-
-
Notifications
You must be signed in to change notification settings - Fork 569
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Our domain opensaas.sh got blacklisted due to shared dynamic IP and we can't get rid of it #172
Comments
Hm that is silly! Does it give any extra information? How can we reproduce this: install Avast on Windows and open opensaas.sh in Chrome? |
Yes exactly those steps. I am attaching a scrshot. |
This is great, thanks! So I told it to run analysis again, and now I got all good! Was it some temporary false positive on their side? @joeygeo could you also pls check on your side again, if it also tells you all is good now? I will close the issue for now, but if it is till reporting an issue for you, let me know and I will reopen it. |
VirusTotal looks fine, but Avast still says blacklisted. I have raised a false positive report with them... Weirdly enough, even the emails that are coming from github for this repo is marked as suspicious... |
Thanks for making that report! Ok let's see, if needed we can also try reaching out to them and try to figure out what is causing this. Would be great if we can somehow get an insight on what is triggering this, maybe .sh extension? |
Unlikely.. its mostly the content of HTML generated by a website. Check all external links in your website code. |
Thanks @joeygeo . I just managed to replicate this via Avast Chrome extension: I am reopening the issue in any case, since you said Avast still reports it as problematic on your side, and I was also able to replicate it. What we can try:
|
I sent a false positive report to Avast, asking for help. I also checked the webpage on Google's checker, which says it is clean: https://transparencyreport.google.com/safe-browsing/search?url=opensaas.sh&hl=en . |
Some peculiar elements we include on the landing page are:
Could that iframe be somehow connected to this? Hm. |
Did some more digging and found this from IPQS: https://www.ipqualityscore.com/threat-feeds/malicious-url-scanner/https%3A%2F%2Fopensaas.sh%2F URL Analysis Report: |
same issue with me for AVG antivirus, I just turn off the webshield to open the opensaas site |
Thanks, this helps a lot! Sounds like it based the verdict on IP that our app is deployed on at Fly.io. I am guessing that some other app on Fly was using that IP in the past, and was doing something malicious/weird and got flagged, and now we got their IP. So it might be enough to just change that IP. I will reach out to Fly.io to see what they advise. |
Ok yeah, it seems it is defitively this. Turned out our client for opensaas.sh was sharing IP with other apps on Fly.io, which I wasn't aware of, and one of those apps must have been doing something bad. I will now opt-in for a dedicated IP and set up the domain to point to this new IP and I imagine that should solve the current problem + prevent it from possibly happening in the future again. |
Ok, did this! A record now points to new, dedicated IP. I will leave the dynamic IP on Fly for a day or so to make sure all DNS records are updated and will remove it then. |
I removed the dynamic IP, now we completely switched to fully dedicated IP, but that report still says we are suspicious! And now with this new IP. But what remained constant is the mention of |
I just made false positive report to https://www.ipqualityscore.com/ also. |
I learned that |
I removed Fly's headers by adding to fly.toml file:
and that got them removed, but still doesn't help. One thing I did though was check for https://open-saas-wasp-sh-client.fly.dev/ on IQPS, and for this one it says it is ok! This is real URL of open saas client, while https://opensaas.sh is a redirect. Meaning that the problem is not with the page itself, but with the domain. Additionally, it also reports https://docs.opensaas.sh as malicious, which is Astro page, so totally different code, and deployed on Netlify, so both code and hosting are different. So it must be false positive exclusively based on the opensaas.sh domain. If that is so, and I am now quite confident it is, I don't see what we can do besides asking them to remove that false positive from our domain, or to actually change the domain, which I really don't want to do. |
I don't see this issue with other .sh domains. |
I probably worded it badly, but yeah I also don't think it has anything to do with the .sh domain, but with our specific opensaas.sh domain, due to getting tainted by that shared IP. |
Why is Avast antivirus saying that opensaas.sh website is malicious? You may want to check with them for false positives.
The text was updated successfully, but these errors were encountered: