EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 10-28-2018, 01:39
ranadharm ranadharm is offline
Friend
 
Join Date: May 2012
Posts: 61
Rept. Given: 7
Rept. Rcvd 18 Times in 6 Posts
Thanks Given: 9
Thanks Rcvd at 10 Times in 8 Posts
ranadharm Reputation: 18
Unwanted Software Site!

After so many years Today (27/10/2018) my browser (firefox) reported exettools site as unwanted Software Site!
Reply With Quote
The Following User Says Thank You to ranadharm For This Useful Post:
  #2  
Old 10-28-2018, 01:53
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 212
Rept. Given: 22
Rept. Rcvd 94 Times in 43 Posts
Thanks Given: 37
Thanks Rcvd at 276 Times in 109 Posts
atom0s Reputation: 94
There's a thread regarding this already here:
https://forum.exetools.com/showthread.php?t=19004
__________________
No longer active on this site/forum much. If you need to contact me, you can find me on my personal site here: https://atom0s.com/forums/
Reply With Quote
  #3  
Old 10-29-2018, 15:11
fqjp fqjp is offline
Friend
 
Join Date: Apr 2011
Posts: 21
Rept. Given: 1
Rept. Rcvd 2 Times in 1 Post
Thanks Given: 0
Thanks Rcvd at 10 Times in 6 Posts
fqjp Reputation: 2
Chrome also reported the same problem.
Reply With Quote
  #4  
Old 10-31-2018, 11:43
ZeNiX's Avatar
ZeNiX ZeNiX is offline
Administrator
 
Join Date: Feb 2009
Posts: 708
Rept. Given: 172
Rept. Rcvd 767 Times in 256 Posts
Thanks Given: 184
Thanks Rcvd at 534 Times in 134 Posts
ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899
Yes, this is an annoying problem.
Any suggestion?
Reply With Quote
The Following User Says Thank You to ZeNiX For This Useful Post:
Megin (11-03-2018)
  #5  
Old 10-31-2018, 12:47
TechLord TechLord is offline
Banned User
 
Join Date: Mar 2005
Location: 10 Steps Ahead of You
Posts: 789
Rept. Given: 389
Rept. Rcvd 247 Times in 112 Posts
Thanks Given: 811
Thanks Rcvd at 1,797 Times in 478 Posts
TechLord Reputation: 200-299 TechLord Reputation: 200-299 TechLord Reputation: 200-299
Quote:
Originally Posted by ZeNiX View Post
Yes, this is an annoying problem.
Any suggestion?
Any sites which either contain downloadable exploits (as attachments to posts or within the database) or provide links to downloadable exploits would be potentially flagged.

Earlier on (you can check if you don't believe me), there were no EXPLOITS or MALWARE per se or links to them seen in the forum.

When these links were permitted around 2 months ago, I guess the problem started.

Solution:
Ban malware or EXPLOITS (or links to the same) on this forum.
Reply With Quote
The Following User Says Thank You to TechLord For This Useful Post:
Megin (11-03-2018)
  #6  
Old 10-31-2018, 15:17
RiRye RiRye is offline
Friend
 
Join Date: Mar 2017
Location: US
Posts: 12
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 10
Thanks Rcvd at 10 Times in 4 Posts
RiRye Reputation: 0
Quick links to outline the possible issues via VirusTotal:

(This shows URL's that have been scanned and have been flagged)
https://www.virustotal.com/#/domain/forum.exetools.com


(This shows what URL blacklists currently flag the site)
https://www.virustotal.com/#/url/b3f5e6667ea56a466e553153c84edec39503fee496e1f9be829eb032f0e72300/detection


The fix for google safe browsing is claiming the site via their dashboard and requesting a rescan

Another thing to note is that VirusTotal members (API key holders) could download files, possibly bypassing download rank restrictions
Reply With Quote
  #7  
Old 10-31-2018, 16:09
TechLord TechLord is offline
Banned User
 
Join Date: Mar 2005
Location: 10 Steps Ahead of You
Posts: 789
Rept. Given: 389
Rept. Rcvd 247 Times in 112 Posts
Thanks Given: 811
Thanks Rcvd at 1,797 Times in 478 Posts
TechLord Reputation: 200-299 TechLord Reputation: 200-299 TechLord Reputation: 200-299
Quote:
Originally Posted by RiRye View Post
Quick links to outline the possible issues via VirusTotal:

(This shows URL's that have been scanned and have been flagged)
https://www.virustotal.com/#/domain/forum.exetools.com

Another thing to note is that VirusTotal members (API key holders) could download files, possibly bypassing download rank restrictions
Yes, not only VT API key holders but from a free other sites also they can bypass the restrictions and dl the files regardless of rank.

