[Website] Security alert from Avast

PoignardAzur
Member
 
Posts: 30
Joined: Fri Jun 19, 2015 17:23

[Website] Security alert from Avast

by PoignardAzur » Mon Aug 31, 2015 22:29

I'm on Windows 7 and I use the Avast antivirus software. My main browser is firefox, but I seem to have the same problems with chrome.

Whenever I open minetest.net (but not forum.minetest.net), Avast pops-up, makes an alert sound, tells me "A menace has been detected", and vaguely explains that the problem comes from http://amun.inchra.net/piwik.js.

I've searched about that problem a bit, thinking that maybe the problem was related to the site using some sort of malicious add software or something, and I found a (french) article by a guy whose site had a similar problem.

Basically, what he says is that Avast doesn't like when a website W1 (here, minetest.net) calls a script hosted on a site W2 (here, inchra.net).

I didn't exactly understand the solution he proposed, but it boils down to "The script should be hosted externally, and each site should have a subdomain pointing to the script (ex : stats.minetest.net, stats.inchra.net)".

HOWEVER ; I'm not sure the problem is the same : I also get an alert pop-up when opening inchra.net. It could be that the adress points to an IRC server, though.

Anyway, it seems like a pretty serious issue for me, since it would probably scare Avast users away from minetest.net, and even if it doesn't, it kind of casts an unprofessional image on the project. Hope it gets fixed soon !
 

est31
Developer
 
Posts: 173
Joined: Mon Dec 29, 2014 01:49

Re: [Website] Security alert from Avast

by est31 » Tue Sep 01, 2015 14:31

We have an updated website, and use inchra-stats.minetest.net as the subdomain, so it shouldn't happen now. Can you confirm this still happens when you try it?
 

PoignardAzur
Member
 
Posts: 30
Joined: Fri Jun 19, 2015 17:23

Re: [Website] Security alert from Avast

by PoignardAzur » Tue Sep 01, 2015 18:18

Nope, still got the same warning message :(

It the script still hosted on amun.inchra.net ?
 

User avatar
rubenwardy
Moderator
 
Posts: 5790
Joined: Tue Jun 12, 2012 18:11
Location: United Kingdom
GitHub: rubenwardy
IRC: rubenwardy
In-game: rubenwardy

Re: [Website] Security alert from Avast

by rubenwardy » Tue Sep 01, 2015 18:25

no, it's on stats-inchra.minetest.net

Try ctrl+f5 or ctrl+shift+r?

Is the scaning done from avast? It may take time to rescan.
 

PoignardAzur
Member
 
Posts: 30
Joined: Fri Jun 19, 2015 17:23

Re: [Website] Security alert from Avast

by PoignardAzur » Tue Sep 01, 2015 18:36

ctrl+f5 makes avast complain again. I'll try again tomorrow.
 

User avatar
srifqi
Member
 
Posts: 556
Joined: Sat Jun 28, 2014 04:31
Location: Indonesia
GitHub: srifqi
IRC: srifqi
In-game: srifqi

Re: [Website] Security alert from Avast

by srifqi » Tue Sep 01, 2015 21:07

It still happens to me too.

Image
Attachments
avast!-201509020401;ProteksiWeb;www.minetest.net-amun.inchra.net.PNG
(11.87 KiB) Not downloaded yet
I'm from Indonesia! Saya dari Indonesia!
Terjemahkan Minetest!
Mods by me. Modifikasi oleh saya.

Pronounce my nick as in: es-rifqi (IPA: /es rifˈki/)
 

PoignardAzur
Member
 
Posts: 30
Joined: Fri Jun 19, 2015 17:23
 

PoignardAzur
Member
 
Posts: 30
Joined: Fri Jun 19, 2015 17:23

Re: [Website] Security alert from Avast

by PoignardAzur » Thu Sep 10, 2015 16:26

Thread bump.

I'm a bit surprised this hasn't been fixed yet. "The game's website triggers an antivirus alert every time you open one of its pages" is kind of a big deal, and a good way to repel potential new players.
 

User avatar
rubenwardy
Moderator
 
Posts: 5790
Joined: Tue Jun 12, 2012 18:11
Location: United Kingdom
GitHub: rubenwardy
IRC: rubenwardy
In-game: rubenwardy

Re: [Website] Security alert from Avast

by rubenwardy » Thu Sep 10, 2015 19:19

We can't work out why this happens, it's not fetching from inchra.net anymore.

What are anti-viruses, again? ;)
 

PoignardAzur
Member
 
Posts: 30
Joined: Fri Jun 19, 2015 17:23

Re: [Website] Security alert from Avast

by PoignardAzur » Fri Sep 11, 2015 14:46

rubenwardy wrote:We can't work out why this happens, it's not fetching from inchra.net anymore.

This may be a dumb question, but have you made a computer search for the strings "inchra", "inchra.net", "amun", "piwik.js", etc... in the website's files ? You might have forgot to remove a call somewhere.
 

