Hala

The Heroic Domain of Ysgard
It is currently Fri Nov 22, 2019 4:21 pm

All times are UTC




Post new topic  Reply to topic  [ 5 posts ] 
Author Message
 Post subject: Avlis is malware
PostPosted: Tue Apr 01, 2014 12:09 pm 
Offline
Whelp of the Unholy Church of Newbieism

Joined: Tue Apr 01, 2014 12:05 pm
Posts: 1
I previously posted a note about this on CoPaP forums but this place seems more active and more likely someone will see and respond to it.

Navigating to avlis.org gives malware warnings from my browser. This has been the case for at least a month - when I first saw it, I figured someone would fix it fast, but no. Was not the case 6 months ago. Example reports from security companies:

http://sitecheck2.sucuri.net/results/avlis.org
http://www.avgthreatlabs.com/website-sa ... avlis.org/

For this to have been continuing for this long is rather troubling, who is responsible for that site?

Also the contact link on the CoPaP site ends with a 404 when you try sending messages to someone. That was the first thing I tried.


Top
   
 Post subject:
PostPosted: Tue Apr 01, 2014 12:42 pm 
Offline
Assistant Head DM
User avatar

Joined: Mon Apr 11, 2005 9:05 am
Posts: 2732
Location: Loitering.... with intent!
I'll point the relevent people to your post.

_________________
"Men never do evil so completely and cheerfully as when they do it from a religious conviction."
Blaise Pascal (1623 - 1662)


Top
   
 Post subject:
PostPosted: Tue Apr 01, 2014 2:01 pm 
Offline
Assistant Head DM
User avatar

Joined: Mon Apr 11, 2005 9:05 am
Posts: 2732
Location: Loitering.... with intent!
Ok, answers as they come:

Quote:
the first threat url they linked shows up because yandex says it is blacklisting the site - which is a false positive

_________________
"Men never do evil so completely and cheerfully as when they do it from a religious conviction."

Blaise Pascal (1623 - 1662)


Top
   
 Post subject:
PostPosted: Tue Apr 01, 2014 3:16 pm 
Offline
Whelp of the Unholy Church of Newbieism

Joined: Tue Apr 01, 2014 3:08 pm
Posts: 1
I thought it would be easier to hop over here and post directly :D

The malware warnings that you see are because the russian equivalent of google "yandex" thinks that the subdomain of avlis.org, wiki.avlis.org has an iframe injection. It is a false positive. I've tried to get the site removed from their malware list but it does not always work. One of the webinstaller files for the wiki itself has an iframe tag in it that redirects to an open partnering licensing site. This is part of the original mediawiki installation. I don't know why they think it is a problem.

If you use a site like virustotal.com and check avlis.org, every other site that does this same sort of check is clean. We run google webmaster tools against the site usually as well.

https://www.virustotal.com/en/url/37c7e ... /analysis/

For the heck of it, I tried commenting out the line of code that is likely offending yandex since it is part of the installer and we dont' use it anyway. I have resubmitted the site for a check but I won't hold my breath on their results.

I hope this helps!


Top
   
 Post subject:
PostPosted: Tue Apr 01, 2014 3:57 pm 
Offline
Assistant Head DM
User avatar

Joined: Mon Apr 11, 2005 9:05 am
Posts: 2732
Location: Loitering.... with intent!
Thanks krackq!

Better that someone that knows what they're talking about answers than me just relaying bits :)

_________________
"Men never do evil so completely and cheerfully as when they do it from a religious conviction."

Blaise Pascal (1623 - 1662)


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 5 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Limited