Why would some people's A/V flag my domains as malicious?

Toggle sidebar Toggle sidebar
Red Squirrel

Red Squirrel

No Lifer
May 24, 2003
70,218
13,607
126
www.anyf.ca
This was in another thread, basically lot of people saying that images from my server either don't show up, or get flagged by their antivirus as being malicious. What would cause this and how can I fix it? The domain in question is gal.redsquirrel.me, but I assume it would probably do it to all my domains as they are all on the same server, so there's uovalor.com, iceteks.com as others to check.

Is there some kind of "RBL" list that I might be in?
 
VirtualLarry

VirtualLarry

No Lifer
Aug 25, 2001
56,572
10,208
126
(nevermind, that was rude of me)

Honestly, I don't know, but the way that browsers are getting, in terms of trying to be "Ultra Secure", some of them are no longer trusting "LetsEncrypt" domains, nor HTTP-only links.
 
S

Spacehead

Lifer
Jun 2, 2002
13,067
9,858
136
If you go to the " View Page Info / Security" of those 3 sites, 'iceteks' is the only one that shows "verified by: Let's Encrypt".
'redsquirrel.me' has no cert at all & 'uovalor' says "this connection is not secure" but that could be just mixed content.
UsandThem mentioned that his AV gets triggered in every thread you post in & you have the 'uovalor' site linked under your username so i assume that's the problem there.

Why some AV doesn't like that i'm not sure. I could understand the browsers throwing out a message with the ways things are going with them.
 
Red Squirrel

Red Squirrel

No Lifer
May 24, 2003
70,218
13,607
126
www.anyf.ca
That's just images though, if someone posts an image to the forum that is not off a secure site it will caused the mixed content warning. Are A/V software seriously freaking out over that now? That seems a little over the top. The actual login part is still encrypted.
 
UsandThem

UsandThem

Elite Member
May 4, 2000
16,068
7,383
146
It's not that Bitdefender detects anything malicious, it was blocking activity by Chrome from connecting/fetching data from your site because of certification issues. I just went into this thread you posted in, and it popped up three block notices.

It has happened from time to time before with other stuff some users has posted here. Even if I don't click on anything, it just that Chrome automatically fetches data or connection to the links, which Bitdefender blocks and I get a notification.
 
Red Squirrel

Red Squirrel

No Lifer
May 24, 2003
70,218
13,607
126
www.anyf.ca
Is there anything I can do from a server point of view to stop that? People post stuff on here or Reddit or other sites all the time that may not be on a https server but those sites don't get blocked. What are they doing to prevent it?

I also read that in CSS you can't use relative URLs since they default to non HTTPS... that kinda sucks as I don't like using absolute since the site does not work the same in dev/test/prod without needing to regenerate all the links.
 
mxnerd

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,103
126
blog.chromium.org

No More Mixed Messages About HTTPS

Update (April 6, 2020): Mixed image autoupgrading was originally scheduled for Chrome 81, but will be delayed until at least Chrome 84. Chec...
blog.chromium.org blog.chromium.org

Google Chrome blocking mixed contents since Jan. 2021

www.afdigital.com

Shop Online | AFDigital

Use this eCommerce shop to order and purchase templated services from AFDigital across Salesforce CRM and Marketing Cloud.
www.afdigital.com www.afdigital.com

You have 4 images files transmitted through http for domain uovalor.com on the main web page

Untitled.png

and for domain iceteks.com

Untitled.png
 
Last edited:
Red Squirrel

Red Squirrel

No Lifer
May 24, 2003
70,218
13,607
126
www.anyf.ca
So that's enough to cause A/V software to go haywire? That seems odd to me. I can probably fix that, but that's such a weird thing that it's actually considered malicious. How do sites like Reddit handle this, anyone can post links to anything, they won't always be https, and I doubt their entire domain is getting blocked by people's A/V or browsers.
 
mxnerd

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,103
126
I don't run any 3rd party AV. But when I viewed the posts you made mentioned by UsandThem, I did not see any pictures you linked from gal.redsquirrel.me
and the following is the Console log saved from Developer Tools of Chrome.
And the weird thing is that same error message will appear several times for the same image file. OK, that's because your posts were quoted multiple times.

