Bug Broken image links and phishing blocked by anti-virus

[Khazran]

Hello,

Just recently my anti-virus (TotalAV) started detecting phishing link attempts in the forum such as Hentai torrent/games section. This pretty much breaks all thumbnails/preview on mouseover and images and also cause my anti-virus to go absolute bonkers at spamming the threat protection. Is this a bug or new feature? I would link the actual phishing link report from my anti-virus but I want to protect the other users. The url it reports is like ww2.342689.letters and the spamming start usually when I open said forums or refresh the pages.

Thanks for looking into it.

 

[Checkmate]

Thank you for bringing this to our attention.

It seems that your anti-virus software TotalAV might be indiscriminately blocking all domains of a specific format, specifically the 1.111B Class domain. This class of domains is reserved for specific DNS usage. Although this class of domain's low cost can attract spammers to use it as a platform for spreading malware, complete blocking of the entire class can lead to undesirable disruptions.

This sweeping block is likely contributing to the issues you're experiencing with thumbnails, previews, and images display. We're using these domains for our CDN load balancing. For the moment, we suggest whitelisting these domains on your anti-virus software to avoid misclassifications and to ensure uninterrupted access.

Thank you for your patience and understanding as we continue to improve our system.

For transparency reasons, please note that we are currently using the following domains for the image proxy:

www3.433212.xyz
www1.788123.xyz
www2.192981.xyz

These domains are chosen by a load balancer based on the user's hashed sessions. Each user on a different device will be assigned one of these three domains. The assignment of a domain rotates when the session expires, or after a certain period of time has passed.

Please rest assured that there is no malware, phishing attempts, or any malicious activities associated with these domains. Your anti-virus software may be simply misclassifying them due to their specific format.

 

[Haiyami]

Thank you for bringing this to our attention.

It seems that your anti-virus software TotalAV might be indiscriminately blocking all domains of a specific format, specifically the 1.111B Class domain. This class of domains is reserved for specific DNS usage. Although this class of domain's low cost can attract spammers to use it as a platform for spreading malware, complete blocking of the entire class can lead to undesirable disruptions.

This sweeping block is likely contributing to the issues you're experiencing with thumbnails, previews, and images display. We're using these domains for our CDN load balancing. For the moment, we suggest whitelisting these domains on your anti-virus software to avoid misclassifications and to ensure uninterrupted access.

Thank you for your patience and understanding as we continue to improve our system.

For transparency reasons, please note that we are currently using the following domains for the image proxy:

www3.433212.xyz
www1.788123.xyz
www2.192981.xyz

These domains are chosen by a load balancer based on the user's hashed sessions. Each user on a different device will be assigned one of these three domains. The assignment of a domain rotates when the session expires, or after a certain period of time has passed.

Please rest assured that there is no malware, phishing attempts, or any malicious activities associated with these domains. Your anti-virus software may be simply misclassifying them due to their specific format.

This isn't entirely true.

I also have an anti-virus that is blocking image thumbnails. I have avast anti-virus. It's being due to the domain host blacklisting. THe image are hosted on .xyz and this host site has been blacklisted for various reasons. I checked out the reason why in the listings for my antivirus and and this particular domain extension .xyz apparently has been known for phishing and hosting content of child abuse. I would suggest finding a different server to run image hosting on for thumbnails. Apparently many anti-viruses are permenant blacklisting .xyz. At least that is what Avast is doing. ANd their customer service told me the stance will not change. So there won't be a cycle. It's permanently blacklisted.

 

[Checkmate]

Hello,

Firstly, it's essential to clarify some terminologies for effective understanding:

1. Domains pertain to the addresses of online servers.
2. Hosts correspond to the servers that house the content.

Indeed, any domain URL can potentially be used illicitly; however, your statement about the .xyz domain extension being predominantly known for phishing activities and hosting inappropriate content is somewhat far-fetched. To justify this, every domain can be engineered to harbor such malicious content.

Furthermore, the statistics unveiled by SpamHaus, a reputable global database that combats spam and abuse, reveal that the .xyz TLD is not included in the top 10 most abused domains. Hence, this contention doesn't substantiate.

Moreover, judging an entire TLD as 'spammy' and harmful could be seen as a sweeping generalization, which isn't a practice endorsed by adept anti-virus software. If such were the case, it would necessitate blocking the entire internet due to its copious amount of phishing and perilous content.

We will continue to utilize the mentioned domains to serve certain static assets. Therefore, if your anti-virus software continues to inhibit access to the said tld, we recommend whitelisting the above domains.

Thank you for your understanding.