Didn't want to highlight this fact openly and make it obvious
Reply With Quote
The Following User Says Thank You to TechLord For This Useful Post:
Megin (11-03-2018)
  #8  
Old 11-01-2018, 03:23
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 212
Rept. Given: 22
Rept. Rcvd 94 Times in 43 Posts
Thanks Given: 37
Thanks Rcvd at 276 Times in 109 Posts
atom0s Reputation: 94
Quote:
Originally Posted by ZeNiX View Post
Yes, this is an annoying problem.
Any suggestion?
Generally it happens from Google marking your site malicious due to a download that is available on it. Easiest way to get around it is to password any download that is publicly visible to their scrapper bot.

I had to do it for my personal sites a few times already as well to get rid of the blocks.

Afterward, once the files are passworded you can tell Google to rescan the site to fix the errors. (Once you claim the domain on Google's site tools, you can see the specific files causing the problems as well, they generally give you decent information about what's causing it.)
__________________
No longer active on this site/forum much. If you need to contact me, you can find me on my personal site here: https://atom0s.com/forums/
Reply With Quote
  #9  
Old 11-01-2018, 12:40
TechLord TechLord is offline
Banned User
 
Join Date: Mar 2005
Location: 10 Steps Ahead of You
Posts: 789
Rept. Given: 389
Rept. Rcvd 247 Times in 112 Posts
Thanks Given: 811
Thanks Rcvd at 1,797 Times in 478 Posts
TechLord Reputation: 200-299 TechLord Reputation: 200-299 TechLord Reputation: 200-299
Quote:
Originally Posted by atom0s View Post
Generally it happens from Google marking your site malicious due to a download that is available on it. Easiest way to get around it is to password any download that is publicly visible to their scrapper bot.

I had to do it for my personal sites a few times already as well to get rid of the blocks.

Afterward, once the files are passworded you can tell Google to rescan the site to fix the errors. (Once you claim the domain on Google's site tools, you can see the specific files causing the problems as well, they generally give you decent information about what's causing it.)
This worked for your site as yours does not have any "cracks" or other PUPs on it.
In other words whatever had been flagged on your site were all (I understand) false positives.

On this site unfortunately, it is.. Ermm... cough... Different.

If links to malware/cracks/exploits/cracks are allowed on the site, then there is no way to get around it other than to get them removed from your site, OR, remove them to hidden sections of the site not accessible to the web spiders.

Even then, if someone takes a sccreenshot of the hidden area and "reports" it, then once again, the site will be flagged.

The best way would be to ban links to malware, RATs and other such stuff in the forum.
These items in any case were not there for many years prior in this forum...
Reply With Quote
The Following User Says Thank You to TechLord For This Useful Post:
Megin (11-03-2018)
  #10  
Old 11-02-2018, 10:55
chants chants is offline
Friend
 
Join Date: Jul 2016
Posts: 308
Rept. Given: 0
Rept. Rcvd 11 Times in 10 Posts
Thanks Given: 245
Thanks Rcvd at 282 Times in 160 Posts
chants Reputation: 11
This problem has had a very old solution that was even used here in older times.

Removal of information has never been a solution for all of life's problems except maybe by authoritarians and ruling class thugs.

But we can simply post links using
Quote:
http:// www <dot> google <dot> com
or using other notations so that bots will not crawl them and mark them as such. This notation and style should be used for any links which are in those categories that could be marked as dangerous by services such as those VT lists.

As for the RATs in question, I have already edited the post to do just that so that baseless accusations that these particular links are the ones which caused the flagging can be thrown in the wastebasket.

