CentOS.firehosted.com / Tagged As Malicious

Home » CentOS » CentOS.firehosted.com / Tagged As Malicious

February 9, 2016 Corey Erickson CentOS 1 Comment

This repository has begun triggering alerts in my enterprises trend micro solution this morning.

CentOS.firehosted.com/7.2.1511/updates/x86_64/repodata/repomd.xml

Any tips on ensuring this repository is never queried by my systems ?

It seems to keep getting picked up on freshly deployed vagrants for development at this time.

Thanks, Corey Erickson

One thought on - CentOS.firehosted.com / Tagged As Malicious

Fabian Arrotin says:

February 11, 2016 at 3:36 am

That mirror is one of the external mirrors that is listed on http://mirror-status.CentOS.org/
So my first question would be : why does TrendMicro suspect it’s a malicious site ?
If the host is compromised, that’s worth mentioning the mirror admin
(I’ll send him an email with the contact email address he provided us when registering that mirror)

Can you give us details about the reason why TrendMicro thinks that node is “malicious” ? I’ll start a dedicated thread on the CentOS-mirror list if needed
(https://lists.CentOS.org/mailman/listinfo/CentOS-mirror)

Thanks,
–