[Owasp-board] OWASP on OpenDNS Malware Block List

Tobias tobias.gondrom at owasp.org
Sun Apr 5 03:15:33 UTC 2015


Hello Josh,

thank you so much for following up with them on this.

Yes, you are right it is unclear what we could do about this.
Unfortunately malware blocking companies are often not transparent on 
how they come to their conclusions on Blocking. Officially, many claim 
they don't want to make things too predictable for attackers. However, I 
believe this also frequently hurts legit web pages like ours. But as 
long as they are not willing to publish their policies and reasons for 
their mistakes, there is not much we can do about it.

Thanks again and best regards, Tobias



On 04/04/15 03:42, Josh Sokol wrote:
> I wanted to follow up here as I did get some additional information on 
> the blocking of owasp.org <http://owasp.org> by OpenDNS:
>
>     Our system was detecting malicious activity around the IP address
>     that was hosting OWASP, and showing signs of domain generated
>     algorithms where there were domain names similarly spelled to
>     OWASP. This lead to the reason why the domain was being blocked.
>     However our research team further reviewed the domain and was able
>     to ensure that this wont happen again with this domain.
>
>
>
> Unfortunately, I'm not sure there is much that we can do with that, 
> but at least we have an answer as to why it was blocked in the first 
> place.
>
> ~josh
>
> On Mon, Mar 16, 2015 at 12:11 PM, Tobias <tobias.gondrom at owasp.org 
> <mailto:tobias.gondrom at owasp.org>> wrote:
>
>     Thanks Josh,
>     it would indeed be good to find out and understand what happened.
>     These anti-spam services can often act quite randomly and can
>     meanwhile do quite a lot of damage to legitimate sites. And often
>     without any warning. :-(
>     Best, Tobias
>
>
>
>     On 16/03/15 09:16, Josh Sokol wrote:
>>     I received a response from OpenDNS Support on 3/15 saying that
>>     the domain was no longer being blocked for malware.  I have asked
>>     them to escalate to their research team for additional
>>     information as to why it was on the list to begin with.
>>
>>     ~josh
>>
>>     On Mon, Mar 16, 2015 at 10:14 AM, Paul Ritchie
>>     <paul.ritchie at owasp.org <mailto:paul.ritchie at owasp.org>> wrote:
>>
>>         Hi all:
>>         Just as a follow up, Matt Tesauro has an OWASP IT 'service
>>         ticket' system set up in case that are Web or IT related issues.
>>
>>         I have copied him here, but it might be good to bookmark this
>>         "OWASP IT" email address or set it aside for that 'rare'
>>         instance when it might be needed.
>>
>>         Matt - FYI in case you can add to or help support the issue.
>>
>>         Paul
>>
>>         Best Regards, Paul Ritchie
>>         OWASP Interim Executive Director
>>         paul.ritchie at owasp.org <mailto:paul.ritchie at owasp.org>
>>
>>
>>         On Sat, Mar 14, 2015 at 1:38 PM, Jim Manico
>>         <jim.manico at owasp.org <mailto:jim.manico at owasp.org>> wrote:
>>
>>             Good catch, I do not see this block on other DNS
>>             services, but if I do I'll let you know.
>>
>>             Nice catch Josh. Thank you.
>>
>>             - Jim
>>
>>
>>
>>             On 3/14/15 10:01 AM, Josh Sokol wrote:
>>>             Hey all,
>>>
>>>             I was trying to do something on the owasp.org
>>>             <http://owasp.org> site today and noticed that OpenDNS
>>>             was telling me that it was blocked (never has been
>>>             before).  I currently have an enterprise account with
>>>             them so I started poking around in their Investigate
>>>             tool and it looks like owasp.org <http://owasp.org> was
>>>             added to their OpenDNS Security Labs block list as of
>>>             today (3/14/2015).  It doesn't really say why, and I've
>>>             followed up with my sales guy to get an answer, but this
>>>             could be a significant hit to our traffic as OpenDNS
>>>             registers between ~200 and ~800 DNS queries for
>>>             owasp.org <http://owasp.org> per hour.
>>>
>>>
>>>>>>             I wanted to give everyone a heads up.
>>>
>>>             ~josh
>>>
>>>
>>>             _______________________________________________
>>>             Owasp-board mailing list
>>>             Owasp-board at lists.owasp.org  <mailto:Owasp-board at lists.owasp.org>
>>>             https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>>             _______________________________________________
>>             Owasp-board mailing list
>>             Owasp-board at lists.owasp.org
>>             <mailto:Owasp-board at lists.owasp.org>
>>             https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>>
>>
>>
>>     _______________________________________________
>>     Owasp-board mailing list
>>     Owasp-board at lists.owasp.org  <mailto:Owasp-board at lists.owasp.org>
>>     https://lists.owasp.org/mailman/listinfo/owasp-board
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150405/acb68b82/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 190418 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150405/acb68b82/attachment-0001.png>


More information about the Owasp-board mailing list