Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:69837 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 91702 invoked from network); 24 Oct 2013 11:16:47 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 24 Oct 2013 11:16:47 -0000 Authentication-Results: pb1.pair.com header.from=thruska@cubiclesoft.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=thruska@cubiclesoft.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain cubiclesoft.com designates 74.208.44.107 as permitted sender) X-PHP-List-Original-Sender: thruska@cubiclesoft.com X-Host-Fingerprint: 74.208.44.107 u15404699.onlinehome-server.com Received: from [74.208.44.107] ([74.208.44.107:44338] helo=u15404699.onlinehome-server.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 60/44-10840-99109625 for ; Thu, 24 Oct 2013 07:16:41 -0400 Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender: thruska@cubiclesoft.com) with ESMTPSA id 0EEF0500008A Message-ID: <5269018C.6020200@cubiclesoft.com> Date: Thu, 24 Oct 2013 04:16:28 -0700 User-Agent: Mozilla/5.0 (X11; Linux i686; rv:11.0) Gecko/20120327 Thunderbird/11.0.1 MIME-Version: 1.0 To: internals Mailing List References: In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] php.net - The Website Ahead Contains Malware From: thruska@cubiclesoft.com (Thomas Hruska) On 10/24/2013 1:04 AM, Konstantin Leboev wrote: > I have only this email to contact, but when I opened today php.net in > Google Chrome I've got next message "The Website Ahead Contains Malware". > > Link for details: > http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fphp.net%2F&client=googlechrome&hl=en-US I've had experience with dealing with cleanup for this. It can take upwards of 48 hours for the site to be removed globally after the issue has been fixed. How you get onto the list in the first place is via Firefox's "Report Web Forgery..." option under the "Help" menu (Chrome might have a similar feature). Some idiot on the Internet chose to use that to report an issue on the PHP website instead of locating a contact. The issues go into a central clearinghouse for malware sites that, upon confirmation of the issue, immediately blocks access to the entire website, negatively affects Google search results, and offers limited options to website operators. Website operators are not warned or notified in advance of being blacklisted because the clearinghouse system apparently can't be bothered to look up WHOIS records for a domain and send a couple of e-mails. The clearinghouse website is also vague and difficult to navigate for the website operator who wants to be removed from the blacklist. Therefore, when I find malware on a host, I attempt to seek out a contact before using that Help menu option because I know how difficult it is to identify the actual issue and then get removed from the list. Usually I find a human contact and they reply in a timely fashion, are grateful for the notice, and work to quickly clean up the issue, which is a much better solution. https://www.stopbadware.org/clearinghouse/search?url=http://php.net/ Important note: Six to eight months from now the entire php.net domain will likely be declared to have malware again. However, at that time it will be from anti-virus vendors. Some of them grab outdated information (for some reason) from the clearinghouse database on an irregular basis and integrate it into their products. Getting removed from those requires hunting down buried contact information for each anti-virus product and again waiting up to 48 hours to be removed globally. -- Thomas Hruska CubicleSoft President I've got great, time saving software that you might find useful. http://cubiclesoft.com/