Most liked posts in thread: NAM Site Blocked as "ATTACK PAGE"

That's exactly how I'm feeling,and I'm still a MINI newbie!

 

I need to get something off my chest here...

I just read a post on NAM by a moderator that the cause of the issue they have been suffering from according to that persons understanding is that someone had posted a photo hosted on a site that was blacklisted by Google. Guilt by association one could say.

I gotta call BS on that.

Why...

1) This site, motoring|underground, MINI2, and a whole lot of Club sites would also be on Google's blacklist by now too. There were isolated reports that some people did get a warning on this and other sites. For this site I scoured the page that one member reported they saw the blocked message.

2) Google reported that the issue was on 9 different pages. An image would be on one page, if quoted a few times it might span over 2-3 pages. But 9 pages, even on a site with as many pages as NAM has it would be very rare that the same bad image would be in that many locations.

3) These same exploits were used on a LOT of other sites that use vBulletin. Want to read about it, I did...all 21 pages Security issue - vBulletin SEO Forums BTW, NAM updated the vBSEO product since Sunday. I checked the version they were running there Sunday AM when I first saw "the troubles" and then checked a few times over the past few days. Now I see the latest version that addresses certain security issues has been installed. If you scroll to the bottom of the page there you will see "Search Engine Friendly URLs by vBSEO 3.5.2" As of Sunday morning they were on 3.2. As IB does about nothing to update that site, they still are on vB 3.6.1 when 3.8.6 is out, and they OWN vBulletin.

4) The moderator also stated that no one was at risk. I visited the site on Monday. My A/V tool, Esat, reported this. Direct from quarantine log.

10/11/2010 4:18:15 PM HTTP filter file http:/(broken)/2304.in/ep.php?i=1 a variant of Win32/Kryptik.AJD trojan connection terminated - quarantined Speedy\Nathan Threat was detected upon access to web by the application: C:\Program Files (x86)\Java\jre6\bin\java.exe.

We have the time, the scanner type (HTTP filter), object (file) Name of linked source were I broke the URL above, the threat and action, computer name/logged in user and some information about where the nasty was found to trying to gain access.

What we have here is yet another example of a big corp owned site that is spinning "the trouble" to make themselves look better. This stuff happens to us all. It happened here. See this post. It's happened to some of the biggest forums out there, and people wonder why I left there to start M/A.

So why are they still listed on Google's Blacklist at this time if it has been cleaned? Looks to me that Google is taking it own sweet time in de-listing the site.

 

Too bad the error doesn't show a list of other similar sites you could visit instead and have this one first! :lol:

 

We already know they do a lot of truth bending over there... Now we know it even more.

The longer they are down, the better MA looks. Here's to hoping they are down for a bit, not that MA needs the help.

 

Thank you, sir! I'm have a pretty good time :beer

 

And we thank you for starting M/A Nathan!

 

+2!! Here's to you! :beer

 

I'll drink to that.

Jim

 

Oh Lordy! This could turn into a praise Nathan thread.

(Not that we don't already, right?)

Yeah, M/A!

 

Wow...going on Day 5.

From the Google Safe Browsing Diagnostic Page today...I added the bold.

In the bottom right corner of the report as of 8:13 AM CT

A bad image...yeah right.

For those interested in more about how Google does all this please see About malware and hacked sites - Webmaster Tools Help

 

I need some info here. I use google now, but when I made some of my "favorites" I believe it was while searching with "Bing". I get no warning, so is that because I did not save them using "Google"?

Jim

 

The warning being displayed or not is browser dependent. Chrome, Opera, Firefox and Safari all check the Google Blacklist before sending you off to the site. Internet Explorer does not. You can get to the site via IE with no warnings and being that over all IE has 49% of the total browser market according to wikipedia then about 1/2 the people are wondering...what message.

 

.....wondering what happened to their computer afterwards.

 

IE would not want to be bothered with their end users getting malware installed using their software, how so very inconvenient

Another ringing endorsement for Chrome, Firefox, Safari, etc

 

On the top corner of the Google page it asks if I want to download Chrome. Can I do that and not mess up anything already on my computer?

Jim

 

Yes.

Any of the above mentioned browser can be added with no ill effects.

I use them all with Firefox being the workhorse.

 

Get ready for a most pleasurable internet experience

Only reason I mainly use Chrome over Firefox is I *understand* that Chrome is a bit more secure than Firefox. That may have been some Microsoft FUD

 

Thanks. Chrome is now loaded and it is quick. It is taking a few minutes to get use to the set up, but I like it and the "spell chick" is cool.

Jim