|
|
| Author |
Message |
| Rogerborg |
This post is not being displayed .
|
Rogerborg
nimbA
Joined: 26 Oct 2010
Karma :  
|
 Posted: 13:42 - 15 Jan 2013  Post subject: Sophos Web Protection bawwwing about my web site |
 |
|
Any of you chaps into bondage security?
Sophos Web Protection is reportedly spitting its dummy over images hosted on:
https://rogerborg.dnsd.me
The squawk is about "mal/HTMLgen-a". Top Google hit is (of course) "False positive mal/HTMLgen-a - SophosTalk community". I've had a moan in there, but any suggestions would be welcome.
| Sophos cagily wrote: | Mal/HTMLGen-A is the threat name associated with web pages that have been classified as malicious by SophosLabs.
Web pages blocked by Sophos products as Mal/HTMLGen-A are likely to be used in an infection chain used to infect users with malware. |
So, not actually infected, it just looks dodgy for some unspecified reason.
1) It's a free dynamic sub-domain got via dnsdynamic.org
2) It's hosted on my Raspberry Pi running Debian and lighttpd (along with other dodgy sites like YouTube and Wikipedia). At the moment, that's exposed in its raw nekkidness to the intardtubes because of reasons, but there's not much going on there (nmap away). I had a squid proxy briefly exposed, but that should be tucked away now.
3) There's a robots.txt that denies all.
4) There's nothing there but images (for forum linkage, not those sort), plus a bare index.html with one <img> tag.
Actually, https://validator.w3.org/ is grumping about " A fatal error occurred when attempting to decode response body from https://rogerborg.dnsd.me/index.html. Either we do not support the content encoding specified ("bzip2"), or an error occurred while decoding it.
The error was: Don't know how to decode Content-Encoding 'bzip2' "
Bzip2? 
I've moved the robots.txt aside for now and ensured that only port 22 is exposed. Anyone got any ideas what else I can try?
____________________
Biking is 1/20th as dangerous as horse riding.
GONE: HN125-8, LF-250B, GPz 305, GPZ 500S, Burgman 400 // RIDING: F650GS (800 twin), Royal Enfield Bullet Electra 500 AVL, Ninja 250R because racebike |
|
| Back to top |
  |
You must be logged in to rate posts |
|
 |
| P. |
This post is not being displayed .
|
P.
Red Rocket
Joined: 14 Feb 2008
Karma :
|
Posted: 15:22 - 15 Jan 2013  Post subject: |
|
|
Sophos died a death last year and starting giving out false positives.
My Sophos here isn't complaining  |
|
| Back to top |
 |
You must be logged in to rate posts |
|
|
| jeddy11 |
This post is not being displayed .
|
jeddy11
Traffic Copper
Joined: 06 Jul 2012
Karma : 
|
| Posted: 15:27 - 15 Jan 2013 Post subject: |
|
|
You can come and suck my sophos you big gay bear 
____________________
Fuelly My Z1000SX
cbt 06/08/11 mod1 (second go) 01/08/12 mod2 21/09/12
Varadero Viking YBR125>Varadero125>ER6F>Z1000SX !!! |
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Rogerborg |
This post is not being displayed .
|
Rogerborg
nimbA
Joined: 26 Oct 2010
Karma :
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Spudly |
This post is not being displayed .
|
Spudly
World Chat Champion
Joined: 04 Apr 2012
Karma :
|
| Posted: 19:03 - 15 Jan 2013 Post subject: |
|
|
You enabled server side compression mebbe?
____________________
The Old Apprentice |
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Rogerborg |
This post is not being displayed .
|
Rogerborg
nimbA
Joined: 26 Oct 2010
Karma :
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Jayy |
This post is not being displayed .
|
Jayy
Mr. Ponzi
Joined: 08 Jun 2009
Karma : 
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
|
| Rogerborg |
This post is not being displayed .
|
Rogerborg
nimbA
Joined: 26 Oct 2010
Karma :
|
|
| Back to top |
| |
You must be logged in to rate posts |
|
 |
Old Thread Alert!
The last post was made 12 years, 107 days ago. Instead of replying here, would creating a new thread be more useful? |
 |
|
|
Help & FAQs
Search BCF
Members
Groups
Events Calendar
rating
rating