PDA

View Full Version : LFPF - malware provider?



BrianShaw
29-May-2013, 11:59
Yesterday my company's webserver started denying acceess to this site, claiming that it has been "proven" to be a malware provider. I'm upset. I have never gotten any free malware. Where's mine? I work for a stodgy, suspicious, and apparently represive company that is denying my civil rights by restricting access to this fine forum. I hope whatever set off their naughty-site detector will soon be resolved. In the meantime, I'll be scarce.

Sal Santamaura
29-May-2013, 12:24
Perhaps your company reached that conclusion by evaluating the "malness" of what some abrasive posters have been adding to threads lately. :D

Sevo
29-May-2013, 12:50
If it is a firewall and no proxy server, it will be blocking by IP, not by DNS address. As the LFP address reverses to server3.reid.org, we may not have a unique IP address of our own, and if any other virtual server on the same hardware box is infected by malware, we'll end up on blocking lists along with it.

Another possible reason is that LFP is, for whatever reason, loading the Yahooapis script set - a legitimate Yahoo product, but many tight security policies (e.g. TrendMicro at maximum setting) will ban it as spyware. I don't know when Yahooapis were added - that might be a recent change, or they updated or changed your firewall policies.

Otto Seaman
29-May-2013, 13:19
Maybe they just wanted to get some work out of the employees they pay?

jb7
29-May-2013, 13:50
Surfing photography websites at work?

Hooray, the recession is over...

Kirk Gittings
29-May-2013, 14:02
While i was still a moderator a couple of days ago, someone emailed me with a similar story. I sent it on to Ralph but I had an old address for him and it bounced back. So this may be a bigger problem than we think.

Jim C.
29-May-2013, 14:09
A day or so ago there were some spam posts that had links in the message, I never followed the links but hovering my cursor over them
the status bar in Safari gave me weird web addresses, could that be that's the reason your company web server is denying access ?

Don't know if the Mods have deleted those messages or not,
not that anyone should click the links !

Kirk Gittings
29-May-2013, 14:12
While i was still a moderator a couple of days ago, someone emailed me with a similar story. I sent it on to Ralph but I had an old address for him and it bounced back. So this may be a bigger problem than we think.

I resent it to Ralphs proper email.

rdenney
29-May-2013, 14:58
A day or so ago there were some spam posts that had links in the message, I never followed the links but hovering my cursor over them
the status bar in Safari gave me weird web addresses, could that be that's the reason your company web server is denying access ?

Don't know if the Mods have deleted those messages or not,
not that anyone should click the links !

Such posts should be reported. We remove spam posts with nasty hidden links in them nearly every day, so I can't say from your description if that's one of the ones I "disappeared".

My "company" is not denying access (yet), and it's probably about as picky as any in existence that is not in a secure room.

Rick "who tries to keep up using an iPhone while traveling, and is risking thumb-overuse injuries" Denney

Leigh
29-May-2013, 15:21
If it is a firewall and no proxy server, it will be blocking by IP, not by DNS address.
Blocking by IP address is so last-century.

Every IP address can support over 64,000 unique users (different companies, organizations, etc).
Blocking an IP because one of those is a malware source also blocks the remaining good guys. Not reasonable.

- Leigh

Henry Ambrose
29-May-2013, 17:28
Blocking by IP address is so last-century.

Every IP address can support over 64,000 unique users (different companies, organizations, etc).
Blocking an IP because one of those is a malware source also blocks the remaining good guys. Not reasonable.

- Leigh

Yes, it is so "last century" but it is effective. And when you can pin it down to particular IPs (known or suspected to be bad guys) its worth it and oh so effective. I rather enjoy the drastic and barbaric nature of it. And did I say its effective?

Jac@stafford.net
29-May-2013, 17:54
Could it be that your employer is limiting access to sites relevant to the company's purpose?
.

Jim C.
29-May-2013, 18:32
Such posts should be reported. We remove spam posts with nasty hidden links in them nearly every day, so I can't say from your description if that's one of the ones I "disappeared".

My "company" is not denying access (yet), and it's probably about as picky as any in existence that is not in a secure room.

