01-29-2015 12:22 PM
I raised this issue already in the "Firewall" subtopic but apparently I was off-topic there ... so I dare to try again here:
An Ironport using the Web Reputation Score of websites is currently listing www.juliabase.org with a score of below -7.0. This is a false positive due to the high traffic the website currently generates because -- well, it is simply popular at the moment (first public announcement was yesterday). There certainly is no malware on it.
How can we get rid of this bad reputation listing?
Solved! Go to Solution.
01-29-2015 03:02 PM
Senderbase.org has it at Zero, that's where you can request changes.
Right now my WSA returns -4.9... So its probably just a matter of time before it comes up. Ephemeral sites are typically bad, so it doesn't surprise me that they want you to stick around for a bit before they call you clean.
01-29-2015 03:02 PM
Senderbase.org has it at Zero, that's where you can request changes.
Right now my WSA returns -4.9... So its probably just a matter of time before it comes up. Ephemeral sites are typically bad, so it doesn't surprise me that they want you to stick around for a bit before they call you clean.
01-29-2015 03:21 PM
Thank you, I filed a request there.
However, I disagree that this strategy of reputation scoring is unsurprising. We feel punished for the popularity of our project. Only two ingredients were sufficient for our -7.0 scoring: popularity and dynamic IP. And "popularity" meant a couple of hits per minute ... I fear the day when we are mentioned on "the register", "heise.de" or slashdot ... ;-)
02-13-2015 06:38 PM
Senderbase bases their score on several factors. You hit 2 of them, which when taken together, can be an indication of malicious activity. High traffic, with a "new" hostname or IP can represent a fast-flux DNS C&C. Its never good to have dynamic IP addresses for servers as often global DNS caches can not keep up with changing IPs resulting in disconnects for your clients.
02-17-2015 02:43 AM
The url is indeed false positive and at the moment the reputation score of the site has lifted to 5.4 and the risk of malware probability is quite low.
If the scoring has changed to bad score, would recommend to open a case to Cisco Web Security Team for them to analyse the url in depth
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide