QA on blacklist sources

[ethack]

I'm looking for ideas on how to prevent known non-malicious IPs, etc from ending up being flagged by RITA in the blacklisted module. For instance, 8.8.8.8 (one of Google's public DNS servers) made it into a blacklist that we use for a source. However, this IP is not malicious and RITA reporting it is a false positive.

I'm almost tempted to say this is an issue for the blacklist curators and that we are simply reporting them as they are. However, I don't want to have to manually go remove these values when we generate reports. And I don't want to have to explain why Google's DNS is reported as malicious.

I suggest keeping a text file in the repo of known good IPs, etc that people happen to find from time to time in the blacklists. Then rita-bl could use this list as a sort of global whitelist to prevent anything in it from appearing in the blacklists. We provide sensible defaults but if people would like to change them, they can edit the file. I'm worried that this is too closely related to whitelisting within RITA which we have decided to avoid thus far.

Thoughts? Would something like this be technically feasible?

[Zalgo2462]

Technically feasible? Yes. However, this would require another layer of abstraction on rita-bl. An easier (and quicker) solution would be to just use better blacklists.

[ethack]

How do you suggest judging relative quality of blacklists?

[Zalgo2462]

I don't claim to have the answer, but myip.ms allows user submissions without verification. Additionally, I haven't found a spot to request a blacklist takedown from them. Verification and the ability to remove entries from the blacklist would be important aspects to me.