Attack Site?

[sleeping]

Firefox is telling me Farktography.net is an attack site now. Did we decide to attack someone?

If so, why wasn’t I informed (I could have helped)?

[lokisbong]

I am having the same problem and the only change today was adblock updated itself.

[swampa]

I had this problem too*. I don’t have adblock so I assume someone has dobbed this site into whatever authority manages the attack site list.

* I have turned off the advise attack sites option just so I can browse here without having to hit ignore each time.

[nobigdeal]

From the Googles…

Safe Browsing
Diagnostic page for farktography.net

What is the current listing status for farktography.net?

Site is listed as suspicious – visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 2 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-08-12, and the last time suspicious content was found on this site was on 2009-08-12.

Malicious software is hosted on 1 domain(s), including gcounter.cn/.

This site was hosted on 1 network(s) including AS8560 (SCHLUND).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, farktography.net did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

* Return to the previous page.
* If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google’s Webmaster Help Center.

[clouddancer]

Yeah, the attack thing is annoying. Guess I’ll be sure to not go porn surfing today. 😆

Stupid thing wouldn’t let me log in, even though I tried, and it kept popping up every link. Maybe I shouldn’t visit while at work any more, or at least not on that machine anyway. (I work at home and have a KVM so all I really have to do is switch back, but I don’t like doing that too much).

I hope this gets fixed soon!

[Elsinore]

Yeah I commented in this week’s theme thread and on the Fark thread itself, but Zeke has scoured our code and can find no evidence of what Google is talking about. They suggest there’s been a third party insertion, but nothing of the kind is evident on our site. He has contacted the site host, and he has also contacted Google to request they stand down. They have apparently not responded as yet…

And can I just say how much I hate how Google handles this sort of thing? Lock something down first and ask questions later, and then only if someone brings it up to them, and THEN only in their sweet time.

[swampa]

Lies!!! We know you and Zeke have added code to take over our computer. Did you think we wouldn’t notice with you claiming victory last week and Zeke winning this week?? Coincidence? I think not! We are all now part of the Zekenore bot net.

/Adjusts tin-foil hat
//Just kidding 🙂

[bucky_bacon]

Fwiw I use McAfee SiteAdvisor, it’s reporting no issues. So hopefully it’s just a Google issue and it gets resolved. Although I believe they test a site initially and that’s that on their part.

And swampa, let’s be fair. This week’s contest isn’t over yet.

Technically…

Yes it is… 🙁 Congrats Zeke!

[zeke]

Thanks bucky_bacon, but it’s definitely not over yet — at the moment we’re tied. Hang in there 🙂

[zeke]

Now, on to the update. Thanks to the assistance of one of Elsinore’s Fark contacts, we DID find an embedded iframe linked to gcounter.cn, just as google was saying. The kicker is it only showed up if you did NOT have a browser cookie from farktography.net. It has been removed, and a request submitted to google to rescan the site to get rid of the ugly red ZOMG FT’S BEEN HACKED page that firefox splashes up. So hopefully that aspect will be taken care of soon.

I’ve been able to narrow down when it happened — the modification was made sometime between the Monday night backup at 11pm eastern and the Tuesday night backup (also at 11pm). I’m still trying to determine if the hack occurred through our site to see if we’ve got a problem, or if the host itself was compromised and we were hit from inside.

What does this mean? Well, if you’ve been logged in the entire time from before 11pm on Monday, you’re completely safe. That is also probably why bucky_bacon didnt see anything with SiteAdvisor. However, if you’ve had to log in, visited the site for the first time, or signed up since Monday night at 11pm, you may be at risk, and I would strongly recommend running a virus check on your machine. It looks like gcounter.cn also dropped a browser cookie, so that’s a quick way to check (but not necessarily definitive). If you have a cookie in your browser from gcounter.cn, run an AV scan ASAP.

More to come, I’m still digging through logs.

[Elsinore]

Lies!!! We know you and Zeke have added code to take over our computer. Did you think we wouldn’t notice with you claiming victory last week and Zeke winning this week?? Coincidence? I think not! We are all now part of the Zekenore bot net.

/Adjusts tin-foil hat
//Just kidding 🙂

LOL!!!! “Zekenore”…that’s hilarious! You owe me a new keyboard, though 😉

[orionid]

Wow… the things you miss on vacation. 😉

[clouddancer]

Is it fixed? I seem to be getting in without even a glimmer of a message.

[Elsinore]

Yep, they’ve finally cleared it. Huzzah!

[nobigdeal]

Now, on to the update. Thanks to the assistance of one of Elsinore’s Fark contacts, we DID find an embedded iframe linked to gcounter.cn, just as google was saying. The kicker is it only showed up if you did NOT have a browser cookie from farktography.net. It has been removed, and a request submitted to google to rescan the site to get rid of the ugly red ZOMG FT’S BEEN HACKED page that firefox splashes up. So hopefully that aspect will be taken care of soon.

I’ve been able to narrow down when it happened — the modification was made sometime between the Monday night backup at 11pm eastern and the Tuesday night backup (also at 11pm). I’m still trying to determine if the hack occurred through our site to see if we’ve got a problem, or if the host itself was compromised and we were hit from inside.

What does this mean? Well, if you’ve been logged in the entire time from before 11pm on Monday, you’re completely safe. That is also probably why bucky_bacon didnt see anything with SiteAdvisor. However, if you’ve had to log in, visited the site for the first time, or signed up since Monday night at 11pm, you may be at risk, and I would strongly recommend running a virus check on your machine. It looks like gcounter.cn also dropped a browser cookie, so that’s a quick way to check (but not necessarily definitive). If you have a cookie in your browser from gcounter.cn, run an AV scan ASAP.

More to come, I’m still digging through logs.

FWIW after I posted my shots on Wednesday I left the site for a while, when I came back around 11pm I was logged out. I had not logged out, and every time I closed the page and reopened I was logged out until Thursday morning. I had the offending cookie on my laptop but AV & spyware software found nothing.

My work machine which hasn’t been on the site in a couple months was still logged in and has no suspicious cookies.

[Author]

Posts