Advertisement:

Author Topic: Norton claiming SMF allows "drive-by downloads"  (Read 828 times)

Offline MensaMod

  • Semi-Newbie
  • *
  • Posts: 61
Norton claiming SMF allows "drive-by downloads"
« on: January 04, 2018, 11:19:06 PM »
This may be an FYI or it may be an issue.  A user just pinged me that her new level of Norton (22.11.2.7) doesn't want to let her logon to our SMF because it thinks we allow drive-by downloads (link to their error page).  She's on Win10 (current) and using Chrome.  She can get in no problems with the Edge browser.  I'm seeing no complaints from McAfee.

We're still on SMF 2.0.12, PHP 5.3 (just getting ready to go 2.0.15 and PHP 5.6, but not quite there yet).  Our only mods are
  • Stop Spammer 2.3.9
  • addon_OS_Browser_httpBL 1.1
  • httpBL 2.5.1
  • Inline Hover Spoiler 1.5
and we don't tinker with the code.

She's got her work-around and we're posting the warning on our landing page, but is there anything we can/should do about this?

Thanks.

Offline SaltedWeb

  • Sr. Member
  • ****
  • Posts: 861
  • Gender: Male
  • The Tired One
Re: Norton claiming SMF allows "drive-by downloads"
« Reply #1 on: January 04, 2018, 11:26:45 PM »
So is this just affecting one member with that program? If so I would guess the New Nortons might be having a firewall blocking it seems your site may be on some list they have.  I had that happen once bought a used domain and was listed .
I have some pretty tight security on my PC but still can see it, so would guess its on a list Norton buys or manages.? Can't see SMF doing if they can work around it then means their IP is not blocked just Nortons is? Unless I read this wrong.
Knowing your limitations makes you human, exceeding these limitations makes you worthy of being human.

Offline HDB

  • Charter Member
  • Jr. Member
  • *
  • Posts: 175
    • HDBForum on Facebook
    • @HDBitchin on Twitter
    • HDBitchin, a Harley Davidson Technical Discussion Forum
Re: Norton claiming SMF allows "drive-by downloads"
« Reply #2 on: January 05, 2018, 12:23:37 AM »
I use Sucuri WAF on my forum. They offer a free sitecheck tool on their website and I ran your website and it shows you are blacklisted. They check your website against 10 Blacklists and in the results from Sucuri it confirms that you are blacklisted by Norton Safe Web (as you know) but you are clean for the other 9 blacklists that they checked.

https://sitecheck.sucuri.net/results/agm2m.org

Online shawnb61

  • Developer
  • SMF Hero
  • *
  • Posts: 1,571
    • sbulen on GitHub
Re: Norton claiming SMF allows "drive-by downloads"
« Reply #3 on: January 05, 2018, 12:43:14 AM »
Just for some clarity here...  Maybe I'm missing something... 

Norton is not highlighting a problem with the SMF software, or the SMF site. 

Norton thinks there is a problem with your forum's site, agm2m.org.  For some reason, it thinks you allow sneaky/malicious downloads from your site. 

If you disagree, you need to follow the links provided & deal with Norton directly to get them to stop saying there is an issue with your site. 
« Last Edit: January 05, 2018, 01:02:59 AM by shawnb61 »
Address the process rather than the outcome.  Then, the outcome becomes more likely.   - Fripp

Offline SaltedWeb

  • Sr. Member
  • ****
  • Posts: 861
  • Gender: Male
  • The Tired One
Re: Norton claiming SMF allows "drive-by downloads"
« Reply #4 on: January 05, 2018, 01:15:58 AM »
I use Sucuri WAF on my forum. They offer a free sitecheck tool on their website and I ran your website and it shows you are blacklisted. They check your website against 10 Blacklists and in the results from Sucuri it confirms that you are blacklisted by Norton Safe Web (as you know) but you are clean for the other 9 blacklists that they checked.

https://sitecheck.sucuri.net/results/agm2m.org

Thats interesting good tool as well.
Knowing your limitations makes you human, exceeding these limitations makes you worthy of being human.

Offline Aleksi "Lex" Kilpinen

  • A Peculiar Finn
  • Lead Support Specialist
  • SMF Super Hero
  • *
  • Posts: 18,737
  • Gender: Male
  • Don't worry, I'm n00b friendly
    • Aleksi.Kilpinen on Facebook
    • LexArma on GitHub
    • aleksi-kilpinen on LinkedIn
    • There's No Place Like 127.0.0.1
Re: Norton claiming SMF allows "drive-by downloads"
« Reply #5 on: January 05, 2018, 01:27:41 AM »
It could be some problem you used to have and don't have anymore, or it could be you were reported as unsafe by someone,
or sometimes those scans and blacklists just make mistakes. We've all seen those at one point or another, where an internet security software goes haywire. ;)

This would be the best course of action, after making sure your site really doesn't have any extra code, or malicious ads.

