Hi Randisisimo,
Thanks for reporting your concerns.
What if one reports scan links. Does not need rocket science to reconstruct the destination and it is purchasable for self-inflicting characters ;D .
Most problems arise from n00b posters here. These live links have to be worked on by moderation from avast! to get them properly unlink-able.
And we are not staff, so we can only set a good example.
Only thing we can do is ask to properly unlink or ask moderation to do that for us.
Another problem is that links can now be re-linked automatically as with mail addresses, so either do not give any mail address or mask it.
Automated spamming has created a very insecure circuit there.
Then there are those that oppose to scan results here, because they won’t want to be reminded to an incident, so others may not learn about their mistakes.
Those requests are questionable.
I never go any further than remote cold reconnaissance scanning, that means never going to the potentially malicious link as such.
This also goes for the results.
Never give live or broken script only give as for instance a jsunpack link reference, even on Quttera results.
Give results also as an image (threatSTOP IP results).
We have seen now that the recommended scanner of sorts, Sucuri, now brings site scan results as largely being obscured,
while sites like fetch dot scritch dot org and BuiltWith give quite some bit of reconstruction-able info that could be dangerous in the wrong hands.
On the other site we see an enormous amount of sites that could be malvertised any moment because of outdated CMS and server insecurities (excessive header info proliferation) etc, etc.
You cannot stop all these imminent dangers just by security through obscurity, although I strongly agree with a proper non-clickable link policy.
I agree for instance also with Dazzlepod’s policy that their scan results cannot be used against a particular site as is their general policy.
It should always be the policy to first report to avast AT virus DOT com (masking this mail address is futile now!)
and then discuss scan links or discuss certain aspects of threats here.
It is a pity that in most cases one needs a full plethora of scanners to detect any potential malicious links or bad or worse policy practices.
This means that in a lot of cases website security policy comes as a last resort issue.
polonus