User avatar
BrandonReese
Member
 
Posts: 839
Joined: Wed Sep 12, 2012 00:44
Location: USA
GitHub: bremaweb
IRC: BrandonReese
In-game: BrandonReese

Re: [Website] Security alert from Avast

by BrandonReese » Fri Sep 11, 2015 17:51

inchra-stats.minetest.net is a CNAME of stats.inchra.net. Do you think Avast is looking that far into DNS?
 

User avatar
Ben
Member
 
Posts: 160
Joined: Tue Mar 31, 2015 20:09

Re: [Website] Security alert from Avast

by Ben » Fri Sep 11, 2015 19:37

PoignardAzur wrote:Basically, what he says is that Avast doesn't like when a website W1 (here, minetest.net) calls a script hosted on a site W2 (here, inchra.net).


Websites include scripts from other websites all the time (jQuery via CDN, basically all ads ever, the list goes on). My guess: something in the piwik.js file is trying to violate the same-origin policy of the browser. Normally, browsers catch that themselves, but maybe the anti-virus program in question is trying to be extra helpful?

Anyway, here's what I found on Piwik and same-origin policy: How do I configure my Piwik server to allow cross domain requests? (CORS) (piwik.org).
 

User avatar
BrandonReese
Member
 
Posts: 839
Joined: Wed Sep 12, 2012 00:44
Location: USA
GitHub: bremaweb
IRC: BrandonReese
In-game: BrandonReese

Re: [Website] Security alert from Avast

by BrandonReese » Fri Sep 11, 2015 20:46

Ben wrote:
PoignardAzur wrote:Basically, what he says is that Avast doesn't like when a website W1 (here, minetest.net) calls a script hosted on a site W2 (here, inchra.net).


Websites include scripts from other websites all the time (jQuery via CDN, basically all ads ever, the list goes on). My guess: something in the piwik.js file is trying to violate the same-origin policy of the browser. Normally, browsers catch that themselves, but maybe the anti-virus program in question is trying to be extra helpful?

Anyway, here's what I found on Piwik and same-origin policy: How do I configure my Piwik server to allow cross domain requests? (CORS) (piwik.org).


It's not a cross domain AJAX call or anything like that so same-origin isn't violated. piwik doesn't make an AJAX calls anyway, it requests an image.

My Avast is reporting downloading it from amun.inchra.net since that is the A record the other sub domains are pointing to. It blocks inchra.net altogether. I reported it as a false positive. Don't know if that will help in the end.
 

User avatar
xeranas
Member
 
Posts: 155
Joined: Fri Feb 05, 2016 11:06

Re: [Website] Security alert from Avast

by xeranas » Fri Feb 05, 2016 11:52

rubenwardy wrote:no, it's on stats-inchra.minetest.net

Try ctrl+f5 or ctrl+shift+r?

Is the scaning done from avast? It may take time to rescan.

Did you tried ping?
Code: Select all
ping inchra-stats.minetest.net

Pinging amun.inchra.net [45.56.104.202] with 32 bytes of data:
Reply from 45.56.104.202: bytes=32 time=123ms TTL=54
Reply from 45.56.104.202: bytes=32 time=123ms TTL=54

See, inchra-stats.minetest.net points to amun.inchra.net.

Issue still exist. I get warning from Avast. Looks really bad to see such warning for open source project. If I were you I would consider to replace piwik with something who does not have such issues or just drop tracker entirely until decent replacement will be found.
 

User avatar
srifqi
Member
 
Posts: 556
Joined: Sat Jun 28, 2014 04:31
Location: Indonesia
GitHub: srifqi
IRC: srifqi
In-game: srifqi

Re: [Website] Security alert from Avast

by srifqi » Mon Feb 08, 2016 08:31

How if we have independent analytic site?
I'm from Indonesia! Saya dari Indonesia!
Terjemahkan Minetest!
Mods by me. Modifikasi oleh saya.

Pronounce my nick as in: es-rifqi (IPA: /es rifˈki/)
 

User avatar
Minetestforfun
Member
 
Posts: 936
Joined: Tue Aug 05, 2014 14:09
Location: On earth
GitHub: Darcidride
IRC: Darcidride + MinetestForFun
In-game: Darcidride + MinetestForFun

Re: [Website] Security alert from Avast

by Minetestforfun » Mon Feb 08, 2016 12:36

Hi,

Apache2/nginx well configured (SSL/TLS, Let's encrypt, etc...) + redirect http->https links to piwik login screen = no more alerts from Avast
 

User avatar
ShadowNinja
Developer
 
Posts: 199
Joined: Tue Jan 22, 2013 22:35
GitHub: ShadowNinja
IRC: ShadowNinja
In-game: ShadowNinja

Re: [Website] Security alert from Avast

by ShadowNinja » Fri Feb 12, 2016 05:59

srifqui/PoignardAzur: Is this still an issue? Has BrandonRese's false-positive report fixed it? If it's still an issue, please also report it as a false positive, and I'll try to get it fixed.
The best way to contact me is usually IRC (InchraNet, freenode).
 

