FOSS gamedev and creative worlds

I'm on Windows 7 and I use the Avast antivirus software. My main browser is firefox, but I seem to have the same problems with chrome.

Whenever I open minetest.net (but not forum.minetest.net), Avast pops-up, makes an alert sound, tells me "A menace has been detected", and vaguely explains that the problem comes from http://amun.inchra.net/piwik.js.

I've searched about that problem a bit, thinking that maybe the problem was related to the site using some sort of malicious add software or something, and I found a (french) article by a guy whose site had a similar problem.

Basically, what he says is that Avast doesn't like when a website W1 (here, minetest.net) calls a script hosted on a site W2 (here, inchra.net).

I didn't exactly understand the solution he proposed, but it boils down to "The script should be hosted externally, and each site should have a subdomain pointing to the script (ex : stats.minetest.net, stats.inchra.net)".

HOWEVER ; I'm not sure the problem is the same : I also get an alert pop-up when opening inchra.net. It could be that the adress points to an IRC server, though.

Anyway, it seems like a pretty serious issue for me, since it would probably scare Avast users away from minetest.net, and even if it doesn't, it kind of casts an unprofessional image on the project. Hope it gets fixed soon !

We have an updated website, and use inchra-stats.minetest.net as the subdomain, so it shouldn't happen now. Can you confirm this still happens when you try it?

Nope, still got the same warning message :(

It the script still hosted on amun.inchra.net ?

no, it's on stats-inchra.minetest.net

Try ctrl+f5 or ctrl+shift+r?

Is the scaning done from avast? It may take time to rescan.

ctrl+f5 makes avast complain again. I'll try again tomorrow.

It still happens to me too.

Nope, still there.

Thread bump.

I'm a bit surprised this hasn't been fixed yet. "The game's website triggers an antivirus alert every time you open one of its pages" is kind of a big deal, and a good way to repel potential new players.

We can't work out why this happens, it's not fetching from inchra.net anymore.

What are anti-viruses, again? ;)

rubenwardy wrote:We can't work out why this happens, it's not fetching from inchra.net anymore.

This may be a dumb question, but have you made a computer search for the strings "inchra", "inchra.net", "amun", "piwik.js", etc... in the website's files ? You might have forgot to remove a call somewhere.

inchra-stats.minetest.net is a CNAME of stats.inchra.net. Do you think Avast is looking that far into DNS?

PoignardAzur wrote:Basically, what he says is that Avast doesn't like when a website W1 (here, minetest.net) calls a script hosted on a site W2 (here, inchra.net).

Websites include scripts from other websites all the time (jQuery via CDN, basically all ads ever, the list goes on). My guess: something in the piwik.js file is trying to violate the same-origin policy of the browser. Normally, browsers catch that themselves, but maybe the anti-virus program in question is trying to be extra helpful?

Anyway, here's what I found on Piwik and same-origin policy: How do I configure my Piwik server to allow cross domain requests? (CORS) (piwik.org).

Ben wrote:

PoignardAzur wrote:Basically, what he says is that Avast doesn't like when a website W1 (here, minetest.net) calls a script hosted on a site W2 (here, inchra.net).

Websites include scripts from other websites all the time (jQuery via CDN, basically all ads ever, the list goes on). My guess: something in the piwik.js file is trying to violate the same-origin policy of the browser. Normally, browsers catch that themselves, but maybe the anti-virus program in question is trying to be extra helpful?

Anyway, here's what I found on Piwik and same-origin policy: How do I configure my Piwik server to allow cross domain requests? (CORS) (piwik.org).

It's not a cross domain AJAX call or anything like that so same-origin isn't violated. piwik doesn't make an AJAX calls anyway, it requests an image.

My Avast is reporting downloading it from amun.inchra.net since that is the A record the other sub domains are pointing to. It blocks inchra.net altogether. I reported it as a false positive. Don't know if that will help in the end.

rubenwardy wrote:no, it's on stats-inchra.minetest.net

Try ctrl+f5 or ctrl+shift+r?

Is the scaning done from avast? It may take time to rescan.

Did you tried ping?

See, inchra-stats.minetest.net points to amun.inchra.net.

Issue still exist. I get warning from Avast. Looks really bad to see such warning for open source project. If I were you I would consider to replace piwik with something who does not have such issues or just drop tracker entirely until decent replacement will be found.

How if we have independent analytic site?

Hi,

Apache2/nginx well configured (SSL/TLS, Let's encrypt, etc...) + redirect http->https links to piwik login screen = no more alerts from Avast

srifqui/PoignardAzur: Is this still an issue? Has BrandonRese's false-positive report fixed it? If it's still an issue, please also report it as a false positive, and I'll try to get it fixed.

Its not a false positive!

Tracking is a serious problem but the good thing is there exists Software like Avast that blocks such crap.
If I wouldn't use an Adblocker this would be also blocked by Avast on my PC.

No, its not fixed.

I have AVG Zen and it never does this?
Or is this an old problem?
I have Opera as my main browser.
I had a problem which may seem unrelated but is, so it basically started saying my Rookit files had a virus, but what actually happened was that a virus was spreading and making AVG delete my system files, but, i had to set my computer back to factory specifications. So yeah it may be that it is some kind of virus that may make you have to set it back to factory specifications, but, warning, this deletes minetest,blender, and all those other programs including your browser, but i think a virus has infected your browser(s).

addi wrote:Its not a false positive!

Tracking is a serious problem but the good thing is there exists Software like Avast that blocks such crap.
If I wouldn't use an Adblocker this would be also blocked by Avast on my PC.

No, its not fixed.

This is not tracking in the sense that everyone hates - the tracking that is used to make ads. All this tracking does is record the pages you go to, and what your OS etc is. Most of this info would be in the servers logs anyway.

The thing that Avast doesn't like is how the piwik backend is on another Web domain, so could have been injected by a man in the middle attacker.

I get the same exact warning. Avast follows the URL when scanning so it likely is digging deep to the host. I just added http://amun.inchra.net/* and http://irc.inchra.net/* to my Global URL Exception list to shut it up. Seems to be that anything with "Inchra" throws the warning. I used to have issues connecting to VanessaE's servers as it kept stopping the transfer of the data.

DI3HARD139 wrote:I get the same exact warning...

I've made some changes to the stats setup (uses stats.minetest.net, which has direct A and AAAA records to the server), and now Avast shouldn't have any idea that minetest.net has anything to do with anything InchraNet. Are you sure that you're still getting the warning without the exception?

Removing the exception and testing.

It's no longer giving a warning now.

No warning for me too.