LinuxQuestions.org
Page 3 of 5 12 3 45
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   LQ Suggestions & Feedback (https://www.linuxquestions.org/questions/lq-suggestions-and-feedback-7/)
-   -   Google just said LQ was an "attack site". (https://www.linuxquestions.org/questions/lq-suggestions-and-feedback-7/google-just-said-lq-was-an-attack-site-4175448518/)

Aquarius_Girl 02-04-2013 11:42 AM
The IT people in my company today "blocked LQ" since FortiGuard reported it as a malware site. :(
I guess I'll have to talk to them now!

Post 20 shows a new smilie BTW! ;-)

folkenfanel 02-04-2013 12:14 PM
Suggestion for a suggestion
 
If LQ is clean, but a third-party hired by a third-party is not, why does Firefox say LQ is patient zero?

Shouldn't it be some sort of "yellow warning" indicating that a third-party site is doing something unusual?

Outsourcing might be always good from a business perspective, but definitely not from a technical one. And to mitigate its bad side effects, shouldn't we suggest a patch for a Firefox "yellow warning" instead of a red one telling me basically LQ is some sort of cholera x variola x ebola?

jeremy 02-04-2013 12:16 PM
It doesn't:

Quote:
Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.
and

Quote:
1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including openx.org/.
--jeremy

273 02-04-2013 12:23 PM
Far as I can tell the Google warning was helpful. Of course they could do better to help Jeremy but as far as protecting the users I think the false positive was worth it. The internet is too full of XSS and other attacks to be blasé about this. A site which LQ uses to serve adverts was compromised.
New users to the internet ought to be told that these warnings are real as a fire alarm. Personally I'm sick of SPAM and other rubbish because not enough sites are reported and people don't take these things seriously enough.

jeremy 02-04-2013 12:27 PM
The part that's extra frustrating in this case is that openx.org is already de-listed and we're not. I can see blocking an LQ pageview that has openx.org-related code on it, but IMHO we should not have been listed separately (we certainly shouldn't still be listed) and removing all openx.org related code should be enough for us to immediately not be impacted.

--jeremy

codergeek 02-04-2013 12:34 PM
I knew that LQ is safe and I continue to enter the site. I figure it was an error on google or something. Anyway, I ran clamav on my home directory and the /tmp folder. I had zero infested files in both directories.

273 02-04-2013 12:38 PM
Quote:
Originally Posted by jeremy (Post 4884260)
The part that's extra frustrating in this case is that openx.org is already de-listed and we're not. I can see blocking an LQ pageview that has openx.org-related code on it, but IMHO we should not have been listed separately (we certainly shouldn't still be listed) and removing all openx.org related code should be enough for us to immediately not be impacted.

--jeremy
That is bad.
I also think the warning ought to mention that "this site has been known to link to a site which causes problems".
Good idea, poorly executed I think. Sadly.
Thanks for the hard work Jeremy.

etech3 02-04-2013 01:40 PM
Anyway of helping LinuxQuestions knock these down quicker?

I saw it this morning when I had just finished a new install of Debian Testing with a full blown Gnome DE. I was working on the bloat and needed to tweak the desktop. I did a google search and it popped up in the search results showing LQ as a possible bad site.

FWIW I trust LQ more than google, so I knew it had to be a ad somewhere.

I guess the best thing is to post when this is seen, but I was thinking about as a "third party viewer" if there was anything we as members of LQ could do to help.

Just my :twocents:

jeremy 02-04-2013 01:49 PM
Quote:
Originally Posted by etech3 (Post 4884300)
Anyway of helping LinuxQuestions knock these down quicker?
Unfortunately, no. It's just a waiting game now as "A review for this site is still being processed".

--jeremy

ShadowCat8 02-04-2013 02:03 PM
Greetings,

Well, for those that have encountered this with Chrome/Chromium, here's what I did to deal with it:
  1. First, I checked across Google's search engine for what exact hosts the links for openx.org, rumbaypelo.com & aboelaraby.com showed up on LQ using:
    Code:
    site:linuxquestions.org <questionable domain>
    and got hits for d1.openx.org, d1.rumbaypelo.com and community.ca.dc.openx.org. Unfortunately, I didn't get any hostname hits for aboelaraby.com. (But, that might be expected from what was stated above about it being a 3rd party link off the openx.org link.)
  2. Then, I added d1.openx.org, d1.rumbaypelo.com and aboelaraby.com, with an alias for community.ca.dc.openx.org into my /etc/hosts file as follows:
    Code:
    127.0.0.1      d1.rumbaypelo.com
    127.0.0.1      d1.openx.org    community.ca.dc.openx.org
    127.0.0.1      aboelaraby.com
  3. Then I went back to LQ.org via Chromium, clicked on the little "Advanced" link next to the "Go Back" button.
  4. That link expands to two links when you click on it; "Details about problems on this website" and "Proceed at your own risk".
  5. Clicked on "Proceed at your own risk" and here I am, posting this for others to use.

