Jump to content

static1.e621.net (148.163.96.42) being blocked as "compromised"

NotMeNotYou

By NotMeNotYou
in Website Blocking

 Share

Recommended Posts

NotMeNotYou

NotMeNotYou

Posted
Posted

Greetings!

Long story short our image server is getting blocked as compromised, but our IT team has not found any indication of anyone else having accessed our servers or there being any malicious files being present. As such we would like if you could double check the block and remove it. This has only started happening with the latest update of Malwarebytes, too.

I've attached the log to the post here.

If whoever needs to investigate it plans on browsing the website (e621.net) please be aware that we host an extensive catalog of explicit adult works. To avoid seeing that particular content simply type in "rating:s", without the quotation marks, into the search field to perform a search that only returns  submissions which are rated safe for work.

Should the block be legitimate I would appreciate it if you could tell us what exactly necessitated the block so we can investigate it again on our end.

Best Regards and many thanks in advance.
~
NotMeNotYou

e621.txt

Link to post
Share on other sites
NotMeNotYou

NotMeNotYou

Posted
  • Author
Posted (edited)

I've checked in with my IT team and we have not had any traffic like that leaving our network.

Is it possible that these reports are the result of spoofed attacks on those people? We get hit by various trolls fairly often and from what our IT team has told me the examples listed in the database above should be trivial to spoof, as they seemingly never actually complete the handshake to prove that they're from our IP.
I'm not that familiar with the intricacies of how the network protocols work so I apologize if the wording isn't spot on, but that's what I gathered from talking to them at least. If you guys could have a look at whether or not those reports in the database hold up to scrutiny that would be greatly appreciated.

Edited by AdvancedSetup
Corrected font issue
Link to post
Share on other sites
  • 3 weeks later...
Techno_Tod

Techno_Tod

Posted
Posted

As a MB Pro customer, and a member of the E621 community, as well as someone in IT, can the MB team please confirm the veracity of these reports.

To the E621 staff member though: can you please follow the cardinal rule of security: if you hear of a breach, raise the alarm. I had to dig into this incident and explain this to my own community members what was going on, and I have seen nothing of you actually getting out in front of this so that your users can make an informed decision engaging your site, or at the very least harden their own security, or even do *any* kind of damage control. This looks like E621 cares more about their reputation than their users actual safety. At the very least this looks extremely unprofessional and puts you in with the likes of early pandemic Zoom in my trust levels now @NotMeNotYou

Link to post
Share on other sites
NotMeNotYou

NotMeNotYou

Posted
  • Author
Posted

We have made a news post on the site on the 30th of August explaining the situation. That news is part of a banner that will persist until it is manually dismissed by the user, whether they're logged in or browsing the site anonymously, on all pages but the landing page.

We don't do giant popups or obnoxious banners, though, so it is possible that people may miss a news update simply because we aren't trying to grab people's attention at any cost.

Link to post
Share on other sites
Techno_Tod

Techno_Tod

Posted
Posted

The issue is that when your site is the one flagged as being compromised, putting up a notification on that believed to be compromised site does nothing for the users who have stopped going to it out of precaution, and why many offer updates like this mirrored on something like your website Twitter account that hasn't had a post sense October of 21.

The issue still at hand is that you undeniably have a vested interest in this not being an issue, so with the best of intentions trying to reassure users that it's a false positive, it really does mean nothing until there's evidence that can be verified by a trustworthy third party that either the issue really was a false positive, or that the issue was identified and resolved with concrete steps.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.