this post was submitted on 10 Jul 2023
262 points (100.0% liked)

Asklemmy

43783 readers
874 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy πŸ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
 

Are they just an issue with wefwef or trying to use an exploit

you are viewing a single comment's thread
view the rest of the comments
[–] tarjeezy@lemmy.ca 7 points 1 year ago (1 children)

Yea I've got both .zip and .mov blocked on my pihole

[–] Snipe_AT@lemmy.atay.dev -1 points 1 year ago (2 children)

sorry i’m missing it. why this specific TLD? can’t they just use any TLD for this and achieve the same thing? is there something special with .mov?

[–] Thassar@lemmy.blahaj.zone 5 points 1 year ago (1 children)

It's because it can cause confusion. The only difference between example.com/file.zip and example.com.file.zip is one uses a . and the other a / but both are valid domains. If somebody isn't paying much attention or they don't know much about domain names, they could click thinking to get a zip file from a legitimate site and end up going somewhere malicious instead. No other TLDs have this issue (well, I guess .com technically has it but who the hell is downloading and running com files these days) and they're pretty much exclusively used for this reason so it's a good idea to block them just to be safe.

[–] assa123@lemmy.world 2 points 1 year ago

sorry, I didn't saw your answer and also replied! I didn't remember that (.)COM was also a file extension, but now, thanks to your reminder, I will play some DOS games ;)

[–] assa123@lemmy.world 2 points 1 year ago

since .zip and .mov are recognizable file extensions, a url of the form google.com.docs.zelensky.zip could make people think that the domain is google.com pointing to a zip instead of the true domain, zelensky (dot) zip which probably would serve malicious content under that subdomain.