The Steel Guitar Forum Store 

Post new topic My Website and Norton Antivirus.
Reply to topic
Author Topic:  My Website and Norton Antivirus.
Richard Sinkler


From:
aka: Rusty Strings -- Missoula, Montana
Post  Posted 15 May 2016 11:51 am    
Reply with quote

A forum member PM'd me saying:
Quote:
Did you know that your website is being blocked by Norton?
"This is a known dangerous website. It is recommended that you do NOT visit this site." is what appears when I attempt access. What up?


I use McAffee and Trend on my 2 computers. I don't get any alerts. My girlfriend runs Norton and has no problems. Any idea as to what might be the problem?

Norton Users: CAn you try going to my website, and let me know what you get, whether it is no problem or you get the error above.

http://www.richardsinkler.net/

I would like to try to fix this if it is a problem, although I don't know how.

Thanks for the help.
_________________
Carter D10 8p/8k, Dekley S10 3p/4k C6 setup,Regal RD40 Dobro, NV400, NV112 . Playing for 54 years and still counting.
View user's profile Send private message Send e-mail

Scott Duckworth


From:
Etowah, TN Western Foothills of the Smokies
Post  Posted 15 May 2016 11:57 am    
Reply with quote

No problem here Richard. Running Linux Mint 13 and Firefox sans anti-virus.
_________________
Amateur Radio Operator NA4IT (Extra)
http://www.qsl.net/na4it

I may, in fact, be nuts. However, I am screwed onto the right bolt... Jesus!
View user's profile Send private message Send e-mail Visit poster's website

Dale Rottacker


From:
Walla Walla Washington, USA
Post  Posted 15 May 2016 2:05 pm    
Reply with quote

I had no problem the other day when I went to your site Richard, and didn’t just now either Smile
_________________
Dale Rottacker, Steelinatune™
*2021 MSA Legend, "Jolly Rancher" D10 10x9
*2021 Rittenberry, "The Concord" D10 9x9
*1977 Blue Sho-Bud Pro 3 Custom 8x6
https://msapedalsteels.com
http://rittenberrysteelguitars.com
https://www.telonics.com/index.php
https://www.p2pamps.com
https://www.quilterlabs.com
View user's profile Send private message Send e-mail Visit poster's website

Wiz Feinberg


From:
Mid-Michigan, USA
Post  Posted 15 May 2016 2:13 pm    
Reply with quote

Richard;
Trend Micro Internet Security is also blocking your website. I will try to view the source code in a safe browser and let you know if or what I find. In the meantime, anybody going to your website should do so using NoScript for now.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
View user's profile Send private message Send e-mail Visit poster's website

Wiz Feinberg


From:
Mid-Michigan, USA
Post  Posted 15 May 2016 3:17 pm    
Reply with quote

Okay. I have reviewed the source code, using Wget, and found nothing bad or dangerous in any way. Unless Richard's website was previously infected with an exploit code, the only other reason would be an exploit affecting another web account on his shared server.

I viewed the entire website with scripting both allowed and disallowed and found no threats.

So, unless something changes, you can safely add Richard's website to your anti-virus' exceptions list.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
View user's profile Send private message Send e-mail Visit poster's website

Richard Sinkler


From:
aka: Rusty Strings -- Missoula, Montana
Post  Posted 15 May 2016 5:38 pm    
Reply with quote

Thanks Wiz. I'll also contact my web host and let them know too.
_________________
Carter D10 8p/8k, Dekley S10 3p/4k C6 setup,Regal RD40 Dobro, NV400, NV112 . Playing for 54 years and still counting.
View user's profile Send private message Send e-mail

Dave Potter

 

From:
Texas
Post  Posted 16 May 2016 4:01 am    
Reply with quote

Just as another data point, here's something interesting. I clicked on your website url in your first post, and got something I've never seen before:



The reference to "RT-AC3200" is my router - that's its model number. The router itself intercepted my attempt to open your url and opened a new window with this in it. First time it's ever done that - ever. Consulting the router manual, I see that it includes a feature that uses real-time malware and malicious website monitoring through Trend Micro. I hadn't been aware of that feature until now.

