[Website] Security alert from Avast

Post Reply
PoignardAzur
Member
Posts: 30
Joined: Fri Jun 19, 2015 17:23

[Website] Security alert from Avast

by PoignardAzur » Post

I'm on Windows 7 and I use the Avast antivirus software. My main browser is firefox, but I seem to have the same problems with chrome.

Whenever I open minetest.net (but not forum.minetest.net), Avast pops-up, makes an alert sound, tells me "A menace has been detected", and vaguely explains that the problem comes from http://amun.inchra.net/piwik.js.

I've searched about that problem a bit, thinking that maybe the problem was related to the site using some sort of malicious add software or something, and I found a (french) article by a guy whose site had a similar problem.

Basically, what he says is that Avast doesn't like when a website W1 (here, minetest.net) calls a script hosted on a site W2 (here, inchra.net).

I didn't exactly understand the solution he proposed, but it boils down to "The script should be hosted externally, and each site should have a subdomain pointing to the script (ex : stats.minetest.net, stats.inchra.net)".

HOWEVER ; I'm not sure the problem is the same : I also get an alert pop-up when opening inchra.net. It could be that the adress points to an IRC server, though.

Anyway, it seems like a pretty serious issue for me, since it would probably scare Avast users away from minetest.net, and even if it doesn't, it kind of casts an unprofessional image on the project. Hope it gets fixed soon !

est31
Developer
Posts: 173
Joined: Mon Dec 29, 2014 01:49

Re: [Website] Security alert from Avast

by est31 » Post

We have an updated website, and use inchra-stats.minetest.net as the subdomain, so it shouldn't happen now. Can you confirm this still happens when you try it?

PoignardAzur
Member
Posts: 30
Joined: Fri Jun 19, 2015 17:23

Re: [Website] Security alert from Avast

by PoignardAzur » Post

Nope, still got the same warning message :(

It the script still hosted on amun.inchra.net ?

User avatar
rubenwardy
Moderator
Posts: 6194
Joined: Tue Jun 12, 2012 18:11
GitHub: rubenwardy
IRC: rubenwardy
In-game: rubenwardy
Location: United Kingdom
Contact:

Re: [Website] Security alert from Avast

by rubenwardy » Post

no, it's on stats-inchra.minetest.net

Try ctrl+f5 or ctrl+shift+r?

Is the scaning done from avast? It may take time to rescan.

PoignardAzur
Member
Posts: 30
Joined: Fri Jun 19, 2015 17:23

Re: [Website] Security alert from Avast

by PoignardAzur » Post

ctrl+f5 makes avast complain again. I'll try again tomorrow.

User avatar
srifqi
Member
Posts: 557
Joined: Sat Jun 28, 2014 04:31
GitHub: srifqi
IRC: srifqi
In-game: srifqi
Location: Indonesia

Re: [Website] Security alert from Avast

by srifqi » Post

It still happens to me too.

Image
Attachments
avast!-201509020401;ProteksiWeb;www.minetest.net-amun.inchra.net.PNG
(11.87 KiB) Not downloaded yet
Saya dari Indonesia! · Terjemahkan Minetest! · my mods · My nickname in IPA: /es.rif.qi/

PoignardAzur
Member
Posts: 30
Joined: Fri Jun 19, 2015 17:23

Re: [Website] Security alert from Avast

by PoignardAzur » Post

Nope, still there.

PoignardAzur
Member
Posts: 30
Joined: Fri Jun 19, 2015 17:23

Re: [Website] Security alert from Avast

by PoignardAzur » Post

Thread bump.

I'm a bit surprised this hasn't been fixed yet. "The game's website triggers an antivirus alert every time you open one of its pages" is kind of a big deal, and a good way to repel potential new players.

User avatar
rubenwardy
Moderator
Posts: 6194
Joined: Tue Jun 12, 2012 18:11
GitHub: rubenwardy
IRC: rubenwardy
In-game: rubenwardy
Location: United Kingdom
Contact:

Re: [Website] Security alert from Avast

by rubenwardy » Post

We can't work out why this happens, it's not fetching from inchra.net anymore.

What are anti-viruses, again? ;)

PoignardAzur
Member
Posts: 30
Joined: Fri Jun 19, 2015 17:23

Re: [Website] Security alert from Avast

by PoignardAzur » Post

rubenwardy wrote:We can't work out why this happens, it's not fetching from inchra.net anymore.
This may be a dumb question, but have you made a computer search for the strings "inchra", "inchra.net", "amun", "piwik.js", etc... in the website's files ? You might have forgot to remove a call somewhere.

