Train Graphic
Great Western Passengers' Forum [home] and [about]
November lockdown advice
Forum in and beyond Coronavirus
DfT Covid Travel Advice
Read about the forum [here].
Register [here] - it's free.
What do I gain from registering? [here]
 today - Tuesday Club - ONLINE
04/12/20 - TWSW AGM - ONLINE
09/12/20 - Community Rail Network Awards
13/01/21 - Melksham RUG - ONLINE
Random Image
Train Running Polls Acronyms/Abbreviations Station Comparator Rail news GWR co. site Site Style 1 2 3 4
Next departures • Bristol Temple MeadsBath SpaChippenhamSwindonDidcot ParkwayReadingLondon PaddingtonMelksham
Exeter St DavidsTauntonWestburyTrowbridgeBristol ParkwayCardiff CentralOxfordCheltenham SpaBirmingham New Street
November 24, 2020, 04:19:16 am *
Welcome, Guest. Please login or register.

Login with username, password and session length
Forgotten your username or password? - get a reminder
Most liked recent subjects
[108] RMT Demands withdrawal of patronising GWR hi vis cleaning vest...
[90] Network Rail fined for allowing trains to use storm-damaged vi...
[62] HS2 - Government proposals, alternative routes and general dis...
[56] Virgin Hyperloop - first journey with passengers
[38] NR/RIBA competiton "Re-Imagining Railway Stations: Connec...
[37] Expansion of SWR services to Swindon and Okehampton?
News: A forum for passengers ... with input from rail professionals welcomed too
 
   Home   Help Search Calendar Login Register  
Pages: [1]
  Print  
Author Topic: "Suspicious top level domain"  (Read 161 times)
Marlburian
Hero Member
*****
Posts: 305


View Profile
« on: November 20, 2020, 04:54:28 pm »

This morning I had an update to my free Malwarebytes antivirus and when I tried to access the Coffee Shop I got a message "Website blocked due to a suspicious top level domain" with the advice not to proceed. No wimp I, and I pushed on regardless and here I am.
Logged
eXPassenger
Transport Scholar
Hero Member
******
Posts: 313


View Profile
« Reply #1 on: November 20, 2020, 04:57:41 pm »

This morning I had an update to my free Malwarebytes antivirus and when I tried to access the Coffee Shop I got a message "Website blocked due to a suspicious top level domain" with the advice not to proceed. No wimp I, and I pushed on regardless and here I am.

Is this because it is a standard HTTP connection and not an encrypted HTTPS connection?  User software is becoming increasingly suspicious of non HTTPS connections.
Logged
grahame
Administrator
Hero Member
*****
Posts: 31218



View Profile WWW Email
« Reply #2 on: November 20, 2020, 05:16:56 pm »

This morning I had an update to my free Malwarebytes antivirus and when I tried to access the Coffee Shop I got a message "Website blocked due to a suspicious top level domain" with the advice not to proceed. No wimp I, and I pushed on regardless and here I am.

Is this because it is a standard HTTP connection and not an encrypted HTTPS connection?  User software is becoming increasingly suspicious of non HTTPS connections.

1. The term TOP LEVEL domain indicates the bit in the end of the URL ...  we have various top levels here or hosted on the server, including .info, .chat, .am, .uk, .net and .xyz ; recently I released .fyi, and there are probably still the odd .com and .org.   We have lost / are loosing .eu, and I think the .biz I had has gone.   Malburian - did the message tell you which top level domain it was worried about as without that data I'm guessing ... rather like standing in Paddington, mobile network down, indicators boards not working and someone telling you that one of the IETs is the service you want for Hereford ...

2. Yes, we should move to https ... we have precious little data floating about that needs to be secured from "break ins to the stream between the server and your browsers, but upcoming convention suggest we add the security level. Now that we are on the new server seems a good time ... of course, confirmed certificates cost money and have to be renewed.
Logged

Coffee Shop Admin, Vice Chair of Melksham Rail User Group, and on the board of TravelWatch SouthWest.
Marlburian
Hero Member
*****
Posts: 305


View Profile
« Reply #3 on: November 20, 2020, 06:07:40 pm »

No, all I got was "What is a suspicious top level domain (TLD)? Possible suspicious activity encompasses a variety of behaviors that are commonly attributed to technical support scams, cryptojacking, browser hijacking, and other types of harmful, risky, and potentially unwanted objects."

