Tell HN: Ycombinator.com Blacklisted by Norton
40 comments
This happened to a site I managed a while ago. The cause was a comment a user posted that was flagged as a "batch virus". The content of the comment was all text, along the lines of
@echo off
echo "Speeding up your PC!"
delete c:\Windows\system32\
Thanks Norton!Norton probably blacklisted HN for this comment because it infringes on their intellectual property, not merely because it is potentially destructive code. In other words, it duplicates the functionality of some of their products and they don't appreciate their trade secrets being exposed this way.
Thanks OP. Norton will blacklist HN again!
You can submit it to get whitelisted here:
https://submit.symantec.com/false_positive/
Just got an email from Norton saying they have resolved the issue.
Email: http://imgur.com/a/2WwXf
Email: http://imgur.com/a/2WwXf
Probably a Cloudflare IP got flagged then switched to serving YC traffic
We got that same issue on joust.hearthsim.net (serving an S3 static site), it's getting blocked in russia because some website used to be on the IP it's currently routed to, back in 2013 or some such.
Annoying. Any suggestions?
Annoying. Any suggestions?
Did you talk to Cloudflare support about that?
Yeah. They essentially advised us to open a new account. They also advised that we would be less likely to share an IP on a paid plan.
The website in question I don't think even exists anymore, so this is just a dead IP in russia.
I fucking hate censorship.
The website in question I don't think even exists anymore, so this is just a dead IP in russia.
I fucking hate censorship.
Drop me an email jgc@
ycombinator.com is not handled by Cloudflare; it appears to be on Amazon.
Hmm...
nslookup news.ycombinator.com
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
news.ycombinator.com canonical name = news.ycombinator.com.cdn.cloudflare.net.
Name: news.ycombinator.com.cdn.cloudflare.netThat's news.ycombinator.com not ycombinator.com. I was talking about the latter.
You're correct - at least one of the subdomains (hacker news) is on CF and I assumed the main site was on it too.
I don't know how Adobe flagging works - it's possible that detecting an issue on a subdomain would cause them to flag the apex. That being said, the same recycled-IP issue could apply to the Amazon load balancer / CDN.
[Edit] Looks like they do indeed classify by apex. So, news.ycombinator.com redirects to ycombinator.com on the Adobe database, e.g. https://safeweb.norton.com/report/show?url=news.ycombinator....
I don't know how Adobe flagging works - it's possible that detecting an issue on a subdomain would cause them to flag the apex. That being said, the same recycled-IP issue could apply to the Amazon load balancer / CDN.
[Edit] Looks like they do indeed classify by apex. So, news.ycombinator.com redirects to ycombinator.com on the Adobe database, e.g. https://safeweb.norton.com/report/show?url=news.ycombinator....
[deleted]
Is this still happening to anybody? I am with Cloudflare and will escalate if still a problem.
It looks like it's OK for me, now: https://safeweb.norton.com/report/show?url=news.ycombinator....
This is what we get for repeatedly making fun of Symantec
All the listed threats are formulaformillionaires.com links, which is odd.
And formulaformillionaires.com redirects to medium.com. Weird.
Also, the owner looks like a normal author [1].
> Some pages on this website send visitors to the following dangerous websites: apollo-computers.com.
Edit: Upon further inspection it looks like a pretty questionable book: "Become a millionaire by just following my 7 simple steps!"
[1]: https://amzn.com/0979433835
[2]: https://www.google.com/transparencyreport/safebrowsing/diagn...
$ whois formulaformillionaires.com
Updated Date: 20-sep-2013
Creation Date: 01-feb-2008
Expiration Date: 01-feb-2018
...
Admin Name: Paul McCormick
Admin Organization: Miracle Writers LLC
...
Google says [1]:> Some pages on this website send visitors to the following dangerous websites: apollo-computers.com.
Edit: Upon further inspection it looks like a pretty questionable book: "Become a millionaire by just following my 7 simple steps!"
[1]: https://amzn.com/0979433835
[2]: https://www.google.com/transparencyreport/safebrowsing/diagn...
>"Become a millionaire by just following my 7 simple steps!"
Looks legit Medium.com to me
Looks legit Medium.com to me
Maybe people are posting these links as stories and they're getting flagged quickly but Norton still sees them and thinks of them as site content?
How did you got this warning, what Norton product are you using?
In my case it's Norton 360.
[deleted]
I've got this warning too.
dsl(3)
got a warning notice from my antivirus (Norton).
what's up?
Something to do with Peter Thiel?
https://safeweb.norton.com/report/show?url=ycombinator.com
Seems like a false positive, but might be worth to get it cleared.