Fstoppers Malware Virus Update: A False Positive Headache

Fstoppers Malware Virus Update:  A False Positive Headache

The threat of a major security attack becomes increasingly imminent the more popular a website becomes. As a few of you know, Fstoppers.com has been sending malware warnings to a select number of visitors using AVG, Kaspersky, and Sucuri anti virus programs. The GREAT NEWS is these warnings were false positives and only affected antivirus programs that were either outdated or running an incorrect virus definition. For more information about this, read the full post below:

We started getting a few emails and tweets about Fstoppers potentially serving the Phoenix Exploit Kit or Black Hole Exploit Kit about 2 weeks ago. Since we run a dedicated server that is locked down from even the highest ranks of the Fstoppers team (that means Lee and I too), any potential breach had to have come from the wordpress level. Without getting into too many details, it appears somehow Fstoppers was incorrectly placed on a blacklist that made its rounds to a few of the antivirus update schedules. This was causing a small percentage of readers to be blocked or warned about a threat that did not exist.

After hours and hours of scouring every code on our site, reinstalling fresh copies of Wordpress's newest updates, changing passwords, and running the site through every online URL virus scanner we could find, we became 100% confident that the problem did not actually reside on our website or server.

With the help of a bunch of our readers, we were able to get in touch directly with AVG, Kaspersky, and Sucuri and have them test our site directly. When their scans showed that Fstoppers was indeed not infected we all had a sigh of relief. It appears what had happened was back in January Fstoppers did have a redirect code that was implemented into our site as we were changing host companies. We were warned about this problem, found the issue, and removed it promptly (the redirect code only allowed another website to piggy back off our traffic which helped its own site in ranking). However, it appears what happened was FS became blacklisted by one security site and that warning was eventually passed onto other sites months later. It was not until last month that many of the major antivirus programs started picking up the blacklist even though the site had been cleaned from the threat months before.

In the end, everyone here at Fstoppers has tried really hard to make this site a place everyone can enjoy and browse safely. Headaches like this latest false positive can take up a lot of our time and resources. We appreciate everyone who helped us through this process and gave us the information we needed to help resolve this issue. Since cleaning up a false positive does not happen overnight, there still might be some residual warnings that appear as outdated software and definitions remain cached or unresolved. As always, if you spot anything suspicious when visiting Fstoppers, take a screen shot and email us immediately. Thanks again, and sorry for any concern.

Posted In: 
Log in or register to post comments

7 Comments

Nikita Sevostyanov's picture

only mac, only hardcore! :)

Tam Nguyen's picture

I have AVG at home (proud to be a Windows user), but never saw the message. A very possible reason is because I have NoScript that blocks a lot of things. No offense, but your site isn't on my white list. Hell, even my bank's website isn't on my white list.

Paranoid? Yes. Control freak? Debatable.

my avast free give message and block website

Patrick Hall's picture

is it resolved now?  I assume since you wrote on here

Scott Bourke's picture

Got hit with the block yesterday. We use Sophos. 2 refreshes latter all was good and Sophos was happy.

I too had the same problem with Avast...It lasted for about a week, but seems to have cleared up about 4 days ago.

Ralph Hightower's picture

Glad to see it fixed; it's working at home now where I run Kaspersky. For a few days, Kaspersky was blocking it; which was very frustrating for me.