Follow

Please, everyone, check virus database and control that your instances are not in there, because seems SOMEONE is adding mastodon and Fediverse instances into a black list of virus database - first for me it was mastodon.social, today it reacted onto mastodon.online and stereophonic.space

@shuro IIRC (Please, correct me if I am wrong) There are databases for viruses that anti-virus software use to check on and see if there is anything new added. People themselves contribute to databases also. I use Malwarebytes and now it has been 3 times already that it reacted onto Mastodon instances. @stux did say that there was a false positive in his instance case. I didn't exactly ask what databases he checked

@ZySoua @stux I see. It is PITA to monitor these detections because many of these lists are closed and there isn't clear procedure to check and request removal.

Some of these detections are false, some can be warranted - sometimes malware can really be present, e.g. some file attached to the post or even web server infected.

@shuro @ZySoua This happened to us also. Currently Hetzner and spamhaus are checking for malware but that doesn’t make sense..

@ZySoua I have an idea who this might be if a person is responsible :sad_dog:

@ZySoua I think it's automated... Here's what I think happens: Malware author uses Mastodon account for C&C. Malware analytics service runs malware and tracks which connections it makes, publishes public report. Mastodon domain / IP is in list of connections, gets picked up by Spamhaus.

@Gargron You still should be aware. This is now started happening more often

@ZySoua I'm just commenting on the "someone" bit. I'm very aware and it's very annoying and as another commenter said it's not very transparent what can be done about this.

@Gargron I wrote "someone" because I have enough suspicions that by now Fediverse has stepped on some major toes already. No specific people, but you get a general idea. Human factor never should be also dismissed. But IT people should know better. Thank you for taking notice

@ZySoua One solution to this is to use obscure instances. Decentralisation is (almost) always the answer.
@Hyolobrika @ZySoua haha yeah. But we weren’t added as a fedi instance. We got a listed IP after a server migration.

I notified malwarebytes and they promised to take another look. Haven’t heard from them ever since tho :comfyderp:
@Hyolobrika @ZySoua more precisely, there is no someone adding fedi instances. At least, I'm not aware of this.

Malware databases are often poorly maintained and they rarely follow up on sites they listed. So, you could totally end up with a blacklisted IP address when you buy a VPS. Shit happens.

The moral of the story is, don't use antiviruses. They suck a bag of dicks anyway and are a malware in and of themselves :comfygeek:

@newt @Hyolobrika let’s agree to disagree on that last part. Otherwise, hope this whole shit clears up

Sign in to participate in the conversation
Mastodon.ml

Русская нода социальной сети "Мастодонт", части Fediverse - всемирной федерации социальных сетей. Зона общения, свободная от рекламы и шпионажа, теперь и в России.