[SOLVED] Google just said LQ was an "attack site".
LQ Suggestions & FeedbackDo you have a suggestion for this site or an idea that will make the site better? This forum is for you.
PLEASE READ THIS FORUM - Information and status updates will also be posted here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
It seams that openx.org, d1.rumbaypelo.com, and/or aboelaraby.com are culprits. So not the LQ directly but third-party links.
And that indeed is the problem. It's not the first time ad networks served malware or PUA but openx.{org,net} reputation is especially bad.
*Just for fun this is a diff of checking Google itself:
Code:
This site is not currently listed as suspicious.
- Part of this site was listed for suspicious activity 28 time(s) over the past 90 days.
+ Part of this site was listed for suspicious activity 29 time(s) over the past 90 days.
What happened when Google visited this site?
- Of the 670408 pages we tested on the site over the past 90 days, 109 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-02-03, and the last time suspicious content was found on this site was on 2013-02-03.
+ Of the 664546 pages we tested on the site over the past 90 days, 121 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-02-04, and the last time suspicious content was found on this site was on 2013-02-03.
- Malicious software includes 140 trojan(s), 10 virus, 8 scripting exploit(s). Successful infection resulted in an average of 4 new process(es) on the target machine.
+ Malicious software includes 134 trojan(s), 10 virus, 7 scripting exploit(s). Successful infection resulted in an average of 4 new process(es) on the target machine.
- Malicious software is hosted on 53 domain(s), including adsbyisocket.com/, imaginginsider.com/, dgsdfhsdfh.osa.pl/.
+ Malicious software is hosted on 55 domain(s), including adsbyisocket.com/, ads.zitaholdings.com/, imaginginsider.com/.
- 34 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including googleusercontent.com/, zegreenweb.com/, feedsportal.com/.
+ 42 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including googleusercontent.com/, zegreenweb.com/, feedsportal.com/.
This site was hosted on 145 network(s) including AS15169 (Google Internet Backbone), AS8359 (MTS), AS36040 (Bandaid XT+).
Has this site acted as an intermediary resulting in further distribution of malware?
- Over the past 90 days, google.com appeared to function as an intermediary for the infection of 23 site(s) including stroupecondoblog.com/, ow.ly/, www.jazaan.com.googlepages.com/.
+ Over the past 90 days, google.com appeared to function as an intermediary for the infection of 28 site(s) including stroupecondoblog.com/, ow.ly/, www.jazaan.com.googlepages.com/.
Has this site hosted malware?
- Yes, this site has hosted malicious software over the past 90 days. It infected 2 domain(s), including hahait.com/, tedaltenberg.com/.
+ Yes, this site has hosted malicious software over the past 90 days. It infected 1 domain(s), including tedaltenberg.com/.
As you can see it considers itself "not suspicious" even though it listed itself as suspect for about 30 out of 90 past days ;-p
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by DrLove73
It seams that openx.org, d1.rumbaypelo.com, and/or aboelaraby.com are culprits. So not the LQ directly but third-party links.
I was about to say that I guessed it was a link somewhere. Usually these warnings are because there's a post somewhere that's managed an XSS attack or something though I suspect here it may even just be somebody posting malicious links.
By the above I mean that I don't see this as a false positive and won't until I see it confirmed. Whilst I'm not entirely comfortable that Firefox using Google's listings isn't invading my privacy somehow, and I certainly don't trust or like Google much I don't think warning like this are a bad thing. I've seen enough legitimate sites host malicious code and/or links to prefer that "the man in the street" is warned of these things.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by webmastir
Does someone who maintains these forums know about this yet?
Yes:
Quote:
Originally Posted by jeremy
Looking at our Google Webmaster Tools account, this is definitely a mistake and LQ is not currently serving malware. I'm looking into it further now. Thanks for the heads up.
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,604
Rep:
As an update: I can confirm that LQ was not serving malware and that this was the result of one of our ad providers (OpenX). We've stopped using them to serve ads while they clear this up and have notified Google of this.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by FeyFre
That why I use Opera. It never gave me false alarms.
It's not a "false alarm" though. It was a legitimate warning that this site was serving pages from a compromised site.
In fact, were it not for the warning, it could be argued that nobody would have noticed until compromised adverts were hosted, making it much worse.
(Opera is a good browser though, I have to say)
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,604
Rep:
Quote:
Originally Posted by 273
It's not a "false alarm" though. It was a legitimate warning that this site was serving pages from a compromised site.
In fact, were it not for the warning, it could be argued that nobody would have noticed until compromised adverts were hosted, making it much worse.
(Opera is a good browser though, I have to say)
I'd consider it a false alarm in that LQ never served malware via the site in question, as we do not use the OpenX marketplace or allow any unknown third parties to serve ads at LQ. For them to block every site that uses an ad network because of a small number of rogue ads somewhere in the network seems extreme, especially considering how long it's taking to get LQ unlisted.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by jeremy
I'd consider it a false alarm in that LQ never served malware via the site in question, as we do not use the OpenX marketplace or allow any unknown third parties to serve ads at LQ. For them to block every site that uses an ad network because of a small number of rogue ads somewhere in the network seems extreme, especially considering how long it's taking to get LQ unlisted.
--jeremy
Sorry I hadn't realised it was a third-party of a third-party. Perhaps, then, google ought to spend more of their billions being a little more careful.
I wasn't suggesting that LQ were in any way responsible for malware, by the way, just that using adverts from someone who has been compromised at least lets you look at hosting their adverts again. It may cost you a lot of time and effort but if this isn't the first time they've been a problem at least it gives you a heads-up that they're perhaps not that great.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.