If you disagree, you need to follow the links provided & deal with Norton directly to get them to stop saying there is an issue with your site. 
A Finnish Support Specialist
 Happily running multiple SMF 2.0 installations.
  Fooling around with an i7 990X @ 3,47Ghz / 12Gb / Win 10 x64 / 3840x2160


How you can help SMF

"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum.
 Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

Offline SaltedWeb

  • Sr. Member
  • ****
  • Posts: 861
  • Gender: Male
  • The Tired One
Re: Norton claiming SMF allows "drive-by downloads"
« Reply #6 on: January 05, 2018, 11:22:24 AM »
I have seen mass mailers trigger these list long ago when that was a norm to communicate I had a site black listed because
even though people sign up for newsletters the can simply report as spam and enough people do it as a opposed to just changing their settings and you have this, its not as common as it used to be for that kinda stuff, now days the content often can trigger reports.
Things are becoming more complicated as power users of large corporate social media are dictating what is hate speech, harmful or dangerous. Long running groups, YouTube, and many others are shut down due to small word usage. Seems if any group is running a socially or politically opposed group meaning they have other sides against what they are representing it can get reported and then is held to what ever standard that company decides..  I could go on as its something I have studied extensively over the years and seen many groups appearing "normal" have issues. Without knowing what Norton is using to trigger this and that it is not on other lists make one think it was more specific possibly in your case.
Knowing your limitations makes you human, exceeding these limitations makes you worthy of being human.

Offline Sir Osis of Liver

  • SMF Hero
  • ******
  • Posts: 9,459
Re: Norton claiming SMF allows "drive-by downloads"
« Reply #7 on: January 05, 2018, 11:39:58 AM »
When Norton Utilities first came out (for DOS), it was the berries, then Peter Norton got rich selling it to Symantec, and Norton products have been crap ever since. :P

Online shawnb61

  • Developer
  • SMF Hero
  • *
  • Posts: 1,571
    • sbulen on GitHub
Re: Norton claiming SMF allows "drive-by downloads"
« Reply #8 on: January 05, 2018, 12:13:45 PM »
The OP needs to know what to do next.  What he needs to do is follow the links to reach out to Norton to get his site cleared.  Drilling down on the links provided above, Norton thinks that:
Quote
This signature detects a request to specific domains which characteristically has been known to host malicious exploits and executable files.
So Norton believes there are links of some form on your site to malicious sites.  You need to get to the bottom of that, and either fix those links, or otherwise somehow get Norton to remove you from their list. 
Address the process rather than the outcome.  Then, the outcome becomes more likely.   - Fripp

Offline MensaMod

  • Semi-Newbie
  • *
  • Posts: 61
Re: Norton claiming SMF allows "drive-by downloads"
« Reply #9 on: January 05, 2018, 01:05:31 PM »
Thanks, folks.  I've made a note of that tool and will follow the appeal process.  (I didn't really think that SMF's code was at fault, and we use it for messaging between friends so I doubt we've got nasty links in there.)


Offline Steve

  • Freak
  • SMF Friend
  • SMF Hero
  • *
  • Posts: 4,500
  • Gender: Male
  • I have not yet begun to procrastinate.
Re: Norton claiming SMF allows "drive-by downloads"
« Reply #10 on: January 05, 2018, 08:13:28 PM »
Marking solved then. If you have any other questions regarding this topic, by all means, mark this unsolved and let us know. :)
Online Manual

Please do not PM me for support.

Offline snadge

  • Jr. Member
  • **
  • Posts: 369
    • TheTechForum on Facebook
    • @The_Tech_Forum on Twitter
    • The Tech Forum
Re: Norton claiming SMF allows "drive-by downloads"
« Reply #11 on: January 06, 2018, 05:24:54 PM »
I use Sucuri WAF on my forum. They offer a free sitecheck tool on their website and I ran your website and it shows you are blacklisted. They check your website against 10 Blacklists and in the results from Sucuri it confirms that you are blacklisted by Norton Safe Web (as you know) but you are clean for the other 9 blacklists that they checked.

https://sitecheck.sucuri.net/results/agm2m.org

Thats interesting good tool as well.

maybe - but also false positives happen on it - flagged mine as

Site Potentially Harmful. Immediate Action is Required.

why?  because it has no ratings at all on McAfee Site Advisor

and its the same for this guys site:

https://safeweb.norton.com/report/show?url=agm2m.org


Offline SaltedWeb

  • Sr. Member
  • ****
  • Posts: 861
  • Gender: Male
  • The Tired One
Re: Norton claiming SMF allows "drive-by downloads"
« Reply #12 on: January 06, 2018, 05:38:09 PM »
That may be true, but If Norton is the ones screening this false positive or not it would be a Norton or reporting issue, not a SMF issue.
This was posted in SMF support and has zero to do with SMF.
If anyone gets blacklisted they have to take it up with the reporting services and was noted some reports can show a domain blacklisted and some not. But the content is what triggers the response to be listed and has zero to do with SMF.
If this was triggered by Norton or anyone else contacting them first should be the first action. Still not sure why this is in 2.0 smf support, as some may think SMF has something to do with the Norton triggering the list and it simply can't .
Knowing your limitations makes you human, exceeding these limitations makes you worthy of being human.

Offline MensaMod

  • Semi-Newbie
  • *
  • Posts: 61
Re: Norton claiming SMF allows "drive-by downloads"
« Reply #13 on: January 10, 2018, 04:36:50 PM »
Triggered by Norton because who knows why.  I followed their instructions, put their 129-byte crypto file in my Web root, told them I'd done that and 2 days later they said they're happy.  I agree, it's not an SMF issue.

Offline SaltedWeb

  • Sr. Member
  • ****
  • Posts: 861
  • Gender: Male
  • The Tired One
Re: Norton claiming SMF allows "drive-by downloads"
« Reply #14 on: January 10, 2018, 06:01:58 PM »
Glad you got it fixed, perhaps though your experience may help others in the future that might run into this.
Knowing your limitations makes you human, exceeding these limitations makes you worthy of being human.