gosu128 0 Posted April 11 Posted April 11 Dear ESET. We have identified our website apillon.io is included in your official blacklist. We are hereby contacting you regarding potential removal from your blacklist, with the arguments listed below. The root of the issue Apillon is a Web3 development platform that utilizes decentralized storage. By building this service, Apillon team has unlocked a “website preview” functionality for our early beta users, allowing users to upload their website and measure its performance when served from decentralized servers. The preview for users was served over ipfs.apillon.io Our goal at the time was to allow users to quickly test out our product without the users need to connect the domain. We later learned our good intentioned attempt was naive in its nature. Our storage service has become abused by several malicious or phishing websites, directly affecting our domain health score. Upon learning this is happening with our platform and domain, we have immediately proceeded with internal actions that remedied the situation - as explained further below. Steps taken to remedy this situation We have executed a manual check of all published websites on our servers and have manually removed all websites that were executing malicious or phishing attempts We have written a script that additionally scans all websites and seeks for potential malware, phishing or other vulnerabilities and have manually removed all positive results. We have disabled all user accounts that engaged in malicious activity We have disabled website previews for users. Now all website deployments are deferred until the rendered page is human reviewed and approved. (See proofs chapter) We have implemented additional domains to our infrastructure, to establish clear separation between our business domain and our website gateways We have entered the code review and security review with a known outside provider that will produce a qualitative report of Apillon’s security and code quality within a month Current status At this point apillon.io domain and all of its subdomains are free of any malicious, phishing or other non acceptable data or links. It is crucial to point out that apillon.io domain is a core domain for our business “Apillon” where we are investing a lot of resources in the following areas: SEO Advertising and CPC traffic Organic growth Other promotions That said, it is imperative for our business to disallow any malicious or phishing website hosting, to promote general health of the internet, as well as keeping our domain out of blacklists which directly cause friction in our growth attempts. More importantly, apillon.io domain is how we earn our bread, that is why we kindly ask you to consider removing this domain from your blacklist and allow us to continue to grow our business. To confirm the true nature of our business and enable you to proceed with blacklist delisting faster, we are willing to disclose detailed business information and with that show clear commitment to keeping our domain healthy in the future. Proofs List of manually checked and removed websites - Executed in November 2023 The proof of “Deny first” logic in production - each deploy is deferred until checked by human A sample of a website review over Slack
Administrators Solution Marcos 5,457 Posted April 11 Administrators Solution Posted April 11 The domain has been unblocked.
wykeemgandert32 0 Posted June 13 Posted June 13 Personally, I think it's crucial to maintain a fair approach to blacklisting—gotta balance security with not overblocking legit sites, right? It’s tricky, but finding that middle ground keeps things smooth for everyone.
Recommended Posts