Voca
Level 2: Rookie

Site being blocked

Answered

A customer of ours has reported that a visitor to their site landisproperty.com.au is being warned of malicious content by Telstra Broadband Protect. I've scanned the site with Sucuri and Google Safe Browsing -- both give the site the all clear.  This looks to be a false positive, how can the site be cleared from the TBP blocklist?

1 ACCEPTED SOLUTION

Accepted Solutions
gavincostello
Telstra (Retired)
Telstra (Retired)
Accepted Solution

Re: Site being blocked

Yes, I have submitted a request for review
Formerly of Telstra

View solution in original post

Was this helpful?

  • Yes it was, thank you
  • No, I still need help
22 REPLIES 22
cf4
Level 25: The Singularity
Level 25: The Singularity

Re: Site being blocked

Are you sure it is Telstra protect that is doing the blocking. I have tried visiting site using an Optus connection and site is blocked due to invalid certificate.

 

"The hostname in the website’s security certificate differs from the website you are trying to visit.

Error Code: DLG_FLAGS_SEC_CERT_CN_INVALID"

 

 

ForensicsGuru
Level 21: Augmented

Re: Site being blocked

Yes, it is protected by Telstra Protect (just tried) and it is probably because Sophos reports (https://www.virustotal.com/#/url-analysis/u-92540d240f53252a8a2b1365a4712e148157ae87e0a792c39b51f619...) the site as having malicious content...
DISCLAIMER: I do not work for Telstra or any other ISP. I never did. I have wealth of practical knowledge in Computer Security and Forensic Computing. I have been in the field since 1985.

Likes (formerly Kudos) and solutions are appreciated!!!
The comments expressed by me reflect my user experience and personal opinion.
Voca
Level 2: Rookie

Re: Site being blocked

Thanks, but the site doesn't use SSL (yet), so the generic certificate will definitely not be valid on the domain.
Voca
Level 2: Rookie

Re: Site being blocked

I've sent two requests to Sophos to have the site rescanned over the last month but they never respond or acknowledge.
https://community.sophos.com/kb/en-us/119440

Malware did infect the site in mid-2017 but that was cleaned up quickly and additional security measures were put in place. Everyone else reports the site as clean now, so do you have any tips on fixing the Sophos listing?
ForensicsGuru
Level 21: Augmented

Re: Site being blocked

I can connect to http://landisproperty.com.au/ from my work machine but not from my home Telstra/NBN machine, but the link you provided in your original post is to https://landisproperty.com.au/ and that of course raises flag because of the invalid security certificate...
Additionally, Sophos is still listing the site as malicious...
DISCLAIMER: I do not work for Telstra or any other ISP. I never did. I have wealth of practical knowledge in Computer Security and Forensic Computing. I have been in the field since 1985.

Likes (formerly Kudos) and solutions are appreciated!!!
The comments expressed by me reflect my user experience and personal opinion.
ForensicsGuru
Level 21: Augmented

Re: Site being blocked

I have done fresh scan now and indeed Sophos is still reporting something... Not sure why, I personally do not trust Sophos that much, but Telstra might - not sure what is their source.

 

They might be listing it dues to security certificate mismatch... 

DISCLAIMER: I do not work for Telstra or any other ISP. I never did. I have wealth of practical knowledge in Computer Security and Forensic Computing. I have been in the field since 1985.

Likes (formerly Kudos) and solutions are appreciated!!!
The comments expressed by me reflect my user experience and personal opinion.
Voca
Level 2: Rookie

Re: Site being blocked

Sorry, that was a typo in my original message (force of habit), but I've now added an SSL certificate to the site so that should remove this from the equation.
Jagaf
Level 21: Augmented

Re: Site being blocked

I am able to connect to site - https://landisproperty.com.au/ using Telstra cable from Melbourne. The SSL cert is still giving issues. - "Your connection to this site is not fully secure"

Voca
Level 2: Rookie

Re: Site being blocked

I've asked the web developer to amend the resource links to use https:// instead of http:// but this still shouldn't be the cause of the Sophos issue that's triggering Telstra Broadband Protect.
gavincostello
Telstra (Retired)
Telstra (Retired)

Re: Site being blocked

Hi Voca, the Block page should provide a “Report as Safe” Link. Pressing that will send a request to our Security Partners so they can review the site and remove from our black lists if found to be clean
Formerly of Telstra
ForensicsGuru
Level 21: Augmented

Re: Site being blocked

The site still has ERR_SSL_PROTOCOL_ERROR. There must be some problems in the server settings... In particular, the site allows weak protocols... This site https://www.ssllabs.com/ssltest/analyze.html?d=landisproperty.com.au gives A rating, but some browsers (in particular Chrome and Edge) are really picky nowadays (and I am happy that they are - time to weed out various olds stuff)... Chrome is nowadays shaming all sites that are http://...
DISCLAIMER: I do not work for Telstra or any other ISP. I never did. I have wealth of practical knowledge in Computer Security and Forensic Computing. I have been in the field since 1985.

Likes (formerly Kudos) and solutions are appreciated!!!
The comments expressed by me reflect my user experience and personal opinion.
Voca
Level 2: Rookie

Re: Site being blocked

Thanks for the research, but I honestly can't expect this to be the cause of the Sophos issue or the TBP block – otherwise 50% of the internet would also be blocked. This server also hosts other domains that do not suffer the same fate with TBP.
Voca
Level 2: Rookie

Re: Site being blocked

Thanks, are you able to do this? I'm not using a Telstra connection and the report came to me third-hand, so it's going to be difficult to get back to the person that originally reported it.
ForensicsGuru
Level 21: Augmented

Re: Site being blocked

I appreciate what you are saying and I really do not have an answer to why Sophos is scanning as malicious and no other engine does and to how Telstra creates its black list for TBP. I am now at home on my Telstra connection so I cannot do much until I'll be in my office tomorrow morning again. As I said, I do not trust Sophos for various reasons and I have seen only Sophos listing sites as malicious while they were clean. At this stage, all I can wish you is good luck and suggest to you to get your https:// settings done properly and start using only secure site... That's the future...
DISCLAIMER: I do not work for Telstra or any other ISP. I never did. I have wealth of practical knowledge in Computer Security and Forensic Computing. I have been in the field since 1985.

Likes (formerly Kudos) and solutions are appreciated!!!
The comments expressed by me reflect my user experience and personal opinion.
gavincostello
Telstra (Retired)
Telstra (Retired)
Accepted Solution

Re: Site being blocked

Yes, I have submitted a request for review
Formerly of Telstra

View solution in original post

Voca
Level 2: Rookie

Re: Site being blocked

Thank you, much appreciated.
gavincostello
Telstra (Retired)
Telstra (Retired)

Re: Site being blocked

The site has been confirmed as clean and removed from our Security Partner’s lists. If you could please confirm, and thanks for your patience
Formerly of Telstra
Jupiter
Level 25: The Singularity
Level 25: The Singularity

Re: Site being blocked

Just out of interest, I can see the site on my TPG NBN connection, but Firefox is still reporting the site with a warning that it is not 100% secure.

Never be afraid to back yourself when trying new things, just always make sure you have 3 escape routes if things go wrong.
Voca
Level 2: Rookie

Re: Site being blocked

This is likely due to not all assets on the page being linked with HTTPS. I have asked the web developer to fix them, but this thread is a separate issue about Telstra Broadband Protect.
Voca
Level 2: Rookie

Re: Site being blocked

Hi Gavin, I have the identical problem with another client on website zerog.com.au now.
https://www.virustotal.com/#/url/8258de805714e3e74853d57a1bcf68aea0d12f7176bdf2876ea22125e9e80a2f/de...

Would it be possible for you to also request a review of this site? I've gone through all the same checks and site looks to be clean.

Sorry to bother you with this. I would submit it to Sophos myself, but my requests seem to go unanswered by them.
gavincostello
Telstra (Retired)
Telstra (Retired)

Re: Site being blocked

Sure, I’ll submit for you, I assume it hasn’t already been reported as safe at the block page?
Formerly of Telstra
Voca
Level 2: Rookie

Re: Site being blocked

Thanks, unfortunately we're not Telstra customers so we don't get a block page.  If you can do this on our behalf it would be greatly appreciated.

Set it & forget it

With direct debit there’s no need to give paying your bill another thought.

Avoid queuing up and never worry about late fees again.

Setup direct debit