How to find out why my website is blocked

NicoVZ
NicoVZ W/ Alumni Posts: 3 Security Scout

Hi There, 

 

A few weeks ago i reported my website as a false positive but i haven't received a response. So a week ago i submitted a new sample but still no response.

 

Is there a way for me to find out why my website is blocked by F-secure? I have tried a lot of online scanners but all say my website is OK. The website is tabletsalesapp.nl/

 

What can i do to help getting my website whitlisted?

 

EDIT: Removed hyperlink

Comments

  • Ukko
    Ukko W/ Alumni Posts: 39 Cybercrime Crusader

    Hello,

     

    Sorry for my reply.

     

    There are a lot of different potential reasons for certain rating of website.

    But does your experience is about harmful or suspicious rating? Does your website is blocked as malicious website? Or what kind of 'block' there? And does it is still actual situation? If so -> maybe good to provide additional information about "what F-Secure solution will block" and "how it block" (any description/notifications or even blockpage with certain view).

     

    In addition, does your experience was about F-Secure SAS(?):
    https://www.f-secure.com/en/web/labs_global/submit-a-sample#sample-url

    With ""I want to give more details about this sample and to be notified of the analysis results"" -option (https://community.f-secure.com/t5/Common-topics/How-can-I-submit-samples-to-F/ta-p/77674).

     

    Thanks!

     

  • NicoVZ
    NicoVZ W/ Alumni Posts: 3 Security Scout

    The problem is that i do not know why the page is blocked by F-ecure firewall. I suppose it thinks that my website contains malicious content or so but simply i do not know because the message i get in browser does not give me that kind of information. It just shows a message in my browser that the site i want to view is blocked. I use the UPC firewall (that uses f-secure to determine threats) .

     

    And yes, the experience was about the F-Secure SAS

  • Ukko
    Ukko W/ Alumni Posts: 39 Cybercrime Crusader

    Hello,

     

    Just like clarification - I am only F-Secure user (and even more - only their home solutions).

    With my F-Secure installation and 'web-search'-rating for your domain: website is marked as 'safe'-one.

    But maybe certain directories (?!) or pages of website may be with another rating (!?). Or can be overwritten with certain flow.

    Your topic is placed under "F-Secure Business Security" solutions -- but does your experience about Home-solution or Business-solution (even if it is branded one) view?


    Also, I am not friendly with UPC firewall design. But as potential point to ask - does your experience about UPC firewall (and block action) is fresh? Or your page was allowed before and then start be 'blocked at access' eventually?


    If it was with first time using UPC Firewall -> maybe your domain (or website) was with some troubles before. Or some false-detections based on generic rules or patterns. And such information is stuck with databases.

    For example, based on virustotal.com - there was some suspicious URLs (not valid for current day):

    I think that F-Secure SAS is most valid step with such situation (for start-entry and own investigation).

    Good to re-check that you check option for "more details" and fill forms for your mail-address (to receive F-Secure Labs response). With my experience - three or four workdays are needed.

    But, time to time, can be global ignore (not likely situation). With my recent experience - response also was with unusual delay - but response is comes.

     

    But recent builds of F-Secure (home and ... business-solutions) with Windows Firewall reuse (for Windows platform). So, maybe it is an option to contact UPC for support (or advice).

    Otherwise - add such description/explanation with F-Secure SAS. Since - what if design of 'blocking/preventing' website is changed.

     

    Also, it may be situation when page is blocked based on 'Content Blocker' design (not a malicious or suspicious ratings) - but some categories like social media or so. But - if so - other related content should be blocked too.

    Business solutions was also with such feature as DNS filtering (https://community.f-secure.com/t5/Business/The-FSGKSH-service-blocking-DNS/m-p/100217)

     

    As part of own investigation - I will suggest to re-sure that your credentials are safe one (include most of related parts to your website). And double-check that your CMS, plugins, extensions or other third-parties additions are up-to-date.

     

    Thanks!

  • NicoVZ
    NicoVZ W/ Alumni Posts: 3 Security Scout

    I have received a response on my SAS ticket and the site seems to be unblocked now. So the issue is resolved. 

  • AvdH
    AvdH W/ Alumni Posts: 1 Security Scout

    reading this , and havind my own plain HTML website (harmless) blocked as well , you wonder what on earth is this 'lab' doing anyway? seems a pretty poor operation you run here.

  • Ukko
    Ukko W/ Alumni Posts: 39 Cybercrime Crusader

    @AvdH wrote:

    reading this , and havind my own plain HTML website (harmless) blocked as well , you wonder what on earth is this 'lab' doing anyway? seems a pretty poor operation you run here.


    Hello,

     

    Sorry for my reply. I'm only F-Secure user (their home solutions).

     

    Just interesting (because such situation with indeed strange sound) -> does your experience is about indeed only plain HTML website, safe hosting and long-used domain name?

    And does it blocked as harmful or as suspicious?

     

    I think that it may be 'autodetection' and further rating/reputation for domain or website; but too strange if it is one-page HTML (no scripts; no other pages; no any vulnerabilities).

    If situation is still valid (or reason is not found) -> do you able to create a private letter with URL to your website (just interesting to check if page is blocked with my home solution too or not)?

     

    Thanks!

  • MJ-perComp
    MJ-perComp W/ Alumni Posts: 669 Firewall Master

    Hi,
    one more point could be that other homepages hosted on the same server are blocked for a good reason. As you are sharing the same IP, it might be an indication to a corrupted hosting platform as well.

     

    M.

     

This discussion has been closed.