Always somethin', ain't it? Whoa!
View user's profile Send private message

Richard Sinkler


From:
aka: Rusty Strings -- Missoula, Montana
Post  Posted 16 May 2016 6:55 am    
Reply with quote

I run the paid version of Malwarsbytes in realtime. Nothing shows up. Not sure what to do. Maybe just pull my site down.
_________________
Carter D10 8p/8k, Dekley S10 3p/4k C6 setup,Regal RD40 Dobro, NV400, NV112 . Playing for 54 years and still counting.
View user's profile Send private message Send e-mail

Scott Duckworth


From:
Etowah, TN Western Foothills of the Smokies
Post  Posted 16 May 2016 7:31 am    
Reply with quote

Richard, I also tried it in Win XP with Avira Anti-Virus, and it worked fine.
_________________
Amateur Radio Operator NA4IT (Extra)
http://www.qsl.net/na4it

I may, in fact, be nuts. However, I am screwed onto the right bolt... Jesus!
View user's profile Send private message Send e-mail Visit poster's website

Richard Sinkler


From:
aka: Rusty Strings -- Missoula, Montana
Post  Posted 16 May 2016 8:24 am    
Reply with quote

Thanks Scott.

Wiz and Dave, could the files I have on there for guitar map have malware? The guitar map program is a downloadable exe file, that I have never had any problems with in the past, using different AV programs and OS. Malwarebytes doesn't flag it. How about the Mickey Adams videos? They are all Mp4 files. Just trying to brainstorm the problem. Maybe I'll delete the Guitarmap page and see if it still happens.

For now, I have removed the links to my website from here (except the one above for testing) until I get this solved. The last thing I want to do is pass on a virus or malware.
_________________
Carter D10 8p/8k, Dekley S10 3p/4k C6 setup,Regal RD40 Dobro, NV400, NV112 . Playing for 54 years and still counting.
View user's profile Send private message Send e-mail

Dave Potter

 

From:
Texas
Post  Posted 16 May 2016 9:22 am    
Reply with quote

Richard Sinkler wrote:
Wiz and Dave, could the files I have on there for guitar map have malware?


Richard, I defer to Wiz, our resident expert.

It is true, however, that false positives do happen occasionally with the commercial anti-malware products - maybe there's a temporary glitch in the Trend Micro system. What does puzzle me is that you're not getting an alert from your Trend Micro software, but both Wiz and I are. That's a stumper to me. I assume your Trend software communicates with the Trend cloud, like mine does. Seems like the result should be the same, but it's not.

I'll be watching this to see how it resolves. Have you contacted your website people to see if they know anything?

EDIT: FWIW, I ran several free online malware scans on your url, and they all came back clean.

http://www.quttera.com/detailed_report/www.richardsinkler.net
http://scanner.pcrisk.com/detailed_report/www.richardsinkler.net#details
https://www.virustotal.com/en/url/c2789aa1ab00bb539966bcfffbac9f4a19ed297e892add18e93ac43281e8b379/analysis/1463422424/
View user's profile Send private message

Jeff Bollettino


From:
Virginia, USA
Post  Posted 16 May 2016 11:09 am    
Reply with quote

Just a thought, the issue might be that another website on your server (this is assuming you are using some sort of shared hosting plan) that has been identified for malware or something like it, and all sites on that host are getting this notice. If you are on a shared host you might try calling their tech support to see if they know anything about it.
_________________
Pig Hog Cables
View user's profile Send private message Send e-mail Visit poster's website

Richard Sinkler


From:
aka: Rusty Strings -- Missoula, Montana
Post  Posted 17 May 2016 5:56 am    
Reply with quote

Thanks. I plan on emailing their tech support today with the info above with the screen shots. It's definitely strange. In the meantime, I have removed any links to my site from the forum as a precaution, until I figure it out. I may just end up pulling my site down altogether.
_________________
Carter D10 8p/8k, Dekley S10 3p/4k C6 setup,Regal RD40 Dobro, NV400, NV112 . Playing for 54 years and still counting.
View user's profile Send private message Send e-mail

Wiz Feinberg


From:
Mid-Michigan, USA
Post  Posted 17 May 2016 6:31 am    
Reply with quote

Richard Sinkler wrote:
Thanks. I plan on emailing their tech support today with the info above with the screen shots. It's definitely strange. In the meantime, I have removed any links to my site from the forum as a precaution, until I figure it out. I may just end up pulling my site down altogether.


Why do that? You have a static website, based upon html 5, CSS3 and JavaScript. The only ways that your pages can be infected/compromised are:

  • A keylogger on your computer that watches for you to log into an ftp location or cpanel website;
  • Socially Engineering your login credentials from you through trickery;
  • A rogue employee/partner/Webmaster with your login credentials;
  • The innocent use of a 3rd party script, cms, cart or active app that has a XXS flaw known to hackers;
  • Malvertising exploits on an ad platform targeting visitors running outdated plug-ins (and 0-day exploits);
  • Server compromise you have no control over.


