LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > LinuxQuestions.org > LQ Suggestions & Feedback
User Name
Password
LQ Suggestions & Feedback Do you have a suggestion for this site or an idea that will make the site better? This forum is for you.
PLEASE READ THIS FORUM - Information and status updates will also be posted here.

Notices

Reply
 
Search this Thread
Old 02-04-2013, 11:42 AM   #31
TheIndependentAquarius
Senior Member
 
Registered: Dec 2008
Posts: 4,622
Blog Entries: 29

Rep: Reputation: 896Reputation: 896Reputation: 896Reputation: 896Reputation: 896Reputation: 896Reputation: 896

The IT people in my company today "blocked LQ" since FortiGuard reported it as a malware site.
I guess I'll have to talk to them now!

Post 20 shows a new smilie BTW! ;-)

Last edited by TheIndependentAquarius; 02-04-2013 at 11:43 AM.
 
Old 02-04-2013, 12:14 PM   #32
folkenfanel
Member
 
Registered: Sep 2004
Location: formerly Fanelia and Zaibach
Distribution: Slackware-current with KDE 4.8.5
Posts: 303

Rep: Reputation: 35
Wink Suggestion for a suggestion

If LQ is clean, but a third-party hired by a third-party is not, why does Firefox say LQ is patient zero?

Shouldn't it be some sort of "yellow warning" indicating that a third-party site is doing something unusual?

Outsourcing might be always good from a business perspective, but definitely not from a technical one. And to mitigate its bad side effects, shouldn't we suggest a patch for a Firefox "yellow warning" instead of a red one telling me basically LQ is some sort of cholera x variola x ebola?
 
Old 02-04-2013, 12:16 PM   #33
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 10,380

Rep: Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620
It doesn't:

Quote:
Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.
and

Quote:
1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including openx.org/.
--jeremy
 
Old 02-04-2013, 12:23 PM   #34
273
Senior Member
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 3,367

Rep: Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782
Far as I can tell the Google warning was helpful. Of course they could do better to help Jeremy but as far as protecting the users I think the false positive was worth it. The internet is too full of XSS and other attacks to be blasé about this. A site which LQ uses to serve adverts was compromised.
New users to the internet ought to be told that these warnings are real as a fire alarm. Personally I'm sick of SPAM and other rubbish because not enough sites are reported and people don't take these things seriously enough.
 
Old 02-04-2013, 12:27 PM   #35
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 10,380

Rep: Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620
The part that's extra frustrating in this case is that openx.org is already de-listed and we're not. I can see blocking an LQ pageview that has openx.org-related code on it, but IMHO we should not have been listed separately (we certainly shouldn't still be listed) and removing all openx.org related code should be enough for us to immediately not be impacted.

--jeremy
 
1 members found this post helpful.
Old 02-04-2013, 12:34 PM   #36
codergeek
Member
 
Registered: Dec 2012
Posts: 52

Rep: Reputation: 7
I knew that LQ is safe and I continue to enter the site. I figure it was an error on google or something. Anyway, I ran clamav on my home directory and the /tmp folder. I had zero infested files in both directories.
 
Old 02-04-2013, 12:38 PM   #37
273
Senior Member
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 3,367

Rep: Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782
Quote:
Originally Posted by jeremy View Post
The part that's extra frustrating in this case is that openx.org is already de-listed and we're not. I can see blocking an LQ pageview that has openx.org-related code on it, but IMHO we should not have been listed separately (we certainly shouldn't still be listed) and removing all openx.org related code should be enough for us to immediately not be impacted.

--jeremy
That is bad.
I also think the warning ought to mention that "this site has been known to link to a site which causes problems".
Good idea, poorly executed I think. Sadly.
Thanks for the hard work Jeremy.
 
1 members found this post helpful.
Old 02-04-2013, 01:40 PM   #38
etech3
Senior Member
 
Registered: Jul 2009
Location: Virginia
Distribution: Debian Stable Testing Sid Slackware CentOS
Posts: 1,055
Blog Entries: 2

Rep: Reputation: 44
Anyway of helping LinuxQuestions knock these down quicker?

