Author Topic: Please unblock a legitimate, multi-million-user website mail.ukr.net  (Read 5108 times)

0 Members and 1 Guest are viewing this topic.

Offline devgs

  • Newbie
  • *
  • Posts: 3
The site `https://mail.ukr.net` is being blocked as a phishing. Seriously, guys, fix your product. What the hell? No contact, no admin notification, 0 reasoning. It's an irresponsible behavior.


Edit: it seems that `https://accounts.ukr.net` is also affected.
« Last Edit: December 11, 2020, 07:32:12 PM by devgs »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user

Offline devgs

  • Newbie
  • *
  • Posts: 3
Re: Please unblock a legitimate, multi-million-user website mail.ukr.net
« Reply #2 on: December 11, 2020, 07:37:47 PM »
https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

Thanks, but it's not really helpful. I've submitted report already. But not having a direct contact with support is such cases is ridiculous.

How long shall we wait for response, having out site being blocked? And all this time our users see a false statement that out service is a phishing! It can be considered a defamation.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Please unblock a legitimate, multi-million-user website mail.ukr.net
« Reply #3 on: December 11, 2020, 07:43:31 PM »
If you report as possible false positive they should reply to the Mail you gave

Offline devgs

  • Newbie
  • *
  • Posts: 3
Re: Please unblock a legitimate, multi-million-user website mail.ukr.net
« Reply #4 on: December 11, 2020, 07:46:50 PM »
If you report as possible false positive they should reply to the Mail you gave

Thanks, waiting. But that's really frustrating. I haven't even received an email response whether my report was accepted. It's like a sinkhole. Throw a stone at it and hope for the better.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Please unblock a legitimate, multi-million-user website mail.ukr.net
« Reply #5 on: December 11, 2020, 08:49:44 PM »
There is cloaking on the site - There is a difference of 162 bytes between the version of the page you serve to Chrome and the version you serve to Googlebot.

Status codes
These should normally all be the same.

GoogleBot returned code 301 to -https://accounts.ukr.net/login?lang=ru
Google Chrome returned code 303me and the version you serve to GoogleBot.

See improvement recommendations here: https://webhint.io/scanner/8019dac1-e32c-4758-9b40-1a6e480e91fb#category-security

Wait for a final verdict from an avast team member, as they are the only ones to come and unblock.

In the mean time, DrWeb's gives it as clean:
Quote
Checking: -https://accounts.ukr.net/login?lang=ru
Engine version: 7.0.49.9080
Total virus-finding records: 9569880
File size: 5834 bytes
File MD5: c77216619290e81ff7f7b69e6068774d

-https://accounts.ukr.net/login?lang=ru - Ok

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
« Last Edit: December 11, 2020, 09:15:46 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline vsharun

  • Newbie
  • *
  • Posts: 3
Re: Please unblock a legitimate, multi-million-user website mail.ukr.net
« Reply #6 on: December 11, 2020, 10:55:18 PM »
This is not a cloaking bro.

It is absolutely ok, when you present google-readable page prepared for bots. Even Google tells this is ok, understanding they have no deep js capabilities in the bots they have. Those pages being loaded to the teeth with javascripts will attack bots as it should. This is why googlebot is treated differently.

The only limit is - the content seen should be the same.

BTW the verdict your false positive states was phishing not a cloaking. Phishing on OFFICIAL login page. That is a f*ckup bro. And its worth internal investigation: is your procedures was overrun/abused for distrusting your service or your procedures was used to attack ukr.net service.

That's it.

PS: no other service than yours is blacklisted those pages/domains understanding there's should be some people-driven fuses before kill switch triggers.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Please unblock a legitimate, multi-million-user website mail.ukr.net
« Reply #7 on: December 12, 2020, 05:21:36 PM »
Hi vsharun,

Whatever might have led to avast detecting and blocking this, we have to wait for an avast team member to react, as they are the only ones that could come and unblock after an eventual FP.

We here are just volunteers with relevant knowledge in the field of website security and website error-hunting, but the final verdict is for avast team to decide, reconsidering that detection might be an FP
or a genuine detection.

It is their definition base, so wait for a reaction on an FP report ;)

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline vsharun

  • Newbie
  • *
  • Posts: 3
Re: Please unblock a legitimate, multi-million-user website mail.ukr.net
« Reply #8 on: December 13, 2020, 10:20:58 PM »
Hi polonus,

There's was some hope that if forum is official then we may expect some form of official feedback.

Considering amount of posts you have - this was misleading us to you as a person, who pull the strings.

Hope you understand the feelings we have when your official login page settled as a phishing page.

May Avast post some kind of "sorry statement" about this issue so we may point affected users to it ? May you name or handover our question to the appropriate person ?


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88899
  • No support PMs thanks
Re: Please unblock a legitimate, multi-million-user website mail.ukr.net
« Reply #9 on: December 14, 2020, 12:47:48 AM »
Only Avast Team members have Avast Team to the left of their posts.

The remainder are avast forum users, even those with Avast Überevangelist next to their posts.  They have just been helping out on the forums for some considerable time and not Avast employees.

The link for reporting possible false positives goes directly to the Avast Virus Labs and they investigate the report.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline vsharun

  • Newbie
  • *
  • Posts: 3
Re: Please unblock a legitimate, multi-million-user website mail.ukr.net
« Reply #10 on: December 14, 2020, 08:37:22 AM »
Dear DavidR,

Avast Überevangelist mean Avast superevangelist or something. It shows relationship to the Avast as a product and/or company.

This misleads as minimum or hard to believe at least, mentioning number of posts you left.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88899
  • No support PMs thanks
Re: Please unblock a legitimate, multi-million-user website mail.ukr.net
« Reply #11 on: December 14, 2020, 05:11:04 PM »
There is no relationship with Avast the company only that they have been helping out in the forum for a considerable time, so they will have a large number of posts.  Avast Überevangelist is the top ranking group in the forum, the next up from Avast Evangelist

It is one of the Regular forum groups like others, see https://forum.avast.com/index.php?topic=93015.msg740725#msg740725 for the full listing.

Quote from: extract
Avast employees are in the Avast team group (Administrators, Global Moderators and Moderators are also Avast team).
Never ever try to look like or act as Avast employee if you are not.

It isn't meant to show an association or to deceive which is against the forum rules.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security