#Login Register
Digital Photography Forums
Shuttertalk malicious!?
  • 0 Vote(s) - 0 Average


Feb 7, 2009, 05:04 #1
pendulum15 Junior Member **
Status: Offline Posts:21 Threads:3 Joined:Dec 2008 Reputation: 0
Firefox is now giving me this message when I go here

Safe Browsing
Diagnostic page for shuttertalk.com

What is the current listing status for shuttertalk.com?

Site is listed as suspicious - visiting this web site may harm your computer.

What happened when Google visited this site?

Of the 12 pages we tested on the site over the past 90 days, 3 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-02-06, and the last time suspicious content was found on this site was on 2009-02-06.

Malicious software includes 3 scripting exploit(s), 2 bot(s), 2 adware(s). Successful infection resulted in an average of 3 new processes on the target machine.

Malicious software is hosted on 4 domain(s), including newprogress.tv/, wuorz.cn/, computerquickscanner.com/.

1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including analys.in/.

This site was hosted on 1 network(s) including AS26347 (DREAMHOST).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, shuttertalk.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

* Return to the previous page.
* If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.

Hmm, that can't be good Sad


Feb 7, 2009, 10:44 #2
EnglishBob AKA Craig *****
Status: Offline Posts:3,425 Threads:211 Joined:Oct 2004 Reputation: 8
None of the addresses mentioned are this site, so I think it may be one of the sites we get a news feed or ad feed from.

I think we all know that Jules wouldn't allow anything malicious on his baby!

Feb 7, 2009, 14:26 #3
shuttertalk Shuttertalker *******
Status: Offline Posts:9,733 Threads:1,965 Joined:May 2004 Reputation: 6
Hey guys, I noticed that too - it started happening as of yesterday. Sad

A while back we found that someone had gained access to our site and inserted some malicious code in some of the pages. I thought that I had cleaned everything up, but looks like I missed something. I found the one they were referring to last night (it was sneakily embedded in an external javascript file) so hopefully that will fix it.

What the code does - it creates an invisible iframe that loads an external site - usually it's advertising, but could be something more sinister. Anyway if you use security software on your computer you should be pretty safe - if you haven't installed some already, I would advise everyone to install spyware and malware, blockers and perform your scans regularly.

If it is any consolation, the affected portions of the site were the front page and the article pages, so the forums are not affected.

In terms of the warning that pops up, I've resubmitted our site to be reviewed, but the process takes up to 6 weeks so it could continue to display the warnings even though the site is clean.


Again, sincere apologies for the inconvenience to everyone. If you need further information on anything, feel free to get in touch with me via email or PM.

Jules

Feb 8, 2009, 04:28 #4
Polly Senior Member ****
Status: Offline Posts:703 Threads:20 Joined:Aug 2004 Reputation: 0
I got the warning too - using Firefox. I eventually decided to click on "ignore this message" so that I could get into the forums and warn you about it. It seems you already know and are dealing with it though, so that's ok.Wink

BTW - I hope all is well your end and none of you are seriously affected by those dreadful wildfires!

Pol

Feb 8, 2009, 14:35 #5
Polly Senior Member ****
Status: Offline Posts:703 Threads:20 Joined:Aug 2004 Reputation: 0
Julian,

I've been talking to NT on another forum and he tells me he can get in to read the forums after clicking the 'ignore this warning' link on the alert. However, he can't post after he gets here. He's using the Safari browser.

So I popped in to let you know, initially using Firefox. Firefox let me in after I click 'ignore this warning' but when I tried to post it just took me back to the alert warning. It seems I can only get in AND post if I use IE7.

I'm now wondering how many other people are having problems either getting in or being able to post if they finally manage to get here. Maybe it might be a good idea to try various browsers yourself and see what happens?

Polly

Feb 8, 2009, 16:37 #6
EnglishBob AKA Craig *****
Status: Offline Posts:3,425 Threads:211 Joined:Oct 2004 Reputation: 8
I am posting using firefox.... I went into the options and switched off the blocking.


Feb 8, 2009, 18:29 #7
shuttertalk Shuttertalker *******
Status: Offline Posts:9,733 Threads:1,965 Joined:May 2004 Reputation: 6
Hi Pol, thanks for your insights. Like Craig, I had to disable the blocking as well:

Under Tools > Options> Security: uncheck:
Tell me if the site I'm visiting is a suspected attack site.

This will disable blocking for all sites you visit though - so do this only if you are comfortable with this.

I submitted a request for review with Google yesterday, after cleaning up the badware, and they came back saying that one page is still infected (shuttertalk.com/phpBB2/). However the page that they're referring to was deleted a few weeks back so I suspect that Google is reviewing the site based on pages cached in their index. Anyway I've sent off another review request so hopefully all this can be all cleared up soon.

Again, I apologise for the inconvenience...

Feb 9, 2009, 07:29 #8
slejhamer Posting Freak *****
Status: Offline Posts:1,716 Threads:125 Joined:Aug 2004 Reputation: 0
So it's google that reports the problem, not firefox? Why does firefox block it but not iexplorer? Me confused. Does it clear up on it's own later? I really don't want to relax any security settings in firefox if it is catching actual problems ... I find it troubling that a google search of shuttertalk says "this site may harm your computer" yet iexporer doesn't hesitate to take me there ...

Also there seems to be an issue with banner ads. The inch-high one beneath the first post in a thread will sometimes float on top of the post, rather than below it. Minor annoyance; goes away after a page refresh. Could be a little bug in the forum software. I've seen it on two different machines, with both firefox and iexplorer. Anyone else seen that?

