This extension will retrieve the correct IP of a blocked site using Google Public DNS and connect to the website by directly using its ip address in the address bar.Some sites only work over https. You'll receive a "your connection is not private" warning, but you can bypass this by clicking "advanced" and "proceed".Won't work on servers using http/2.reCAPTCHA will not work on most sites, look for a "having problems with the captcha" link or some alternative.
when trying to open r-project.org (the site of a large open source project on statistical computing), ESET Smart Security 9 denies access and terminates the connection (Reason: JS Redirector NAV Trojan). This happens in Firefox and IE (I do not use Chrome).
Since this is a very well known domain accessed by probably millions everyday I suspect that this is a false positive. A web search did not gain any helpful insight either, neither on the problem as such nor on this specific domain being infected.
The site itself is not blocked, i have tried and can navigate around the site with no problems. It's only an "element" within the site that is blocked. Just a bad Javascript link on the site somewhere.
If you can navigate around and use the site then there is really nothing to worry about, you will just get that pop up message every time you visit the site.
I guess its letting you browse/use the site but with just that message displaying in the pop up ??
I see a blank page with only a red rectangle in the middle of the screen, which is generated by ESET, saying what I wrote in my inital post., i.e., connection terminated, access denied, etc., and which threat was detected (" JS/Redirector.NAV Trojan"). See attached screenshot.
Furthermore, it is blocked not only for the browser but also for other programs. There is a repository for R, CRAN, accessible via cran.r-project.org, from which e.g. the R console and the R IDE "RStudio" can install new packages. These programs cannot access the repository as well.
Concluding, I can not visit the site and I cannot access the package repository. I wonder why it doesn't work on my PCs (2 systems, both having Smart Security 9 installed) but works on other systems (e.g. your system).
I just tried to access the site in IE11 and it was blocked on access. Note that the site is a HTTPS site. If SSL protocol scanning was not enabled, Eset might not have detected it upon site access. Also appears to have attempted to drop the Trojan in %AppData% folder.
Here is a screenshot from my pc(using firefox 50) , it shows ESS blocking the bad script but allows me to continue using the site properly.
There are plenty of websites that i visit personally that have the same behavior. By blocking the bad stuff and letting me use the content and pages that are clean.
If i remember correctly this was one of the many reasons i personally use the firewall in "interactive mode" and set the rules up myself and not on "automatic" Like ESS defaults with. The inbuilt rules are far too strict by default and caused me too many problems. Prior to using the very first release of ESET smart security (many many moons ago), i used a combination of nod32 and Comodo firewall and again i used this in a learning/interactive mode as the auto rule set Comodo was too strict and gave me similar problems.
thanks for all the answers so far. I doubt that they will change the r-project.org site for something that looks like an "ESET Smart Security" issue. So based on what cyberhash wrote the only reasonable option for me seems to be to set the firewall to interactive mode. Or did I miss any further options?
The block has nothing to do with firewall; it's web access protection that is blocking it. It's a highly suspicious javascript obfuscation used on the website which triggers the detection. I'd like to bring this article about using obfuscation to your attention: -javascript-oh-what-a-tangled-web/.
Easy fix for you and it takes less than 1 minute to do ....... . You will still get the pop up showing the bad script but will still be able to access and use the site. The reason ESS completely blocks these sites , is down to the way it handles the HTTPS protocol via the web access protection module.
My bad for feeding you the wrong info over the weekend , but in my defence i had too many beers and was in a few forums replying to too many threads.
Apologies and here is the fix
It still detects and blocks the threat on the page using this method, but still allows you to use and navigate it.
Its basically doing what ESS does with standard HTTP pages.
Here is something you can try yourself to replicate what i am referring to.
1, Under WEB PROTOCOLS tab , have both HTTP & HTTPS switched ON and try to access the website in question ( r-project.org), and you will be presented with the same outcome as in the image ITMAN has posted above ...... Completely blocked and wont let you access the site.
2, Switch the HTTPS scanner OFF and it lets you access and use the site but blocks the offending script.
3, Have both HTTP & HTTPS scanning ON and add the url of the site to the Exclusion list and it lets you access the page, just like having the HTTPS scanning switched OFF. Where it lets you access and use the site but blocks the offending object.
3, Have both HTTP & HTTPS scanning ON and add the url of the site to the Exclusion list and it lets you access the page, just like having the HTTPS scanning switched OFF. Where it lets you access and use the site but blocks the offending object.
However I agree w/Marcos in that if there is one thing "dodgy" about a web site, best to block entire site access. Odds are the site owner is not properly scanning it for malware and it is just a matter of time until something else nasty is added to it. Might just be a 0-day exploit.
I have set the category to "Business" and added it to a Temporary Web Exception policy that we use to test websites before granting further access. This policy has worked in the past for allowing access to a website.
It looks like our Sophos endpoing clients were not downloading policy for a couple of days. They seem to have corrected themselves, but I'm monitoring the situation and will contact support if needed.
Wouldn't you know it - the FQDN I use to reach one customer's Sophos appliance is also classified as 'Alcohol & Tobacco' - it's the second choice at the top of the category list. Looks like there might be a bug that incorrectly applies that category to uncategorized FQDNs.
Wow, now support is asking me to factory reset my router. Why would they put in something that can block sites without a way for the user to whitelist sites if they choose. This router has really been a let down so far. It has so much potential.
--
Website blocked due to phishing
Your Malwarebytes Premium trial blocked this website because it may be phishing you.
We strongly recommend you do not continue.
What is phishing?
Phishing scams attempt to obtain your information by presenting themselves as legitimate websites, then asking for your password, credit card details, or other sensitive information.
--
Please remove the inaccurate block as fast as possible! I find this warning quite offensive, since this is certainly not correct. What exactly is the reason for our website being blocked and spammed as phishing, calumniating us throughout all the world and giving us bad reputation, when this is not true?
Is it forbidden to ask for donations or help in spreading religious material the world over as we do on our site (and as millions of websites does), or is it a crime to have a link to PayPal were such paying information can be added? Yes, it is on PayPal such information are added, and not on our site. And here again, millions of websites has links to PayPal.
If our site is so dangerous, why is only your program blocking it and not google also removing it with their checks? And if we really are a threat, why are only prophecyfilm.com blocked, when doomsdaytube.com, or catholic-saints.net or santos-catolicos.com or several other sites use largely exactly the same material and exactly the same malls (buildup and core files)?
Are you aware of that calumniating websites like this can lead to lawsuits and that you could loose if someone got really angry and sued you for being publically and falsely calumniated for all the posses that may have occurred?
Also, if you think a website is a threat, is it not your obligation to email this person as fast as possible first, if you are about to block his website, in order that it may be solved? (I know one wants to protect people, but it is more likely the person and website is innocent, and that he therefore is being attacked innocently; therefore, the only right choice may be not to block anything until and after you have manually confirmed the truth.)
7fc3f7cf58