Perhaps it is another post with another link containing a crack, etc. No one knows for sure. But this recommendation provides a forum with full expression, information sharing and gives an extra indicator when caution should be exercised (which is pretty much always in a reverse engineer's context).
Reply With Quote
The Following User Says Thank You to chants For This Useful Post:
p4r4d0x (11-03-2018)
  #11  
Old 11-03-2018, 02:07
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 212
Rept. Given: 22
Rept. Rcvd 94 Times in 43 Posts
Thanks Given: 37
Thanks Rcvd at 276 Times in 109 Posts
atom0s Reputation: 94
Quote:
Originally Posted by TechLord View Post
This worked for your site as yours does not have any "cracks" or other PUPs on it.
In other words whatever had been flagged on your site were all (I understand) false positives.

On this site unfortunately, it is.. Ermm... cough... Different.
It's not any different. Googles tools do not attempt to open passworded archives. You can zip anything up and password it and it's automatically deemed safe to Google. You can also block their bot from accessing those parts of the site entirely with the robots.txt and that'll also fix the issues.

Please don't assume shit you don't know about. I've dealt with this on multiple sites, not just one public facing site you know about.
__________________
No longer active on this site/forum much. If you need to contact me, you can find me on my personal site here: https://atom0s.com/forums/
Reply With Quote
The Following User Says Thank You to atom0s For This Useful Post:
chants (11-03-2018)
  #12  
Old 11-05-2018, 19:11
foosaa foosaa is offline
Friend
 
Join Date: Dec 2005
Posts: 75
Rept. Given: 34
Rept. Rcvd 11 Times in 9 Posts
Thanks Given: 102
Thanks Rcvd at 57 Times in 19 Posts
foosaa Reputation: 11
One suggestion to all members. Please register and login to the virustotal and vote the site as a safe one!

https://www.virustotal.com/#/url/b3f5e6667ea56a466e553153c84edec39503fee496e1f9be829eb032f0e72300/community

I've already registered the first vote as terming the site as safe. I hope everyone can do their bit and mark it as safe so that community power wins!

Thanks!
Reply With Quote
The Following 2 Users Say Thank You to foosaa For This Useful Post:
chants (11-05-2018), p4r4d0x (11-06-2018)
  #13  
Old 11-09-2018, 15:00
foosaa foosaa is offline
Friend
 
Join Date: Dec 2005
Posts: 75
Rept. Given: 34
Rept. Rcvd 11 Times in 9 Posts
Thanks Given: 102
Thanks Rcvd at 57 Times in 19 Posts
foosaa Reputation: 11
Quote:
Originally Posted by foosaa View Post
One suggestion to all members. Please register and login to the virustotal and vote the site as a safe one!

https://www.virustotal.com/#/url/b3f5e6667ea56a466e553153c84edec39503fee496e1f9be829eb032f0e72300/community

I've already registered the first vote as terming the site as safe. I hope everyone can do their bit and mark it as safe so that community power wins!

Thanks!
A request to Admins. Please make this as a pinned post so that people will do it. I have not seen any votes registered apart from my single vote even after many days!

Let's do this to get the site out of Google infected listing. I am sure if more people register their vote, it will happen. Thanks.
Reply With Quote
  #14  
Old 11-09-2018, 19:30
Daemon Daemon is offline
Banned User
 
Join Date: Sep 2018
Posts: 29
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 22
Thanks Rcvd at 21 Times in 15 Posts
Daemon Reputation: 1
Wake up dude. Voting will not solve the problem. They'd need to contact Google and ask to re-scan after cleaning up the board a little and hiding some of the questionable material from its spiders.
Setting up robots.txt properly after re-scan is important so that it does not happen again.
Reply With Quote
  #15  
Old 11-11-2018, 02:11
Archer's Avatar
Archer Archer is offline
retired
 
Join Date: Aug 2005
Posts: 215
Rept. Given: 1
Rept. Rcvd 25 Times in 16 Posts
Thanks Given: 2
Thanks Rcvd at 263 Times in 28 Posts
Archer Reputation: 25
As far as I remember, robots file is ignored when it comes to anti-malware scanning. At least it didn't help when I faced a similar problem.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 20:16.


��ICP��05004977��
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX