Tell HN: Ycombinator.com Blacklisted by Norton

63 points by rmdoss ↗ HN
Just got a warning when trying to visit ycombinator.com:

https://safeweb.norton.com/report/show?url=ycombinator.com

Seems like a false positive, but might be worth to get it cleared.

40 comments

[ 4.8 ms ] story [ 39.8 ms ] thread
All the listed threats are formulaformillionaires.com links, which is odd.
Maybe people are posting these links as stories and they're getting flagged quickly but Norton still sees them and thinks of them as site content?
And formulaformillionaires.com redirects to medium.com. Weird.
Also, the owner looks like a normal author [1].

    $ whois formulaformillionaires.com

    Updated Date: 20-sep-2013
    Creation Date: 01-feb-2008
    Expiration Date: 01-feb-2018
    ...
    Admin Name: Paul McCormick
    Admin Organization: Miracle Writers LLC
    ...
Google says [1]:

> Some pages on this website send visitors to the following dangerous websites: apollo-computers.com.

Edit: Upon further inspection it looks like a pretty questionable book: "Become a millionaire by just following my 7 simple steps!"

[1]: https://amzn.com/0979433835

[2]: https://www.google.com/transparencyreport/safebrowsing/diagn...

>"Become a millionaire by just following my 7 simple steps!"

Looks legit Medium.com to me

Probably a Cloudflare IP got flagged then switched to serving YC traffic
We got that same issue on joust.hearthsim.net (serving an S3 static site), it's getting blocked in russia because some website used to be on the IP it's currently routed to, back in 2013 or some such.

Annoying. Any suggestions?

Did you talk to Cloudflare support about that?
Yeah. They essentially advised us to open a new account. They also advised that we would be less likely to share an IP on a paid plan.

The website in question I don't think even exists anymore, so this is just a dead IP in russia.

I fucking hate censorship.

ycombinator.com is not handled by Cloudflare; it appears to be on Amazon.
Hmm...

  nslookup news.ycombinator.com
  Server:     192.168.1.1
  Address:    192.168.1.1#53

  Non-authoritative answer:
  news.ycombinator.com    canonical name = news.ycombinator.com.cdn.cloudflare.net.
  Name:   news.ycombinator.com.cdn.cloudflare.net
That's news.ycombinator.com not ycombinator.com. I was talking about the latter.
(comment deleted)
You're correct - at least one of the subdomains (hacker news) is on CF and I assumed the main site was on it too.

I don't know how Adobe flagging works - it's possible that detecting an issue on a subdomain would cause them to flag the apex. That being said, the same recycled-IP issue could apply to the Amazon load balancer / CDN.

[Edit] Looks like they do indeed classify by apex. So, news.ycombinator.com redirects to ycombinator.com on the Adobe database, e.g. https://safeweb.norton.com/report/show?url=news.ycombinator....

Hopefully the bureaucracy to get removed from the blacklist is not as bad as with other vendors.
It's not really a static blacklist as such. Sites are added and fall off of it regularly.
Don't move to a bad neighborhood then be surprised when you have problems.
So... don't have a website on the Internet. Gotcha.
Most every provider has had problematic customers at some point. Especially when you consider countries that might find just about anything to be problematic. Insult our leader? Your IP is banned forever.
How did you got this warning, what Norton product are you using?
got a warning notice from my antivirus (Norton). what's up?
This happened to a site I managed a while ago. The cause was a comment a user posted that was flagged as a "batch virus". The content of the comment was all text, along the lines of

   @echo off
   echo "Speeding up your PC!"
   delete c:\Windows\system32\
Thanks Norton!
Thanks OP. Norton will blacklist HN again!
Norton probably blacklisted HN for this comment because it infringes on their intellectual property, not merely because it is potentially destructive code. In other words, it duplicates the functionality of some of their products and they don't appreciate their trade secrets being exposed this way.
I was going through some old patent applications from 2015 and found this exact code snippet in Pat. #482739HG by one of Norton's subsidiary companies.
You can imagine my face when I googled that and found it to be true...
Really? I can't find this anywhere
It's a gathering point for hackers - of course it would be flagged.

/s

Nefarious, evil and tricksie people who might actually get things done.

For shame.

(comment deleted)
This is what we get for repeatedly making fun of Symantec