bitdefender -- is oracle1 [or avast1] ok?

Moderators: Site Moderators, FAHC Science Team

Post Reply
Knish
Posts: 232
Joined: Tue Mar 17, 2020 5:20 am

bitdefender -- is oracle1 [or avast1] ok?

Post by Knish »

not exactly sure how to word this, but trying to go to the IP address yielded
This server could not prove that it is 150.136.14.110; its security certificate is not trusted by your computer's operating system. This may be caused by a misconfiguration or an attacker intercepting your connection.
The reason I checked it in the first place is some other user asked about bitdefender flagging it when they were trying to upload WU results to it.
JimboPalmer
Posts: 2573
Joined: Mon Feb 16, 2009 4:12 am
Location: Greenwood MS USA

Re: oracle1 ok?

Post by JimboPalmer »

I sure wish I understood what you hope to be asking.
Tsar of all the Rushers
I tried to remain childlike, all I achieved was childish.
A friend to those who want no friends
Knish
Posts: 232
Joined: Tue Mar 17, 2020 5:20 am

Re: oracle1 ok?

Post by Knish »

oracle1 is one of the Work Servers on 150.136.14.110

one of the steps before notifying ppl of issues with a server is to try to check the status of it by going to it in the web browser.
I saw someone ask a question about oracle1 possibly getting compromised b/c of a bitdefender alert.
I then checked the server myself in my web browser, and chrome did not go to it, and the above message was the reason why.

so, i'm wondering if there's some issue with oracle1, or if it can all be explained somehow
Joe_H
Site Admin
Posts: 7856
Joined: Tue Apr 21, 2009 4:41 pm
Hardware configuration: Mac Pro 2.8 quad 12 GB smp4
MacBook Pro 2.9 i7 8 GB smp2
Location: W. MA

Re: oracle1 ok?

Post by Joe_H »

I have no problems getting to oracle1 and seeing the landing page, how old is the system and browser? In any case, oracle1 is a WS for F@h and the folding client does not use a certificate to access Work Servers to download or upload WUs.

As far as bitdefender is concerned, probably yet another of its false positives.

P.S. If you look up the IP, it is plainly listed as being in the Oracle Public Cloud.
Image

iMac 2.8 i7 12 GB smp8, Mac Pro 2.8 quad 12 GB smp6
MacBook Pro 2.9 i7 8 GB smp3
Knish
Posts: 232
Joined: Tue Mar 17, 2020 5:20 am

Re: oracle1 ok?

Post by Knish »

i'm pretty out of date on ubunt 17 and chrome ver62. I went to check again and now I don't get that error and I see the "WS for FAH" now. how odd.

figured it'd be a false positive regarding bitdefender; thanks
Lynx
Posts: 2
Joined: Fri Jun 05, 2020 1:18 pm

Infected web resource 69.94.66.6 server

Post by Lynx »

Hi, not sure if anyone can help me with this problem. Have been running F@H on my computer since last summer, using Bitdefender as my AV and have never received this message from any of the servers, but over the past 2 weeks have received the warning for 2 servers . Most recent is 69.94.66.6 and previously was 150.136.14.110
Neil-B
Posts: 2027
Joined: Sun Mar 22, 2020 5:52 pm
Hardware configuration: 1: 2x Xeon E5-2697v3@2.60GHz, 512GB DDR4 LRDIMM, SSD Raid, Win10 Ent 20H2, Quadro K420 1GB, FAH 7.6.21
2: Xeon E3-1505Mv5@2.80GHz, 32GB DDR4, NVME, Win10 Pro 20H2, Quadro M1000M 2GB, FAH 7.6.21 (actually have two of these)
3: i7-960@3.20GHz, 12GB DDR3, SSD, Win10 Pro 20H2, GTX 750Ti 2GB, GTX 1080Ti 11GB, FAH 7.6.21
Location: UK

Re: Infected web resource 69.94.66.6 server

Post by Neil-B »

See viewtopic.php?f=18&t=35385&p=335641&hil ... er#p335641 … looks as if Bitdefender may have been throwing some false positives?
2x Xeon E5-2697v3, 512GB DDR4 LRDIMM, SSD Raid, W10-Ent, Quadro K420
Xeon E3-1505Mv5, 32GB DDR4, NVME, W10-Pro, Quadro M1000M
i7-960, 12GB DDR3, SSD, W10-Pro, GTX1080Ti
i9-10850K, 64GB DDR4, NVME, W11-Pro, RTX3070

