[Website] Security alert from Avast
-
- Member
- Posts: 30
- Joined: Fri Jun 19, 2015 17:23
[Website] Security alert from Avast
I'm on Windows 7 and I use the Avast antivirus software. My main browser is firefox, but I seem to have the same problems with chrome.
Whenever I open minetest.net (but not forum.minetest.net), Avast pops-up, makes an alert sound, tells me "A menace has been detected", and vaguely explains that the problem comes from http://amun.inchra.net/piwik.js.
I've searched about that problem a bit, thinking that maybe the problem was related to the site using some sort of malicious add software or something, and I found a (french) article by a guy whose site had a similar problem.
Basically, what he says is that Avast doesn't like when a website W1 (here, minetest.net) calls a script hosted on a site W2 (here, inchra.net).
I didn't exactly understand the solution he proposed, but it boils down to "The script should be hosted externally, and each site should have a subdomain pointing to the script (ex : stats.minetest.net, stats.inchra.net)".
HOWEVER ; I'm not sure the problem is the same : I also get an alert pop-up when opening inchra.net. It could be that the adress points to an IRC server, though.
Anyway, it seems like a pretty serious issue for me, since it would probably scare Avast users away from minetest.net, and even if it doesn't, it kind of casts an unprofessional image on the project. Hope it gets fixed soon !
Whenever I open minetest.net (but not forum.minetest.net), Avast pops-up, makes an alert sound, tells me "A menace has been detected", and vaguely explains that the problem comes from http://amun.inchra.net/piwik.js.
I've searched about that problem a bit, thinking that maybe the problem was related to the site using some sort of malicious add software or something, and I found a (french) article by a guy whose site had a similar problem.
Basically, what he says is that Avast doesn't like when a website W1 (here, minetest.net) calls a script hosted on a site W2 (here, inchra.net).
I didn't exactly understand the solution he proposed, but it boils down to "The script should be hosted externally, and each site should have a subdomain pointing to the script (ex : stats.minetest.net, stats.inchra.net)".
HOWEVER ; I'm not sure the problem is the same : I also get an alert pop-up when opening inchra.net. It could be that the adress points to an IRC server, though.
Anyway, it seems like a pretty serious issue for me, since it would probably scare Avast users away from minetest.net, and even if it doesn't, it kind of casts an unprofessional image on the project. Hope it gets fixed soon !
Re: [Website] Security alert from Avast
We have an updated website, and use inchra-stats.minetest.net as the subdomain, so it shouldn't happen now. Can you confirm this still happens when you try it?
-
- Member
- Posts: 30
- Joined: Fri Jun 19, 2015 17:23
Re: [Website] Security alert from Avast
Nope, still got the same warning message :(
It the script still hosted on amun.inchra.net ?
It the script still hosted on amun.inchra.net ?
- rubenwardy
- Moderator
- Posts: 6978
- Joined: Tue Jun 12, 2012 18:11
- GitHub: rubenwardy
- IRC: rubenwardy
- In-game: rubenwardy
- Location: Bristol, United Kingdom
- Contact:
Re: [Website] Security alert from Avast
no, it's on stats-inchra.minetest.net
Try ctrl+f5 or ctrl+shift+r?
Is the scaning done from avast? It may take time to rescan.
Try ctrl+f5 or ctrl+shift+r?
Is the scaning done from avast? It may take time to rescan.
-
- Member
- Posts: 30
- Joined: Fri Jun 19, 2015 17:23
Re: [Website] Security alert from Avast
ctrl+f5 makes avast complain again. I'll try again tomorrow.
- srifqi
- Member
- Posts: 570
- Joined: Sat Jun 28, 2014 04:31
- GitHub: srifqi
- IRC: srifqi
- In-game: srifqi
- Location: Indonesia
Re: [Website] Security alert from Avast
It still happens to me too.