And as far as:
Quote:
Originally Posted by jeremy
The part that's extra frustrating in this case is that openx.org is already de-listed and we're not. I can see blocking an LQ pageview that has openx.org-related code on it, but IMHO we should not have been listed separately (we certainly shouldn't still be listed) and removing all openx.org related code should be enough for us to immediately not be impacted.
Maybe this will shed a little light on that:
Code:
developer1 ~ # host -a openx.org 206.13.29.12
Trying "openx.org"
Using domain server:
Name: 206.13.29.12
Address: 206.13.29.12#53
Aliases:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26822
;; flags: qr rd ra; QUERY: 1, ANSWER: 16, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;openx.org.                        IN        ANY

;; ANSWER SECTION:
openx.org.                21600        IN        TXT        "v=spf1 ip4:173.241.240.0/20 ip6:2620:6C::/42 include:_spf.google.com include:mktomail.com ~all"
openx.org.                21600        IN        MX        10 aspmx3.googlemail.com.
openx.org.                21600        IN        MX        1 aspmx.l.google.com.
openx.org.                21600        IN        MX        5 alt1.aspmx.l.google.com.
openx.org.                21600        IN        MX        5 alt2.aspmx.l.google.com.
openx.org.                21600        IN        MX        10 aspmx2.googlemail.com.
openx.org.                21600        IN        SOA        ns1-208.akam.net. systems.openx.org. 2012121401 10800 3600 2678400 10800
openx.org.                20519        IN        A        208.43.79.58
openx.org.                21600        IN        NS        ns1-208.akam.net.
openx.org.                21600        IN        NS        asia3.akam.net.
openx.org.                21600        IN        NS        ns1-251.akam.net.
openx.org.                21600        IN        NS        use1.akam.net.
openx.org.                21600        IN        NS        asia1.akam.net.
openx.org.                21600        IN        NS        eur6.akam.net.
openx.org.                21600        IN        NS        eur5.akam.net.
openx.org.                21600        IN        NS        aus1.akam.net.

Received 495 bytes from 206.13.29.12#53 in 260 ms
developer1 ~ # host -a 208.43.79.58 206.13.29.12
Trying "58.79.43.208.in-addr.arpa"
Using domain server:
Name: 206.13.29.12
Address: 206.13.29.12#53
Aliases:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38978
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;58.79.43.208.in-addr.arpa.        IN        PTR

;; ANSWER SECTION:
58.79.43.208.in-addr.arpa. 3600        IN        PTR        208.43.79.58-static.reverse.softlayer.com.

Received 98 bytes from 206.13.29.12#53 in 88 ms
So, since openx.org is using Googlemail as (at least) one of their mail servers, that's probably why they got de-listed so quickly. :-/ Not sure that it's right, but it does seem to be what it is (at least according to SBCGlobal's DNS).

HTH.

newbiesforever 02-04-2013 02:16 PM
Quote:
Originally Posted by jeremy (Post 4883909)
LQ is not currently serving malware. --jeremy
I didn't think so (although I briefly thought I had a malware site pretending to be LQ), and I assume most people didn't. But if LQ were infected with malware, wouldn't exclusive Linux users (not Linux/Windows dual-boot users) have less to worry about than Windows users?

Andersen 02-04-2013 02:23 PM
No more warnings here. Is LQ off the list now, or I just broke my browsers? :)

codergeek 02-04-2013 02:27 PM
@ newbiesforever

http://en.wikipedia.org/wiki/Linux_malware

ShadowCat8 02-04-2013 02:32 PM
This appears to be mostly squared away...

Just checked from a Google search in Chromium and got straight here, however there was an additional link below the Search result, like this:
Quote:
Originally Posted by Google Search Results for linuxquestions.org
LinuxQuestions.org
www.linuxquestions.org/
This site may harm your computer.
LinuxQuestions.org offers a free Linux forum where Linux newbies can ask questions and Linux experts can offer advice. Topics include security, installation, ...
So, a little more to go, but direct access is restored.

HTH.

jeremy 02-04-2013 02:34 PM
Quote:
Originally Posted by Andersen (Post 4884323)
No more warnings here. Is LQ off the list now, or I just broke my browsers? :)
I'm still showing that "A review for this site is still being processed. Please check back later." BUT, I can confirm that a default Chrome/FF install is no longer blocking the site.

--jeremy


All times are GMT -5. The time now is 03:12 AM.
Page 3 of 5 12 3 45
Show 50 post(s) from this thread on one page