autobrew.github.io is blacklisted by fortiguard as a "Malicious Website" url

[rgvanderkleij]

Hi all,

The blacklisting has been in place since November 2022. Unfortunately, this breaks some R installers (like gert, which uses libgit2). I was wondering what may have caused the listing and if perhaps the domain owner could request deblocking. Unfortunately there are quite a few companies and universities using fortigate products.

You can check the listing here: https://www.fortiguard.com/webfilter

[jeroen]

Thanks for letting us know. It looks like we can request a review on https://www.fortiguard.com/faq/wfratingsubmit but that page does not seem to work for me.

[rgvanderkleij]

I tried to get it re-evaluated through the web portal . I got immediate (automated) answer:

Your submission has been reviewed. The category of hxxp://autobrew.github.io/ will continue to be 'Malicious Websites'.

I have now tried escalating it but I suspect they will ignore it since the block has been in place since November 2022 and not being the owner I have no way to prove the site is clean.

For anyone running into this: because fortiguard uses a capture portal website with a weird certificate on it, the issue may present itself as a curl certificate error during an installation. For example, for gert:

package ‘gert’ successfully unpacked and MD5 sums checked
** using staged installation
Error in curl::curl_download("https://autobrew.github.io/archive/x86_64_linux/libgit2-1.4.2-x86_64_linux.tar.gz",  : 
  Peer certificate cannot be authenticated with given CA certificates: [] SSL certificate problem: unable to get local issuer certificate

Execution halted

[rgvanderkleij]

.. and the review failed within half an hour. Which would be too short for an actual review, so it seems the fortiguard blocklist does not really have a de-listing procedure which turns it into a DOS tool. The irony.

[jeroen]

Thanks for trying. I tried the same and got the same response. I don't know if it will make any difference if I own the domain..