High Risk Website

Story: Here is Qt Creator 3.4.0Total Replies: 5
Author Content
ignotus

Apr 25, 2015
8:50 PM EDT
High Risk Website Blocked Location: http://fasterland.net/here-is-qt-creator-340.html Access has been blocked as the threat Mal/HTMLGen-A has been found on this website.
JaseP

Apr 25, 2015
10:42 PM EDT
Looked for information regarding this web-virus... not much found...

I do know that it is apparently cross-platform (affects Linux, MAC OS X, Windows)... Anything more???
ljmp

Apr 27, 2015
9:22 AM EDT
There seems to be some issue with false positives regarding Mal/HTMLGen-A:

http://community.sophos.com/t5/Sophos-EndUser-Protection/Re-False-positive-mal-HTMLgen-a/td-p/36863

The site seems to have a lot of ads. It loads fine with ghostery and noscript running -- thus just plain html.

The IP country is France and the IP block is listed as "Shared Hosting Servers".

The IP doesn't seem to have anything too unusually about it:

http://www.senderbase.org/lookup/?search_string=213.186.33.82

Who knows? I can't find too much wrong with the site... but I try hard to be immune to drive-by rootkitting. And I generally browse the web with scripting off - unless I need to enable it. This breaks many web pages, but I generally don't care for eye-candy in either my web browsing or my Desktop.



jdixon

Apr 27, 2015
11:23 AM EDT
> This breaks many web pages,

Yes, and people always ask me why I do that ...until the first time they get hit with a virus loaded by an ad on a web page
Faster3ck

Apr 27, 2015
4:32 PM EDT
Hi, I'm the owner of this website. I can assure you my website is malware free. Unfortunately, nowadays, many websites (and desktop software) are affected by false positive with no apparent reason because most of the Windows antivirus software are becoming more and more aggressive.

Luckily, my Google Webmaster Dashboard says that the site is clean. :)

Before I install every Wordpress plug-in in to my site I make sure that there are no malicious codes. As for ads,I use 3 banners per page from the adsense platform only (owned by Google) in order to cover the hosting expenses so there's no malware risks about it.

In conclusion I can't see any reason to distribute malware on a Linux/Developer oriented blog because I've a very little audience with a high knowledge about computers so I think that this is enough to ensure everyone that there are no malware! :D

PS: @ignotus, may I ask you what antivirus software blocked my page?
ljmp

Apr 27, 2015
5:06 PM EDT
@Faster3ck:

I suppose I should let ignotus answer for him/her self...

However in the interest of time, it seems your website has a 'reputation' problem with this company's product:

https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Mal~HTMLGen-A.aspx

They have a reputation reassessment request page here:

https://secure2.sophos.com/en-us/threat-center/reassessment-request.aspx

As noted in the sophos information page -- a blocked site for 'Mal HTMLGen-A' simply means that your site looks like a malware site to the sophos automated evaluation algorithm.

For myself, I don't use reputation algorithm blocking products, because there is usually a very high false positive result.

So, if you've done a virus check on your server -- made sure your ad banners are not misbehaving and serving up inappropriate ads -- checked your server IP through the various blacklists -- etc... etc.. you should probably just fill out the reassessment form, as the reported block is most likely a false positive.

You could probably also decrease your chance of getting on 'grey' reputation lists by enabling SSL. If you have a single domain running with no subdomains -- you can get a free SSL cert from StartSSL:

https://www.startssl.com/

EDIT:

And from the user side: Here's some advice I located on MAL HTML GEN - A...

http://www.anti-spyware-101.com/malhtmlgen-a

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!