Feb 9, 2009, 08:43 #9
EnglishBob AKA Craig *****
Status: Offline Posts:3,425 Threads:211 Joined:Oct 2004 Reputation: 8
I don't see the banner ads period, Adlock for firefox takes care of that (Sorry Josh)

I have 3 different programs that block spyware adn malicious code, I don't need firefox as well.

Feb 9, 2009, 09:24 #10
slejhamer Posting Freak *****
Status: Offline Posts:1,716 Threads:125 Joined:Aug 2004 Reputation: 0
Here's an example of the ad floating over the first post in a thread:

[Image: floatingad.jpg]

It seems to happen randomly. Normally that ad would be below the first post, not on top of it.

Feb 9, 2009, 13:05 #11
Polly Senior Member ****
Status: Offline Posts:703 Threads:20 Joined:Aug 2004 Reputation: 0
slejhamer Wrote:Also there seems to be an issue with banner ads. The inch-high one beneath the first post in a thread will sometimes float on top of the post, rather than below it. Minor annoyance; goes away after a page refresh. Could be a little bug in the forum software. I've seen it on two different machines, with both firefox and iexplorer. Anyone else seen that?
No. I've never seen any of those ads here in ST.

Jules, I've spoken to NT again but he's not keen to mess with anything as he's still getting used to his new 'puter (the Mac). He says he'll have one more try to get in with Safari. If he can't manage he says he'll just wait until Google reviews the site and clears it.

Pol


Feb 9, 2009, 19:06 #12
shuttertalk Shuttertalker *******
Status: Offline Posts:9,733 Threads:1,965 Joined:May 2004 Reputation: 6
Hey guys, just to clarify - google works in conjunction with a central repository for malicious sites - such as stopbadware.org, which supplies it data concerning malicious sites. When a site is reported as malicious by stopbadware.org, google also puts up the warning in the search results. Some applications, such as firefox, IE7, and some spyware software also get their data from that repository or a similar database - and display warnings as such.

So until we can get google or stopbadware.org to re-review the site and remove the warning, these messages will keep popping up, unfortunately.

@Pol - regarding NT - if he's not comfortable returning until the warning are cleared, I totally understand.

@slej - interesting - I've never seen that before. What browser are you using? Firefox? Also does it appear on certain pages only? If you reload the page, does it keep happening?

Feb 10, 2009, 08:08 #13
slejhamer Posting Freak *****
Status: Offline Posts:1,716 Threads:125 Joined:Aug 2004 Reputation: 0
shuttertalk Wrote:@slej - interesting - I've never seen that before. What browser are you using? Firefox? Also does it appear on certain pages only? If you reload the page, does it keep happening?
Hey Jules; it's happening in both Firefox and i-Explorer. Seems random, every few pages or so that I click, and reloading usually clears it up ... until it happens again on a new page.

It's almost like the banner gets a placeholder in that split-second before the image appears, and then instead of getting bumped down it just hangs there.

Also, it does not seem to happen on revisits to the same page, which I assume is because everything is cached at that point.

Feb 12, 2009, 13:11 #14
NT73 Posting Freak *****
Status: Offline Posts:3,291 Threads:306 Joined:Jan 2006 Reputation: 0
Thanks for all your hard work Julian, I am back and no problems/blocks/Google or Safari messages/ today.
Looks like they have cleared it all. Smile Smile

Thanks to Pol, also for keeping me up to date via other forum. Wink Smile

Lumix LX5.
Canon 350 D.+ 18-55 Kit lens + Tamron 70-300 macro. + Canon 50mm f1.8 + Manfrotto tripod, in bag.

Feb 12, 2009, 14:03 #15
shuttertalk Shuttertalker *******
Status: Offline Posts:9,733 Threads:1,965 Joined:May 2004 Reputation: 6
Wooo! Thank goodness they cleared it... Big Grin

Welcome back NT and everyone else....

Apologies again for any inconvenience caused...

Feb 13, 2009, 02:22 #16
Polly Senior Member ****
Status: Offline Posts:703 Threads:20 Joined:Aug 2004 Reputation: 0
NT73 Wrote:Thanks for all your hard work Julian, I am back and no problems/blocks/Google or Safari messages/ today.
Looks like they have cleared it all. Smile Smile

Thanks to Pol, also for keeping me up to date via other forum. Wink Smile
Yo NT. Nice to see you made it safely back into here again. Wink

Jules - the site suddenly came back to normal yesterday afternoon, uk time. Cool

Pol


Feb 13, 2009, 08:11 #17
NT73 Posting Freak *****
Status: Offline Posts:3,291 Threads:306 Joined:Jan 2006 Reputation: 0
All clear today as well. ........ woo ooooooo woo ooooooo (War time siren sound) Tongue

Lumix LX5.
Canon 350 D.+ 18-55 Kit lens + Tamron 70-300 macro. + Canon 50mm f1.8 + Manfrotto tripod, in bag.






Forum Jump:


Possibly Related Threads...
Thread / Author Replies / Views Last Post
22 Replies 3,701 Views
Last Post by Jocko
May 8, 2016, 20:50
5 Replies 1,702 Views
Last Post by admiralsfan
Feb 27, 2012, 16:52
18 Replies 12,760 Views
Last Post by admiralsfan
Feb 27, 2012, 16:44

Users browsing this thread:
1 Guest(s)