I saw it this morning when I had just finished a new install of Debian Testing with a full blown Gnome DE. I was working on the bloat and needed to tweak the desktop. I did a google search and it popped up in the search results showing LQ as a possible bad site.

FWIW I trust LQ more than google, so I knew it had to be a ad somewhere.

I guess the best thing is to post when this is seen, but I was thinking about as a "third party viewer" if there was anything we as members of LQ could do to help.

Just my
 
Old 02-04-2013, 01:49 PM   #39
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 10,380

Rep: Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620
Quote:
Originally Posted by etech3 View Post
Anyway of helping LinuxQuestions knock these down quicker?
Unfortunately, no. It's just a waiting game now as "A review for this site is still being processed".

--jeremy
 
Old 02-04-2013, 02:03 PM   #40
ShadowCat8
Member
 
Registered: Nov 2004
Location: Arcadia, CA
Distribution: Gentoo, Arch, (RedHat4.x-9.x, FedoraCore 1.x-4.x, Debian Potato-Sarge, LFS 6.0, etc.)
Posts: 209

Rep: Reputation: 43
Greetings,

Well, for those that have encountered this with Chrome/Chromium, here's what I did to deal with it:
  1. First, I checked across Google's search engine for what exact hosts the links for openx.org, rumbaypelo.com & aboelaraby.com showed up on LQ using:
    Code:
    site:linuxquestions.org <questionable domain>
    and got hits for d1.openx.org, d1.rumbaypelo.com and community.ca.dc.openx.org. Unfortunately, I didn't get any hostname hits for aboelaraby.com. (But, that might be expected from what was stated above about it being a 3rd party link off the openx.org link.)
  2. Then, I added d1.openx.org, d1.rumbaypelo.com and aboelaraby.com, with an alias for community.ca.dc.openx.org into my /etc/hosts file as follows:
    Code:
    127.0.0.1       d1.rumbaypelo.com
    127.0.0.1       d1.openx.org    community.ca.dc.openx.org
    127.0.0.1       aboelaraby.com
  3. Then I went back to LQ.org via Chromium, clicked on the little "Advanced" link next to the "Go Back" button.
  4. That link expands to two links when you click on it; "Details about problems on this website" and "Proceed at your own risk".
  5. Clicked on "Proceed at your own risk" and here I am, posting this for others to use.

And as far as:
Quote:
Originally Posted by jeremy
The part that's extra frustrating in this case is that openx.org is already de-listed and we're not. I can see blocking an LQ pageview that has openx.org-related code on it, but IMHO we should not have been listed separately (we certainly shouldn't still be listed) and removing all openx.org related code should be enough for us to immediately not be impacted.
Maybe this will shed a little light on that:
Code:
developer1 ~ # host -a openx.org 206.13.29.12
Trying "openx.org"
Using domain server:
Name: 206.13.29.12
Address: 206.13.29.12#53
Aliases: 

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26822
;; flags: qr rd ra; QUERY: 1, ANSWER: 16, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;openx.org.			IN	ANY

;; ANSWER SECTION:
openx.org.		21600	IN	TXT	"v=spf1 ip4:173.241.240.0/20 ip6:2620:6C::/42 include:_spf.google.com include:mktomail.com ~all"
openx.org.		21600	IN	MX	10 aspmx3.googlemail.com.
openx.org.		21600	IN	MX	1 aspmx.l.google.com.
openx.org.		21600	IN	MX	5 alt1.aspmx.l.google.com.
openx.org.		21600	IN	MX	5 alt2.aspmx.l.google.com.
openx.org.		21600	IN	MX	10 aspmx2.googlemail.com.
openx.org.		21600	IN	SOA	ns1-208.akam.net. systems.openx.org. 2012121401 10800 3600 2678400 10800
openx.org.		20519	IN	A	208.43.79.58
openx.org.		21600	IN	NS	ns1-208.akam.net.
openx.org.		21600	IN	NS	asia3.akam.net.
openx.org.		21600	IN	NS	ns1-251.akam.net.
openx.org.		21600	IN	NS	use1.akam.net.
openx.org.		21600	IN	NS	asia1.akam.net.
openx.org.		21600	IN	NS	eur6.akam.net.
openx.org.		21600	IN	NS	eur5.akam.net.
openx.org.		21600	IN	NS	aus1.akam.net.

