[SOLVED] Google just said LQ was an "attack site".
LQ Suggestions & FeedbackDo you have a suggestion for this site or an idea that will make the site better? This forum is for you.
PLEASE READ THIS FORUM - Information and status updates will also be posted here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
If LQ is clean, but a third-party hired by a third-party is not, why does Firefox say LQ is patient zero?
Shouldn't it be some sort of "yellow warning" indicating that a third-party site is doing something unusual?
Outsourcing might be always good from a business perspective, but definitely not from a technical one. And to mitigate its bad side effects, shouldn't we suggest a patch for a Firefox "yellow warning" instead of a red one telling me basically LQ is some sort of cholera x variola x ebola?
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Far as I can tell the Google warning was helpful. Of course they could do better to help Jeremy but as far as protecting the users I think the false positive was worth it. The internet is too full of XSS and other attacks to be blasé about this. A site which LQ uses to serve adverts was compromised.
New users to the internet ought to be told that these warnings are real as a fire alarm. Personally I'm sick of SPAM and other rubbish because not enough sites are reported and people don't take these things seriously enough.
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,604
Rep:
The part that's extra frustrating in this case is that openx.org is already de-listed and we're not. I can see blocking an LQ pageview that has openx.org-related code on it, but IMHO we should not have been listed separately (we certainly shouldn't still be listed) and removing all openx.org related code should be enough for us to immediately not be impacted.
I knew that LQ is safe and I continue to enter the site. I figure it was an error on google or something. Anyway, I ran clamav on my home directory and the /tmp folder. I had zero infested files in both directories.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by jeremy
The part that's extra frustrating in this case is that openx.org is already de-listed and we're not. I can see blocking an LQ pageview that has openx.org-related code on it, but IMHO we should not have been listed separately (we certainly shouldn't still be listed) and removing all openx.org related code should be enough for us to immediately not be impacted.
--jeremy
That is bad.
I also think the warning ought to mention that "this site has been known to link to a site which causes problems".
Good idea, poorly executed I think. Sadly.
Thanks for the hard work Jeremy.
Anyway of helping LinuxQuestions knock these down quicker?
I saw it this morning when I had just finished a new install of Debian Testing with a full blown Gnome DE. I was working on the bloat and needed to tweak the desktop. I did a google search and it popped up in the search results showing LQ as a possible bad site.
FWIW I trust LQ more than google, so I knew it had to be a ad somewhere.
I guess the best thing is to post when this is seen, but I was thinking about as a "third party viewer" if there was anything we as members of LQ could do to help.
Well, for those that have encountered this with Chrome/Chromium, here's what I did to deal with it:
First, I checked across Google's search engine for what exact hosts the links for openx.org, rumbaypelo.com & aboelaraby.com showed up on LQ using:
Code:
site:linuxquestions.org <questionable domain>
and got hits for d1.openx.org, d1.rumbaypelo.com and community.ca.dc.openx.org. Unfortunately, I didn't get any hostname hits for aboelaraby.com. (But, that might be expected from what was stated above about it being a 3rd party link off the openx.org link.)
Then, I added d1.openx.org, d1.rumbaypelo.com and aboelaraby.com, with an alias for community.ca.dc.openx.org into my /etc/hosts file as follows:
Then I went back to LQ.org via Chromium, clicked on the little "Advanced" link next to the "Go Back" button.
That link expands to two links when you click on it; "Details about problems on this website" and "Proceed at your own risk".
Clicked on "Proceed at your own risk" and here I am, posting this for others to use.
And as far as:
Quote:
Originally Posted by jeremy
The part that's extra frustrating in this case is that openx.org is already de-listed and we're not. I can see blocking an LQ pageview that has openx.org-related code on it, but IMHO we should not have been listed separately (we certainly shouldn't still be listed) and removing all openx.org related code should be enough for us to immediately not be impacted.
Maybe this will shed a little light on that:
Code:
developer1 ~ # host -a openx.org 206.13.29.12
Trying "openx.org"
Using domain server:
Name: 206.13.29.12
Address: 206.13.29.12#53
Aliases:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26822
;; flags: qr rd ra; QUERY: 1, ANSWER: 16, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;openx.org. IN ANY
;; ANSWER SECTION:
openx.org. 21600 IN TXT "v=spf1 ip4:173.241.240.0/20 ip6:2620:6C::/42 include:_spf.google.com include:mktomail.com ~all"
openx.org. 21600 IN MX 10 aspmx3.googlemail.com.
openx.org. 21600 IN MX 1 aspmx.l.google.com.
openx.org. 21600 IN MX 5 alt1.aspmx.l.google.com.
openx.org. 21600 IN MX 5 alt2.aspmx.l.google.com.
openx.org. 21600 IN MX 10 aspmx2.googlemail.com.
openx.org. 21600 IN SOA ns1-208.akam.net. systems.openx.org. 2012121401 10800 3600 2678400 10800
openx.org. 20519 IN A 208.43.79.58
openx.org. 21600 IN NS ns1-208.akam.net.
openx.org. 21600 IN NS asia3.akam.net.
openx.org. 21600 IN NS ns1-251.akam.net.
openx.org. 21600 IN NS use1.akam.net.
openx.org. 21600 IN NS asia1.akam.net.
openx.org. 21600 IN NS eur6.akam.net.
openx.org. 21600 IN NS eur5.akam.net.
openx.org. 21600 IN NS aus1.akam.net.
Received 495 bytes from 206.13.29.12#53 in 260 ms
developer1 ~ # host -a 208.43.79.58 206.13.29.12
Trying "58.79.43.208.in-addr.arpa"
Using domain server:
Name: 206.13.29.12
Address: 206.13.29.12#53
Aliases:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38978
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;58.79.43.208.in-addr.arpa. IN PTR
;; ANSWER SECTION:
58.79.43.208.in-addr.arpa. 3600 IN PTR 208.43.79.58-static.reverse.softlayer.com.
Received 98 bytes from 206.13.29.12#53 in 88 ms
So, since openx.org is using Googlemail as (at least) one of their mail servers, that's probably why they got de-listed so quickly. :-/ Not sure that it's right, but it does seem to be what it is (at least according to SBCGlobal's DNS).
I didn't think so (although I briefly thought I had a malware site pretending to be LQ), and I assume most people didn't. But if LQ were infected with malware, wouldn't exclusive Linux users (not Linux/Windows dual-boot users) have less to worry about than Windows users?
Last edited by newbiesforever; 02-04-2013 at 02:18 PM.
Just checked from a Google search in Chromium and got straight here, however there was an additional link below the Search result, like this:
Quote:
Originally Posted by Google Search Results for linuxquestions.org
LinuxQuestions.org www.linuxquestions.org/ This site may harm your computer.
LinuxQuestions.org offers a free Linux forum where Linux newbies can ask questions and Linux experts can offer advice. Topics include security, installation, ...
So, a little more to go, but direct access is restored.
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,604
Rep:
Quote:
Originally Posted by Andersen
No more warnings here. Is LQ off the list now, or I just broke my browsers?
I'm still showing that "A review for this site is still being processed. Please check back later." BUT, I can confirm that a default Chrome/FF install is no longer blocking the site.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.