- Attachments
-
- avast!-201509020401;ProteksiWeb;www.minetest.net-amun.inchra.net.PNG (11.87 KiB) Viewed 1250 times
Saya dari Indonesia! · Terjemahkan Minetest! · my mods · My nickname in IPA: /es.rif.qi/
-
- Member
- Posts: 30
- Joined: Fri Jun 19, 2015 17:23
Re: [Website] Security alert from Avast
Nope, still there.
-
- Member
- Posts: 30
- Joined: Fri Jun 19, 2015 17:23
Re: [Website] Security alert from Avast
Thread bump.
I'm a bit surprised this hasn't been fixed yet. "The game's website triggers an antivirus alert every time you open one of its pages" is kind of a big deal, and a good way to repel potential new players.
I'm a bit surprised this hasn't been fixed yet. "The game's website triggers an antivirus alert every time you open one of its pages" is kind of a big deal, and a good way to repel potential new players.
- rubenwardy
- Moderator
- Posts: 6978
- Joined: Tue Jun 12, 2012 18:11
- GitHub: rubenwardy
- IRC: rubenwardy
- In-game: rubenwardy
- Location: Bristol, United Kingdom
- Contact:
Re: [Website] Security alert from Avast
We can't work out why this happens, it's not fetching from inchra.net anymore.
What are anti-viruses, again? ;)
What are anti-viruses, again? ;)
-
- Member
- Posts: 30
- Joined: Fri Jun 19, 2015 17:23
Re: [Website] Security alert from Avast
This may be a dumb question, but have you made a computer search for the strings "inchra", "inchra.net", "amun", "piwik.js", etc... in the website's files ? You might have forgot to remove a call somewhere.rubenwardy wrote:We can't work out why this happens, it's not fetching from inchra.net anymore.
- BrandonReese
- Member
- Posts: 839
- Joined: Wed Sep 12, 2012 00:44
- GitHub: bremaweb
- IRC: BrandonReese
- In-game: BrandonReese
- Location: USA
Re: [Website] Security alert from Avast
inchra-stats.minetest.net is a CNAME of stats.inchra.net. Do you think Avast is looking that far into DNS?
Re: [Website] Security alert from Avast
Websites include scripts from other websites all the time (jQuery via CDN, basically all ads ever, the list goes on). My guess: something in the piwik.js file is trying to violate the same-origin policy of the browser. Normally, browsers catch that themselves, but maybe the anti-virus program in question is trying to be extra helpful?PoignardAzur wrote:Basically, what he says is that Avast doesn't like when a website W1 (here, minetest.net) calls a script hosted on a site W2 (here, inchra.net).
Anyway, here's what I found on Piwik and same-origin policy: How do I configure my Piwik server to allow cross domain requests? (CORS) (piwik.org).
- BrandonReese
- Member
- Posts: 839
- Joined: Wed Sep 12, 2012 00:44
- GitHub: bremaweb
- IRC: BrandonReese
- In-game: BrandonReese
- Location: USA
Re: [Website] Security alert from Avast
It's not a cross domain AJAX call or anything like that so same-origin isn't violated. piwik doesn't make an AJAX calls anyway, it requests an image.Ben wrote:Websites include scripts from other websites all the time (jQuery via CDN, basically all ads ever, the list goes on). My guess: something in the piwik.js file is trying to violate the same-origin policy of the browser. Normally, browsers catch that themselves, but maybe the anti-virus program in question is trying to be extra helpful?PoignardAzur wrote:Basically, what he says is that Avast doesn't like when a website W1 (here, minetest.net) calls a script hosted on a site W2 (here, inchra.net).
Anyway, here's what I found on Piwik and same-origin policy: How do I configure my Piwik server to allow cross domain requests? (CORS) (piwik.org).
My Avast is reporting downloading it from amun.inchra.net since that is the A record the other sub domains are pointing to. It blocks inchra.net altogether. I reported it as a false positive. Don't know if that will help in the end.
Re: [Website] Security alert from Avast
Did you tried ping?rubenwardy wrote:no, it's on stats-inchra.minetest.net
Try ctrl+f5 or ctrl+shift+r?
Is the scaning done from avast? It may take time to rescan.
