Through clean-mx.de, Gerhard sends out abuse reports to webhosts demanding they take down a site because of viruses or phishing, which most do, without asking any questions. This would probably be fine if the clean-mx abuse reports were 100% accurate.
Sadly, what webhosts don't realise is that these reports from clean-mx.de are often completely bogus.
--
Unfortunately when I tried to communicate with Gerhard, after he had one of our sites shutdown and had falsely accused us of running a phishing site to our webhost, he was very rude and arrogant.
Not long after our brief discussion, Gerhard took 'revenge' and intentionally got the same site of ours shutdown a second time by contacting our webhost personally, even though he knew it was not malicious.. then I realised what kind of person we are dealing with.
This is terrible behaviour for someone involved in 'serious malware research', and especially bad for someone who has the power to destroy innocent people's businesses with one automated email.
Over the past few years it seems he has even tried to get our site Blocklist pro shutdown more than once. Well it only got shutdown temporarily because his reports were totally bogus as usual.
I don't know what else to say.. it's makes me sad that there are people like this in the security industry, who are so incompetent and so willing to attack other sites like ours, when we have done absolutely nothing wrong.
--
Recently Gerhard even claimed our site stopmalvertising.com was infected, after he did a google search for keywords related to os commerce hijacks.
Another mass compromise
http://www.malwaredomainlist.com/forums/in...p?topic=4635.15
Because Kimberly had written about os commerce hijacks on stopmalvertising.com, naturally the link for stopmalvertising showed up in Gerhard's search results and was then included in his list of infected sites.. ( Included along with ibm.com, computerworld.com.au, darkreading.com, sucuri.net, armorize.com, csoonline.com, malwaredomains.com, markosweb.com, pastebin.com and probably a whole bunch of other innocent sites that had articles or keywords about os commerce hijacks, and were NOT infected at all ).
Stopmalvertising.com is listed :
CODE
http://support.clean-mx.de/clean-mx/viruses.php?sort=firstseen%20desc&review=173.245.60.113
The sucuri.net scanner is listed :
CODE
support.clean-mx.de/clean-mx/viruses.php?sort=firstseen%20desc&domain=sucuri.net
Interestingly, there's still no reply from Gerhard yet... Even though he continues to spam his daily virus reports elsewhere on that forum.
He simply chooses to ignore people who have genuine concerns about his 'research' methods...
Now imagine that every single day, clean-mx is auto submitting in bulk thousands of domains.
Consider that the virus reports used to judge if a site is good or bad are based on results from multiple antivirus scanning engines, that are also plagued with their own false positives and vague heuristic detections, and maybe you can see how this system is an absolutely massive clusterf**k.
It's simply unbelievable that this has been going on for so many years now.
--
From personal experience, Gerhard W Recher clearly doesn't like to be called out or questioned about his flawed methods of research or his 'scraping' of google.com for potentially infected websites.
I believe Gerhard W Recher does not, will not, and cannot verify anything that is listed in his clean-mx.de system because it's automated and must be a very very very badly coded system.
Surely he must be one of the worst and most incompetent researchers ever in history with these methods of detecting and reporting malicious sites. Worst of all, many sites accept his bulk submissions with flawed data, including phishtank / OpenDNS.
QUOTE
cleanmx has submitted 165,098 and verified 74,833 phishes.
You should consider any databases containing information submitted by clean-mx.de to be totally corrupted.
--
Today I found an article written by another victim of the clean-mx.de system and realised it's still happening. Innocent site owners are still facing accusations from clean-mx and still getting their sites taken down with bogus automated abuse reports.
http://www.boredomsoft.org/clean-mx.bs
Some good quotes from the article:
QUOTE
Clean-MX? They e-mail my host and state matter-of-factly that I am hosting malware and ask my host to shut down my website. Excuse me?
Now, I understand that if you're plumbing the depths of the internet for malware, you'll never have the manpower necessary to manually verify each and every hit your automated scanners turn up. That's fine! I understand!
But if you don't verify these things, you don't ask the domain's web host to take an entire website offline and accuse the site's administrator of a felony. To me, that's just common sense. To do otherwise is certainly unethical, and probably actionable.
QUOTE
Dear abuse team,
please help to close these offending viruses sites(1) so far.
please help to close these offending viruses sites(1) so far.
Now, I understand that if you're plumbing the depths of the internet for malware, you'll never have the manpower necessary to manually verify each and every hit your automated scanners turn up. That's fine! I understand!
But if you don't verify these things, you don't ask the domain's web host to take an entire website offline and accuse the site's administrator of a felony. To me, that's just common sense. To do otherwise is certainly unethical, and probably actionable.
Another victim's reply:
QUOTE
I tried to reason with clean-mx, but without result. I send them e-mail, i even used a signed-for snail mail.
Never got any decent response from them.
People like this should simply be banned from the internet.
Never got any decent response from them.
People like this should simply be banned from the internet.
--
Other cases:
own domain blocked
http://forum.avast.com/index.php?topic=79116.0
QUOTE
I've been trying for a week to get them to remove me from the blacklist but their system is apparently broken which makes them incompetent. Also if you click the clean-mx url I pasted earlier you can see that there was no virus found yet they blacklist me, awesome.
--
Also beware of any scripts that allow you to incorporate data from clean-mx such as BGP-Ranking:
QUOTE
add modules provided by Clean MX [Rafiot]
https://github.com/Rafiot/bgp-ranking
--
If your own site has been targeted by Clean-mx.de and your site has been taken down through bogus clean-mx.de reports too, please let us know.
----------------------------
To Webhosts:
----------------------------
YOU MUST GET A SECOND OPINION BEFORE TAKING ACTION - ( or ignore the reports from clean-mx.de altogether ).
If you are running a webhosting company or working for a webhosting company, please do not simply take these reports from clean-mx.de as the word of god. Surely God would never need to rely on poorly coded scraper bots or scripts to find something, and then not even verify the results before sending out takedown notices.
Please investigate a little more before taking down someone's innocent website or terminating their hosting account. You can even use a free site like http://sucuri.net/ or http://urlvoid.com/ to scan a website's file system for malware as another check.
If the email notices being sent out to webhosts requesting immediate action are an automated part of the flawed clean-mx.de system, be aware that absolutely nothing has been verified by a human being before these bogus takedown notices are sent out.
As you can see from the information here, Clean-mx.de reports are clearly unreliable.
----------------------------------------
To clean-mx.de vicitms :
----------------------------------------
If your site is targeted with a takedown letter and you are innocent of any wrongdoings, feel free to send your webhost a link to this page.
No webhost should be terminating people's account based on a flawed automated system, especially without any real proof that the accusations are true.
---------------------------------
To clean-mx.de customers
---------------------------------
If you're paying for services, maybe you should stop wasting your money..
---------------------------------
Please feel free to repost this everywhere you possibly can. We need to get the word out and warn people, because this madness from cleanmx has gone on long enough.