOTE:
Thanks to members asking questions and providing tips to improve the initial post (y) When you want to use your browser as PDF reader, be sure to add this rule to SITE PERMISSIONS (see picture, the three / are not a mistake, it is the correct syntax for local files)
213271
 
Last edited:

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,472
CROSS OVER OF EASY MODE AND MEDIUM MODE OF UBLOCK
This uBlock0 tweak combines uBlock's EASY mode (blocking third-party farmes) with the idea used by many members to use Chrome's internal script site permissions to only allow scripts on some Top Level Domains.

BENEFITS: IS EASIER THAN EASY MODE AND NEARLY AS SAFE AS MEDIUM MODE.
This setting block all scripts from unsecure websites (Chrome's site permissions) and all third-party frames from unsecure (HTTP) websites (with static adblock filter in uBlock's My Filters). So on HTTP websites it is 100% AS SAFE ublock in MEDIUM mode in relation to third-party frames and SAFER in relation to scripts than uBlock's MEDIUM mode, because it blocks both FIRST and THIRD-party scripts on unsecure websites :emoji_clap:.

Just have a look at VX-VAULT (link), Malcode (link) or Malware Domains (link) to check for yourself that most (95%) malware comes from (unsecure) HTTP websites. Only on a few explicitly specified HTTPS Top Level Domains scripts and frames are allowed to execute. So in real world practice this setting is 95% AS SAFE as uBlock's MEDIUM mode on HTTPS websites. :emoji_innocent:

It is also EASIER to maintain than uBlock's EASY mode. Because it causes less website breakage (excludes the third-party frames to be blocked on the HTTPS Top Level Domains you normally visit) and provides a visual feedback when something is blocked ( explained at bottem of post) :cool:.

CHROME - SITE PERMISSIONS: block javascript and allow specific TLD's (in my case top level domains COM, INF, NET, ORG and country code NL)
View attachment 213264

uBlock - My Rules: in EASY mode, but more relaxed due to the NOOP 3P-FRAME for the same TLD's as allowed in above SITE PERMISSIONS
no-large-media: behind-the-scene false
no-scripting: behind-the-scene false
behind-the-scene * * noop
behind-the-scene * 1p-script noop
behind-the-scene * 3p noop
behind-the-scene * 3p-frame noop
behind-the-scene * 3p-script noop
behind-the-scene * image noop
behind-the-scene * inline-script noop

* * 3p-frame block
com * 3p-frame noop
inf * 3p-frame noop
net * 3p-frame noop
nl * 3p-frame noop
org * 3p-frame noop


uBlock - My Filters: Only block third-party subdocuments (is Adblock lingo for frames) on unsecure (HTTP) websites.
HTTP://*^$third-party,subdocument

Filter Lists
I only enable Disconnect malvertising because I don't see the added value of 300.000 rules compared to 3000 rules (see explanation). Disconnect Malvertising overlaps for 95% with Disconnect simple ad filter. This Disconnect simple ad filter is used in Firefox, so gets a lot of (user) feedback on website breakage. This is the reason I asume it is a wel maintained and effective blocklist.

View attachment 213266

Enable as many filters as you like, i only use Malvertising of Disconnect.

VISUAL FEEDBACK WHEN SOMETHING IS BLOCKED
The advantage of using Chrome site permissions in stead of uBlock MEDIUM mode, is that you get a visual indication when Chrome blocks scripts on a website (so you know you might need to enable a 3p-frame also).

View attachment 213267

NOTE:
Thanks to members asking questions and providing tips to improve the initial post (y) When you want to use your browser as PDF reader, be sure to add this rule to SITE PERMISSIONS - JavaScript: ALLOW F:///*
View attachment 213271
It's working great so far. (y)
Had to add INFO to the allowed list.
For another site, I made a "local" exception:

Aantekening 2019-05-06 201659.png
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,472
Quick PSA. You can just add the I Don't Care About Cookies List to uBO and you won't waste the RAM that the extension is using.
That's correct, but on some websites, the extension does a better job.
For example, on Mobiele telefoons en abonnementen, best geteste netwerk | T-Mobile the filter list blocks the cookie warning and you can't continue, while the extension confirms/enters the cookie warning and you can continue to use the website.
 

Windows_Security

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
Last edited:

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,472
This is why I joined this place. I really like hearing better ideas. You are right. Removed the list. By cookie popup do you mean Fanboys Cookie List?
No, you can use the list, it's quite good. I meant when a site doesn't work like t-mobile in my case you can go to the logger in uBlock origin and make a filter to allow the cookie popup on that site. Personally, I don't use but have never tried Fanboy's, Cookie List.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top