hack.org blocked by web filtering companies

2012-06-19 – 3 minute read 

For a few years I have been increasingly annoyed that web filtering companies have categorised the hack.org web server (and, presumably, the *.hack.org subdomains) under a category they call “hacking” that Websense defines as:

Sites that provide information about or promote illegal or questionable access to or use of computer or communication equipment, software, or databases.

and Trend Micro defines as:

Sites that provide software for bypassing computer security systems.

It seems a bit of a stretch to categorise my personal web pages under this category but I realise how the mistake was made: They call their category “hacking” and the words “hacking” and “hacker” do show up a lot on my web pages and, after all, the domain itself contains the word “hack”. I can see how automatic software looking for keywords can make the wrong decision. Of course, their software doesn't know anything about the hacker vs cracker confusion.

My guess is that most of the web filtering companies use automatic software looking for keywords and I guess most of these programs are really, really bad at trying to understand what a web page is really about. My advice to people even thinking about buying into a service like this is to ask the companies technical questions on how their scanning works. For instance, scanning for known signatures of malware is an entirely different ballgame compared to trying to categorise web content from keywords.

Of course, I have tried several times to report back to Websense and Trend Micro and other web filtering companies that they have miscategorised hack.org. It seems the best I have managed to do was to trigger an automatic rescanning which, of course, found the same amount of keywords it was looking for and failed to change the category.

Just the other day I received an alarming message. It said that if you use a Trend Micro product and tried to look at my personal web pages it would stop you and say:

Verified fraud page or threat source.

Wow! This is something entirely different than placing my web pages in the wrong content category. This is verging on libel!

Verified fraud or threat? Verified how, exactly? What have they verified and how did they do it? I really want to know. If anyone has any insights into Trend Micro's database, please get in touch.

Trend Micro has a public service here:

http://global.sitesafety.trendmicro.com/

If I type in hack.org I get a result that says:

Is it safe?

Dangerous: The latest tests indicate that this URL contains malicious software or could defraud visitors.

How would you categorize this URL?

Hacking: Sites that provide software for bypassing computer security systems

It's still wrong, of course, but at least better than “verified fraud”! Trend Micro has categorised hack.org as “hacking” for many years now. No change there.

What the “Dangerous” label is about, I don't know. It has also been the same for many years now. I wonder what their tests found? A careful review of the few personal web pages at the main hack.org server doesn't yield anything suspicious.

Of course, I can't answer for any contents on any other web servers ending in hack.org, but I doubt that this is the real problem here. A simple test with a small web server I keep for test reasons, which almost doesn't contain any information at all, gets the same result from Trend Micro, probably just because it ends with “hack.org”.

I can live with the entire domain being in the wrong category in web filtering software, but I really want to get rid of at least the libellous “verified fraud or threat” and “dangerous” classification.

Any suggestions? A libel suit seems a bit over the top, don't you think?