Code: 
Some messages have been moved to the Issues panel.
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure element '<URL>'. This request was automatically upgraded to HTTPS, For more information see <URL>
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure element '<URL>'. This request was automatically upgraded to HTTPS, For more information see <URL>
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure element '<URL>'. This request was automatically upgraded to HTTPS, For more information see <URL>
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure element '<URL>'. This request was automatically upgraded to HTTPS, For more information see <URL>
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure element '<URL>'. This request was automatically upgraded to HTTPS, For more information see <URL>
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure element '<URL>'. This request was automatically upgraded to HTTPS, For more information see <URL>
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure element '<URL>'. This request was automatically upgraded to HTTPS, For more information see <URL>
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure element '<URL>'. This request was automatically upgraded to HTTPS, For more information see <URL>
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure element '<URL>'. This request was automatically upgraded to HTTPS, For more information see <URL>
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure element '<URL>'. This request was automatically upgraded to HTTPS, For more information see <URL>
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure element '<URL>'. This request was automatically upgraded to HTTPS, For more information see <URL>
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure element '<URL>'. This request was automatically upgraded to HTTPS, For more information see <URL>
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure element '<URL>'. This request was automatically upgraded to HTTPS, For more information see <URL>
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure element '<URL>'. This request was automatically upgraded to HTTPS, For more information see <URL>
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure element '<URL>'. This request was automatically upgraded to HTTPS, For more information see <URL>
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure element '<URL>'. This request was automatically upgraded to HTTPS, For more information see <URL>
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure element '<URL>'. This request was automatically upgraded to HTTPS, For more information see <URL>
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure element '<URL>'. This request was automatically upgraded to HTTPS, For more information see <URL>
page-20:191 Mixed Content: The page at 'https://forums.anandtech.com/threads/i-will-draw-a-picture-of-you.2293061/page-20' was loaded over HTTPS, but requested an insecure element 'http://gal.redsquirrel.me/thumbs/lrg-4789-tentlivingwithbikes.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
page-20:1 Mixed Content: The page at 'https://forums.anandtech.com/threads/i-will-draw-a-picture-of-you.2293061/page-20' was loaded over HTTPS, but requested an insecure element 'http://gal.redsquirrel.me/thumbs/lrg-4789-tentlivingwithbikes.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
page-20:1 Mixed Content: The page at 'https://forums.anandtech.com/threads/i-will-draw-a-picture-of-you.2293061/page-20' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/4UqyU.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
page-20:1 Mixed Content: The page at 'https://forums.anandtech.com/threads/i-will-draw-a-picture-of-you.2293061/page-20' was loaded over HTTPS, but requested an insecure element 'http://gal.redsquirrel.me/images/other/random/tentlivingwithbikes.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
page-20:1 Mixed Content: The page at 'https://forums.anandtech.com/threads/i-will-draw-a-picture-of-you.2293061/page-20' was loaded over HTTPS, but requested an insecure element 'http://gal.redsquirrel.me/images/other/random/tentlivingwithbikes.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
page-20:1 Mixed Content: The page at 'https://forums.anandtech.com/threads/i-will-draw-a-picture-of-you.2293061/page-20' was loaded over HTTPS, but requested an insecure element 'http://gal.redsquirrel.me/thumbs/lrg-5075-shed.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
page-20:1 Mixed Content: The page at 'https://forums.anandtech.com/threads/i-will-draw-a-picture-of-you.2293061/page-20' was loaded over HTTPS, but requested an insecure element 'http://gal.redsquirrel.me/thumbs/lrg-5075-shed.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
