Jump to content

Why is our site blocked? Details please.


Recommended Posts

Hi there,

Users report the University of Vermont's site, www.uvm.edu, is being blocked by Malwarebytes for phishing, and this is confirmed by VirusTotal. It's entirely-possible that there's a phishing form somewhere, and we're searching using several methods against our own historical IR data, but with no URL to go on from Malwarebytes, locating the offending content will be time-consuming to say the least. Is there a feed to which we can subscribe in order to get advance notice when our web properties are included in MWB's blocklists (with reason and precise URL included)?

I'm happy to be redirected to a different communication venue if this is the wrong place to address this issue, and any advice on navigating the intricacies of Malwarebytes' protocols is appreciated.

Best regards,


Sam Hooker
Information Security Engineer
Enterprise Technology Services
The University of Vermont
@uvminfosec | https://blog.uvm.edu/whysecurity

Link to post
Share on other sites

Hi Zynthesist,

Thanks for your quick and helpful response. That belonged to an account we had identified as compromised and re-secured about two weeks ago, but apparently we dropped the ball before our standard postmortem cleanup of dropped files.

To follow up on one of my other questions: Can we subscribe to some sort of service that will alert us if we're about to appear in your published TI feeds? That would be most helpful. I realize such an offering would be fraught with potential for abuse; we're always happy to provide proof that we are who we say we are. ("Name: University of Vermont; Age: 226 ...") :-)



Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.