[Owasp-board] OWASP on OpenDNS Malware Block List

Josh Sokol josh.sokol at owasp.org
Fri Apr 3 19:42:09 UTC 2015


I wanted to follow up here as I did get some additional information on the
blocking of owasp.org by OpenDNS:

Our system was detecting malicious activity around the IP address that was
> hosting OWASP, and showing signs of domain generated algorithms where there
> were domain names similarly spelled to OWASP. This lead to the reason why
> the domain was being blocked. However our research team further reviewed
> the domain and was able to ensure that this wont happen again with this
> domain.
>


Unfortunately, I'm not sure there is much that we can do with that, but at
least we have an answer as to why it was blocked in the first place.

~josh

On Mon, Mar 16, 2015 at 12:11 PM, Tobias <tobias.gondrom at owasp.org> wrote:

>  Thanks Josh,
> it would indeed be good to find out and understand what happened.
> These anti-spam services can often act quite randomly and can meanwhile do
> quite a lot of damage to legitimate sites. And often without any warning.
> :-(
> Best, Tobias
>
>
>
> On 16/03/15 09:16, Josh Sokol wrote:
>
>  I received a response from OpenDNS Support on 3/15 saying that the
> domain was no longer being blocked for malware.  I have asked them to
> escalate to their research team for additional information as to why it was
> on the list to begin with.
>
>  ~josh
>
> On Mon, Mar 16, 2015 at 10:14 AM, Paul Ritchie <paul.ritchie at owasp.org>
> wrote:
>
>> Hi all:
>> Just as a follow up, Matt Tesauro has an OWASP IT 'service ticket' system
>> set up in case that are Web or IT related issues.
>>
>>  I have copied him here, but it might be good to bookmark this "OWASP
>> IT" email address or set it aside for that 'rare' instance when it might be
>> needed.
>>
>>  Matt - FYI in case you can add to or help support the issue.
>>
>>  Paul
>>
>>   Best Regards, Paul Ritchie
>> OWASP Interim Executive Director
>> paul.ritchie at owasp.org
>>
>>
>> On Sat, Mar 14, 2015 at 1:38 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>
>>>  Good catch, I do not see this block on other DNS services, but if I do
>>> I'll let you know.
>>>
>>> Nice catch Josh. Thank you.
>>>
>>> - Jim
>>>
>>>
>>>
>>> On 3/14/15 10:01 AM, Josh Sokol wrote:
>>>
>>>    Hey all,
>>>
>>>  I was trying to do something on the owasp.org site today and noticed
>>> that OpenDNS was telling me that it was blocked (never has been before).  I
>>> currently have an enterprise account with them so I started poking around
>>> in their Investigate tool and it looks like owasp.org was added to
>>> their OpenDNS Security Labs block list as of today (3/14/2015).  It doesn't
>>> really say why, and I've followed up with my sales guy to get an answer,
>>> but this could be a significant hit to our traffic as OpenDNS registers
>>> between ~200 and ~800 DNS queries for owasp.org per hour.
>>>
>>>
>>>>>>  I wanted to give everyone a heads up.
>>>
>>>  ~josh
>>>
>>>
>>>   _______________________________________________
>>> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>
>
>
> _______________________________________________
> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150403/4271c3e0/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 190418 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150403/4271c3e0/attachment-0001.png>


More information about the Owasp-board mailing list