page-20:1 Mixed Content: The page at 'https://forums.anandtech.com/threads/i-will-draw-a-picture-of-you.2293061/page-20' was loaded over HTTPS, but requested an insecure element 'http://gal.redsquirrel.me/thumbs/lrg-5075-shed.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
page-20:1 Mixed Content: The page at 'https://forums.anandtech.com/threads/i-will-draw-a-picture-of-you.2293061/page-20' was loaded over HTTPS, but requested an insecure element 'http://gal.redsquirrel.me/thumbs/lrg-5075-shed.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
page-20:10767 Mixed Content: The page at 'https://forums.anandtech.com/threads/i-will-draw-a-picture-of-you.2293061/page-20' was loaded over HTTPS, but requested an insecure element 'http://gal.redsquirrel.me/thumbs/lrg-4789-tentlivingwithbikes.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
page-20:10767 Mixed Content: The page at 'https://forums.anandtech.com/threads/i-will-draw-a-picture-of-you.2293061/page-20' was loaded over HTTPS, but requested an insecure element 'http://gal.redsquirrel.me/thumbs/lrg-4789-tentlivingwithbikes.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
page-20:10767 Mixed Content: The page at 'https://forums.anandtech.com/threads/i-will-draw-a-picture-of-you.2293061/page-20' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/4UqyU.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
page-20:10767 Mixed Content: The page at 'https://forums.anandtech.com/threads/i-will-draw-a-picture-of-you.2293061/page-20' was loaded over HTTPS, but requested an insecure element 'http://gal.redsquirrel.me/images/other/random/tentlivingwithbikes.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
page-20:10767 Mixed Content: The page at 'https://forums.anandtech.com/threads/i-will-draw-a-picture-of-you.2293061/page-20' was loaded over HTTPS, but requested an insecure element 'http://gal.redsquirrel.me/images/other/random/tentlivingwithbikes.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
page-20:10767 Mixed Content: The page at 'https://forums.anandtech.com/threads/i-will-draw-a-picture-of-you.2293061/page-20' was loaded over HTTPS, but requested an insecure element 'http://gal.redsquirrel.me/thumbs/lrg-5075-shed.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
page-20:10767 Mixed Content: The page at 'https://forums.anandtech.com/threads/i-will-draw-a-picture-of-you.2293061/page-20' was loaded over HTTPS, but requested an insecure element 'http://gal.redsquirrel.me/thumbs/lrg-5075-shed.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
page-20:10767 Mixed Content: The page at 'https://forums.anandtech.com/threads/i-will-draw-a-picture-of-you.2293061/page-20' was loaded over HTTPS, but requested an insecure element 'http://gal.redsquirrel.me/thumbs/lrg-5075-shed.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
page-20:10767 Mixed Content: The page at 'https://forums.anandtech.com/threads/i-will-draw-a-picture-of-you.2293061/page-20' was loaded over HTTPS, but requested an insecure element 'http://gal.redsquirrel.me/thumbs/lrg-5075-shed.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
page-20:349 GET https://cdn.onesignal.com/sdks/OneSignalSDK.js net::ERR_BLOCKED_BY_CLIENT
page-20:1 [Intervention] Slow network is detected. See https://www.chromestatus.com/feature/5636954674692096 for more details. Fallback font will be used while loading: https://forums.anandtech.com/styles/anandtech/fonts/icons/material-icons/fonts/materialdesignicons-webfont.woff2?v=3.0.39
page-20:1 [Intervention] Slow network is detected. See https://www.chromestatus.com/feature/5636954674692096 for more details. Fallback font will be used while loading: https://fonts.gstatic.com/s/rubik/v12/iJWKBXyIfDnIV7nBrXw.woff2
page-20:1 [Intervention] Slow network is detected. See https://www.chromestatus.com/feature/5636954674692096 for more details. Fallback font will be used while loading: https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxK.woff2
page-20:1 [Intervention] Slow network is detected. See https://www.chromestatus.com/feature/5636954674692096 for more details. Fallback font will be used while loading: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
page-20:450 GET https://sb.scorecardresearch.com/beacon.js net::ERR_BLOCKED_BY_CLIENT
(anonymous) @ page-20:450
(anonymous) @ page-20:451
page-20:327 GET https://ads.servebom.com/tmnhead.js net::ERR_BLOCKED_BY_CLIENT
(anonymous) @ page-20:327
(anonymous) @ page-20:328
page-20:2494 GET https://gal.redsquirrel.me/thumbs/lrg-4789-tentlivingwithbikes.png net::ERR_CERT_AUTHORITY_INVALID
page-20:5152 GET https://gal.redsquirrel.me/images/other/random/tentlivingwithbikes.png net::ERR_CERT_AUTHORITY_INVALID
page-20:7824 GET https://gal.redsquirrel.me/thumbs/lrg-5075-shed.png net::ERR_CERT_AUTHORITY_INVALID
 