Most of these vulnerabilities are within your control. If you don't have 3rd party ads on your pages, that is removed from the equation. Note that these attacks target your visitors browsers, not your actual web pages. They are few and far between. Those that exist only run against certain browsers and are short lived before being taken down by the ad network.

Vulnerabilities in 3rd party apps, like WordPress, Joomla, Magento, Zen Cart and the like, are usually discovered/reported to the maintainers who release patched versions very quickly. Most of these active apps that are available through 3rd party scripts are automatically updated as problems are discovered.

The last item, server compromise, is outside your control. It's not your server. If you should ever discover that your web host has allowed your shared hosting account to be compromised via a root attack on their server, move to another host who is better protected against these attacks.

Finally, you can sign up with any of the various safety scanning services to check your pages for malware. Securi and Sitelock are two that comes to mind. There are free and paid scanning options. Free is usually good enough for static sites like yours. I use Sitelock, which is offered for free by my web host, Bluehost. They also take care of updating vulnerable scripts that are available to their customers through cPanel.

Most common website compromises happen when the webmaster installs a script that is later discovered to be exploitable, but fails to update it as soon as the patched version is released. Smart webmasters use automatic updates and update notifications from script vendors.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
View user's profile Send private message Send e-mail Visit poster's website

Richard Sinkler


From:
aka: Rusty Strings -- Missoula, Montana
Post  Posted 17 May 2016 11:01 am    
Reply with quote

Some clarifications. My Trend subscription expired, so the computer wasn't using Trend. I have both McAfee and Webroot SecureAnywhere, on my laptop, my main computer, And Webroot came pre-installed and can run on 3 or 5 different computers. So both my computers run both McAfee and Webroot. My girlfriend's computer actually has McAfee. She calls that Norton and doesn't know the difference. They should come confiscate her computer. Laughing I had her bring it over last night.

Wiz...

A keylogger on your computer that watches for you to log into an ftp location or cpanel website;
Don't think so, and don't know how to check.

Socially Engineering your login credentials from you through trickery;
Probably not it.

A rogue employee/partner/Webmaster with your login credentials;
N/A

The innocent use of a 3rd party script, cms, cart or active app that has a XXS flaw known to hackers;

I use some 3rd party code. I bought them from Envato (Code Canyon), and include the code, html, css, javascript, and Jquery files. I use them for my picture galleries, audio players, video players. Been using them for awhile though. If I go through all the javascript files, is there anything I should look for?

Malvertising exploits on an ad platform targeting visitors running outdated plug-ins (and 0-day exploits);
No ads

Server compromise you have no control over.

I use eHost as my hosting company.

I used to pay for Sitelock on previous sites, but opted not to continue, thinking a static site like mine would probably not be a target for hackers. But I now have downloadable Mickey Adams videos, and a downloadable exe file for Guitar Map. I don't know if Mp4 files can carry malware. I can try taking the Guitar map program off the site and have some of you check again with Norton and Trend. I just want to guarantee a safe site to my visitors.
_________________
Carter D10 8p/8k, Dekley S10 3p/4k C6 setup,Regal RD40 Dobro, NV400, NV112 . Playing for 54 years and still counting.
View user's profile Send private message Send e-mail

Dave Potter

 

From:
Texas
Post  Posted 17 May 2016 11:26 am    
Reply with quote

Richard Sinkler wrote:
Some clarifications. My Trend subscription expired, so the computer wasn't using Trend....My girlfriend's computer actually has McAfee.


Aha! That explains why you didn't get anything from Trend. I still think it's a false alarm from Trend, since Wiz checked things.

Quote:
I can try taking the Guitar map program off the site and have some of you check again with Norton and Trend. I just want to guarantee a safe site to my visitors.


You can do some checking yourself, Richard. Google "free url malware scan" and you'll get a bunch of hits - just copy/paste your web site url into the box there. I cited a few I tried in my post above.

Keep in mind that, as Wiz pointed out earlier, it could be some other website (aka, IP address) on the same server. According to Whois, there are 733 of them on the same server you're on.


Last edited by Dave Potter on 17 May 2016 11:35 am; edited 2 times in total
View user's profile Send private message

Georg Sørtun


From:
Mandal, Agder, Norway
Post  Posted 17 May 2016 11:30 am    
Reply with quote

Ask Norton...

https://safeweb.norton.com/report/show_mobile?name=richardsinkler.net

Doesn't look like much of a treat on that site to me, and ESET at my end doesn't report anything.

