Been using pihole for some time now and use some of the recommended blocklists here.
Recommended Pihole to a cousin who had concerns about clicking on phished sites, so I suggested they install pihole to avoid that.
They brought up how in a windows host file, one can redirect a legitimate financial site to a phished site and then asked "what can prevent pihole users for downloading an adlist that has such a redirect."
I responded that adlists only block (blacklist) or can be allowed (whitelisted) but can't redirect but wasn't 100% sure.
Is this a correct assumption?
So, can an adlist be used for malicious purposes to redirect to a phished site using Pihole like a windows host file?
Nothing can prevent users from downloading such a file, but in any event Pi-hole strips leading IP's from each line of a downloaded adlist and keeps just the domains.
So, even if there were such a redirect in the native file, it would not make it into the gravity list.
Example line entries that may appear in an adlist file:
Pi-hole parses them all similarly to end up with this entry in gravity:
flurry.com
There can be no redirect out of gravity.
Pi-hole either blocks a domain (as specified by your adlists or your local domain blocks) and returns the NULL IP by default (the client will be able to load nothing for that domain), or forwards the domain to an upstream DNS resolver.
Another assumption is that there is no way for a downloaded adlist to place itself into a whitelist directly, right?
In other words, if gravity parses the "possible redirect" into domains only, downloaded adlists can't be used to populate a whitelist to allow a phishing domain directly as whitelists can only be manually added via the domain or regex filter?
Just trying to understand the vulnerability, if any, since cousin is paranoid about open source programs and we have constant debates over this.
