Talk Morgan Forums Community The Malvern Arms Phishing block on TM image site

Oh dear, still can't get into tm-img site despite setting up exemptions

Yup I’ve jumped onto Dropbox and that works out ok for me.

I’m not going to start exemptions I trust AVG with everything and they will have a valid reason. Been with them for 23 years and they have served us well and cheap for the great service they provide.

The problem is clearly with AVG antivirus, not with tm-img.com.
It is simply not possible for tm-img.com to be a phishing site.
The only possible explanation is that someone, maliciously or inadvertently, has reported our hosting site as a phishing site.

My recommendation is to disinstall AVG before it gives you problems with other sites, and use something that is better.

I would like to know why others identified a possible bad file from Laurens !

Richard. Phishing is a term that refers to a combination of emails and bogus sites.
An example would be that you recieve an email that tries to convince you that it is from your bank and that your account will be blocked unless you follow a link in the email and update your account in some way. The site that the link takes you to will look like your bank site but it will have some slight variation that the unaware will not notice. You then fill in your user name and password and other personal details, thereby giving it all to some scammer.

Actually most banks now use systems that will make it impossible for someone other than you to log in because 2 step verification is used. That is where they send you a one time code by SMS or requre verification using an app on a verified phone, but you get the idea.

Firstly tm-img.com does not send emails to users. We could but we never have done so except to occasionally help people to create or validate an account. The only information we ask for is a user name, email address, and password (which should certainly be different to any password used for email, banking, etc). In any case I, as an administrator, can not see what the encripted password is or decode it in any way.

tm-img.com only allows images to be uploaded and those images can not link to other sites (such as a bogus site). It is totally beyond my comprehension, speaking after 40 years of experience in the Information Technology industry, as to how tm-img.com could have been classified as a phishing site. To me it is clearly the result of, as I said above, either a malicious or inadvertent report, or a faulty algorithm used by AVG.

I also have reported this as a false positive to AVG and I have asked for an explanation as to why it has been classified as a phishing site. I have looked at some of the images mentioned and, to me, they are perfectly normal files.

In any case phishing is not a virus, it can not do any harm to your system. Phishing can only harm your finances if you are foolish enough to allow yourself to be tricked into filling in personal information and passwords on a bogus site and, since tm-img.com is not, and does not link to, a bogus site, and does not request your personal information and bank passwords you have nothing to fear. AVG only blocks sites to save the unaware from filling in information on bogus or cloned sites. Since you could not fill in any such information on tm-img.com even if you wanted to the phishing clasification is incomprensibile.

False positives can be reported at https://www.avg.com/en-ww/report-false-positive

Peter, thanks for that reassurance.
Maybe in a few days all will revert to normal AVG wise then as far as the image site is concerned.

AVG is no longer giving me problems. I suspect you need to update it.
Unfortunately Dropbox is not suitable for embedding photos - great for sharing files with others, particularly large ones that cannot be emailed.
Your image files do not show, for me, and I can't be 'rsed to go to Dropbox to see what you are sharing - potentially malware could be stored there (though I would expect them to ensure it wasn't).

AVG full fat auto updates regularly (last night) Graham and it's still not accepting the image site at all ooi..

What Peter describes is right - it would be exceptionally clever if an image file could be used in this manner to enable phishing. Never say never given the tech world but one of least likely vectors I could imagine.

Richard I am also unable to see your dropbox images just for your reference. I also trust dropbox rather less than TM-IMG as a known source. Dropbox can be used to host all sorts of files that can execute actions as the files are unfiltered, unlike tm-img which allows image file only. We don't want to get Grahams _rse up now do we?

Richard worst case have a look in the AVG setup menu to see if there is a "reset to factory defaults" or worst case a re-install unless you have done extensive changes to it and this will muck other things on your setup?

Alistair, thank you for confirmation and suggestions - I shall "Drop"box as of now and search for another, maybe the Flickering one I used when Photosickbucket ransomed us all..

I am tired of the rsing around with images tbph