Get best of the week

How competitors can easily block your site

Recently, we were faced with a situation when a number of antiviruses (Kaspersky, Quttera, McAfee, Norton Safe Web, Bitdefender and several less known ones) began to block our site. Studying the situation led me to understand that getting into the block list is extremely simple, just a few complaints (even without justification) are enough. I will describe the problem in more detail below.

The problem is quite serious, since now almost every user has an antivirus or firewall installed. And blocking the site with a large antivirus, such as Kaspersky, can make the site inaccessible to a large number of users. I would like to draw the attention of the community to the problem, since it opens up huge scope for dirty methods of dealing with competitors.


I will not give a link to the site itself or indicate the company, so that it is not perceived as some kind of PR. I will only indicate that the site operates by law, the company has commercial registration, all data is given on the site.

Recently, we were faced with complaints from customers that our site is blocked by Kaspersky Anti-Virus, as a phishing one. Multiple checks on our part did not reveal any problems on the site. I filed an application through a form on the Kaspersky website about the false operation of an antivirus. As a result, the answer was received:
We checked the link you sent.
Information on the link poses a threat of loss of user data; false positives have not been confirmed.

No evidence has been given that the site is a threat. In the course of further appeals, the following response was received:
, .
. , .

This makes it clear that a sufficient reason for the blockage is the fact of the presence of at least some complaints. Presumably the site is blocked if there were more than a certain number of complaints, and some confirmation of the complaint is not required.

In our case, the attackers sent a number of complaints. And to our DC, and a number of antiviruses, and to services such as phishtank. Complaints about phishtank included only a link to the site, and an indication that the site was phishing. And all, no confirmation was given.

It turns out that you can block unwanted sites with simple spam complaints. Perhaps there are even services that provide such services. If they are not there, they will obviously appear soon, given the simplicity of entering the site into the databases of some antiviruses.

I would like to hear comments from Kaspersky representatives. Also, I would like to hear comments from those who themselves faced such a problem and how quickly it was resolved. Perhaps someone will advise legal methods of influence in such situations. For us, the situation entailed reputational and financial losses, not to mention the loss of time to solve the problem.

I would like to draw as much attention as possible to the situation, since any site is at risk.

Addition.
The comments gave a link to an interesting post from HerrDirektor habr.com/en/post/440240/#comment_19826422 on this issue. Quote it

— 10 ( , )?
phishtank.
8-10 ( ), , ( - - ).
, «This is phish site!».
. . http:// https:// , . , . ? :

6-12 . 24-48 «» — comodo, bit defender, clean mx, CRDF, CyRadar… virustotal.
, , .

, «» , , , , , .

, «» . ! , .
But even if the stars converge and it turns out to clean the site from the anti-virus databases, then the virustotal mega-resource does not care at all. You are not in the phishtank database? Yes, do not care, once there was, we will show what is. Don't you have bit defender? It doesn’t matter, we still show what it was.
Accordingly, any software or service that focuses on virustotal will, until the end of time, show that everything is bad on the site. You can long and systematically peck this wretched resource and it may be lucky to get out of there. But it may not be lucky.


* Among those who block the site, there was even a fortinet provider. And we still have not deduced the site from some lists of phishing sites.
* This is my first post on Habré. Unfortunately, I used to be just a reader, but the current situation motivated me to write a post.

More articles:


All Articles