Topic: Spammers from 'Avast.com'?

[shin111]

Lately the spammers that get onto my forum show their domain as some variations of ***.avast.com.

For example the lastest one's info showed up as:

IP: 5.62.61.206    0    
Hostname: r-206-61-62-5.ff.avast.com

Avast's supposed to be antivirus/etc. but these are spammers. What is up with that?

[landyvlad]

what's an actual full example?

Try running it through this as see what it says:  https://www.whois.net/

[Arantor]

The OP gave a full example, and the IP is owned by Avast.

I wonder if they have some kind of proxy product.

[landyvlad]

Yeah I must have been asleep when I posted that, sorry.

Do you actually use Avast yourself?

This MAY be relevant (not they scam, but the site compromise) https://forum.avast.com/index.php?topic=220442.msg1468874#new

As an aside the forum seems to have a lot of example as top why NOT to use AVAST https://forum.avast.com/index.php?board=1.20

[GigaWatt]

Oh, they're using SMF too .

[Arantor]

Yes and when they were hacked a few years back they tried to claim it was because SMF had a vulnerability that was fixed but that we didn’t tell them about. Note: no patch was issued for how Avast got hacked, because the vulnerability was not in the software.

[GigaWatt]

Yes and when they were hacked a few years back they tried to claim it was because SMF had a vulnerability that was fixed but that we didn’t tell them about.

Ummm... so SMF is supposed to notify all forum owners that a public or a "secret" security patch has been released... yeah, right . And SMF decided that Avast, and only Avast, should stay out of the loop of this security patch... come on .

I wouldn't take them seriously, IMO their products are, more or less, a joke. Too much bloath, not enough functionality.

[Arantor]

No, no, this happened just after 2.0.7 came out and apparently we didn’t put in the patch notes that we’d fixed a remote code exploit, so they didn’t update to 2.0.7. So yeah it was apparently our fault they got hacked.

Never mind that it wasn’t a remote code exploit and nothing to do with what changed between 2.0.6 and 2.0.7. It was apparently our fault they did what they did.

Seeing how I’m the one who personally made the 2.0.7 patch, I was less than enthused by this course of actions.

[GigaWatt]

LOL ... OK... aren't they a security/AV company ? Shouldn't they be the first to take things seriously and stay up to date, especially if they're using someone else's product ?

OK, I'm not gonna rant any more. This is just proof how much they take security seriously... so glad I've never used any of their products .

[Kindred]

We also spent a significant amount of effort to work with them, review their code and logs etc.....  only to have them disappear from the conversation as soon as we discovered that the attack vector was not SMF at all. (and they never printed a retraction of their public statement/accusation)