Inedo Community Forums Forums
    • Recent
    • Tags
    • Popular
    • Login

    Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

    If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

    Malicious website blocked

    Scheduled Pinned Locked Moved Support
    proget
    2 Posts 1 Posters 9 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ? This user is from outside of this forum
      Guest
      last edited by

      When I go to http://inedo.com/proget/versions and try to click on the 3.8.6 small installer (without sql express) I got a warning from Trend Micro Worry-Free Business Security that I am attempting to access a malicious website, and I am blocked. The rating specifies that it is a dangerous verified fraudulent page or threat source. I ran two scans on this website from virustotal.com. The first time reported that three URL scanners had detected that it was a malicious site. The second time I ran it was about 15 minutes later and it reported that there were five URL scanners (Blueliv, Sophos, Emsisoft, Fortinet and Kapersky) that detected it was a malicious site.

      Product: ProGet
      Version: 3.8.6

      1 Reply Last reply Reply Quote 0
      • ? This user is from outside of this forum
        Guest
        last edited by

        These "URL scanners" all use the same, third-party reporting source, so they will all report the same false positives. We have no control over that obviously, and this only seems to affect certain URLS (not files or content at the url), and only for a couple days... which reaffirms that these URL scanners are fairly worthless, since a malicious file would just use a dynamic url.

        If you are concerned about the url scanner, then just use a different url to download the file --- https://s3.amazonaws.com/cdn.inedo.com/XXX instead of http:///cdn.inedo.com/XXX

        Even if Amazon's CDN servers were compromised , you can be rest assured that, if the installer you download is signed by Inedo, then it's the package we published. You can always manually install if you are you don't trust installers.

        WE would appreciate, however, if you report the false positive, as that's the only way these 3rd party reporting services will update their lists.

        1 Reply Last reply Reply Quote 0

        Hello! It looks like you're interested in this conversation, but you don't have an account yet.

        Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

        With your input, this post could be even better 💗

        Register Login
        • 1 / 1
        • First post
          Last post
        Inedo Website Home • Support Home • Code of Conduct • Forums Guide • Documentation