Jump to content
Why become a member? ×

Virus alerts on bass sites


lownote
 Share

Recommended Posts

Anyone else getting a disproportionate number of anti-virus or malware alerts from popular bass websites?  The worst is BassDirect, which my app insists has a Trojan embedded in the site and won't let me on.  I've contacted the owner twice but he says it must be my AV, and anyway he's think of updating the site. So I paddled off to Strings Direct to do my business there only to receive a lesser alert about some issue there too. 

Edited by lownote
Link to comment
Share on other sites

  • lownote changed the title to Virus alerts on bass sites
24 minutes ago, lownote said:

Anyone else getting a disproportionate number of anti-virus or malware alerts from popular bass websites?  The worst is BassDirect, which my app insists has a Trojan embedded in the site and won't let me on.  I've contacted the owner twice but he says it must be my AV, and anyway he's think of updating the site. So I paddled off to Strings Direct to do my business there only to receive a lesser alert about some issue there too. 

Yes, using Win11 + Edge browser I get this...

2022-07-12.png.530ff5d5f031ecbd21dae3d1fca0e3f2.png

 

Works AOK using Firefox.

 

Looks like some kind of Certificate / SSL negotiation problem

  • Like 1
Link to comment
Share on other sites

I get this from Bass Direct running Malwarebytes amd Bitdefender over Win 10 and Firefox. It doesn't just warn me, it refuses me access. I could force access, but what's the point of having an AV if you ignore it?

Screenshot 2022-07-12 090611.jpg

Edited by lownote
Link to comment
Share on other sites

I’ve had occasional warnings about BD’s site possibly being fake, but it’s not consistent. As to BD’s ‘new website’, the constant reminders that this coming in their weekly newsletters, is becoming farcical. It’s been months and months, “New website coming,” nothing seems to be happening. It’s almost like they’re saying it just to deflect the various comments about how poor the site is (FWIW I think it’s OK, not great for sure, but no better or worse than The Gallery’s).

  • Like 1
Link to comment
Share on other sites

SSL Labs usually gives you a fair idea of what's going on, and their tests won't complete for the BD site due to behaviour which "usually happens when there are multiple TLS servers behind the same IP". Before failing, the tests return the SAN certificate I'd expect, and also a seemingly unrelated wildcard for a shared SSL CA which seems to belong to a hosting provider called Heart Internet. The IP of the site sits under the ASN for Host Europe, but in a block assigned to Heart, so that ties up. I don't get alerts from either my home systems or our secure gateways at work, so I'll continue to look at the pretty pictures on the purely personal assessment that it's more likely a sub-optimal configuration than anything malicious in that one particular instance.

 

4 hours ago, lownote said:

I could force access, but what's the point of having an AV if you ignore it?

 

Yup! And and don't trust my assessment either - you've paid them to keep you safe and they seem to be doing an alright job.

  • Like 2
Link to comment
Share on other sites

That's some TurboEncabulator text right there 

1 hour ago, Ed_S said:

SSL Labs usually gives you a fair idea of what's going on, and their tests won't complete for the BD site due to behaviour which "usually happens when there are multiple TLS servers behind the same IP". Before failing, the tests return the SAN certificate I'd expect, and also a seemingly unrelated wildcard for a shared SSL CA which seems to belong to a hosting provider called Heart Internet. The IP of the site sits under the ASN for Host Europe, but in a block assigned to Heart, so that ties up. I don't get alerts from either my home systems or our secure gateways at work, so I'll continue to look at the pretty pictures on the purely personal assessment that it's more likely a sub-optimal configuration than anything malicious in that one particular instance.

 

 

Yup! And and don't trust my assessment either - you've paid them to keep you safe and they seem to be doing an alright job.

 

  • Like 1
Link to comment
Share on other sites

9 hours ago, lownote said:

I get this from Bass Direct running Malwarebytes amd Bitdefender over Win 10 and Firefox. It doesn't just warn me, it refuses me access. I could force access, but what's the point of having an AV if you ignore it?

Screenshot 2022-07-12 090611.jpg

Maybe your browser just really hates reggae? 🤔🙄 #dadjoke

  • Haha 1
Link to comment
Share on other sites

No issues on either site here using Safari on an IPad. No AV or Malware apps here of course but Safari will flag up issues when appropriate. 
The problems some are seeing are related to ssl certificate configurations, and in some cases Windows  certificate caches.  It’s wrong for the AV software and Malware Bytes to say the sites are insecure or contain malware because of this. 
The site owners should contact their hosting companies to sort our the problem, it’ll take about 5 minutes. 
 

Edited by Cliff Edge
  • Like 2
Link to comment
Share on other sites

6 hours ago, Ed_S said:

SSL Labs usually gives you a fair idea of what's going on, and their tests won't complete for the BD site due to behaviour which "usually happens when there are multiple TLS servers behind the same IP". Before failing, the tests return the SAN certificate I'd expect, and also a seemingly unrelated wildcard for a shared SSL CA which seems to belong to a hosting provider called Heart Internet. The IP of the site sits under the ASN for Host Europe, but in a block assigned to Heart, so that ties up. I don't get alerts from either my home systems or our secure gateways at work, so I'll continue to look at the pretty pictures on the purely personal assessment that it's more likely a sub-optimal configuration than anything malicious in that one particular instance.

 

 

Yup! And and don't trust my assessment either - you've paid them to keep you safe and they seem to be doing an alright job.

+1 this - sounds like they have not configured  to force all traffic via https and redirect http to https

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...