• Welcome to the Chevereto user community!

    Here users from all over the world gather around to learn the latest about Chevereto and contribute with ideas to improve the software.

    Please keep in mind:

    • This community is user driven. Be polite with other users.
    • Is required to purchase a Chevereto license to participate in this community (doesn't apply to Pre-sales).
    • Purchase a Pro Subscription to get access to active software support and faster ticket response times.

Problems with antivirus false positive

Gambalunga

Gambalunga

💖 Chevereto Fan
We have a Chevereto installation that is set to "Private" mode, so that only registered users can login or view the site.

Starting about 6 months ago we started to get reports from users that AVG and Avast antivirus software was blocking the site as a suspected phishing site. More recently Norton is giving a problem. The only financial item on our site is the PayPal link for donations. That link is the official one given by PayPal and I have checked to make sure it has not been altered by a hacker. Our service provider has also scanned the site and can not find any problem.

It should be noted that all, and more, of the above AV software comes from the Gen Digital Inc. (formerly Symantec Corporation and NortonLifeLock Inc.) Group of companies and probably use the same algorithms to check sites.

My suspicion is that the algorithm does not like the fact that you have to log in to access the site. The other possibility is that, being on a shared server, there is a problem with the site url. The final possibility is that someone has been maliciously reporting our site.

I am wondering if anyone else has struck this problem.
 
Gambalunga said:
We have a Chevereto installation that is set to "Private" mode, so that only registered users can login or view the site.

Starting about 6 months ago we started to get reports from users that AVG and Avast antivirus software was blocking the site as a suspected phishing site. More recently Norton is giving a problem. The only financial item on our site is the PayPal link for donations. That link is the official one given by PayPal and I have checked to make sure it has not been altered by a hacker. Our service provider has also scanned the site and can not find any problem.

It should be noted that all, and more, of the above AV software comes from the Gen Digital Inc. (formerly Symantec Corporation and NortonLifeLock Inc.) Group of companies and probably use the same algorithms to check sites.

My suspicion is that the algorithm does not like the fact that you have to log in to access the site. The other possibility is that, being on a shared server, there is a problem with the site url. The final possibility is that someone has been maliciously reporting our site.

I am wondering if anyone else has struck this problem.
Click to expand...
Hello, got the same problem but only with Avast.
 
Is your site set to "Private". If so one of our members has suggested a possible reason which involves the need to login to view images that are posted in a forum and linked to the full size image.

I will report it as a bug tomorrow.
 
I've had a few people say that pup.js has been flagged by Norton/Avast as a "URL Phishing" risk. Told them they should report it as a false positive.
 
Unfortunately multiple users have reported this as a false positive and it has had no effect. Quite frankly I think this big multinational, Gen Digital Inc., that markets the major AV software brands does not give a damn about us relatively small fish. If they were found to be blocking a major site with millions of users they would react immediately.
 
It's important to consider that the issue may not necessarily be with Chevereto itself but could be related to how your services are provisioned.

For example, if you're using a shared IP address that has been flagged as spam, or if the IP is provided by Cloudflare instead of directly by your hosting provider, this could be a contributing factor. Additionally, if there are other services (like a forum or blog) running under the same domain or IP, and they've been flagged for content issues (such as bot activity or link farms), it might explain the false positive.

I'd recommend reviewing the server setup and how different services are configured to help pinpoint the root cause. It might not be the software itself but something else in the environment.
 
Rodolfo
Thank you for your thoughtful reply.
I have raised a support ticket with our sevice provider and they can find no reason for the block.
Note that we are not being blocked for spam or content activity but for being suspected of phishing.
We have come to the conclusion that the most likely cause of this is the need to provide a user name and password to view the site, or indeed following linked images, such as thumbnails or medium images, in order to view the full size image (the last I have raised as a bug).
Unfortunately many those who rely on the paid versions of software that are blocking the site are often completely unaware of what phishing actually is and no amount of explanation will convince them an image hosting site can not possibly be a phishing site as we never ask for personal or financial information and certainly do not ask for their credit card or bank details.
The only link that we have is an official and correct "donate" button that links to PayPal, and obviously that takes them completely off our site.
One guy now only logs on using his iPhone because he does not use it for banking and is afraid that if he logs on from his PC he is in danger that someone might get his bank log on information.
Despite the fact that myself and other users have tried to tell him there is no danger some people you just can't educate.
Myself and others have consistently reported this to the AV services as a false positive but they obviously consider it as unimportant. No doubt they would jump if they were found to be blocking a major social.
 
Last edited:
You must log in or register to reply here.
Back
Top