User avatar
BrandonReese
Member
Posts: 839
Joined: Wed Sep 12, 2012 00:44
GitHub: bremaweb
IRC: BrandonReese
In-game: BrandonReese
Location: USA

Re: [Website] Security alert from Avast

by BrandonReese » Post

inchra-stats.minetest.net is a CNAME of stats.inchra.net. Do you think Avast is looking that far into DNS?

User avatar
Ben
Member
Posts: 160
Joined: Tue Mar 31, 2015 20:09

Re: [Website] Security alert from Avast

by Ben » Post

PoignardAzur wrote:Basically, what he says is that Avast doesn't like when a website W1 (here, minetest.net) calls a script hosted on a site W2 (here, inchra.net).
Websites include scripts from other websites all the time (jQuery via CDN, basically all ads ever, the list goes on). My guess: something in the piwik.js file is trying to violate the same-origin policy of the browser. Normally, browsers catch that themselves, but maybe the anti-virus program in question is trying to be extra helpful?

Anyway, here's what I found on Piwik and same-origin policy: How do I configure my Piwik server to allow cross domain requests? (CORS) (piwik.org).

User avatar
BrandonReese
Member
Posts: 839
Joined: Wed Sep 12, 2012 00:44
GitHub: bremaweb
IRC: BrandonReese
In-game: BrandonReese
Location: USA

Re: [Website] Security alert from Avast

by BrandonReese » Post

Ben wrote:
PoignardAzur wrote:Basically, what he says is that Avast doesn't like when a website W1 (here, minetest.net) calls a script hosted on a site W2 (here, inchra.net).
Websites include scripts from other websites all the time (jQuery via CDN, basically all ads ever, the list goes on). My guess: something in the piwik.js file is trying to violate the same-origin policy of the browser. Normally, browsers catch that themselves, but maybe the anti-virus program in question is trying to be extra helpful?

Anyway, here's what I found on Piwik and same-origin policy: How do I configure my Piwik server to allow cross domain requests? (CORS) (piwik.org).
It's not a cross domain AJAX call or anything like that so same-origin isn't violated. piwik doesn't make an AJAX calls anyway, it requests an image.

My Avast is reporting downloading it from amun.inchra.net since that is the A record the other sub domains are pointing to. It blocks inchra.net altogether. I reported it as a false positive. Don't know if that will help in the end.

User avatar
xeranas
Member
Posts: 162
Joined: Fri Feb 05, 2016 11:06

Re: [Website] Security alert from Avast

by xeranas » Post

rubenwardy wrote:no, it's on stats-inchra.minetest.net

Try ctrl+f5 or ctrl+shift+r?

Is the scaning done from avast? It may take time to rescan.
Did you tried ping?

Code: Select all

ping inchra-stats.minetest.net

Pinging amun.inchra.net [45.56.104.202] with 32 bytes of data:
Reply from 45.56.104.202: bytes=32 time=123ms TTL=54
Reply from 45.56.104.202: bytes=32 time=123ms TTL=54
See, inchra-stats.minetest.net points to amun.inchra.net.

Issue still exist. I get warning from Avast. Looks really bad to see such warning for open source project. If I were you I would consider to replace piwik with something who does not have such issues or just drop tracker entirely until decent replacement will be found.

User avatar
srifqi
Member
Posts: 557
Joined: Sat Jun 28, 2014 04:31
GitHub: srifqi
IRC: srifqi
In-game: srifqi
Location: Indonesia

Re: [Website] Security alert from Avast

by srifqi » Post

How if we have independent analytic site?
Saya dari Indonesia! · Terjemahkan Minetest! · my mods · My nickname in IPA: /es.rif.qi/

User avatar
Minetestforfun
Member
Posts: 936
Joined: Tue Aug 05, 2014 14:09
GitHub: Darcidride
IRC: Darcidride + MinetestForFun
In-game: Darcidride + MinetestForFun
Location: On earth
Contact:

Re: [Website] Security alert from Avast

by Minetestforfun » Post

Hi,

Apache2/nginx well configured (SSL/TLS, Let's encrypt, etc...) + redirect http->https links to piwik login screen = no more alerts from Avast

User avatar
ShadowNinja
Developer
Posts: 199
Joined: Tue Jan 22, 2013 22:35
GitHub: ShadowNinja
IRC: ShadowNinja
In-game: ShadowNinja

Re: [Website] Security alert from Avast

by ShadowNinja » Post

srifqui/PoignardAzur: Is this still an issue? Has BrandonRese's false-positive report fixed it? If it's still an issue, please also report it as a false positive, and I'll try to get it fixed.

