Images on cloudfront tagged as malicious content by content filter


#1

Hi,

A friend who works at Goldman Sachs tells me that my unbounce page won’t display properly from their network, because their content filtering service has flagged some images as malicious content.  

I’ve asked what content filtering service they’re using; no answer as of yet.  Can anyone provide information on this?

Thanks,

Ted Epstein, CEO
RepreZen


#2

Hi Ted - this definitely shouldn’t be happening. 

Unbounce won’t let you upload anything into your images library that doesn’t have an image extension.

It *is* possible to embed code inside of images and I believe that can exploit some really old browser/operating system configurations, but that shouldn’t be a problem for anyone who’s using the internet today (it would also mean that you would have to had uploaded an image with the malicious code embedded).

If you’re able to get the filtering service they’re using and, even better, what the actual content warning is, we can likely get to the bottom of this–I was able to open a couple of your pages with no warnings though and it doesn’t look like you’re linking to anything that should set off a legitimate warning either.

If you’re able to grab more info or a screenshot of the error, could you send it over to us at support@unbounce.com?


#3

Unfortunately, the firm’s information security policy forbids communicating this information to me.  

But it seems that there have been a lot of malware sites that have been hosted on the cloudfront.net CDN.  I found some links:

https://forums.aws.amazon.com/thread.jspa?messageID=351770
http://google.com/safebrowsing/diagnostic?site=cloudfront.net/
https://answers.yahoo.com/question/index?qid=20110315165234AAfcUWa
http://blog.mitechmate.com/how-to-remove-cloudfront-net-virus/

I wonder if Unbounce has had similar problems with cloudfront.net in the past?

Regards,

 - Ted


#4

Hi Ted - Cloudfront is the CDN we use to deliver all of your page assets. It’s Amazon’s CDN, which is one of the largest (and also most reliable) CDN services available.

There definitely have and will be some malicious files that have been hosted with them, but that’s the same for any major CDN, since they’re all hosting millions, if not billions of files, but there’s no way that should be triggering a content filter, since blocking cloudfront would mean blocking a massive number of legitimate websites and hosted files.

Can you try sending this URL to your friend to see if it’s blocked: http://unbounce.quinnomori.com/content-filter-test/

That’s one of our templates with no changes, so I can confirm that there won’t be any actually malicious files linked–there is the off chance that you have a corrupted image or something else that has been uploaded that’s setting off their filter for some reason, but if that’s the case, that test page should be fine.


#5

Hi Quinn,

My friend at GS reports “black x’s where images should be” when viewing the page you provided.  Seems safe to conclude that their content filter is taking a very aggressive stance towards Cloudfront.  I’ll have to see if others are having similar problems.  Right now there’s very little I can do.

 - Ted


#6

Hi Ted - the one thing you shouldn’t have to worry about is many other users experiencing the same thing. Since AWS’ cloudfront service is quite widely used, simply blocking cloudfront assets would mean blocking a not insignificant portion of the Internet.

Just to make sure it’s not something Unbounce specific, can you ask if he can load http://www.elastic.io/? I know they use the same CDN and also format their images so the reference to cloudfront is contained in the image’s URL as well (same as we do).