search

vradarserver / vrs

A .NET web server that can plot the positions of aircraft on a map
http://www.virtualradarserver.co.uk/
Other
269 stars 50 forks source link

Remove airport-data.com thumbnails and links #38

Closed vradarserver closed 3 years ago

vradarserver commented 3 years ago

VRS sites fetch thumbnails for aircraft from https://www.airport-data.com. The site displays the thumbnail (as fetched from their CDN) as a link to the aircraft's details on airport-data.com.

Over the past few days I have had two reports that AVG and Malwarebytes are blocking links to airport-data.com because the server that airport-data.com is running on is showing up in lists of IP addresses associated with malicious activity.

VirusTotal scans of the main www.airport-data.com site and a random assortment of aircraft pages that airport-data.com thumbnails link to (e.g. https://www.airport-data.com/aircraft/photo/001547855.html) all come up clean.

However, a VirusTotal scan of 192.99.41.136, the site's IP address, reports six engines detecting malware or malicious activity as of time of writing (Feb 2021).

VirusTotal has a long standing problem with false positives from fly-by-night AV vendors. However, two of the vendors reporting issues (Kapersky and Forcepoint) are reputable.

When I go onto Forcepoint's site and generate a report for www.airport-data.com it comes up clean, but scanning the site's IP address reports that it's involved in "bot networks". The report is vague but it appears to be saying that the address is a command and control server for a bot network.

Running a reverse DNS search for the address on ARIN (https://search.arin.net/rdap/?query=192.99.41.136) reports that the server name is OVH-DEDI-192-99-41. Other searches indicate that the IP belongs to OVH Canada. So it seems likely that airport-data.com is running on a dedicated server rented from OVH.

I have a contact email for the guy who runs (or at least ran) the site. I've emailed him about the issue but not heard anything back yet.

On the one hand the site seems to be OK but on the other it seems that something is up with that server, there's something running on it that shouldn't be there.

I think the safest thing to do would be to remove references to airport-data.com from the program.

vradarserver commented 3 years ago

V2: a028c603774

vradarserver commented 3 years ago

V3: 09d3f72