User avatar
addi
Member
Posts: 664
Joined: Thu Sep 20, 2012 03:16
GitHub: adrido
Location: Black-Forest, Germany

Re: [Website] Security alert from Avast

by addi » Post

Its not a false positive!

Tracking is a serious problem but the good thing is there exists Software like Avast that blocks such crap.
If I wouldn't use an Adblocker this would be also blocked by Avast on my PC.

No, its not fixed.

User avatar
TailsTheFoxDoes MT
Member
Posts: 415
Joined: Mon Jan 18, 2016 20:50
In-game: TailsTheFox
Location: Mobius

Re: [Website] Security alert from Avast

by TailsTheFoxDoes MT » Post

I have AVG Zen and it never does this?
Or is this an old problem?
I have Opera as my main browser.
I had a problem which may seem unrelated but is, so it basically started saying my Rookit files had a virus, but what actually happened was that a virus was spreading and making AVG delete my system files, but, i had to set my computer back to factory specifications. So yeah it may be that it is some kind of virus that may make you have to set it back to factory specifications, but, warning, this deletes minetest,blender, and all those other programs including your browser, but i think a virus has infected your browser(s).
I'm the TailsTMM of minetest, in other words, i rock.
BRAAAAAZZZZAAAA!!!!!!!!!!!!!!!!!!!!!!!!!!!
BTW it means TailsTheMeseMinecart, but that isn't my name, it's just a way of saying that i basically do the same thing Dantdm does but i do it with minetest And you problably can't see the invisible ink.
My mods:
My first mod:tails_boss

Mob_pack now has voice acting! Do you want YOUR VOICE included? Look in my posts for the thread!

User avatar
rubenwardy
Moderator
Posts: 6194
Joined: Tue Jun 12, 2012 18:11
GitHub: rubenwardy
IRC: rubenwardy
In-game: rubenwardy
Location: United Kingdom
Contact:

Re: [Website] Security alert from Avast

by rubenwardy » Post

addi wrote:Its not a false positive!

Tracking is a serious problem but the good thing is there exists Software like Avast that blocks such crap.
If I wouldn't use an Adblocker this would be also blocked by Avast on my PC.

No, its not fixed.
This is not tracking in the sense that everyone hates - the tracking that is used to make ads. All this tracking does is record the pages you go to, and what your OS etc is. Most of this info would be in the servers logs anyway.

The thing that Avast doesn't like is how the piwik backend is on another Web domain, so could have been injected by a man in the middle attacker.

User avatar
DI3HARD139
Member
Posts: 154
Joined: Sat Oct 18, 2014 21:04
GitHub: DI3HARD139
IRC: DI3HARD139
In-game: DI3HARD139 DI3HARD139_

Re: [Website] Security alert from Avast

by DI3HARD139 » Post

I get the same exact warning. Avast follows the URL when scanning so it likely is digging deep to the host. I just added http://amun.inchra.net/* and http://irc.inchra.net/* to my Global URL Exception list to shut it up. Seems to be that anything with "Inchra" throws the warning. I used to have issues connecting to VanessaE's servers as it kept stopping the transfer of the data.

User avatar
ShadowNinja
Developer
Posts: 199
Joined: Tue Jan 22, 2013 22:35
GitHub: ShadowNinja
IRC: ShadowNinja
In-game: ShadowNinja

Re: [Website] Security alert from Avast

by ShadowNinja » Post

DI3HARD139 wrote:I get the same exact warning...
I've made some changes to the stats setup (uses stats.minetest.net, which has direct A and AAAA records to the server), and now Avast shouldn't have any idea that minetest.net has anything to do with anything InchraNet. Are you sure that you're still getting the warning without the exception?

User avatar
DI3HARD139
Member
Posts: 154
Joined: Sat Oct 18, 2014 21:04
GitHub: DI3HARD139
IRC: DI3HARD139
In-game: DI3HARD139 DI3HARD139_

Re: [Website] Security alert from Avast

by DI3HARD139 » Post

Removing the exception and testing.

User avatar
DI3HARD139
Member
Posts: 154
Joined: Sat Oct 18, 2014 21:04
GitHub: DI3HARD139
IRC: DI3HARD139
In-game: DI3HARD139 DI3HARD139_

Re: [Website] Security alert from Avast

by DI3HARD139 » Post

It's no longer giving a warning now.

User avatar
srifqi
Member
Posts: 557
Joined: Sat Jun 28, 2014 04:31
GitHub: srifqi
IRC: srifqi
In-game: srifqi
Location: Indonesia

Re: [Website] Security alert from Avast

by srifqi » Post

No warning for me too.
Saya dari Indonesia! · Terjemahkan Minetest! · my mods · My nickname in IPA: /es.rif.qi/

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest