Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   Unwanted Software Site! (https://forum.exetools.com/showthread.php?t=19005)

ranadharm 10-28-2018 01:39

Unwanted Software Site!
 
After so many years Today (27/10/2018) my browser (firefox) reported exettools site as unwanted Software Site!

atom0s 10-28-2018 01:53

There's a thread regarding this already here:
https://forum.exetools.com/showthread.php?t=19004

fqjp 10-29-2018 15:11

Chrome also reported the same problem.

ZeNiX 10-31-2018 11:43

Yes, this is an annoying problem.
Any suggestion?

TechLord 10-31-2018 12:47

Quote:

Originally Posted by ZeNiX (Post 115119)
Yes, this is an annoying problem.
Any suggestion?

Any sites which either contain downloadable exploits (as attachments to posts or within the database) or provide links to downloadable exploits would be potentially flagged.

Earlier on (you can check if you don't believe me), there were no EXPLOITS or MALWARE per se or links to them seen in the forum.

When these links were permitted around 2 months ago, I guess the problem started.

Solution:
Ban malware or EXPLOITS (or links to the same) on this forum.

RiRye 10-31-2018 15:17

Quick links to outline the possible issues via VirusTotal:

(This shows URL's that have been scanned and have been flagged)
https://www.virustotal.com/#/domain/forum.exetools.com


(This shows what URL blacklists currently flag the site)
https://www.virustotal.com/#/url/b3f5e6667ea56a466e553153c84edec39503fee496e1f9be829eb032f0e72300/detection


The fix for google safe browsing is claiming the site via their dashboard and requesting a rescan

Another thing to note is that VirusTotal members (API key holders) could download files, possibly bypassing download rank restrictions

TechLord 10-31-2018 16:09

Quote:

Originally Posted by RiRye (Post 115126)
Quick links to outline the possible issues via VirusTotal:

(This shows URL's that have been scanned and have been flagged)
https://www.virustotal.com/#/domain/forum.exetools.com

Another thing to note is that VirusTotal members (API key holders) could download files, possibly bypassing download rank restrictions

Yes, not only VT API key holders but from a free other sites also they can bypass the restrictions and dl the files regardless of rank.

Didn't want to highlight this fact openly and make it obvious ;)

atom0s 11-01-2018 03:23

Quote:

Originally Posted by ZeNiX (Post 115119)
Yes, this is an annoying problem.
Any suggestion?

Generally it happens from Google marking your site malicious due to a download that is available on it. Easiest way to get around it is to password any download that is publicly visible to their scrapper bot.

I had to do it for my personal sites a few times already as well to get rid of the blocks.

Afterward, once the files are passworded you can tell Google to rescan the site to fix the errors. (Once you claim the domain on Google's site tools, you can see the specific files causing the problems as well, they generally give you decent information about what's causing it.)

TechLord 11-01-2018 12:40

Quote:

Originally Posted by atom0s (Post 115130)
Generally it happens from Google marking your site malicious due to a download that is available on it. Easiest way to get around it is to password any download that is publicly visible to their scrapper bot.

I had to do it for my personal sites a few times already as well to get rid of the blocks.

Afterward, once the files are passworded you can tell Google to rescan the site to fix the errors. (Once you claim the domain on Google's site tools, you can see the specific files causing the problems as well, they generally give you decent information about what's causing it.)

This worked for your site as yours does not have any "cracks" or other PUPs on it.
In other words whatever had been flagged on your site were all (I understand) false positives.

On this site unfortunately, it is.. Ermm... cough... Different.

If links to malware/cracks/exploits/cracks are allowed on the site, then there is no way to get around it other than to get them removed from your site, OR, remove them to hidden sections of the site not accessible to the web spiders.

Even then, if someone takes a sccreenshot of the hidden area and "reports" it, then once again, the site will be flagged.

The best way would be to ban links to malware, RATs and other such stuff in the forum.
These items in any case were not there for many years prior in this forum...

chants 11-02-2018 10:55

This problem has had a very old solution that was even used here in older times.

Removal of information has never been a solution for all of life's problems except maybe by authoritarians and ruling class thugs.

But we can simply post links using
Quote:

http:// www <dot> google <dot> com
or using other notations so that bots will not crawl them and mark them as such. This notation and style should be used for any links which are in those categories that could be marked as dangerous by services such as those VT lists.

As for the RATs in question, I have already edited the post to do just that so that baseless accusations that these particular links are the ones which caused the flagging can be thrown in the wastebasket.

Perhaps it is another post with another link containing a crack, etc. No one knows for sure. But this recommendation provides a forum with full expression, information sharing and gives an extra indicator when caution should be exercised (which is pretty much always in a reverse engineer's context).

atom0s 11-03-2018 02:07

Quote:

Originally Posted by TechLord (Post 115133)
This worked for your site as yours does not have any "cracks" or other PUPs on it.
In other words whatever had been flagged on your site were all (I understand) false positives.

On this site unfortunately, it is.. Ermm... cough... Different.

It's not any different. Googles tools do not attempt to open passworded archives. You can zip anything up and password it and it's automatically deemed safe to Google. You can also block their bot from accessing those parts of the site entirely with the robots.txt and that'll also fix the issues.

Please don't assume shit you don't know about. I've dealt with this on multiple sites, not just one public facing site you know about.

foosaa 11-05-2018 19:11

One suggestion to all members. Please register and login to the virustotal and vote the site as a safe one!

https://www.virustotal.com/#/url/b3f5e6667ea56a466e553153c84edec39503fee496e1f9be829eb032f0e72300/community

I've already registered the first vote as terming the site as safe. I hope everyone can do their bit and mark it as safe so that community power wins!

Thanks!

foosaa 11-09-2018 15:00

Quote:

Originally Posted by foosaa (Post 115182)
One suggestion to all members. Please register and login to the virustotal and vote the site as a safe one!

https://www.virustotal.com/#/url/b3f5e6667ea56a466e553153c84edec39503fee496e1f9be829eb032f0e72300/community

I've already registered the first vote as terming the site as safe. I hope everyone can do their bit and mark it as safe so that community power wins!

Thanks!

A request to Admins. Please make this as a pinned post so that people will do it. I have not seen any votes registered apart from my single vote even after many days!

Let's do this to get the site out of Google infected listing. I am sure if more people register their vote, it will happen. Thanks.

Daemon 11-09-2018 19:30

Wake up dude. Voting will not solve the problem. They'd need to contact Google and ask to re-scan after cleaning up the board a little and hiding some of the questionable material from its spiders.
Setting up robots.txt properly after re-scan is important so that it does not happen again.

Archer 11-11-2018 02:11

As far as I remember, robots file is ignored when it comes to anti-malware scanning. At least it didn't help when I faced a similar problem.


All times are GMT +8. The time now is 18:44.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX