Sponsored by..

Saturday, 14 March 2015

Quttera fails and spews false positives everywhere

By chance, I found out that my blog had been blacklisted by Quttera. No big deal, because it happens from time-to-time due to the nature of the content on the site. But I discovered that it isn't just my blog, but Quttera also block industry-leading sites such as Cisco, VMWare, Sophos, MITRE, AVG and Phishtank.

For example, at the time of writing the following domains are all blacklisted by Quttera (clicking the link shows the current blacklisting status):

www.cisco.com
www.vmware.com
cve.mitre.org
www.auscert.org.au
www.phishtank.com
www.buzzfeed.com
www.reddit.com
dl.dropbox.com
www.avg.com
www.malekal.com
nakedsecurity.sophos.com
blog.dynamoo.com
malware-traffic-analysis.net
blog.malwaremustdie.org

Cisco's blacklisting entry looks like this:

Now, you can ask Quttera to unblacklist your site for free by raising a ticket but the most prominent link leads to a paid service for £60/year. Hmmm.

I don't think that I will rush to subscribe to that. Obviously, something is seriously wrong with the algorithm in use, some of these sites should obviously be whitelisted. Quttera also doesn't understand the different between a malicious domain or IP being mentioned and such a site being linked to or injected into a site.

I guess there are many, many more domains that are in a similar situation. Perhaps you might want to check your own web properties and share your findings in the comments?

2 comments:

Unknown said...

Thank you for pointing out the issue. We are aware of it and doing our best to narrow down the impact.

The issue with FPs that you've mentioned and many others originated during our latest system update that introduced a bug that we are working to resolve. We would like to note, that blacklisting by Quttera as well as false positive check and removal is absolutely free of charge as describe at the bottom of each report.

Paid plans are for malware removal, website monitoring and blacklist removal from vendors like Google, Yandex and others. Unfortunately, this bug brought a confusion as you described correctly and we appreciate your post.

Domains that you listed have been forwarded to R&D for de-listing.

If you encounter more false-positives, please file ticket at https://helpdesk.quttera.com/open.php

simond said...

Sounds nice - but in fact you cant actually file a ticket unless you are a paying customer and the instructions at the 'bottom of each report' ask you to file a ticket -
and they completely ignore emails that ask for blacklist removal

so it appears to be not possible to be removed from their lists.

pretty bad really

they should just be ignored as as bad as scammeers