Jump to content

False Positive - Website blocked due to trojan


Mike-n

Recommended Posts

Hello,

We have received a report from a user that our website is being blocked by malwarebytes and flagged as Malicious. (See Screenshot)

  • IP address = 76.76.21.21 (Vercel Shared Hosting)
  • Hostname/URL = hxxps://linearb.io

    Thanks for your attention to this
    image(9).png.b8896db81bccc8fc21e3c00163ef40ba.png


 

Link to post
Share on other sites

  • Staff
40 minutes ago, Mike-n said:

Hello,

We have received a report from a user that our website is being blocked by malwarebytes and flagged as Malicious. (See Screenshot)

  • IP address = 76.76.21.21 (Vercel Shared Hosting)
  • Hostname/URL = hxxps://linearb.io

    Thanks for your attention to this
    image(9).png.b8896db81bccc8fc21e3c00163ef40ba.png


 

Hello- This data indicates potential Gootloader threat, servers need to be scanned and hosts informed to check into incoming attacks: VirusTotal - Domain - linearb.io

image.png.428adaeff1529d592fbb068211414dde.png

Link to post
Share on other sites

  • 3 weeks later...

Thanks @TeMerc.

I have forwarded this information on to our hosting provider, And this is their response:

"Additionally, I was also reviewing the recommended actions ("servers need to be scanned and hosts informed to check into incoming attacks") and, unfortunately, this action just doesn't quite apply as we maintain a global CDN and not a traditional "hosted server". This is the reason we provide the various industry recognized certifications via our Security Portal that I referenced before because in order to maintain these certifications, Vercel must undergo and pass several 3rd party evaluations periodically. "

I linked the Security Portal they referenced which has additional information about the 3rd party evaluations. It sounds like due to their distributed architecture this is all they are able to provide. I reviewed Virus Total link you shared, and it indicates there is a external file that has been found referencing our domain. My understanding is that this is not coming from our "Server" and therefore I'm not sure how much control we have over this.

We had seen some other false positives related to bad neighbours on our shared IP, but we are upgrading to get a more isolated/dedicated IP address and hoping this clears up some of the issues with IP reputation.

Please let me know what else can be done to get this cleared, as we have had another user report the site is being blocked by Malwarebytes.

Thanks

Mike

Link to post
Share on other sites

  • Staff
13 minutes ago, Mike-n said:

Thanks @TeMerc.

I have forwarded this information on to our hosting provider, And this is their response:

"Additionally, I was also reviewing the recommended actions ("servers need to be scanned and hosts informed to check into incoming attacks") and, unfortunately, this action just doesn't quite apply as we maintain a global CDN and not a traditional "hosted server". This is the reason we provide the various industry recognized certifications via our Security Portal that I referenced before because in order to maintain these certifications, Vercel must undergo and pass several 3rd party evaluations periodically. "

I linked the Security Portal they referenced which has additional information about the 3rd party evaluations. It sounds like due to their distributed architecture this is all they are able to provide. I reviewed Virus Total link you shared, and it indicates there is a external file that has been found referencing our domain. My understanding is that this is not coming from our "Server" and therefore I'm not sure how much control we have over this.

We had seen some other false positives related to bad neighbours on our shared IP, but we are upgrading to get a more isolated/dedicated IP address and hoping this clears up some of the issues with IP reputation.

Please let me know what else can be done to get this cleared, as we have had another user report the site is being blocked by Malwarebytes.

Thanks

Mike

Thanks for the additional info, we've disabled the block, this should be reflected in the next hour or two. Thanks for your patience.

Link to post
Share on other sites

  • TeMerc locked this topic
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.