geoplugin.net blocked as malware

1,694 views
Skip to first unread message

Nick

unread,
Oct 12, 2011, 8:46:12 PM10/12/11
to geoPlugin
Hi,

We've been using GeoPlugin on our website for about a year now, but
today we noticed it was no longer working. Upon trying to access the
javascript.gp file directly I received the following message in
regards to geoplugin.net:

This web site ( http://www.geoplugin.net/javascript.gp ) has been
blocked because it has been determined by Web Reputation Filters to be
a security threat to your computer or the corporate network. This web
site has been associated with malware/spyware.

Threat Type: othermalware
Threat Reason: Domain reported and verified as serving malware.

I was hoping you could clarfiy the authenticity of this as I do
understand that these Web Reputation filters can get it wrong
sometimes.

Thanks.

geoPlugin Support

unread,
Oct 13, 2011, 2:02:10 AM10/13/11
to geop...@googlegroups.com
Hi,

Thank you for bringing this to our attention.

Firstly, geoPlugin hosts no spyware/malware or anything of that nature. Nor does it attempt to do anything malicious with anyone's computer. All that geoPlugin does is exactly laid out on the home page, that is serve geolocation data.

This error is coming from Cisco's IronPort URL Filters. However, the Web Reputation Filters are not a global but a local policy. That is to say that your company or ISP (whichever is relying on IronPort) has for some reason entered geoplugin.net as a malware-distributing site. This I can guarantee is completely incorrect and if you could provide me with your administrators contact details, I will contact them to remove the filter. More probably what has happened is some malware-providing site is using geoplugin.net in its header and the system admin has thus associated geoplugin.net with malware.

Again, as this is a local sysadmin problem, there is not much we can do about this and I'm disappointed that your system admin has "verified [geoplugin] as serving malware" as this is simply not true.

Regards
Andy

----
geoPlugin Support
gp_su...@geoplugin.com

http://www.geoplugin.com/

> --
> You received this message because you are subscribed to the Google Groups "geoPlugin" group.
> To post to this group, send email to geop...@googlegroups.com.
> To unsubscribe from this group, send email to geoplugin+...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/geoplugin?hl=en.
>

geoPlugin Support

unread,
Oct 13, 2011, 2:15:32 AM10/13/11
to geop...@googlegroups.com
Additionally, can you provide the notification codes that would be associated with this notice. In case it is a global policy, I can then contact Cisco/IronPort to have this issue resolved.


----
geoPlugin Support
gp_su...@geoplugin.com

http://www.geoplugin.com/

Bitsum Technologies

unread,
Oct 13, 2011, 3:21:07 AM10/13/11
to geop...@googlegroups.com
Perhaps this should be posted on the (newly) founded site: http://falsepositivereport.com - which is monitored by (at least some) of the major security companies to help correct errant detections like this. Within our first week, representatives from Symantec and Trend both fixed 2 of the 3 issues reported at our site.
Reply all
Reply to author
Forward
0 new messages