Rick "who tries to keep up using an iPhone while traveling, and is risking thumb-overuse injuries" Denney

I seem to be having bad bouts with CRS and forums, or I'm a member of too many,
I thought there used to be a "report" button ?

rdenney
29-May-2013, 19:06
I seem to be having bad bouts with CRS and forums, or I'm a member of too many,
I thought there used to be a "report" button ?

There is. It's the triangle with the exclamation point in the lower left portion of each post.

Rick "who understands about CRS" Denney

Jim C.
29-May-2013, 21:47
Ah-HA! There it is !
Didn't that used to have "report" next to the icon ?

Preston
29-May-2013, 21:50
"...someone emailed me with a similar story."

That was me. I'll check again to see if our forum is still blocked when I go to my office on Friday. Until last Sunday at work, I had no issues, so this was a new thing.

--P

dizzzyg44
30-May-2013, 04:35
Also seeing the same here at work...

Rep score of 7.3 (10 is worst)
Threat type: othermalware
thread reason: domain has unusually high traffic volume for a very recent registration. Domain reported and verified as serving malware

rdenney
30-May-2013, 05:03
Ah-HA! There it is !
Didn't that used to have "report" next to the icon ?

If you mouse over it, the tool-tip will read "Report Post". We maintain Tom's sanity by avoiding changes to the forum software we use, and so when they move a button, we sorta have to move with it.

Rick "wondering if some of those posts that need reporting could be considered malware" Denney

BrianShaw
30-May-2013, 05:43
"...someone emailed me with a similar story."

That was me. I'll check again to see if our forum is still blocked when I go to my office on Friday. Until last Sunday at work, I had no issues, so this was a new thing.

--P

Same timing for me.

Kirk Gittings
30-May-2013, 07:28
From Tom.

"Nothing unusual mentioned in our corp filters at work so I'd guess its not about us. I'll monitor for a few days just in case."

Tom Westbrook

Sal Santamaura
30-May-2013, 08:28
Perhaps your company reached that conclusion by evaluating the "malness" of what some abrasive posters have been adding to threads lately. :D


...Rick "wondering if some of those posts that need reporting could be considered malware" DenneyGreat minds think alike! :D:D

Preston
9-Jun-2013, 08:15
Sunday, June 9, 2013...

It appears that whatever was causing the malware warning on my work computer has been fixed.

Now, I can read all the latest at LFPF and not get any work done. :-)

How cool is that!

--P

Randy Moe
9-Jun-2013, 08:34
I recently joined and quit http://tech.groups.yahoo.com/group/CarbronTransfer as I got daily porn messages from that direction. Since I quit, they have stopped.

BrianShaw
9-Jun-2013, 09:28
Very cool, Preston! I'm hoping to find the same improvement on Monday.

photobymike
9-Jun-2013, 10:34
Yesterday my company's webserver started denying acceess to this site, claiming that it has been "proven" to be a malware provider. I'm upset. I have never gotten any free malware. Where's mine? I work for a stodgy, suspicious, and apparently represive company that is denying my civil rights by restricting access to this fine forum. I hope whatever set off their naughty-site detector will soon be resolved. In the meantime, I'll be scarce.

It was decided when computers started in roads into mainstream business that restricting access would be at the companies prerogative. Usually companies issue an except-able use policy. Basically a company determines exactly where you go and what you do on the internet and intranet on their network, and their computers. This was decided quite legal long ago. The IT department sees everything... where you go and what you do.... in a corporate environment there are no secrets from the IT guys

sorry brian ...unless you have some juice at where you work, or am friends with the IT guy, they can do what ever they want.

i use iPhone and iPad apps to keep up with this forum. If i was still working for this "semi large" i would use my personal iPad .... the app works really well

Am retired Net supervisor for a "semi large" company.

Randy Moe
9-Jun-2013, 10:55
I was never given Internet access at my former employer, but it was easy to hack, as one guy used his license plate for the password. I also used dialup for sometime, until they warned me off 3 hour phone calls.

IT had closed off most of the web, but my favorite trick, was to challenge a co-worker to use a google image search for 'breasts', was he shocked at what he thought was blocked.

The whole engineering dept was on the web all day, doing non-work activity. I actually wanted it for work activity...

I really enjoy all the FB activity that is obviously done during work hours, especially by public service employees.

Ah, productivity!



