this post was submitted on 17 Jul 2023
13 points (88.2% liked)

Lemmy.world Support

3228 readers
1 users here now

Lemmy.world Support

Welcome to the official Lemmy.world Support community! Post your issues or questions about Lemmy.world here.

This community is for issues related to the Lemmy World instance only. For Lemmy software requests or bug reports, please go to the Lemmy github page.

This community is subject to the rules defined here for lemmy.world.

To open a support ticket Static Badge


You can also DM https://lemmy.world/u/lwreport or email [email protected] (PGP Supported) if you need to reach our directly to the admin team.


Follow us for server news 🐘

Outages πŸ”₯

https://status.lemmy.world/



founded 1 year ago
MODERATORS
 

I've gotten this message from Malwarebytes quite a lot these few days. Is this just a false positive?

top 16 comments
sorted by: hot top controversial new old
[–] [email protected] 13 points 1 year ago (1 children)

Keep getting false positives on AVG from lemmy.world communities pages for derp.foo

When people name their web assets the same as known viruses, hacks, and malware, because they think it's just the funniest thingever, this shit is going to continue to happen.

Your antivirus is working perfectly, and doing exactly what is should be doing.

[–] [email protected] 5 points 1 year ago (1 children)

Yeah I figured it was something like that.. It's better to be safe than to be sorry in my book either way!

[–] [email protected] 2 points 1 year ago
[–] [email protected] 7 points 1 year ago* (last edited 1 year ago) (1 children)

It’s catching the hit on the IP

https://www.virustotal.com/gui/ip-address/80.78.22.88/community

The hit is 4 months old though and likely shutdown by the provider at the time.

[–] [email protected] 5 points 1 year ago

Nice, good find.

[–] [email protected] 2 points 1 year ago (3 children)

VirusTotal doesn't show any infections for that url.

I've seen a few false positives with BitDefender for random Lemmy instances too. It might be the heuristics being triggered by the random URL names, but it's also possible there were random exploits like the XSS vulnerability that were caught by some antivirus apps. Considering Lemmy is still a juicy target for bad actors, some precaution is probably warranted.

In general I'd look closely at the specific detection to make sure it's not flagging a suspicious JS file, etc.

[–] [email protected] 2 points 1 year ago (1 children)

Because the site is behind a login, you would have to upload the JS files individually to virustotal. However, there are no trojans that can affect you from visiting a website. Browsers have sanboxing to prevent that. What web threats usually do is steal keystrokes, serve ads, phish banking sites etc. To get infected by a trojan you would have to download a file and execute it.

[–] [email protected] 2 points 1 year ago (1 children)

Actually drive by JS attacks and JavaScript engine exploits happen occasionally and have known to bypass browser sandboxes. In these cases the infection is completely invisible to the user and requires no downloads or execution of files.

[–] [email protected] 2 points 1 year ago

Yeah you're right. But browser zero days are usually targeted attacks not casting a large net like the usual web threat. Thanks for the link, it was interesting to learn some more techniques that are used in developing those. In this case the threat detected was Go based ransomware.

[–] [email protected] 1 points 1 year ago

The Trojan mention is worrying, though. Does it provide any more details about what it's flagging?

load more comments
view more: next β€Ί