Jump to content

FP site block


Recommended Posts

This is strange...  Browser Guard is blocking

 https://www.silknaturals.com 

while MB Premium which is also monitoring traffic does not block.

Nothing shows up with Virustotal either...

It gets truly frustrating that sites get blocked without any clear indication as to why, and no place to verify what is the cause of the block.  As such, there is no way to independently verify if it is safe to bypass the block, or if there should be one there at all.  The complete and utter randomness of when and how this happens is truly frustrating - in the time I have used the products, I think it may have blocked 1 malicious site, but probably about 15 false positives.  What is going on? What is your criteria for inclusion, and how do you retest and validate the real-time validity of your blocklists?

Frustratingly, I suspect that I'll get nothing more than a one-liner response to this one as well - I've tried to get answers similar to this several times now, and every time it gets buried under the rug as if there is no reason for you to burden your paying customers with any information about the validity of the product.  I will certainly keep at least one subscription alive at all times only so as to be able to find the blocks when other clients/customers/users ask me why they can't get in to sites here and there, but for our own organization, I am really having to rethink the business case of continuing to purchase subscriptions for our own machines, and rethink my recommending the product for others without some indication of responsibility and transparency...

Edited by AdvancedSetup
removed live hyperlink
Link to post
  • Staff

The one-line answer is: I have whitelisted the site.  Please allow 15-30 minutes for changes to take effect.

Now that's out of the way, I sympathize with you on blocks.  I can only speak for this one.  A reputation block comes up only with Browser Guard, and it is because the website you attempted to access is very lightly-accessed.  Sites that are lightly-accessed are either niche sites, new sites, or (in a worst case) a newly-hatched malicious site.  VirusTotal showed us (I check it too) that this site is not malicious.  Now that it has been whitelisted, you will be able to reach it as will other users who have installed Browser Guard.  The access count will rise, and it would cross the threshold that caused it to generate a reputation block in the first place.

Browser Guard may also block download of executable files, or access to websites for phishing/trojans/riskware and a few other items that I cannot recall right now.  Excluding the download block, the other blocks require that I submit the site to our researchers for review.  A Malwarebytes Premium user would also see a notification in the lower right corner of their screen, but someone who uses only Browser Guard would not see that notification.

I hope this helps to make sense of Browser Guard for you and for anyone else who may read this.

Link to post

OK - I get that.  However,  this is a site that has had 12,000 visits a month on average, with a high of over 70,000.  The site has been there for 14 years, though there have been both host changes over the years as well as backend software changes. 

Seems suspect that it would be considered ligthy-accessed, or new.  No idea what the "niche" status would be either...

(BTW - radio propagation?  Specific bands for general or personal use?)
 

tnx - Kris

Link to post
  • Staff

Unfortunately, I do not know the thresholds.  I do believe it is IP-based rather than domain name based, so host changes could have an effect there.  A niche is "out there" and viewed usually by those few who are interested.

Link to post
  • Root Admin

The site has an Alexa ranking of 2,072,518 
That alone does not mean there is anything wrong with the site. As the block is not currently in place I cannot verify what it was actually blocked for. It may have been blocked for reputation, meaning as Michael said it has low traffic. Average time on the site is 48 seconds which may indicate bots are part of that traffic
There are various checks and yes, sometimes there are automated checks that are wrong - aka FP (False Positive).

The site is not black listed by Sucuri but they do list issues with the site that should be reviewed for security as it could affect both the site and potentially users visiting the site if it were to exploited.

https://sitecheck.sucuri.net/results/silknaturals.com

image.png

 

Thank you

 

Link to post

This was listed as a reputation block - what triggered that, I don't know.

It is also one of those cases where Sucuri is not always a very good system for verification - they list a whole lot of errors when they receive a 403 response, which is caused by the WAF blocking the direct request that they are running...

Oh well...

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.