Avlis is malware

Talks that may or may not have anything to do with Hala or NWN

Moderators: Arkon, Top Team, Arkon, Top Team, Arkon, Top Team, Arkon, Top Team, Arkon, Top Team, Arkon, Top Team

Post Reply
rollory
Whelp of the Unholy Church of Newbieism
Posts: 1
Joined: Tue Apr 01, 2014 12:05 pm

Avlis is malware

Post by rollory » Tue Apr 01, 2014 12:09 pm

I previously posted a note about this on CoPaP forums but this place seems more active and more likely someone will see and respond to it.

Navigating to avlis.org gives malware warnings from my browser. This has been the case for at least a month - when I first saw it, I figured someone would fix it fast, but no. Was not the case 6 months ago. Example reports from security companies:

http://sitecheck2.sucuri.net/results/avlis.org
http://www.avgthreatlabs.com/website-sa ... avlis.org/

For this to have been continuing for this long is rather troubling, who is responsible for that site?

Also the contact link on the CoPaP site ends with a 404 when you try sending messages to someone. That was the first thing I tried.

Psye Shaar
Assistant Head DM
Posts: 2732
Joined: Mon Apr 11, 2005 9:05 am
Location: Loitering.... with intent!

Post by Psye Shaar » Tue Apr 01, 2014 12:42 pm

I'll point the relevent people to your post.
[i]"Men never do evil so completely and cheerfully as when they do it from a religious conviction." [/i]
Blaise Pascal (1623 - 1662)

Psye Shaar
Assistant Head DM
Posts: 2732
Joined: Mon Apr 11, 2005 9:05 am
Location: Loitering.... with intent!

Post by Psye Shaar » Tue Apr 01, 2014 2:01 pm

Ok, answers as they come:
the first threat url they linked shows up because yandex says it is blacklisting the site - which is a false positive
[i]"Men never do evil so completely and cheerfully as when they do it from a religious conviction." [/i]
Blaise Pascal (1623 - 1662)

krackq
Whelp of the Unholy Church of Newbieism
Posts: 1
Joined: Tue Apr 01, 2014 3:08 pm

Post by krackq » Tue Apr 01, 2014 3:16 pm

I thought it would be easier to hop over here and post directly :D

The malware warnings that you see are because the russian equivalent of google "yandex" thinks that the subdomain of avlis.org, wiki.avlis.org has an iframe injection. It is a false positive. I've tried to get the site removed from their malware list but it does not always work. One of the webinstaller files for the wiki itself has an iframe tag in it that redirects to an open partnering licensing site. This is part of the original mediawiki installation. I don't know why they think it is a problem.

If you use a site like virustotal.com and check avlis.org, every other site that does this same sort of check is clean. We run google webmaster tools against the site usually as well.

https://www.virustotal.com/en/url/37c7e ... /analysis/

For the heck of it, I tried commenting out the line of code that is likely offending yandex since it is part of the installer and we dont' use it anyway. I have resubmitted the site for a check but I won't hold my breath on their results.

I hope this helps!

Psye Shaar
Assistant Head DM
Posts: 2732
Joined: Mon Apr 11, 2005 9:05 am
Location: Loitering.... with intent!

Post by Psye Shaar » Tue Apr 01, 2014 3:57 pm

Thanks krackq!

Better that someone that knows what they're talking about answers than me just relaying bits :)
[i]"Men never do evil so completely and cheerfully as when they do it from a religious conviction." [/i]
Blaise Pascal (1623 - 1662)

Post Reply