(Green/Bold = Active)
Lynx
Posts: 2
Joined: Fri Jun 05, 2020 1:18 pm

Re: Infected web resource 69.94.66.6 server

Post by Lynx »

So that's the explanation, it's Bitdefenders fault, despite the fact that I've been running it since July last year without one warning like this, then all of a sudden it gives me this warning for 2 of the F@H servers :-| Not possible that someone's hacked or compromised the great F@H servers, not even worth a look into or possibility. Guess for now I'll just shut the client down and maybe sometime in the future give ti a go again, my electricity bill will thank me for it, don't need to go risking getting my system full of who knows what.
Neil-B wrote:See viewtopic.php?f=18&t=35385&p=335641&hil ... er#p335641 … looks as if Bitdefender may have been throwing some false positives?
Neil-B
Posts: 2027
Joined: Sun Mar 22, 2020 5:52 pm
Hardware configuration: 1: 2x Xeon E5-2697v3@2.60GHz, 512GB DDR4 LRDIMM, SSD Raid, Win10 Ent 20H2, Quadro K420 1GB, FAH 7.6.21
2: Xeon E3-1505Mv5@2.80GHz, 32GB DDR4, NVME, Win10 Pro 20H2, Quadro M1000M 2GB, FAH 7.6.21 (actually have two of these)
3: i7-960@3.20GHz, 12GB DDR3, SSD, Win10 Pro 20H2, GTX 750Ti 2GB, GTX 1080Ti 11GB, FAH 7.6.21
Location: UK

Re: bitdefender -- is oracle1 ok?

Post by Neil-B »

I said "it looks as if Bitdefeder may have been" ... I didn't say it is Bitdefenders fault ... Bitdefender is one product on the market are quite a few and other approaches as well that identify compromised servers ... If the servers are compromised (and I would expect someone to be checking this given your post) then it is likely that various other alerts will also be posted as other people have issues.

The servers have software updates and even these changes can cause some security software to flag issues ... normally a single or small number of reports turns out to be false positives - but I am sure the team will check.

Obviously if you feel that the risk is such that any alert is too many then of course feel free to cease to connect to the servers ... You can also report the server to Bitdefender who will check if it is a false positive https://www.bitdefender.com/consumer/su ... wer/29358/ and provide you with reassurance if it is.

As this is a security issue you may want to try reporting this via https://github.com/FoldingAtHome/fah-is ... ity/policy even though I believe this may be for the client software I believe this developer also knows the servers quite well and works on the server side infrastructures.

The first IP you mention is Oracle1 - hence the reason I simply posted the link to allow this to be matched up - not to dismiss your concerns.

The second IP (the one in your subject line) is actually a different one - and I am slightly intrigued by its "name as avast1.foldingathome.org" as may just be a coincidence but Avast are one of the more known antivirus vendors.
2x Xeon E5-2697v3, 512GB DDR4 LRDIMM, SSD Raid, W10-Ent, Quadro K420
Xeon E3-1505Mv5, 32GB DDR4, NVME, W10-Pro, Quadro M1000M
i7-960, 12GB DDR3, SSD, W10-Pro, GTX1080Ti
i9-10850K, 64GB DDR4, NVME, W11-Pro, RTX3070

(Green/Bold = Active)
Joe_H
Site Admin
Posts: 7856
Joined: Tue Apr 21, 2009 4:41 pm
Hardware configuration: Mac Pro 2.8 quad 12 GB smp4
MacBook Pro 2.9 i7 8 GB smp2
Location: W. MA

Re: bitdefender -- is oracle1 ok?

Post by Joe_H »

As you did not give any indication of what issue Bitdefender reported, it will be hard for anyone to check. At least the other person did report a certificate issue, and that can safely be overlooked as the FAHClient will be checking the internal digital signatures of each file it downloads from the servers. The client does not use site certificates.

But as Neil-B posted, someone will check into this. If it was a certificate problem, most likely it may be a mismatch from the certificate site address and the current naming as avast1.foldingathome.org.

As for your snark, I suggest you look up just how often Bitdefender does report on false positives. That is also an issue with many other such software. And next time read what was actually written, not your own internal dialog.
Image

iMac 2.8 i7 12 GB smp8, Mac Pro 2.8 quad 12 GB smp6
MacBook Pro 2.9 i7 8 GB smp3
Post Reply