BTW: before you took out the links on the forum, I noticed that the link down with your profile didn't match the link you still have in the original post. Why is that?
View user's profile Send private message Send e-mail Visit poster's website

Richard Sinkler


From:
aka: Rusty Strings -- Missoula, Montana
Post  Posted 18 May 2016 12:07 pm    
Reply with quote

Quote:
BTW: before you took out the links on the forum, I noticed that the link down with your profile didn't match the link you still have in the original post. Why is that?


About 3 months ago I changed web hosting companies and got a new url. I thought I changed them all.
_________________
Carter D10 8p/8k, Dekley S10 3p/4k C6 setup,Regal RD40 Dobro, NV400, NV112 . Playing for 54 years and still counting.


Last edited by Richard Sinkler on 18 May 2016 12:37 pm; edited 1 time in total
View user's profile Send private message Send e-mail

Georg Sørtun


From:
Mandal, Agder, Norway
Post  Posted 18 May 2016 12:24 pm    
Reply with quote

Well, you can put the right link back in now...

Quote:
Norton Rating

Safeweb Share
Norton Safe Web has analyzed richardsinkler.net for safety and security problems. Below is a sample of the threats that were found.
Summary

Computer Threats: 0
Identity Threats: 0
Annoyance factors: 2
Total threats on this site: 2

... as it is highly unlikely that those "annoyances" will hurt anyone that visit your site.
View user's profile Send private message Send e-mail Visit poster's website

Richard Sinkler


From:
aka: Rusty Strings -- Missoula, Montana
Post  Posted 18 May 2016 12:45 pm    
Reply with quote

I tried to find the annoyances, but had no luck.

Thanks to Wiz, Dave, and Georg for their expertise and kindness for helping me out, and for the others who checked their computers for me. I feel it's safe to put the links back up.

There is no better place for help than right here on the forum.
_________________
Carter D10 8p/8k, Dekley S10 3p/4k C6 setup,Regal RD40 Dobro, NV400, NV112 . Playing for 54 years and still counting.
View user's profile Send private message Send e-mail

Steven Stewart


From:
Kentucky, USA
Post  Posted 21 Sep 2017 1:03 pm     Mickey
Reply with quote

The videos don't seem to work no problems
View user's profile Send private message Send e-mail

Richard Sinkler


From:
aka: Rusty Strings -- Missoula, Montana
Post  Posted 21 Sep 2017 2:13 pm     Re: Mickey
Reply with quote

Steven Stewart wrote:
The videos don't seem to work no problems


Can you give me more info. Like, what browser, phone, tablet or computer. What URL is in the address box at the top.

I have been trying to host all videos on my site instead of having links to YouTube, but have run into some obstacles health wise. I had a mild stroke in early 2016, and that has caused some delays. I am back at the programming now and should be finished soon.
_________________
Carter D10 8p/8k, Dekley S10 3p/4k C6 setup,Regal RD40 Dobro, NV400, NV112 . Playing for 54 years and still counting.
View user's profile Send private message Send e-mail

Steven Stewart


From:
Kentucky, USA
Post  Posted 21 Sep 2017 2:52 pm     Google
Reply with quote

Zmax. Android
View user's profile Send private message Send e-mail

Steven Stewart


From:
Kentucky, USA
Post  Posted 21 Sep 2017 2:58 pm     It works all the way now
Reply with quote

Thanks
View user's profile Send private message Send e-mail

Richard Sinkler


From:
aka: Rusty Strings -- Missoula, Montana
Post  Posted 22 Sep 2017 9:05 am    
Reply with quote

Thanks Steven.
_________________
Carter D10 8p/8k, Dekley S10 3p/4k C6 setup,Regal RD40 Dobro, NV400, NV112 . Playing for 54 years and still counting.
View user's profile Send private message Send e-mail


All times are GMT - 8 Hours
Jump to:  

Our Online Catalog
Strings, CDs, instruction,
steel guitars & accessories

www.SteelGuitarShopper.com

Please review our Forum Rules and Policies

Steel Guitar Forum LLC
PO Box 237
Mount Horeb, WI 53572 USA


Click Here to Send a Donation

Email admin@steelguitarforum.com for technical support.


BIAB Styles
Ray Price Shuffles for
Band-in-a-Box

by Jim Baron
HTTP