LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > LinuxQuestions.org > LQ Suggestions & Feedback
User Name
Password
LQ Suggestions & Feedback Do you have a suggestion for this site or an idea that will make the site better? This forum is for you.
PLEASE READ THIS FORUM - Information and status updates will also be posted here.

Notices

Reply
 
Search this Thread
Old 02-04-2013, 08:27 AM   #16
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,277
Blog Entries: 54

Rep: Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852

Quote:
Originally Posted by DrLove73 View Post
It seams that openx.org, d1.rumbaypelo.com, and/or aboelaraby.com are culprits. So not the LQ directly but third-party links.
And that indeed is the problem. It's not the first time ad networks served malware or PUA but openx.{org,net} reputation is especially bad.

*Just for fun this is a diff of checking Google itself:
Code:
     This site is not currently listed as suspicious.
 
-    Part of this site was listed for suspicious activity 28 time(s) over the past 90 days.
+    Part of this site was listed for suspicious activity 29 time(s) over the past 90 days.
 
 What happened when Google visited this site?
 
-    Of the 670408 pages we tested on the site over the past 90 days, 109 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-02-03, and the last time suspicious content was found on this site was on 2013-02-03.
+    Of the 664546 pages we tested on the site over the past 90 days, 121 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-02-04, and the last time suspicious content was found on this site was on 2013-02-03.
 
-    Malicious software includes 140 trojan(s), 10 virus, 8 scripting exploit(s). Successful infection resulted in an average of 4 new process(es) on the target machine.
+    Malicious software includes 134 trojan(s), 10 virus, 7 scripting exploit(s). Successful infection resulted in an average of 4 new process(es) on the target machine.
 
-    Malicious software is hosted on 53 domain(s), including adsbyisocket.com/, imaginginsider.com/, dgsdfhsdfh.osa.pl/.
+    Malicious software is hosted on 55 domain(s), including adsbyisocket.com/, ads.zitaholdings.com/, imaginginsider.com/.
 
-    34 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including googleusercontent.com/, zegreenweb.com/, feedsportal.com/.
+    42 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including googleusercontent.com/, zegreenweb.com/, feedsportal.com/.
 
     This site was hosted on 145 network(s) including AS15169 (Google Internet Backbone), AS8359 (MTS), AS36040 (Bandaid XT+).
 
 Has this site acted as an intermediary resulting in further distribution of malware?
 
-    Over the past 90 days, google.com appeared to function as an intermediary for the infection of 23 site(s) including stroupecondoblog.com/, ow.ly/, www.jazaan.com.googlepages.com/.
+    Over the past 90 days, google.com appeared to function as an intermediary for the infection of 28 site(s) including stroupecondoblog.com/, ow.ly/, www.jazaan.com.googlepages.com/.
 
 Has this site hosted malware?
 
-    Yes, this site has hosted malicious software over the past 90 days. It infected 2 domain(s), including hahait.com/, tedaltenberg.com/.
+    Yes, this site has hosted malicious software over the past 90 days. It infected 1 domain(s), including tedaltenberg.com/.
As you can see it considers itself "not suspicious" even though it listed itself as suspect for about 30 out of 90 past days ;-p
 
2 members found this post helpful.
Old 02-04-2013, 08:35 AM   #17
273
Senior Member
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 3,367

Rep: Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782
Quote:
Originally Posted by DrLove73 View Post
It seams that openx.org, d1.rumbaypelo.com, and/or aboelaraby.com are culprits. So not the LQ directly but third-party links.
I was about to say that I guessed it was a link somewhere. Usually these warnings are because there's a post somewhere that's managed an XSS attack or something though I suspect here it may even just be somebody posting malicious links.

By the above I mean that I don't see this as a false positive and won't until I see it confirmed. Whilst I'm not entirely comfortable that Firefox using Google's listings isn't invading my privacy somehow, and I certainly don't trust or like Google much I don't think warning like this are a bad thing. I've seen enough legitimate sites host malicious code and/or links to prefer that "the man in the street" is warned of these things.
 
Old 02-04-2013, 08:38 AM   #18
webmastir
LQ Newbie
 
Registered: Mar 2010
Posts: 6

Rep: Reputation: 0
Does someone who maintains these forums know about this yet?
 
Old 02-04-2013, 08:40 AM   #19
273
Senior Member
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 3,367

Rep: Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782
Quote:
Originally Posted by webmastir View Post
Does someone who maintains these forums know about this yet?
Yes:
Quote:
Originally Posted by jeremy View Post
Looking at our Google Webmaster Tools account, this is definitely a mistake and LQ is not currently serving malware. I'm looking into it further now. Thanks for the heads up.

--jeremy
 
Old 02-04-2013, 08:41 AM   #20
webmastir
LQ Newbie
 
Registered: Mar 2010
Posts: 6

Rep: Reputation: 0
my bad. i guess i missed that post. thanks
 
Old 02-04-2013, 08:48 AM   #21
chrisretusn
Member
 
Registered: Dec 2005
Location: Philippines
Distribution: Slackware
Posts: 477

Rep: Reputation: Disabled
I see I am not alone.... saw it earlier but it cleared up. Now it's doing it again.

Last edited by chrisretusn; 02-04-2013 at 08:51 AM.
 
Old 02-04-2013, 09:26 AM   #22
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 10,389

Rep: Reputation: 2626Reputation: 2626Reputation: 2626Reputation: 2626Reputation: 2626Reputation: 2626Reputation: 2626Reputation: 2626Reputation: 2626Reputation: 2626Reputation: 2626
As an update: I can confirm that LQ was not serving malware and that this was the result of one of our ad providers (OpenX). We've stopped using them to serve ads while they clear this up and have notified Google of this.

--jeremy
 
Old 02-04-2013, 09:28 AM   #23
brianL
LQ 5k Club
 
Registered: Jan 2006
Location: Oldham, Lancs, England
Distribution: Slackware & Slackware64 14.1
Posts: 7,029
Blog Entries: 52

Rep: Reputation: Disabled
Still warnings with Firefox, but none with Midori.
 
Old 02-04-2013, 10:27 AM   #24
rjw1678
Member
 
Registered: Sep 2003
Location: Delaware, USA
Distribution: Ubuntu 12.04 LTS
Posts: 55

Rep: Reputation: 15
Does anyone know what OS the malware was targeted at?

Thank You
Bob W
 
Old 02-04-2013, 10:34 AM   #25
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 10,389

Rep: Reputation: 2626Reputation: 2626Reputation: 2626Reputation: 2626Reputation: 2626Reputation: 2626Reputation: 2626Reputation: 2626Reputation: 2626Reputation: 2626Reputation: 2626
Quote:
Originally Posted by rjw1678 View Post
Does anyone know what OS the malware was targeted at?
As mentioned, LQ was at no time serving malware.

--jeremy
 
Old 02-04-2013, 10:41 AM   #26
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 3,145
Blog Entries: 1

Rep: Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002
http://www.google.com/safebrowsing/d...-492384/&hl=en

For information regarding the error.
 
1 members found this post helpful.
Old 02-04-2013, 11:01 AM   #27
FeyFre
Member
 
Registered: Jun 2010
Location: Ukraine, Vinnitsa
Distribution: Slackware
Posts: 308

Rep: Reputation: 22
That why I use Opera. It never gave me false alarms.
 
Old 02-04-2013, 11:17 AM   #28
273
Senior Member
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 3,367

Rep: Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782
Quote:
Originally Posted by FeyFre View Post
That why I use Opera. It never gave me false alarms.
It's not a "false alarm" though. It was a legitimate warning that this site was serving pages from a compromised site.
In fact, were it not for the warning, it could be argued that nobody would have noticed until compromised adverts were hosted, making it much worse.
(Opera is a good browser though, I have to say)
 
Old 02-04-2013, 11:19 AM   #29
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 10,389

Rep: Reputation: 2626Reputation: 2626Reputation: 2626Reputation: 2626Reputation: 2626Reputation: 2626Reputation: 2626Reputation: 2626Reputation: 2626Reputation: 2626Reputation: 2626
Quote:
Originally Posted by 273 View Post
It's not a "false alarm" though. It was a legitimate warning that this site was serving pages from a compromised site.
In fact, were it not for the warning, it could be argued that nobody would have noticed until compromised adverts were hosted, making it much worse.
(Opera is a good browser though, I have to say)
I'd consider it a false alarm in that LQ never served malware via the site in question, as we do not use the OpenX marketplace or allow any unknown third parties to serve ads at LQ. For them to block every site that uses an ad network because of a small number of rogue ads somewhere in the network seems extreme, especially considering how long it's taking to get LQ unlisted.

--jeremy
 
Old 02-04-2013, 11:28 AM   #30
273
Senior Member
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 3,367

Rep: Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782
Quote:
Originally Posted by jeremy View Post
I'd consider it a false alarm in that LQ never served malware via the site in question, as we do not use the OpenX marketplace or allow any unknown third parties to serve ads at LQ. For them to block every site that uses an ad network because of a small number of rogue ads somewhere in the network seems extreme, especially considering how long it's taking to get LQ unlisted.

--jeremy
Sorry I hadn't realised it was a third-party of a third-party. Perhaps, then, google ought to spend more of their billions being a little more careful.
I wasn't suggesting that LQ were in any way responsible for malware, by the way, just that using adverts from someone who has been compromised at least lets you look at hosting their adverts again. It may cost you a lot of time and effort but if this isn't the first time they've been a problem at least it gives you a heads-up that they're perhaps not that great.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How do Google make money from "Google Chrome Web Browser" jijo_bose General 4 12-01-2010 03:49 AM
Telling people to use "Google," to "RTFM," or "Use the search feature" Ausar General 77 03-21-2010 11:26 AM
LXer: Google's "reported attack site" nonsense could lead to a Firefox boycott LXer Syndicated Linux News 0 09-27-2009 02:20 AM
LXer: Google Marked Every Site as "Harmful" This Morning LXer Syndicated Linux News 0 01-31-2009 01:50 PM
"dig mx" and "ping google" do not work when bind9 runs.. why? alexxxis Linux - Software 4 01-07-2007 03:16 AM


All times are GMT -5. The time now is 07:24 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration