tomfotherby Posted May 30, 2019 ID:1314959 Share Posted May 30, 2019 Hi, I am responsible for running https://www.peopleperhour.com and our users are telling us that our CloudFront domain ( dw3i9sxi97owk.cloudfront.net ) is being blocked by malwarebytes premium. This domain fronts a AWS S3 bucket where we upload "user generated content" such as profile avatar images and user portfolio items. Although we use a virus scanner, it is possible that a malicious user has uploaded malware to our CloudFront domain - we will be sure to remove anything suspicious immediately if you are aware of anything? It is in our interests this domain is clean and we certainly want to protect our users. The overwhelming majority of files will be safe so blocking the whole domain isn't necessary and makes our website ugly to malwarebytes users. Is there any chance of removing dw3i9sxi97owk.cloudfront.net from the blacklist? or helping us understand the offending file hosted under our domain? Cheers, Tom Fotherby Link to post Share on other sites More sharing options...
Staff Zynthesist Posted May 30, 2019 Staff ID:1314961 Share Posted May 30, 2019 Hello, Please have a look here: https://www.virustotal.com/#/domain/dw3i9sxi97owk.cloudfront.net https://www.virustotal.com/#/url/567494652cdf5fc1cc69b5b6a398ba5ce43c0a99c3dcc9b8c99c339b3d400a9d/detection Link to post Share on other sites More sharing options...
tomfotherby Posted May 30, 2019 Author ID:1314964 Share Posted May 30, 2019 Thank you @Zynthesist for sharing this info - I will remove these files. It seems our virus scanner didn't detect these issues Link to post Share on other sites More sharing options...
Staff Zynthesist Posted May 30, 2019 Staff ID:1315014 Share Posted May 30, 2019 Ok, we will review once it is cleaned up. Link to post Share on other sites More sharing options...
tomfotherby Posted May 31, 2019 Author ID:1315104 Share Posted May 31, 2019 (edited) In a effort to get my domain un-blacklisted, I have deleted many of the files shown by https://www.virustotal.com/#/domain/dw3i9sxi97owk.cloudfront.net - They should now return a 403. I noticed virustotal only lists 100 files, so I wonder if there are more but I can only see the last 100? Although I noticed the files go back to 2017-12-03 which seems a large enough timeframe. I noticed some of the files are only marked as malware by 1 engine, "Yandex Safebrowsing". I'm thinking maybe this engine has a very low threshold and might be marking my files simply because of the domain, not the actual contents. That's just a guess though. An example is https://www.virustotal.com/#/url/bce81cd104b72a1451467febd87641abddf3e849c00188e2d2622ab4200559f2/detection We scan the files using ClamAV free version - it seems it does not detect malware as well as some other products. Shame. @Zynthesist - Please can you let me know if more is required from me? Thank you for your help so far. Edited May 31, 2019 by Zynthesist remove links Link to post Share on other sites More sharing options...
Staff Zynthesist Posted May 31, 2019 Staff ID:1315110 Share Posted May 31, 2019 Thanks for the details. Will update shortly. Link to post Share on other sites More sharing options...
Staff Solution Zynthesist Posted May 31, 2019 Staff Solution ID:1315111 Share Posted May 31, 2019 Block will be removed. Link to post Share on other sites More sharing options...
Recommended Posts