Code: Select all
ping inchra-stats.minetest.net
Pinging amun.inchra.net [45.56.104.202] with 32 bytes of data:
Reply from 45.56.104.202: bytes=32 time=123ms TTL=54
Reply from 45.56.104.202: bytes=32 time=123ms TTL=54
Issue still exist. I get warning from Avast. Looks really bad to see such warning for open source project. If I were you I would consider to replace piwik with something who does not have such issues or just drop tracker entirely until decent replacement will be found.
- srifqi
- Member
- Posts: 570
- Joined: Sat Jun 28, 2014 04:31
- GitHub: srifqi
- IRC: srifqi
- In-game: srifqi
- Location: Indonesia
Re: [Website] Security alert from Avast
How if we have independent analytic site?
Saya dari Indonesia! · Terjemahkan Minetest! · my mods · My nickname in IPA: /es.rif.qi/
-
- Member
- Posts: 940
- Joined: Tue Aug 05, 2014 14:09
- GitHub: MinetestForFun
- IRC: MinetestForFun
- In-game: MinetestForFun
- Location: On earth
- Contact:
Re: [Website] Security alert from Avast
Hi,
Apache2/nginx well configured (SSL/TLS, Let's encrypt, etc...) + redirect http->https links to piwik login screen = no more alerts from Avast
Apache2/nginx well configured (SSL/TLS, Let's encrypt, etc...) + redirect http->https links to piwik login screen = no more alerts from Avast
MinetestForFun Team mods : [spidermob] [fishing]
---
Our Minetest servers :
MinetestForFun (Survival - PvP - Hardcore)[FR/EN]
MinetestForFun HUNGER GAMES
MinetestForFun SKYBLOCK
MinetestForFun CREATIVE
---
Our Minetest servers :
MinetestForFun (Survival - PvP - Hardcore)[FR/EN]
MinetestForFun HUNGER GAMES
MinetestForFun SKYBLOCK
MinetestForFun CREATIVE
- ShadowNinja
- Developer
- Posts: 200
- Joined: Tue Jan 22, 2013 22:35
- GitHub: ShadowNinja
- IRC: ShadowNinja
- In-game: ShadowNinja
Re: [Website] Security alert from Avast
srifqui/PoignardAzur: Is this still an issue? Has BrandonRese's false-positive report fixed it? If it's still an issue, please also report it as a false positive, and I'll try to get it fixed.
- addi
- Member
- Posts: 666
- Joined: Thu Sep 20, 2012 03:16
- GitHub: adrido
- Location: Black-Forest, Germany
Re: [Website] Security alert from Avast
Its not a false positive!
Tracking is a serious problem but the good thing is there exists Software like Avast that blocks such crap.
If I wouldn't use an Adblocker this would be also blocked by Avast on my PC.
No, its not fixed.
Tracking is a serious problem but the good thing is there exists Software like Avast that blocks such crap.
If I wouldn't use an Adblocker this would be also blocked by Avast on my PC.
No, its not fixed.
- TailsTheFoxDoes MT
- Member
- Posts: 415
- Joined: Mon Jan 18, 2016 20:50
- In-game: TailsTheFox
- Location: Mobius
Re: [Website] Security alert from Avast
I have AVG Zen and it never does this?
Or is this an old problem?
I have Opera as my main browser.
I had a problem which may seem unrelated but is, so it basically started saying my Rookit files had a virus, but what actually happened was that a virus was spreading and making AVG delete my system files, but, i had to set my computer back to factory specifications. So yeah it may be that it is some kind of virus that may make you have to set it back to factory specifications, but, warning, this deletes minetest,blender, and all those other programs including your browser, but i think a virus has infected your browser(s).
Or is this an old problem?
I have Opera as my main browser.
I had a problem which may seem unrelated but is, so it basically started saying my Rookit files had a virus, but what actually happened was that a virus was spreading and making AVG delete my system files, but, i had to set my computer back to factory specifications. So yeah it may be that it is some kind of virus that may make you have to set it back to factory specifications, but, warning, this deletes minetest,blender, and all those other programs including your browser, but i think a virus has infected your browser(s).