Received 495 bytes from 206.13.29.12#53 in 260 ms
developer1 ~ # host -a 208.43.79.58 206.13.29.12
Trying "58.79.43.208.in-addr.arpa"
Using domain server:
Name: 206.13.29.12
Address: 206.13.29.12#53
Aliases: 

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38978
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;58.79.43.208.in-addr.arpa.	IN	PTR

;; ANSWER SECTION:
58.79.43.208.in-addr.arpa. 3600	IN	PTR	208.43.79.58-static.reverse.softlayer.com.

Received 98 bytes from 206.13.29.12#53 in 88 ms
So, since openx.org is using Googlemail as (at least) one of their mail servers, that's probably why they got de-listed so quickly. :-/ Not sure that it's right, but it does seem to be what it is (at least according to SBCGlobal's DNS).

HTH.
 
1 members found this post helpful.
Old 02-04-2013, 02:16 PM   #41
newbiesforever
Senior Member
 
Registered: Apr 2006
Location: Glendale, AZ
Distribution: Distro-homeless. Lost.
Posts: 1,873

Rep: Reputation: 62
Quote:
Originally Posted by jeremy View Post
LQ is not currently serving malware. --jeremy
I didn't think so (although I briefly thought I had a malware site pretending to be LQ), and I assume most people didn't. But if LQ were infected with malware, wouldn't exclusive Linux users (not Linux/Windows dual-boot users) have less to worry about than Windows users?

Last edited by newbiesforever; 02-04-2013 at 02:18 PM.
 
Old 02-04-2013, 02:23 PM   #42
Andersen
Member
 
Registered: Dec 2008
Distribution: Slackware
Posts: 85

Rep: Reputation: 34
No more warnings here. Is LQ off the list now, or I just broke my browsers?
 
Old 02-04-2013, 02:27 PM   #43
codergeek
Member
 
Registered: Dec 2012
Posts: 52

Rep: Reputation: 7
@ newbiesforever

http://en.wikipedia.org/wiki/Linux_malware
 
Old 02-04-2013, 02:32 PM   #44
ShadowCat8
Member
 
Registered: Nov 2004
Location: Arcadia, CA
Distribution: Gentoo, Arch, (RedHat4.x-9.x, FedoraCore 1.x-4.x, Debian Potato-Sarge, LFS 6.0, etc.)
Posts: 209

Rep: Reputation: 43
This appears to be mostly squared away...

Just checked from a Google search in Chromium and got straight here, however there was an additional link below the Search result, like this:
Quote:
Originally Posted by Google Search Results for linuxquestions.org
LinuxQuestions.org
www.linuxquestions.org/
This site may harm your computer.
LinuxQuestions.org offers a free Linux forum where Linux newbies can ask questions and Linux experts can offer advice. Topics include security, installation, ...
So, a little more to go, but direct access is restored.

HTH.
 
1 members found this post helpful.
Old 02-04-2013, 02:34 PM   #45
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 10,380

Rep: Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620
Quote:
Originally Posted by Andersen View Post
No more warnings here. Is LQ off the list now, or I just broke my browsers?
I'm still showing that "A review for this site is still being processed. Please check back later." BUT, I can confirm that a default Chrome/FF install is no longer blocking the site.

--jeremy
 
2 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How do Google make money from "Google Chrome Web Browser" jijo_bose General 4 12-01-2010 03:49 AM
Telling people to use "Google," to "RTFM," or "Use the search feature" Ausar General 77 03-21-2010 11:26 AM
LXer: Google's "reported attack site" nonsense could lead to a Firefox boycott LXer Syndicated Linux News 0 09-27-2009 02:20 AM
LXer: Google Marked Every Site as "Harmful" This Morning LXer Syndicated Linux News 0 01-31-2009 01:50 PM
"dig mx" and "ping google" do not work when bind9 runs.. why? alexxxis Linux - Software 4 01-07-2007 03:16 AM


All times are GMT -5. The time now is 12:04 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration