Google just said LQ was an "attack site".
I just clicked on my bookmark to get into LQ and a big google warning come up telling me LQ was an attack site. I've seen this a couple of times with various small forums and each of them went offline for about a week. Just thought I'd let you know.
|
i got red warning too, as i used direct link i think it comes from firefox.
|
Yep just had the same claiming there is malware..
|
Looking at our Google Webmaster Tools account, this is definitely a mistake and LQ is not currently serving malware. I'm looking into it further now. Thanks for the heads up.
--jeremy |
I had this warning on another site, I think someone broke the internet. :)
|
I got this too.
Strange though, reading the diagnostic page it says: "Of the 616 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software.. Over the past 90 days, www.linuxquestions.org/questions did not appear to function as an intermediary for the infection of any sites. this site has not hosted malicious software over the past 90 days." |
I'm seeing this as well..
|
Quote:
|
This is just one of the dangers of having a global super corporation with it's tracking "features" built into three of the four major web browsers and enabled by default.
|
I think it's a Google problem as many sites I vist regualrly gave me this warning this morning.
|
Google and Firefox both issue this warning, but no issues with Bing.
|
Don't know whether this will help. Got this from trying to access the homepage just now from a non-logged in firefox session.
I also saw a "Additional plugins required" notification pop up, which is unusual because I didn't think LQ generally allows flash ads (though I may be mistaken) Quote:
|
Thanks jeremy for looking into this. Even i got the same warning.
|
It's google for crying out loud.
They've never made a mistake. </sarcasm> but then again, pewp happens. |
It seams that openx.org, d1.rumbaypelo.com, and/or aboelaraby.com are culprits. So not the LQ directly but third-party links.
I got Safe Browsing page (on Serbian :( ) with following: Google translation: "Tip provided by Google Safe Browsing Diagnostic page for www.linuxquestions.org What is the current status on the list for www.linuxquestions.org? Site is listed as suspicious - visiting this web site may harm your computer. In the last 90 days, part of this site was listed for suspicious activity 2 time (s). What happened when Google visited this site? Of the total number of pages we tested on the site over the past 90 days (925), the malicious software being downloaded and installed without user consent on the following number of pages: 42 Google last visited this site 2013-02-04, and suspicious content was the last time we found him on 2013-02-03. The number of domains in which malicious software is hosted 2, including the openx.org /, d1.rumbaypelo.com /. The number of domains, which appear to function as intermediaries for distributing malware to visitors of this site is 1, including the openx.org /. The number of networks on which this site is hosted 2, which include AS36351 (SoftLayer), AS15169 (Google Internet Backbone). Has this site acted as an intermediary resulting in further distribution of malware? It seems that www.linuxquestions.org the last 90 days function as an intermediary for the infection sites (1), including the aboelaraby.com /. Has this site hosted malware? No, this site has not hosted malicious software over the past 90 days. How did this happen? In some cases, third parties can add malicious code to legitimate sites, which leads us to show the warning message. Next Steps: Return to the previous page. If you are the owner of this website, you can request a review of your site using Google Webmaster Tools. More information about the review process can be found in the center of the Google Webmaster Help. Updated 5 with © Google - Google Home" Original text: "Савет доставља Google Безбедно прегледање Страница за дијагнозу за www.linuxquestions.org Који је актуелни статус на листи за www.linuxquestions.org? Сајт је наведен као сумњив – посета овом веб сајту може нанети штету вашем рачунару. У протеклих 90 дана, део овог сајта је наведен због сумњиве активности 2 пут(а). Шта се десило када је Google посетио овај сајт? Од укупног броја страница које смо тестирали на сајту у протеклих 90 дана (925), злонамеран софтвер је преузет и инсталиран без пристанка корисника на следећем броју страница: 42. Google је последњи пут посетио овај сајт 2013-02-04, а сумњив садржај смо последњи пут пронашли на њему 2013-02-03. Број домена на којима се хостује злонамеран софтвер је 2, међу којима су и openx.org/, d1.rumbaypelo.com/. Број домена за које се чини да функционишу као посредници за дистрибуцију малвера посетиоцима овог сајта је 1, међу којима су и openx.org/. Број мрежа на којима је овај сајт хостован је 2, међу којима су и AS36351 (SOFTLAYER), AS15169 (Google Internet Backbone). Да ли се овај сајт понашао као посредник што је довело до даље дистрибуције малвера? Изгледа да је www.linuxquestions.org у протеклих 90 дана функционисао као посредник за инфицирање сајтова (1), међу којима су и aboelaraby.com/. Да ли је овај сајт хостовао малвер? Не, овај сајт није хостовао злонамеран софтвер у протеклих 90 дана. Како је до овога дошло? У неким случајевима, треће стране могу да додају злонамеран кôд на легитимне сајтове, што нас наводи да прикажемо поруку упозорења. Следећи кораци: Вратите се на претходну страницу. Уколико сте власник овог веб сајта, можете да затражите преглед сајта уз помоћ Google алатки за вебмастере. Више информација о процесу прегледања можете да пронађете у Google центру за помоћ за вебмастере. Ажурирано пре 5 с © Google - Google почетна" |
Quote:
*Just for fun this is a diff of checking Google itself: Code:
This site is not currently listed as suspicious. |
Quote:
By the above I mean that I don't see this as a false positive and won't until I see it confirmed. Whilst I'm not entirely comfortable that Firefox using Google's listings isn't invading my privacy somehow, and I certainly don't trust or like Google much I don't think warning like this are a bad thing. I've seen enough legitimate sites host malicious code and/or links to prefer that "the man in the street" is warned of these things. |
Does someone who maintains these forums know about this yet?
|
Quote:
Quote:
|
http://www.acurazine.com/forums/images/smilies/doh.gif my bad. i guess i missed that post. thanks
|
I see I am not alone.... saw it earlier but it cleared up. Now it's doing it again.
|
As an update: I can confirm that LQ was not serving malware and that this was the result of one of our ad providers (OpenX). We've stopped using them to serve ads while they clear this up and have notified Google of this.
--jeremy |
Still warnings with Firefox, but none with Midori.
|
Does anyone know what OS the malware was targeted at?
Thank You Bob W |
Quote:
--jeremy |
|
That why I use Opera. It never gave me false alarms.
|
Quote:
In fact, were it not for the warning, it could be argued that nobody would have noticed until compromised adverts were hosted, making it much worse. (Opera is a good browser though, I have to say) |
Quote:
--jeremy |
Quote:
I wasn't suggesting that LQ were in any way responsible for malware, by the way, just that using adverts from someone who has been compromised at least lets you look at hosting their adverts again. It may cost you a lot of time and effort but if this isn't the first time they've been a problem at least it gives you a heads-up that they're perhaps not that great. |
The IT people in my company today "blocked LQ" since FortiGuard reported it as a malware site. :(
I guess I'll have to talk to them now! Post 20 shows a new smilie BTW! ;-) |
Suggestion for a suggestion
If LQ is clean, but a third-party hired by a third-party is not, why does Firefox say LQ is patient zero?
Shouldn't it be some sort of "yellow warning" indicating that a third-party site is doing something unusual? Outsourcing might be always good from a business perspective, but definitely not from a technical one. And to mitigate its bad side effects, shouldn't we suggest a patch for a Firefox "yellow warning" instead of a red one telling me basically LQ is some sort of cholera x variola x ebola? |
It doesn't:
Quote:
Quote:
|
Far as I can tell the Google warning was helpful. Of course they could do better to help Jeremy but as far as protecting the users I think the false positive was worth it. The internet is too full of XSS and other attacks to be blasé about this. A site which LQ uses to serve adverts was compromised.
New users to the internet ought to be told that these warnings are real as a fire alarm. Personally I'm sick of SPAM and other rubbish because not enough sites are reported and people don't take these things seriously enough. |
The part that's extra frustrating in this case is that openx.org is already de-listed and we're not. I can see blocking an LQ pageview that has openx.org-related code on it, but IMHO we should not have been listed separately (we certainly shouldn't still be listed) and removing all openx.org related code should be enough for us to immediately not be impacted.
--jeremy |
I knew that LQ is safe and I continue to enter the site. I figure it was an error on google or something. Anyway, I ran clamav on my home directory and the /tmp folder. I had zero infested files in both directories.
|
Quote:
I also think the warning ought to mention that "this site has been known to link to a site which causes problems". Good idea, poorly executed I think. Sadly. Thanks for the hard work Jeremy. |
Anyway of helping LinuxQuestions knock these down quicker?
I saw it this morning when I had just finished a new install of Debian Testing with a full blown Gnome DE. I was working on the bloat and needed to tweak the desktop. I did a google search and it popped up in the search results showing LQ as a possible bad site. FWIW I trust LQ more than google, so I knew it had to be a ad somewhere. I guess the best thing is to post when this is seen, but I was thinking about as a "third party viewer" if there was anything we as members of LQ could do to help. Just my :twocents: |
Quote:
--jeremy |
Greetings,
Well, for those that have encountered this with Chrome/Chromium, here's what I did to deal with it:
And as far as: Quote:
Code:
developer1 ~ # host -a openx.org 206.13.29.12 HTH. |
Quote:
|
No more warnings here. Is LQ off the list now, or I just broke my browsers? :)
|
|
This appears to be mostly squared away...
Just checked from a Google search in Chromium and got straight here, however there was an additional link below the Search result, like this: Quote:
HTH. |
Quote:
--jeremy |
...and http://safebrowsing.clients.google.c...xquestions.org has been updated to indicate:
Quote:
--jeremy |
Quote:
Quote:
|
You're welcome newbiesforever,
Even though viruses and malware is rare in linux, I ran clamav on my home directory and tmp folder just to be sure because files can be hidden in image files. So far, no infected files found :) |
Quote:
Prior to today I've not seen that for LQ ever. |
It is clear now on my PCs without any changes to FF/Iceweasel-Chomium-Opera.
Quote:
|
All times are GMT -5. The time now is 07:48 PM. |