Security Issue: This is a known dangerous website

sashe · 2016-09-25 12:26:37 UTC

This is the message some of our customers are getting when trying to download their purchases. Anyone else experiencing anything like this? We’ve had several reports over the past couple of days.

blocked red-x
Symantec logo
Dangerous Website Blocked

You attempted to access:
https://objects-us-west-1.dream.io/…

This is a known dangerous website. It is recommended that you do NOT visit this site. The detailed report explains the security risks on this site.

For your protection, this website has been blocked. Visit Symantec to
learn more about phishing and internet security.

Exit this site

Continue to site anyway

JustinK · 2016-09-25 13:15:23 UTC

That is interesting. I suppose it is possible, that since customers upload the content to DreamObjects, that if something was abusive an over zealous bot could think the whole domain was at risk. If there any other details provided about what or who is responsible for the abusive site detection?

We are very confident in the overall DreamObjects system to not be dangerous, but individual user content, of which there are millions and millions of files, there could be something objectionable.

I do have access to a system with symantec anti-virus, I’ll see if I can reproduce anything, but if you have more info, error messages or details, please open a support ticket with that info so we can check it out.

sashe · 2016-09-25 13:59:21 UTC

I have already opened a ticket and will see if I can get more information from our customers.

JustinK · 2016-09-26 16:45:24 UTC

We have verified the issue is resolved with symantec and are waiting for their response. We hope to have this resolved shortly.

sashe · 2016-09-26 16:52:45 UTC

We are getting multiple customers complaining of our links on DreamObjects being unsafe. Just now I received this. “When I click the download on “This is our house” I get a notice that this is a dangerous download and is considered phishing.???”

JustinK · 2016-09-26 17:51:54 UTC

We are doing all in our power to resolve this issue for you, however the block is with a 3rd party that must confirm and remove the block. We have received no other customer feedback saying this is an issue for them, so at first glance it appears to be an effect from this specific security product from this 3rd party.

I can say for certain that the phishing site that they reported, has been removed for some time, and no other issues have been reported via symantec. Any files from DreamObjects or DreamCompute that are downloaded should be handled like any other content downloaded from the internet.

sashe · 2016-09-27 00:37:38 UTC

I am now receiving multiple customer complaints each day for over a week now. What has changed on your end? Why has Symantec listed your domain? What am I supposed to tell my customers in the meantime?

sdayman · 2016-09-27 02:35:01 UTC

I have a similar issue with Earthlink blocking email. When users complain about this, all I can do is tell them they have an ISP with overly aggressive blocks in place.

So…what to tell your customers? Tell them to complain to their ISP. This is akin to blocking an entire /8 (Class A) network because one of its subnets is/was compromised.

smaffulli · 2016-09-27 15:28:14 UTC

I feel your pain, it’s an unfortunate situation and I’m sorry you have to deal with this issue.

We opened a complain with Symantec because their product blacklisted the whole domain dream.io, which hosts DreamCompute and DreamObjects. A blacklist so huge that it could affect dozen of thousands of perfectly safe websites and applications. We explained Symantec what dream.io domain does and why they should not blacklist it. They have lifted the block:

We found a virtual machine on DreamCompute that was hosting a phishing site. The reverse dns for that machine showed .dream.io as its domain and Symantec somehow decided it was a good idea to block everything in that area. We shut down that machine and notified the customer.

Symantec could have handled it better by contacting us to notify that dream.io was serving bad content: we receive similar notifications often from other vendors and partners. DreamHost has a security team whose job is also to deal with bad customers (or customers whose systems get compromised). Hopefully this incident will clarify in Symantec’s records that dream.io should not be blocked.

You may want to tell them that your content is perfectly safe and that Symantec has added your hosting provider to the blocked list by mistake.

Also tell them they should complain with Symantec, too because blacklists have the side-effect of blanket censorship on perfectly safe content.

sashe · 2016-09-27 15:49:28 UTC

Thank you for the detailed explanation. We have not had any new complaints today. I appreciate your follow up.