BBD-Aurora 0 Report post Posted May 20, 2013 I'm getting a false positive from http://learningwebconnect.homeftp.org and from http://learningwebconnect.homeftp.org/apl_camera_club/ which is a sub-directory of the main domain. Its an "educational" domain and the website of our town's library camera club. Share this post Link to post Share on other sites
LS.Andy 79 Report post Posted May 21, 2013 Hi BBD-Aurora, We are blocking the entire homeftp.org domain, which is a dynamic DNS domain that is currently being heavily exploited by the bad guys to distribute malware. We would advise our customers to consider another hosting solution, as dynamic DNS providers (esp. ChangeIP) are being heavily exploited right now. It’s the equivalent of living in a bad neighborhood. Regards. Andy Lavasoft Malware Labs 1 Share this post Link to post Share on other sites
BBD-Aurora 0 Report post Posted May 22, 2013 Our town's library camera club website operator has given me what he calls the "direct" address of ... http://174.115.132.24/apl_camera_club/ It has a single "static IP address", as opposed to a "dynamic DNS domain" like you described. Please tell me if you consider that "static IP address" as "safe". When I access the camera club website through it, I don't see any security warning from Ad-Aware. Share this post Link to post Share on other sites
BBD-Aurora 0 Report post Posted May 22, 2013 Here's the link to an interesting item from Google which indicates that there are no malware problems associated with learningwebconnect.homeftp.org http://www.google.com/safebrowsing/diagnostic?site=learningwebconnect.homeftp.org Share this post Link to post Share on other sites
LS.Andy 79 Report post Posted May 24, 2013 Hi, homeftp.org is hosted by dynamic DNS domain provider. You can see it listed here: http://dyn.com/dns/dyndns-pro/domain-names/. These hosting solutions are often abused by malware distributors. Although Lavasoft does not rely on Google Safebrowsing information for site blocking (it is not as accurate or comprehensive as one would hope, unfortunately), if you look at http://www.google.com/safebrowsing/diagnostic?site=homeftp.org you will see that the domain is reported as having hosted malware over the last 90 days. There is no malicious activity observed on your site, although, with respect, we risk exposing the rest of our customers to live malware to accommodate one site. It looks like the domain "learningwebconnect.org" has not been registered. One solution could be to register the domain and move to a new hosting provider like Hostgator. It would mean that your site does not reside on a problematic host, and that your site's URL would be less cumbersome that the current one and importantly, you move your site into safer hosting territory. I see the site is built using Drupal 7, so it would be quite simple to migrate the database & site files to a new host. I hope this is helpful. Regards, Andy Lavasoft Malware Lab Share this post Link to post Share on other sites