Web Content Filtering with OpenDNS

My friend's family has been the victim of a fraud attempt utilizing a malicious website, and neither police nor the operator promised an attempt to take the site down.  Also, I moved my broadband connection back to Virgin Media recently. Still, the WebSafe service Virgin Media includes in their standard broadband offering is not effective in my home network as I use pi-hole with Google upstream DNS.

For the above reasons, I decided to try OpenDNS as upstream DNS for my pi-hole. I have set up an account with OpenDNS and added my home network with dynamic DNS. To keep dynamic IP updated, I installed ddclient on my good old Raspberry Pi 1b hosting pi-hole service also, but I got FAILED messages in the log for the update.

May 16 11:48:23 pi1b ddclient[2018]: WARNING:  file /var/cache/ddclient/ddclient.cache, line 3: Invalid Value for keyword 'ip' = ''
May 16 11:48:25 pi1b ddclient[2020]: FAILED:   updating Home: authorization failed (HTTP/1.0 401 Unauthorized
May 16 11:48:25 pi1b ddclient[2020]: FAILED:    date: Sun, 16 May 2021 10:48:24 GMT
May 16 11:48:25 pi1b ddclient[2020]: FAILED:    server: opendns
May 16 11:48:25 pi1b ddclient[2020]: FAILED:    www-authenticate: Basic realm="RESTRICTED"
May 16 11:48:25 pi1b ddclient[2020]: FAILED:    content-length: 7
May 16 11:48:25 pi1b ddclient[2020]: FAILED:    content-type: text/html; charset=UTF-8
May 16 11:48:25 pi1b ddclient[2020]: FAILED:    x-envoy-upstream-service-time: 57
May 16 11:48:25 pi1b ddclient[2020]: FAILED:    x-xss-protection: 1; mode=block
May 16 11:48:25 pi1b ddclient[2020]: FAILED:    x-ingress-point: lon
May 16 11:48:25 pi1b ddclient[2020]: FAILED:    connection: close
May 16 11:48:25 pi1b ddclient[2020]: FAILED:
May 16 11:48:25 pi1b ddclient[2020]: FAILED:    badauth)

I opened a support case with OpenDNS but continued free of charge OpenDNS Family Shield service for now with Low filtering level. It gives a similar service to Virgin Media WebSafe. I will continue to look for ways to get the malicious website that my friend's family has fallen victim to being covered by the Phishing Protection of this free of charge OpenDNS Family Shield service.

-- UPDATE --

Browsing OpenDNS forums, I realised that I had character > in my password, and this character has special HTML encoding. Removing this character from my password made the update a SUCCESS:

May 16 12:53:42 pi1b ddclient[2702]: SUCCESS:  updating Home: good: IP address set to x.x.x.x

Unfortunately, registration to PhishTank is temporarily disabled, so I can not report the malicious website yet, but I will regularly check back.

-- UPDATE 2 --

Posting this issue on LinkedIn brought the malicious website issue to a resolution. A former colleague of mine pointed me to the hosting provider scam reporting web form. Within 24 hours the hosting provider has taken down the malicious site - well done weebly.com!

Another former colleague of mine called my attention again to the privacy benefits of using unbound, a recursive DNS resolver instead of an upstream DNS provider so I give it another try based on this guide.