Last edited:
Red Squirrel

Red Squirrel

No Lifer
May 24, 2003
70,218
13,607
126
www.anyf.ca
Weird so it must be partially a Chrome thing, so it just blocks anything that's not https? This has to be breaking more than just my sites then?
 
mxnerd

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,103
126
Red Squirrel said:
Weird so it must be partially a Chrome thing, so it just blocks anything that's not https? This has to be breaking more than just my sites then?
Click to expand...
Yep.

==

Here are the blocking stages that Google Chrome is taking.

mix_dl_table-1024x343.png


www.thesslstore.com

Browser Watch: Google Chrome to Block HTTP Downloads

Google Chrome will soon be blocking HTTP downloads. Find out more and what this means for your web browsing experience.
www.thesslstore.com www.thesslstore.com
 
Last edited:
Fardringle

Fardringle

Diamond Member
Oct 23, 2000
9,200
765
126
It's not just Google. Your site apparently has several security issues, and is also blacklisted for poor reputation, which could be because of those security issues, but could also be that your hosting service (or IP address) has a bad reputation..

mxtoolbox.com

gal.redsquirrel.me Domain Health

mxtoolbox.com mxtoolbox.com
 
mxnerd

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,103
126
It's not a requirement that a domain to have email server and mx record. There is nothing wrong with that if it doesn't.

Used Domain Blacklist Check of Ultratools.com to check your domain
ultratools.com

UltraDNS Enterprise-grade DNS with 100% Uptime | Neustar

Neustar UltraDNS delivers 100% uptime SLA, DNSSEC support & DDoS protection to thousands of companies across the globe including Fortune 500 companies.
ultratools.com ultratools.com

Your domain/IP only falls in UCEprotect.net's level 3 black list. No other realtime black lists put your domain in their list, however.

The only problem is that UCEProtect put your ISP AS16276 in their list, which probably blacklist thousands of domains/IPs.
UCEProtect also run www.whitelisted.org and ask you to pay them to whitelist your domain/IP, are you going to do that? Does it really help?
Will every AV software use all RBL out there, I don't think so.

You should consider getting a free Let's Encrypt SSL certificate first for your resquirrel.me domain like you already did for your uovalor.com ,
and put everything on https, so that Chrome will not block mixed contents.
 
Last edited:
Red Squirrel

Red Squirrel

No Lifer
May 24, 2003
70,218
13,607
126
www.anyf.ca
Yeah I will try by just converting everything to HTTPS. I felt that site was pointless to convert over since it's just an image hosting site so there is not really anything that needs encryption. Downside is certbot decided to stop working on my distro so I need to look into that. My distro needs to be upgraded but that's a bigger undertaking than I'm ready to do at this point. I found acme.sh which can apparently replace certbot so I just need to take the time to figure out how to use it. I want to write a C++ app that reads a config file that will then automate everything from that point such as generate the DNS records, email stuff, web stuff, HTTPS etc... Once I code that and it works then I will be ready to move to a newer distro as it will be faster to automate all that stuff than do it manually. The tricky stuff is the parts that prompt for an interactive password though, such as mailboxes. Need to figure a way to automate that part too.