I'm the TailsTMM of minetest, in other words, i rock.
BRAAAAAZZZZAAAA!!!!!!!!!!!!!!!!!!!!!!!!!!!
BTW it means TailsTheMeseMinecart, but that isn't my name, it's just a way of saying that i basically do the same thing Dantdm does but i do it with minetest And you problably can't see the invisible ink.
My mods:
My first mod:tails_boss
Mob_pack now has voice acting! Do you want YOUR VOICE included? Look in my posts for the thread!
BRAAAAAZZZZAAAA!!!!!!!!!!!!!!!!!!!!!!!!!!!
BTW it means TailsTheMeseMinecart, but that isn't my name, it's just a way of saying that i basically do the same thing Dantdm does but i do it with minetest And you problably can't see the invisible ink.
My mods:
My first mod:tails_boss
Mob_pack now has voice acting! Do you want YOUR VOICE included? Look in my posts for the thread!
- rubenwardy
- Moderator
- Posts: 6978
- Joined: Tue Jun 12, 2012 18:11
- GitHub: rubenwardy
- IRC: rubenwardy
- In-game: rubenwardy
- Location: Bristol, United Kingdom
- Contact:
Re: [Website] Security alert from Avast
This is not tracking in the sense that everyone hates - the tracking that is used to make ads. All this tracking does is record the pages you go to, and what your OS etc is. Most of this info would be in the servers logs anyway.addi wrote:Its not a false positive!
Tracking is a serious problem but the good thing is there exists Software like Avast that blocks such crap.
If I wouldn't use an Adblocker this would be also blocked by Avast on my PC.
No, its not fixed.
The thing that Avast doesn't like is how the piwik backend is on another Web domain, so could have been injected by a man in the middle attacker.
- DI3HARD139
- Member
- Posts: 154
- Joined: Sat Oct 18, 2014 21:04
- GitHub: DI3HARD139
- IRC: DI3HARD139
- In-game: DI3HARD139 DI3HARD139_
Re: [Website] Security alert from Avast
I get the same exact warning. Avast follows the URL when scanning so it likely is digging deep to the host. I just added http://amun.inchra.net/* and http://irc.inchra.net/* to my Global URL Exception list to shut it up. Seems to be that anything with "Inchra" throws the warning. I used to have issues connecting to VanessaE's servers as it kept stopping the transfer of the data.
- ShadowNinja
- Developer
- Posts: 200
- Joined: Tue Jan 22, 2013 22:35
- GitHub: ShadowNinja
- IRC: ShadowNinja
- In-game: ShadowNinja
Re: [Website] Security alert from Avast
I've made some changes to the stats setup (uses stats.minetest.net, which has direct A and AAAA records to the server), and now Avast shouldn't have any idea that minetest.net has anything to do with anything InchraNet. Are you sure that you're still getting the warning without the exception?DI3HARD139 wrote:I get the same exact warning...
- DI3HARD139
- Member
- Posts: 154
- Joined: Sat Oct 18, 2014 21:04
- GitHub: DI3HARD139
- IRC: DI3HARD139
- In-game: DI3HARD139 DI3HARD139_
Re: [Website] Security alert from Avast
Removing the exception and testing.
- DI3HARD139
- Member
- Posts: 154
- Joined: Sat Oct 18, 2014 21:04
- GitHub: DI3HARD139
- IRC: DI3HARD139
- In-game: DI3HARD139 DI3HARD139_
Re: [Website] Security alert from Avast
It's no longer giving a warning now.
- srifqi
- Member
- Posts: 570
- Joined: Sat Jun 28, 2014 04:31
- GitHub: srifqi
- IRC: srifqi
- In-game: srifqi
- Location: Indonesia
Re: [Website] Security alert from Avast
No warning for me too.
Saya dari Indonesia! · Terjemahkan Minetest! · my mods · My nickname in IPA: /es.rif.qi/
Who is online
Users browsing this forum: No registered users and 3 guests