No problem for me, but it might deter a potential member?
Logged
grahame
Administrator
Hero Member
*****
Posts: 31218



View Profile WWW Email
« Reply #4 on: November 20, 2020, 06:58:42 pm »

No, all I got was "What is a suspicious top level domain (TLD)? Possible suspicious activity encompasses a variety of behaviors that are commonly attributed to technical support scams, cryptojacking, browser hijacking, and other types of harmful, risky, and potentially unwanted objects."

No problem for me, but it might deter a potential member?

Yes, and that is why I am having a seriously heavy look at it and pressing you for all the evidence you have.

Looking at top level domain lists at https://www.spamhaus.org/statistics/tlds/

Their "top" ten
1. rest = 51.8% bad (score 3.75)
then .casa .tk .gq .ml .work .fit .gdn .London down to
10. cf = 31.6% bad (score 2.65)

So on .rest about a half of the sites are considered

For the domains we use ...
net = 7.4% bad (score 0.77)
info = 4.2% bad (score 0.36)
com = 3.7% bad (score 0.46)
xyz = 2.9% bad (score 0.25)
eu = 2.4% bad (score 0.16)
chat = 1.9% bad (score 0.06)
org = 1.4% bad (score 0.12)
uk = 0.6% bad (score 0.05)
am = 0.4% bad (score 0.00)

So 19 out of 20 sites at .info, and 49 out of 50 at .chat that have been looked at have come out clean.

A few of my own monitoring scripts on our server send me the occasional low level alert / warning - not because I really need them, but to re-assure me that the script is there and working.   I wonder if some antivirus and checking packages similarly rattle a little more than they should or need to just to remind their purchaser that they are there and running.
« Last Edit: November 20, 2020, 07:33:31 pm by grahame » Logged

Coffee Shop Admin, Vice Chair of Melksham Rail User Group, and on the board of TravelWatch SouthWest.
Red Squirrel
Administrator
Hero Member
*****
Posts: 3968


There are some who call me... Tim


View Profile
« Reply #5 on: Yesterday at 01:48:51 pm »


2. Yes, we should move to https ... we have precious little data floating about that needs to be secured from "break ins to the stream between the server and your browsers, but upcoming convention suggest we add the security level. Now that we are on the new server seems a good time ... of course, confirmed certificates cost money and have to be renewed.


We use AutoSSL for DV certification, though this may be tied in with our cPanel/WHM subscription. I think you should be able to get free DV certification from someone like this: https://letsencrypt.org/docs/faq/
Logged
grahame
Administrator
Hero Member
*****
Posts: 31218



View Profile WWW Email
« Reply #6 on: Yesterday at 03:35:41 pm »


2. Yes, we should move to https ... we have precious little data floating about that needs to be secured from "break ins to the stream between the server and your browsers, but upcoming convention suggest we add the security level. Now that we are on the new server seems a good time ... of course, confirmed certificates cost money and have to be renewed.


We use AutoSSL for DV certification, though this may be tied in with our cPanel/WHM subscription. I think you should be able to get free DV certification from someone like this: https://letsencrypt.org/docs/faq/

Thanks ... I will probably add a look at that and its implementation when I rattle the server add automated blacklisting of naughty remote computers.  Early work underway at http://vcrp.uk/running.php which I'm using to help learn pattern I need to block, and patterns that I must not block because they're real users.
Logged

Coffee Shop Admin, Vice Chair of Melksham Rail User Group, and on the board of TravelWatch SouthWest.
Do you have something you would like to add to this thread, or would you like to raise a new question at the Coffee Shop? Please [register] (it is free) if you have not done so before, or login (at the top of this page) if you already have an account - we would love to read what you have to say!

You can find out more about how this forum works [here] - that will link you to a copy of the forum agreement that you can read before you join, and tell you very much more about how we operate. We are an independent forum, provided and run by customers of Great Western Railway, for customers of Great Western Railway and we welcome railway professionals as members too, in either a personal or official capacity. Views expressed in posts are not necessarily the views of the operators of the forum.

As well as posting messages onto existing threads, and starting new subjects, members can communicate with each other through personal messages if they wish. And once members have made a certain number of posts, they will automatically be admitted to the "frequent posters club", where subjects not-for-public-domain are discussed; anything from the occasional rant to meetups we may be having ...

 
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC Valid XHTML 1.0! Valid CSS!
This forum is provided by a customer of Great Western Railway (formerly First Great Western), and the views expressed are those of the individual posters concerned. Visit www.gwr.com for the official Great Western Railway website. Please contact the administrators of this site if you feel that the content provided by one of our posters contravenes our posting rules (email link). Forum hosted by Well House Consultants

Jump to top of pageJump to Forum Home Page