Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: w3.org Spam?

  1. #1
    Untangler
    Join Date
    Oct 2009
    Location
    N. AZ
    Posts
    66

    Default w3.org Spam?

    I'm getting a huge volume of blocks from a machine trying to call out to w3.org every 1-2 minutes. I've checked the IP and it is listed with w3.org. The filter is putting it in the Spam category. I've done virus scans as well as scanned with Malware Bytes and Super Anti-Spyware. All come up with nothing.

    Has anyone else experienced this?

  2. #2
    Untangler
    Join Date
    Oct 2009
    Location
    N. AZ
    Posts
    66

    Default

    Finally solved. Like suspected it was a virus of sorts. Removed with Panda AV.

  3. #3
    Master Untangler f1assistance's Avatar
    Join Date
    Apr 2009
    Location
    Holly Springs, NC
    Posts
    291

    Default

    Quote Originally Posted by hs-admin View Post
    Finally solved. Like suspected it was a virus of sorts. Removed with Panda AV.
    Please do tell...it sounds like you used several tools in your bag of tricks. Did you use Panda's online scanner?
    Untangle...because nothing is worse than doing nothing!
    -------
    2, Pentium (R) Dual-Core CPU E5300 @ 2.60GHz 2599.968, 2089.96MB RAM

  4. #4
    Untangler
    Join Date
    Oct 2009
    Location
    N. AZ
    Posts
    66

    Default

    Well I thought this was solved but looking at the logs again this afternoon its doing it again. Its very sequential in its attempts. I included a sample of whats coming up in the Even Log.
    Anyone have a suggestion? False positive?

    2012-01-12 8:24:35 pm
    172.16.4.8
    www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd
    true
    true
    in Categories Block list
    Spam
    128.30.52.37

    2012-01-12 8:23:30 pm
    172.16.4.8
    www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd
    true
    true
    in Categories Block list
    Spam
    128.30.52.37

    2012-01-12 8:21:36 pm
    172.16.4.8
    www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd
    true
    true
    in Categories Block list
    Spam
    128.30.52.37

    2012-01-12 8:19:37 pm
    172.16.4.8
    www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd
    true
    true
    in Categories Block list
    Spam
    128.30.52.37

  5. #5
    Untangler
    Join Date
    Oct 2009
    Location
    N. AZ
    Posts
    66

    Default

    This is the output from zvelo.com's "test-a-site" service:

    w3.org Technology (General), Advocacy Groups & Trade Associations No Known Risk zvelodb-v3

    www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd Spam Possible Risk zvelodb-v3

  6. #6
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Mateo, CA
    Posts
    12,625

    Default

    Try flushing the categorization cache in Web Filter, and then in your browser and then hitting that URL.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #7
    Untangler
    Join Date
    Oct 2009
    Location
    N. AZ
    Posts
    66

    Default

    Thanks for the reply, I emptied the filter cache. Is the browser cache empty and hitting the URL to be done on the problematic machine?

  8. #8
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Mateo, CA
    Posts
    12,625

    Default

    Quote Originally Posted by hs-admin View Post
    Thanks for the reply, I emptied the filter cache. Is the browser cache empty and hitting the URL to be done on the problematic machine?
    Any machine behind Untangle should be fine. Are you just testing? What are you trying to do?
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  9. #9
    Untangler
    Join Date
    Oct 2009
    Location
    N. AZ
    Posts
    66

    Default

    I'm currently off site at the moment. I thought I had this solved earlier and happened to check again and the machine is still acting up.
    I'm trying to figure out why it is calling w3.org in 1 and 2 minute intervals (roughly) which web filter is then categorizing and blocking as Spam. I have 1k+ blocks on it from the day, sort of filling up my event viewer. I thought at first of malware/spyware infection but all the scanners I've had the owner (non school owned laptop) run have come up with little or nothing.

  10. #10
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Mateo, CA
    Posts
    12,625

    Default

    Quote Originally Posted by hs-admin View Post
    I'm currently off site at the moment. I thought I had this solved earlier and happened to check again and the machine is still acting up.
    I'm trying to figure out why it is calling w3.org in 1 and 2 minute intervals (roughly) which web filter is then categorizing and blocking as Spam. I have 1k+ blocks on it from the day, sort of filling up my event viewer. I thought at first of malware/spyware infection but all the scanners I've had the owner (non school owned laptop) run have come up with little or nothing.
    Oh, well I'd just flush your category cache. It doesn't sound like its categorized as Spam anymore so it probably just was the first time you checked. My guess was that it was a miscategorization at one point or something.

    I wouldn't worry about that URL, many things references the w3.org DTDs and I don't think a client downloading that is any reason to be alarmed.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2