It was decided when computers started in roads into mainstream business that restricting access would be at the companies prerogative. Usually companies issue an except-able use policy. Basically a company determines exactly where you go and what you do on the internet and intranet on their network, and their computers. This was decided quite legal long ago. The IT department sees everything... where you go and what you do.... in a corporate environment there are no secrets from the IT guys

sorry brian ...unless you have some juice at where you work, or am friends with the IT guy, they can do what ever they want.

i use iPhone and iPad apps to keep up with this forum. If i was still working for this "semi large" i would use my personal iPad .... the app works really well

Am retired Net supervisor for a "semi large" company.

BrianShaw
9-Jun-2013, 13:18
sorry brian ...unless you have some juice at where you work, or am friends with the IT guy, they can do what ever they want.


Yes, I realize that. The policy on web access, web surfing, and time fraud is abundantly clear and well enforced. At the same time they are trusting of us as professionals and dedicated employees and don't treat us like children. My company specifically blocks certain kinds of site due to content, but not many.

I've seen this "malware" blocking done before, once with LF forum and again with Photo.net. It came and went... both times. If it stays I/we just need to live with it. We can petition for access to sites required to conduct business and htey are quire responsive. But petitioning for LF Forum wouldn't get any sympathy at all.

photobymike
9-Jun-2013, 13:21
Well LF is mostly grumpy old men ...mostly lol

BrianShaw
9-Jun-2013, 13:25
Interestingly, Mike, I had problems with my blackberry and sat with one of the techs while he fixed it (over a two-day period). WOW... was I surprised at how much information he has about the routine coming-and-going of messages. I thought he just saw metatdata bu then a friend of mine told me of the time when one of hte IT techs commented on the content of a specfiic email message. Knowing that I'm always cautious and not surprised by any "super human power" that the IT folks have... whether real of imagined. :)

photobymike
9-Jun-2013, 15:51
The telephone providers provide data on sexting also.... do it across state lines with under age and its a federal crime......

Randy Moe
9-Jun-2013, 16:57
One of my first jobs, in 1967 was 16 year old Telephone company part time night janitor. I was hired by somebody I forgot and after that I never saw anyone. I would get buzzed into the switching room, which was giant stacks of clicking mechanical relays. I swept the floor and changed light bulbs. Big batteries on one wall and after a while I noticed the wire taps located on another wall. This was a very wealthy Chicago suburb, Highland Park, and must have had plenty to tap. The real crew, that I never saw, would put random, or not, conversations on the PA for everyone's entertainment. I heard plenty of very long sex audio, and other mysterious happenings...



The telephone providers provide data on sexting also.... do it across state lines with under age and its a federal crime......

Bill_4606
10-Jun-2013, 06:47
There are a lot of images in several threads that are NSFW. That will get this site blocked by most corporate IT monitors... at least by US standards.

BrianShaw
12-Jun-2013, 06:35
All is well now.

Brian Ellis
12-Jun-2013, 07:20
Once when I tried to use this site at work I was denied access. The reason given was that it was a porn site.

rdenney
12-Jun-2013, 19:39
My work site blocks some of the web sites used to host photos, but it has never blocked the site.

Rick "whose work computer is behind some pretty official firewalls" Denney

Brian C. Miller
20-Oct-2013, 23:27
I just bought a Cisco ISA 550 "router" (routes, scans, reports, monitors, all kinds of networking options and services, etc.) and this site gets blocked under the "web site reputation" filter. So whatever list Cisco uses, the site is on it for whatever reason.

jonreid
21-Oct-2013, 00:28
No malware here since Frank was banned.

Sevo
21-Oct-2013, 01:45
Depending on the settings, trivialities like a self-signed or freeware SSL key, or even foreign (to the domain) hosting may give a site a low "web site reputation". So that is a somewhat poor metric for a international non-profit site - follow that advice when it comes to sites that want your CC number, but elsewhere it is as pointless as a sticker telling you that your newspaper is not a bank approved ATM...

Shootar401
25-Oct-2013, 04:57
I usually use a VPN at work or at hotels to bypass pay walls, registration and website filters. Tor also works but is slower.

If you have a uppity and downright stupid IT department like I do it's nice to be able to browse the web and keep them in the dark.