User avatar
addi
Member
 
Posts: 658
Joined: Thu Sep 20, 2012 03:16
Location: Black-Forest, Germany
GitHub: adrido

Re: [Website] Security alert from Avast

by addi » Fri Feb 12, 2016 07:32

Its not a false positive!

Tracking is a serious problem but the good thing is there exists Software like Avast that blocks such crap.
If I wouldn't use an Adblocker this would be also blocked by Avast on my PC.

No, its not fixed.
 

User avatar
TailsTheFoxDoes MT
Member
 
Posts: 415
Joined: Mon Jan 18, 2016 20:50
Location: Mobius
In-game: TailsTheFox

Re: [Website] Security alert from Avast

by TailsTheFoxDoes MT » Fri Feb 12, 2016 07:50

I have AVG Zen and it never does this?
Or is this an old problem?
I have Opera as my main browser.
I had a problem which may seem unrelated but is, so it basically started saying my Rookit files had a virus, but what actually happened was that a virus was spreading and making AVG delete my system files, but, i had to set my computer back to factory specifications. So yeah it may be that it is some kind of virus that may make you have to set it back to factory specifications, but, warning, this deletes minetest,blender, and all those other programs including your browser, but i think a virus has infected your browser(s).
I'm the TailsTMM of minetest, in other words, i rock.
BRAAAAAZZZZAAAA!!!!!!!!!!!!!!!!!!!!!!!!!!!
BTW it means TailsTheMeseMinecart, but that isn't my name, it's just a way of saying that i basically do the same thing Dantdm does but i do it with minetest And you problably can't see the invisible ink.
My mods:
My first mod:tails_boss

Mob_pack now has voice acting! Do you want YOUR VOICE included? Look in my posts for the thread!
 

User avatar
rubenwardy
Moderator
 
Posts: 5790
Joined: Tue Jun 12, 2012 18:11
Location: United Kingdom
GitHub: rubenwardy
IRC: rubenwardy
In-game: rubenwardy

Re: [Website] Security alert from Avast

by rubenwardy » Fri Feb 12, 2016 18:59

addi wrote:Its not a false positive!

Tracking is a serious problem but the good thing is there exists Software like Avast that blocks such crap.
If I wouldn't use an Adblocker this would be also blocked by Avast on my PC.

No, its not fixed.


This is not tracking in the sense that everyone hates - the tracking that is used to make ads. All this tracking does is record the pages you go to, and what your OS etc is. Most of this info would be in the servers logs anyway.

The thing that Avast doesn't like is how the piwik backend is on another Web domain, so could have been injected by a man in the middle attacker.
 

User avatar
DI3HARD139
Member
 
Posts: 154
Joined: Sat Oct 18, 2014 21:04
GitHub: DI3HARD139
IRC: DI3HARD139
In-game: DI3HARD139 DI3HARD139_

Re: [Website] Security alert from Avast

by DI3HARD139 » Tue Mar 15, 2016 05:35

I get the same exact warning. Avast follows the URL when scanning so it likely is digging deep to the host. I just added http://amun.inchra.net/* and http://irc.inchra.net/* to my Global URL Exception list to shut it up. Seems to be that anything with "Inchra" throws the warning. I used to have issues connecting to VanessaE's servers as it kept stopping the transfer of the data.
 

User avatar
ShadowNinja
Developer
 
Posts: 199
Joined: Tue Jan 22, 2013 22:35
GitHub: ShadowNinja
IRC: ShadowNinja
In-game: ShadowNinja

Re: [Website] Security alert from Avast

by ShadowNinja » Tue Mar 15, 2016 06:32

DI3HARD139 wrote:I get the same exact warning...

I've made some changes to the stats setup (uses stats.minetest.net, which has direct A and AAAA records to the server), and now Avast shouldn't have any idea that minetest.net has anything to do with anything InchraNet. Are you sure that you're still getting the warning without the exception?
The best way to contact me is usually IRC (InchraNet, freenode).
 

User avatar
DI3HARD139
Member
 
Posts: 154
Joined: Sat Oct 18, 2014 21:04
GitHub: DI3HARD139
IRC: DI3HARD139
In-game: DI3HARD139 DI3HARD139_
 

User avatar
DI3HARD139
Member
 
Posts: 154
Joined: Sat Oct 18, 2014 21:04
GitHub: DI3HARD139
IRC: DI3HARD139
In-game: DI3HARD139 DI3HARD139_
 

User avatar
srifqi
Member
 
Posts: 556
Joined: Sat Jun 28, 2014 04:31
Location: Indonesia
GitHub: srifqi
IRC: srifqi
In-game: srifqi

Re: [Website] Security alert from Avast

by srifqi » Sat Mar 19, 2016 13:23

No warning for me too.
I'm from Indonesia! Saya dari Indonesia!
Terjemahkan Minetest!
Mods by me. Modifikasi oleh saya.

Pronounce my nick as in: es-rifqi (IPA: /es rifˈki/)
 


Return to Problems



Who is online

Users browsing this forum: No registered users and 2 guests