Gnosyz (Classic edition) ☮ 🇪🇺
Follow

Please, everyone, check virus database and control that your instances are not in there, because seems SOMEONE is adding mastodon and Fediverse instances into a black list of virus database - first for me it was mastodon.social, today it reacted onto mastodon.online and stereophonic.space

· · 7 · 25 · 9
Gnosyz (Classic edition) ☮ 🇪🇺

cc @drq @stux @inexcode @a1ba Would be thankful for spreading this

0
Александр
@ZySoua Which lists?
1
Gnosyz (Classic edition) ☮ 🇪🇺

@shuro IIRC (Please, correct me if I am wrong) There are databases for viruses that anti-virus software use to check on and see if there is anything new added. People themselves contribute to databases also. I use Malwarebytes and now it has been 3 times already that it reacted onto Mastodon instances. @stux did say that there was a false positive in his instance case. I didn't exactly ask what databases he checked

1
Александр
@ZySoua @stux I see. It is PITA to monitor these detections because many of these lists are closed and there isn't clear procedure to check and request removal.

Some of these detections are false, some can be warranted - sometimes malware can really be present, e.g. some file attached to the post or even web server infected.
1
sтυx💙💛

@shuro @ZySoua This happened to us also. Currently Hetzner and spamhaus are checking for malware but that doesn’t make sense..

0
sтυx💙💛

@ZySoua I have an idea who this might be if a person is responsible :sad_dog:

0
sтυx💙💛

@ZySoua CC @Gargron Can this be a reason for that issue maybe?

0
Eugen

@ZySoua I think it's automated... Here's what I think happens: Malware author uses Mastodon account for C&C. Malware analytics service runs malware and tracks which connections it makes, publishes public report. Mastodon domain / IP is in list of connections, gets picked up by Spamhaus.

1
Gnosyz (Classic edition) ☮ 🇪🇺

@Gargron You still should be aware. This is now started happening more often

1
Eugen

@ZySoua I'm just commenting on the "someone" bit. I'm very aware and it's very annoying and as another commenter said it's not very transparent what can be done about this.

1
Gnosyz (Classic edition) ☮ 🇪🇺

@Gargron I wrote "someone" because I have enough suspicions that by now Fediverse has stepped on some major toes already. No specific people, but you get a general idea. Human factor never should be also dismissed. But IT people should know better. Thank you for taking notice

0
Ho-Ho-Hyolobrika
@ZySoua One solution to this is to use obscure instances. Decentralisation is (almost) always the answer.
0
Ho-Ho-Hyolobrika
@ZySoua I think @newt should probably know about this.
1
:suya:
@Hyolobrika @ZySoua haha yeah. But we weren’t added as a fedi instance. We got a listed IP after a server migration.

I notified malwarebytes and they promised to take another look. Haven’t heard from them ever since tho :comfyderp:
1
:suya:
@Hyolobrika @ZySoua more precisely, there is no someone adding fedi instances. At least, I'm not aware of this.

Malware databases are often poorly maintained and they rarely follow up on sites they listed. So, you could totally end up with a blacklisted IP address when you buy a VPS. Shit happens.

The moral of the story is, don't use antiviruses. They suck a bag of dicks anyway and are a malware in and of themselves :comfygeek:
1
Gnosyz (Classic edition) ☮ 🇪🇺

@newt @Hyolobrika let’s agree to disagree on that last part. Otherwise, hope this whole shit clears up

0
Sign in to participate in the conversation
Mastodon.ml

Русская нода социальной сети "Мастодонт", части Fediverse - всемирной федерации социальных сетей. Зона общения, свободная от рекламы и шпионажа, теперь и в России.

Trending now

Resources

Developers

What is Mastodon?

mastodon.ml

More…

v3.5.2 · Privacy policy