[xwiki-users] store.xwiki.com - domain reported and verified as serving malware by CISCO
9 May
2017
9 May
'17
10:34 a.m.
Hi,
when checking for extension updates in xwiki administration, the extension
updater lists some errors.
After some investigation, I've found that xwiki is trying to call some REST
api pointing to url like this:
https://store.xwiki.com/xwiki/rest/repository/extensions/[URL_ENDING_PART]
where the [URL_ENDING_PART] was one of the following examples found in the
log:
- com.google.code.findbugs%3Aannotations/versions/api
-
org.xwiki.platform%3Axwiki-platform-blog-ui/versions?requireTotalHits=true&start=0&number=-1
-
org.xwiki.contrib.ldap%3Aldap-authenticator/versions?requireTotalHits=true&start=0&number=-1
The reason for the above listed https calls is due to our proxy that is
inspecting every outgoing communication and has denied the requests to
store.xwiki.com. The proxy uses CISCO list of untrusted web sites which
says this:
Reason: BLOCK-MALWARE
Threat Type: othermalware
Threat Reason: Domain reported and verified as serving malware. Identified
as malicious IP. Identified as malicious domain or URL.
Notification: WBRS
Can be this domain trusted or not? Is it a false threat or not?
Is it legal when xwiki calls the API at https://store.xwiki.com?
Thank you
9 May
9 May
10:39 a.m.
New subject: [xwiki-users] store.xwiki.com - domain reported and verified as serving malware by CISCO
Hi Miroslav,
On 9 May 2017, at 10:34, Miroslav Galajda
<miroslav.galajda(a)gmail.com> wrote:
Hi,
when checking for extension updates in xwiki administration, the extension
updater lists some errors.
After some investigation, I've found that xwiki is trying to call some REST
api pointing to url like this:
https://store.xwiki.com/xwiki/rest/repository/extensions/[URL_ENDING_PART]
where the [URL_ENDING_PART] was one of the following examples found in the
log:
- com.google.code.findbugs%3Aannotations/versions/api
-
org.xwiki.platform%3Axwiki-platform-blog-ui/versions?requireTotalHits=true&start=0&number=-1
-
org.xwiki.contrib.ldap%3Aldap-authenticator/versions?requireTotalHits=true&start=0&number=-1
The reason for the above listed https calls is due to our proxy that is
inspecting every outgoing communication and has denied the requests to
store.xwiki.com. The proxy uses CISCO list of untrusted web sites which
says this:
Reason: BLOCK-MALWARE
Threat Type: othermalware
Threat Reason: Domain reported and verified as serving malware. Identified
as malicious IP. Identified as malicious domain or URL.
Notification: WBRS
Can be this domain trusted or not? Is it a false threat or not?
Is it legal when xwiki calls the API at https://store.xwiki.com?
Is it can be trusted and it’s legal. Our governance at
http://dev.xwiki.org/xwiki/bin/view/Community/Governance allows the top sponsoring company
to list its extension repository in the xwiki configuration by default (you can override
this if you wish in your xwiki.properties file, search for the extension.repositories
property).
FYI ATM the top sponsoring company is XWiki SAS (http://xwiki.com), see
https://www.xwiki.org/xwiki/bin/view/Main/Supporters/SponsoringCompanies/. It currently
provides two paying extensions that are advertised on http://extensions.xwiki.org/ in the
“Sponsored Extensions” section.
Thanks
-Vincent
Thank you
12:37 p.m.
New subject: [xwiki-users] store.xwiki.com - domain reported and verified as serving malware by CISCO
Hi,
thank you for your explanation.
Best regards,
Mirec
On 9 May 2017 at 10:39, Vincent Massol <vincent(a)massol.net> wrote:
Hi Miroslav,
On 9 May 2017, at 10:34, Miroslav Galajda
<miroslav.galajda(a)gmail.com>
wrote:
Hi,
when checking for extension updates in xwiki administration, the
extension
updater lists some errors.
After some investigation, I've found that xwiki is trying to call some
REST
api pointing to url like this:
https://store.xwiki.com/xwiki/rest/repository/extensions/[
URL_ENDING_PART]
where the [URL_ENDING_PART] was one of the
following examples found in
the
log:
- com.google.code.findbugs%3Aannotations/versions/api
-
org.xwiki.platform%3Axwiki-platform-blog-ui/versions?
requireTotalHits=true&start=0&number=-1
-
org.xwiki.contrib.ldap%3Aldap-authenticator/versions?
requireTotalHits=true&start=0&number=-1
The reason for the above listed https calls is due to our proxy that is
inspecting every outgoing communication and has denied the requests to
store.xwiki.com. The proxy uses CISCO list of untrusted web sites which
says this:
Reason: BLOCK-MALWARE
Threat Type: othermalware
Threat Reason: Domain reported and verified as serving malware.
Identified
as malicious IP. Identified as malicious domain
or URL.
Notification: WBRS
Can be this domain trusted or not? Is it a false threat or not?
Is it legal when xwiki calls the API at https://store.xwiki.com?
Is it can be trusted and it’s legal. Our governance at
http://dev.xwiki.org/xwiki/bin/view/Community/Governance allows the top
sponsoring company to list its extension repository in the xwiki
configuration by default (you can override this if you wish in your
xwiki.properties file, search for the extension.repositories property).
FYI ATM the top sponsoring company is XWiki SAS (http://xwiki.com), see
https://www.xwiki.org/xwiki/bin/view/Main/Supporters/SponsoringCompanies/.
It currently provides two paying extensions that are advertised on
http://extensions.xwiki.org/ in the “Sponsored Extensions” section.
Thanks
-Vincent
Thank you
2737
days inactive
2737
days old
2 comments
2 participants
participants (2)
-
Miroslav Galajda -
Vincent Massol