Closed sinful-asura closed 9 months ago
vrubleg
commented
9 months ago Well, it's not that smart protection if it blocks my website 🤷🏻♂️ Please report this false-positive to your ISP so they don't use that software that blocks random websites.
SSL/TLS certificate is not expired. It's automatically renewed and current one is valid till January 2024.
sinful-asura
commented
9 months ago The block was not random - Firefox was the first that blocked the site indicating the SSL certificate mismatch - possible MITM. After continuing to the site by going Advanced > Continue, only then did the ISP Firewall block the site as the URL was not https://veg.by/en/projects/soundkeeper/ and was instead https://veg.by:80/en/projects/soundkeeper/ the first time, and then https://veg.by:443/en/projects/soundkeeper/, both were blocked
Might be just an NGINX / server misconfig for SSL but it triggered two guards
vrubleg
commented
9 months ago This URL is definitely wrong. Port 80 is not for https. How did you get this URL?
This should be considered equal to the correct URL since HTTPS works through port 443 by default.
Could you please share SSL certificate info that is used for your connection? If there is MITM somehow, you should be able to see it from the certificate details.
The real certificate looks like this:
Issuer: Let's Encrypt
Validity
Not Before: Sun, 08 Oct 2023 20:25:13 GMT
Not After: Sat, 06 Jan 2024 20:25:12 GMT
Fingerprints
SHA1: 70:24:25:C4:F2:DA:37:9A:9C:FC:5E:90:C8:57:C0:72:12:77:A6:4B
SHA256: 64:C9:1C:26:D5:AC:BA:3C:AA:74:E9:2C:E5:DF:66:E8:45:79:72:D3:A8:A7:35:5E:EB:37:52:F9:CA:18:61:21It's been working properly ever since I used the other ISP to access the site (who has no firewall), but the initial time I tried to access by copy-pasting the link from the ReadMe.txt file: https://veg.by/en/projects/soundkeeper/ and that redirected to the :80 version and blocked further access, I'm assuming the access from the other ISP "refreshed" the server so it's now working properly and not reproducible anymore - I'll try again after 24hrs to see if time has any play in this and if I encounter the same problem I'll write down the details for analysis
To summarize, direct access to the link https://veg.by/en/projects/soundkeeper/ had raised those errors, as well as access from Google Search results
vrubleg
commented
9 months ago Maybe it was a temporary issue with my current hosting provider. I want to move my websites to the Hetzner Cloud one day in the future, but it will require to dedicate some time. I use current hosting provider since 2009 and some of my scripts are somehow tied to current infrastructure... so it won't be that easy.
Anyway, if you will be able to reproduce the issue later, it would be nice to see some details. At least, what certificate was used.
sinful-asura
commented
9 months ago Sure thing, I'll close this issue and if I encounter similar thing again I'll open a new one with more details
Thanks for your time!
sinful-asura
commented
9 months ago I've managed to reproduce this again today - I've collected all the data that was available at the moment
vrubleg
commented
9 months ago Issuer: Whalebone Sinkhole CA
Country: CZI guess that it's your provider's self signed certificate. Most probably they just want to show you a message that they block my website for some reason, but they can't do it without MITM, this is why your browsers shows this certificate error. And if you ignore the error, most probably you will see what your provider wants to show you (e.g. that the website was blocked by them).
Most probably it's remnants of Sound Keeper v1.1.0 release from 2020 that Google didn't like and blocked my website because of it. It was an obvious false-positive, but Google ignored all my appeals (because I'm an individual developer of not popular tools, nobody was actually checking it, all decisions were made by an AV program). So I had to change entry point to make it happy. But some companies get bans from Google and don't remove it after Google changes their mind. For example, I had to send a request to Malwarebytes to remove my website from their black list. Most probably your provider uses similar software that caches websites from Google blacklist and never ever removes anything from there. In this case I would appreciate if you report a false-positive to them.
Unable to access https://veg.by/en/projects/soundkeeper/ site - reported error is Impersonation / Malware (ISP)
I had to use an alternative ISP which has no smart protection in order to access the site and download the .zip file.
Suggestion
Create a release e.g. v1.3.3 on this repository itself and upload zip file directly to the GitHub repository - I've done the same on a fork of this repository on my account.