For a month, the site liberierasmi.nl couldn’t be visited via the EUR wifi network or on desktop PCs on campus. The firewall used by EUR, FortiGuard, reported since 30 August that liberierasmi.nl was ‘malicious’ and that the site is ‘in violation of your Internet usage policy’. Ignoring the warning and clicking through anyway was impossible. Outside the university, the website was accessible as normal. After the IT department submitted a reassessment request to FortiGuard in early October, the warning disappeared.
According to Nawin Ramcharan, University Council member for Liberi Erasmi, there was no reason to flag the site as malicious. The company that developed the Liberi website did all kinds of scans and found no malware or certificate issues. They also found out that the website is categorised as ‘malicious’ on only two of 88 well known firewalls (FortiGuard and McAfee). “In our view, this implies that there couldn’t have been an automatic categorisation,” Ramcharan says. He therefore suspects that someone manually reported the party’s website to FortiGuard, after which the firewall blocked the site without verification.
Ramcharan says he feels unsafe because of the incident. “The blocking started on 30 August, precisely during an introductory week with members of the University Council and university policy staff. Many attendees hardly knew about Liberi Erasmi before that. And the anonymous reporter must have known exactly how this works, and what firewall the university uses.” For these reasons, Ramcharan considers it likely that the possible culprit was present at the introduction week, but also doesn’t rule out the possibility that someone else was behind it. Whether the website was actually blocked after a user report from someone who was present at that acquaintance weekend, EM has not been able to discover.
However, it does appear to be easy to report a website as malicious. This can be done via a FortiGuard web form. EM took a test and reported a website to FortiGuard as malicious (the owner of the website was informed and agreed to the experiment). It was just a single report, with a fake name and an obviously fake and non-existent e-mail address. Within 24 hours, the website was completely blocked by the firewall. Those who visited the website received exactly the same message as with Liberi: ‘malicious’ and ‘in violation of your internet policy’.
'Impossible for most sites'
Blocking after one simple notification is impossible for most sites, says Rory O’Connor, chief information security officer at EUR. “This can only be done to sites that have not been assessed before and have low traffic.” Other sites are only blocked for security reasons, O’Connor says. He assumes that was the cause of the block on Liberi Erasmi’s site. “We asked FortiGuard why Liberi was blocked, and the answer was that it was done by the company’s automated rating engine. Not manually, in other words.”
The fact that Liberi is flagged as malicious by only two of 88 firewalls, is because the site was probably mostly visited from campus, O’Connor suspects. On campus, FortiGuard is triggered, and other firewalls probably not.
Which issues FortiGuard detected, he doesn’t know. It is also unknown whether the firewall doesn’t give the exact same response when blocked after a manual report. The company doesn’t give Liberi Erasmi, O’Connor or EM any information about this, even after repeated requests. A security scan by O’Connor does show that the student party’s site scores relatively low on security measures, but malware has not been detected so far.
Only after two weeks did Ramcharan discover that his party’s website had been blocked. When EUR’s IT department requested a reassessment from FortiGuard at his request in late September, the website was approved again. “It is unfortunate that the site was blocked, fortunately this has since been rectified,” a spokesperson for the university said about it. Why the alleged malware is now no longer a problem to FortiGuard is unclear. According to Liberi’s site administrator, literally nothing has changed on the website in the meantime. Ramcharan has asked ombudsperson Mario Buijk to investigate, and he has agreed to do so. It is unclear how long this investigation will take.
Liberi Erasmi was formed this year and has three seats in the University Council.