Topic Title

Hi,

This morning I sent an email to my mailing list announcing the release of a new version of the Spaces Macro. I received a response from one recipient stating that he could not connect to my web site. Just wondering in anybody else in the DataCAD community is having similar issues with my site (dhsoftware.com.au)?

The error reported to me was :

Code: Select allSecure Connection Failed

An error occurred during a connection to dhsoftware.com.au. PR_END_OF_FILE_ERROR

Error code: PR_END_OF_FILE_ERROR

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.

My own googling results on this error suggest it is a Firefox specific error on the client side, but the person who reported it to me stated that it was happening in Chrome and Edge as well .... if anybody can offer any advice I would be most grateful.

Thanks,
David H

[Mark F. Madura]

I'd guess that without a security certificate ( https://dhsoftware.com.au/ ) it would be difficult to connect with any modern browser. Depending on where your site is hosted, you might be able to set up a free certificate via Let's Encrypt ( https://letsencrypt.org/getting-started/ ).

It's throwing up flags here as well. Malwarebytes is intercepting it as a known threat site. I ran the url thru a couple of security sites that can test against the URL or IP and they are flagging it for phishing and malware. My guess would be that someone has injected something into your site somewhere and is using it to push out something. I had something similar happen to my site. They were hosting ads for a string of online gambling sites.

I loaded up VM and visited your site without any protection to block the traffic and I think it's being hyjacked by some type of interceptor as some clicks get thru to your site, but others redirect to http://dhsoftware.com to a similar Ad fraud link site. Sorry. Hope you can get it worked out.

Your site came up for me okay through Chrome.

Using FireFox, I was able to load the site and download the macro.

Thanks for all the responses.

I guess Josh's responses are the most concerning. The site does have a (letsencrypt) certificate, and a redirect from http to https has been set up (all of which works fine for me). When adding the download link for the new file I discovered that Chrome seemed to block it if I didn't use https in the link. i.e. it blocked http://dhsoftware.com.au/.... but allowed https://dhsoftware.com.au/.... (albiet with some warnings about it not being commonly downloaded and may be a threat).

VirusTotal shows that 4 vendors currently flag my site as malicious (66 show it as clean and a few don't rate it).

I first had problems with the site back in June 2022 when the Spaces install file was reported as malware (see https://urlhaus.abuse.ch/url/2232627). It was at this time that I first noticed virus programs listing my site as malicious. I submitted the file to some of the anti-virus vendors as a false positive at that time, and although it was found to be clean I stopped using installation exe files and started just supplying zip files for my macros (which seemed to avoid most of the false positive detections).
Interestingly, most of the files in the Shadow macro zip file are password protected (the password is in the unprotected readme file), and a couple of virus scanners that reported a problem with the file before I added the password now report it as clean (a few still report it as malicious - I actually wonder if some of these report anything as malicious if it is not on their white list).

In all honesty, the problems I have encountered trying to keep the web site in good reputation and free from false positives make me wonder if it is all worthwhile. Although I don't make any money from the site I have considered paying for software such as sitelock ... but when I scan my site using sitelock's free scanner is comes up as clean with no malware or vulnerabilities detected (and since they are in the business of trying to sell protection from these I expect they would find some if they could).
I believe that most (if not all) programs that list my site as a threat are relying on false positive detections such as that from 2022 that I referenced above. I am concerned about Josh's post and will look into it further, but really not sure where to go from here.

Regards,
David H.

Hi David,
It worked okay here using Firefox on Win10Pro.

Just downloaded the macro from your site w/o a glitch from my iPad.

When I just clicked on the link in your original post, I got this message:

Malware and Phishing
This site is blocked because it is a known security threat. Please contact your network administrator to gain access.

I am using Firefox in Win10.