Jump to content

Delisting Apillon.io domain from the blacklist


Go to solution Solved by Marcos,

Recommended Posts

Posted

Dear ESET.

We have identified our website apillon.io is included in your official blacklist.
We are hereby contacting you regarding potential removal from your blacklist, with the arguments listed below. 

The root of the issue

Apillon is a Web3 development platform that utilizes decentralized storage. By building this service, Apillon team has unlocked a “website preview” functionality for our early beta users, allowing users to upload their website and measure its performance when served from decentralized servers. The preview for users was served over ipfs.apillon.io

Our goal at the time was to allow users to quickly test out our product without the users need to connect the domain.

We later learned our good intentioned attempt was naive in its nature. Our storage service has become abused by several malicious or phishing websites, directly affecting our domain health score. 

Upon learning this is happening with our platform and domain, we have immediately proceeded with internal actions that remedied the situation - as explained further below. 

Steps taken to remedy this situation

  1. We have executed a manual check of all published websites on our servers and have manually removed all websites that were executing malicious or phishing attempts

  2. We have written a script that additionally scans all websites and seeks for potential malware, phishing or other vulnerabilities and have manually removed all positive results. 

  3. We have disabled all user accounts that engaged in malicious activity

  4. We have disabled website previews for users. Now all website deployments are deferred until the rendered page is human reviewed and approved. (See proofs chapter)

  5. We have implemented additional domains to our infrastructure, to establish clear separation between our business domain and our website gateways

  6. We have entered the code review and security review with a known outside provider that will produce a qualitative report of Apillon’s security and code quality within a month

Current status

At this point apillon.io domain and all of its subdomains are free of any malicious, phishing or other non acceptable data or links. 

It is crucial to point out that apillon.io domain is a core domain for our business “Apillon” where we are investing a lot of resources in the following areas:

  • SEO

  • Advertising and CPC traffic

  • Organic growth 

  • Other promotions

That said, it is imperative for our business to disallow any malicious or phishing website hosting, to promote general health of the internet, as well as keeping our domain out of blacklists which directly cause friction in our growth attempts. 

More importantly, apillon.io domain is how we earn our bread, that is why we kindly ask you to consider removing this domain from your blacklist and allow us to continue to grow our business. 

To confirm the true nature of our business and enable you to proceed with blacklist delisting faster, we are willing to disclose detailed business information and with that show clear commitment to keeping our domain healthy in the future. 

Proofs

KiWRermVCZAb_YtQ7FkyARJXwnx9toPzWO09-qgToDkOe62HDHPPzAliFS49exRz6N8uTky8V7vdPkzxPyQ0xpAJZpgGJQ-X4F-uYXj54uCC1KJgWX8uncf0s-lm0MAlFKvkU_sXoC7_Appy4uxCzJY

List of manually checked and removed websites - Executed in November 2023

xddQTu7ZjBQ7gRGq8q-FcMN-H9S104ErbPLf0R7pSG7F1Zk5KFSJ7Wqv8F2fTpKpsyOrFr2gfG8pY0epPYUmwaTmOSK53x8861a8yeX9PFiiDRxfv3R1Rur94zOgMz6CjRCK06Y4gc1SV5Sng9cqzkg

The proof of “Deny first” logic in production - each deploy is deferred until checked by human

GBrKPNg_qhPe6EM-HVfOIhgQeZPZFotSyujBztsGkWRnB4JfJPXSprDbOeqjXjguCKuwFgQ0sfij6UP43MsJIOlzRF1cBpF4aDBBy1FhP2Rn90ff7Sy7CWBBO0OJOT0kUk_pLbB7zUpSPIuM1t7mO74

A sample of a website review over Slack

  • Administrators
  • Solution
Posted

The domain has been unblocked.

Posted

Thank you very much for the prompt response! 

  • 2 months later...
Posted

Personally, I think it's crucial to maintain a fair approach to blacklisting—gotta balance security with not overblocking legit sites, right? It’s tricky, but finding that middle ground keeps things smooth for everyone.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...