I also still have http working on my sites but it redirects to https, I wonder if some of these security suites don't like that, and would rather not see anything http at all.
 
mxnerd

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,103
126
there are many certbot alternatives

ACME Client Implementations - Let's Encrypt

Last updated: Mar 20, 2021 | See all Documentation Let’s Encrypt uses the ACME protocol to verify that you control a given domain name and to issue you a certificate. To get a Let’s Encrypt certificate, you’ll need to choose a piece of ACME client software to use. The ACME clients below are...
letsencrypt.org
 
Red Squirrel

Red Squirrel

No Lifer
May 24, 2003
70,218
13,607
126
www.anyf.ca
So I've been paying more attention to how social media handles external links people post such as Twitter etc, and it looks like they basically use their own internal re-director that is on another domain so that they don't link directly to what people post. That way they probably avoid being put on the black list as the internal redirector is https, and that link itself may be linking to non https content but it does not matter if that one gets blacklisted as it's only used for that one purpose. I may need to do the same for my forum sites or any site that links to external stuff.

Once I have something like that setup I will look into what it takes to get off the blacklist.
 
Red Squirrel

Red Squirrel

No Lifer
May 24, 2003
70,218
13,607
126
www.anyf.ca
I managed to get https to work but wow what a mess because it wants to validate each sub domain but for this particular site not all sub domains point to the same root directory. So I had to temporary change the apache config so that it validates, but I presume this means I won't be able to auto renew. It's also not liking the www so I had to leave that one out.

I'm going to have to figure out how to deal with domains that go to different directories so I can get the validation to work so I can then automate it.
 
Red Squirrel

Red Squirrel

No Lifer
May 24, 2003
70,218
13,607
126
www.anyf.ca
For those of you that did get warnings or stuff not load, curious if it's better now. I did not remove the site from the black list or fix the MX related issues though so it's probably still going to be an issue, but I'm just curious.

That thread linked to earlier probably will still give issues as some of the posts that quote mine will have the http version in quotes (which does not load at all for me either now as the non http version just redirects to https now)

So I have an image here in this post:



What about this site does it trigger anything? (url just below this line)

Age of Valor :: Ultima Online Free Shard

www.uovalor.com www.uovalor.com

If the redsquirrel.me domain is still causing issues I might just move my image gallery system to that domain.
 
UsandThem

UsandThem

Elite Member
May 4, 2000
16,068
7,383
146
Red Squirrel said:
For those of you that did get warnings or stuff not load, curious if it's better now. I did not remove the site from the black list or fix the MX related issues though so it's probably still going to be an issue, but I'm just curious.
Click to expand...
Nope, no issues from your stuff since you began changing/fixing stuff.

Now I'm trying to figure out which user's stuff is causing this one to pop up (I know it's not from you):


5.jpg
 
Last edited:
mxnerd

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,103
126
This cat image from gal.redsquirrel.net showed up properly without warning since you used https://

favicon.ico file is missing for www.uovalor.com though.
/favicon.ico:1 Failed to load resource: the server responded with a status of 404 (Not Found)
Click to expand...

==

Did not get same warning as @UsandThem
 
Last edited:
Red Squirrel

Red Squirrel

No Lifer
May 24, 2003
70,218
13,607
126
www.anyf.ca
Good to know, maybe I don't have to worry too much about the blacklists after all or the MX errors. (that domain does not do email).

I do need to revamp my whole hosting setup though, I want to set it up in such a way that configuration is a bit more automated. I have lot of DNS related issues according to mxtoolbox which once I figure out how to fix, I will want to just automate it so I don't need to repeat the steps for each domain. I will basically write a program/script that can read a configuration file and then generate the apache, dns, etc config, and also handle the letsencrypt stuff.
 
  • Like
Reactions: mxnerd
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom