Unwanted Software Site!
 

After so many years Today (27/10/2018) my browser (firefox) reported exettools site as unwanted Software Site!

There's a thread regarding this already here:
https://forum.exetools.com/showthread.php?t=19004

Chrome also reported the same problem.

Yes, this is an annoying problem.
Any suggestion?

Any sites which either contain downloadable exploits (as attachments to posts or within the database) or provide links to downloadable exploits would be potentially flagged.

Earlier on (you can check if you don't believe me), there were no EXPLOITS or MALWARE per se or links to them seen in the forum.

When these links were permitted around 2 months ago, I guess the problem started.

Solution:
Ban malware or EXPLOITS (or links to the same) on this forum.

Quick links to outline the possible issues via VirusTotal:

(This shows URL's that have been scanned and have been flagged)
https://www.virustotal.com/#/domain/forum.exetools.com


(This shows what URL blacklists currently flag the site)
https://www.virustotal.com/#/url/b3f5e6667ea56a466e553153c84edec39503fee496e1f9be829eb032f0e72300/detection


The fix for google safe browsing is claiming the site via their dashboard and requesting a rescan

Another thing to note is that VirusTotal members (API key holders) could download files, possibly bypassing download rank restrictions

Yes, not only VT API key holders but from a free other sites also they can bypass the restrictions and dl the files regardless of rank.

Didn't want to highlight this fact openly and make it obvious ;)

Generally it happens from Google marking your site malicious due to a download that is available on it. Easiest way to get around it is to password any download that is publicly visible to their scrapper bot.

I had to do it for my personal sites a few times already as well to get rid of the blocks.

Afterward, once the files are passworded you can tell Google to rescan the site to fix the errors. (Once you claim the domain on Google's site tools, you can see the specific files causing the problems as well, they generally give you decent information about what's causing it.)

This worked for your site as yours does not have any "cracks" or other PUPs on it.
In other words whatever had been flagged on your site were all (I understand) false positives.

On this site unfortunately, it is.. Ermm... cough... Different.

If links to malware/cracks/exploits/cracks are allowed on the site, then there is no way to get around it other than to get them removed from your site, OR, remove them to hidden sections of the site not accessible to the web spiders.

Even then, if someone takes a sccreenshot of the hidden area and "reports" it, then once again, the site will be flagged.

The best way would be to ban links to malware, RATs and other such stuff in the forum.
These items in any case were not there for many years prior in this forum...

This problem has had a very old solution that was even used here in older times.

Removal of information has never been a solution for all of life's problems except maybe by authoritarians and ruling class thugs.

But we can simply post links using or using other notations so that bots will not crawl them and mark them as such. This notation and style should be used for any links which are in those categories that could be marked as dangerous by services such as those VT lists.

As for the RATs in question, I have already edited the post to do just that so that baseless accusations that these particular links are the ones which caused the flagging can be thrown in the wastebasket.

Perhaps it is another post with another link containing a crack, etc. No one knows for sure. But this recommendation provides a forum with full expression, information sharing and gives an extra indicator when caution should be exercised (which is pretty much always in a reverse engineer's context).

It's not any different. Googles tools do not attempt to open passworded archives. You can zip anything up and password it and it's automatically deemed safe to Google. You can also block their bot from accessing those parts of the site entirely with the robots.txt and that'll also fix the issues.

Please don't assume shit you don't know about. I've dealt with this on multiple sites, not just one public facing site you know about.

One suggestion to all members. Please register and login to the virustotal and vote the site as a safe one!

https://www.virustotal.com/#/url/b3f5e6667ea56a466e553153c84edec39503fee496e1f9be829eb032f0e72300/community

I've already registered the first vote as terming the site as safe. I hope everyone can do their bit and mark it as safe so that community power wins!

Thanks!

A request to Admins. Please make this as a pinned post so that people will do it. I have not seen any votes registered apart from my single vote even after many days!

Let's do this to get the site out of Google infected listing. I am sure if more people register their vote, it will happen. Thanks.

Wake up dude. Voting will not solve the problem. They'd need to contact Google and ask to re-scan after cleaning up the board a little and hiding some of the questionable material from its spiders.
Setting up robots.txt properly after re-scan is important so that it does not happen again.

As far as I remember, robots file is ignored when it comes to anti-malware scanning. At least it didn't help when I faced a similar problem.

This.

Google's 'Safe Search' engine stuff ignores the robot.txt file or other attempted blocks. You can full-on block the site from scanning/indexing your site via blocking their bots user agent but you lose ranking and indexing altogether then.

Voting on VirusTotal doesn't fix anything with Google either. VT's info about the site is not tied into Google and is its own personal opinion based on scanned links from the domain or opinion based voting. Most you'll do is make VT assume the site is safe but the Google block is still going to be there.

The easiest method of fixing the Google block is passwording the files. Other methods of fixing the issue involve custom actions based on the connecting client, such as looking for Google's user-agent for their spider and analyzer and just serving a fake file or a basic site/page that isn't an error of any kind. If you just error out the page, you'll get a ton of errors regarding the site on the dashboard that will cause Google to stop indexing your site until they are corrected properly.

I don't understand why this topic has such a huge thread going on :D

Any website with "questionable" material on it, will get flagged. "Questionable materials" include cracks, methods to create cracks or exploits and a whole bunch of stuff. No other way other than to hide off the contents of this site from unregistered users. That way even the spiders cannot access it.

The problem was solved and has disappeared for two weeks.
Thanks to Hmily and Aaron.

And thanks for all of you who provided suggestions.