Solved

Not abled to run my daughter's school website from work

Posted on 2008-10-22
23
653 Views
Last Modified: 2013-12-08
Hello,

When I try to run my daughter's school website from work, Symantec endpoint will give the following message: Traffic from IP address ahas been stopped (for a 10 min period of timed 9:43AM to 9:53 AM). sid 23086 HTTP malicious toolkit variant activity detected.

Thank you
0
Comment
Question by:mbhf01
  • 10
  • 10
23 Comments
 
LVL 1

Expert Comment

by:Gzzrt
ID: 22776665
I would suspect that there is an issue with the website in that some type of malware may be present on it.  I would contact the administrator for the site and get them to check their server for issues.  

Or you could potentially add it a safe zone list, but then run the risk of opening your system up to infection if it is indeed infected with malware.
0
 

Author Comment

by:mbhf01
ID: 22777661
I know the website is not infected.
It is using a link to U-tube, since there were a video to be run. So the Administrator has embedded it in U-tube then made a link to it.
0
 
LVL 1

Expert Comment

by:Gzzrt
ID: 22777958
If you're sure that it's a false positive from Symantec then you'll need to add it into your protected or safe sites list in the program.
0
 

Author Comment

by:mbhf01
ID: 22785927
Now the website comes for 5 seconds and then it will show that error page, proposing other websites.

"Sorry, we couldn't find http://gate6k.info/t/%3F10133960e. Here are some related websites:"
0
 
LVL 1

Expert Comment

by:Gzzrt
ID: 22785946
What kind of response do you get if you ping the website?  Is your system actually going to the correct ip address?
0
 

Author Comment

by:mbhf01
ID: 22786429
When I ping the website's IP address, I receive a normal reply. if I try to to browse the website, it will come, then it would give the "Dell Search page" mentioned above. I am able to access the website from home with no problems.
0
 
LVL 1

Expert Comment

by:Gzzrt
ID: 22786687
What is the website in question?  I'd like to try it from here and see what I get.
0
 
LVL 1

Expert Comment

by:Gzzrt
ID: 22786709
Also what browser are you using to open the site and have you tried it in a different one?
0
 

Author Comment

by:mbhf01
ID: 22787044
www.alyaqeenacademy.org   IP address: 74.208.135.105
I am using IE7. I have also tried Mozilla
0
 
LVL 1

Expert Comment

by:Gzzrt
ID: 22787121
The site comes up fine for me.  Have you tried clearing your browser cache on each one?  I know it's the obvious question, but we're working through the process of elimination here.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:mbhf01
ID: 22787936
I did.
I did also tried from different computers in the office and I am still having the same problem .
0
 
LVL 1

Expert Comment

by:Gzzrt
ID: 22787949
From what I can tell it's something that's tied into your network.  Are you using any kind of proxy or caching server there?  I'm suspecting that the page might be cached on this machine and that could be why it's resulting in the error coming up.
0
 

Author Comment

by:mbhf01
ID: 22788006
None of that
0
 
LVL 1

Expert Comment

by:Gzzrt
ID: 22788103
Have you done system scans for anti-virus and other malware?  If you're not caching any of the pages then it's either a setting in Symantec End-Point Security or there is something on your network that is not allowing you access to that site.  You might also want to try clearing the cache on your dns to see if the problem resides there.
0
 

Author Comment

by:mbhf01
ID: 22788979
I did clear the DNS cache, still it is not happening
0
 
LVL 1

Expert Comment

by:Gzzrt
ID: 22796174
Have you checked the logs in Symantec Endpoint to see what is happening when you go to the web page now?
0
 

Author Comment

by:mbhf01
ID: 22841336
Now I am back to square 1, Symantec Endpoint is blocking the site
0
 
LVL 1

Expert Comment

by:pjk00
ID: 23000870
That's the Symantec A/V blocking some sort of malicious material coming from that website.

I would not be so quick to assume there is nothing wrong with it - it's a school website, there are likely a bunch of people involved who are not that computer-savvy.  :-)

This appears to be something that is often related to an advertising network where someone slipped malware into the ad stream via one of the ad scripts.

http://www.symantec.com/business/security_response/attacksignatures/detail.jsp?asid=23086

0
 
LVL 1

Expert Comment

by:Gzzrt
ID: 23003715
Seeing as how his resolution matched the first suggestion that I posted, I'd like to look at awarding points instead of just deleting the question.
0
 

Author Comment

by:mbhf01
ID: 23003799
With due respect, all suggestions that have been provided were obvious, should I have found them helpful, I would had assigned the awarding points.
0
 

Accepted Solution

by:
mbhf01 earned 0 total points
ID: 23006382
Hi,

I was in contact with the website developer before even I post the question. My purpose from asking the question was to find a solution from a development perspective.
The issue was that when the website developer registered the website with Google, they added a Javascript. The problem was resolved when he has removed that Javascript.


Thanks,
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Now-a-days, indirectly, postal services have been replaced by email services. Yes, whenever we hear the word "email" a lot of people only think of gmail. Some people still think that email and gmail are one and the same thing :-). Let's see some …
I recently found myself in a Corporate Situation where the client had requested blocking access to any and all websites except his own Domain? Easy? I am sure this would be your answer but their requirement was, this has to be done without using…
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now