I have only this email to contact, but when I opened today php.net in
Google Chrome I've got next message "The Website Ahead Contains Malware".
Link for details:
http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fphp.net%2F&client=googlechrome&hl=en-US
--
Regards,
Konstantin
I just checked and I'm getting this, too. Both Chrome and Firefox are
blocking it. I decided not to try it in IE lol.
Has the site been hacked?
--Kris
On Thu, Oct 24, 2013 at 1:04 AM, Konstantin Leboev <
konstantin.leboev@gmail.com> wrote:
I have only this email to contact, but when I opened today php.net in
Google Chrome I've got next message "The Website Ahead Contains Malware".Link for details:
--
Regards,
Konstantin
Here are some screenshots I took.
--Kris
I just checked and I'm getting this, too. Both Chrome and Firefox are
blocking it. I decided not to try it in IE lol.Has the site been hacked?
--Kris
On Thu, Oct 24, 2013 at 1:04 AM, Konstantin Leboev <
konstantin.leboev@gmail.com> wrote:I have only this email to contact, but when I opened today php.net in
Google Chrome I've got next message "The Website Ahead Contains Malware".Link for details:
--
Regards,
Konstantin
....Aaaand I forgot to include the link. Nice one, Kris.
Ok, HERE are the screenshots I took: http://imgur.com/a/ZgWW0
--Kris
Here are some screenshots I took.
--Kris
I just checked and I'm getting this, too. Both Chrome and Firefox are
blocking it. I decided not to try it in IE lol.Has the site been hacked?
--Kris
On Thu, Oct 24, 2013 at 1:04 AM, Konstantin Leboev <
konstantin.leboev@gmail.com> wrote:I have only this email to contact, but when I opened today php.net in
Google Chrome I've got next message "The Website Ahead Contains Malware".Link for details:
--
Regards,
Konstantin
....Aaaand I forgot to include the link. Nice one, Kris.
Ok, HERE are the screenshots I took: http://imgur.com/a/ZgWW0
People are already working on getting the site removed from the
blacklist. Please abandon this thread now.
- Martin
Looks like Hannes is already on top of it. Here's the link in case you'd
like to follow it:
http://productforums.google.com/forum/#!topic/webmasters/puLmvjtK0m8
--Kris
....Aaaand I forgot to include the link. Nice one, Kris.
Ok, HERE are the screenshots I took: http://imgur.com/a/ZgWW0
--Kris
Here are some screenshots I took.
--Kris
I just checked and I'm getting this, too. Both Chrome and Firefox are
blocking it. I decided not to try it in IE lol.Has the site been hacked?
--Kris
On Thu, Oct 24, 2013 at 1:04 AM, Konstantin Leboev <
konstantin.leboev@gmail.com> wrote:I have only this email to contact, but when I opened today php.net in
Google Chrome I've got next message "The Website Ahead Contains
Malware".Link for details:
--
Regards,
Konstantin
Kris Craig wrote:
Here are some screenshots I took.
Don't need the screen shots Kris
The problem is that google has found some suspicious pages ON the site linking
to malware. MY complaint is that they do not list which page of 1513 they have
tested has the problem, and it would make a lot more sense for thejm to deal
with such an important site much better !
We need find out now where cobbcountybankruptcylawyer<diot>com is on the website ...
along with stephaniemari<dot>com and northgadui<dot>com and remove them ...
--
Lester Caine - G8HFL
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk
On Thu, Oct 24, 2013 at 1:04 AM, Konstantin Leboev
konstantin.leboev@gmail.com wrote:
I have only this email to contact, but when I opened today php.net in
Google Chrome I've got next message "The Website Ahead Contains Malware".
All we can do is "Request a Review", which we have done. If anyone
knows any of the reviewers and wants to bribe them.. Please do so.
-Hannes
I have only this email to contact, but when I opened today php.net in
Google Chrome I've got next message "The Website Ahead Contains Malware".Link for details:
http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fphp.net%2F&client=googlechrome&hl=en-US
I've had experience with dealing with cleanup for this. It can take
upwards of 48 hours for the site to be removed globally after the issue
has been fixed.
How you get onto the list in the first place is via Firefox's "Report
Web Forgery..." option under the "Help" menu (Chrome might have a
similar feature). Some idiot on the Internet chose to use that to
report an issue on the PHP website instead of locating a contact. The
issues go into a central clearinghouse for malware sites that, upon
confirmation of the issue, immediately blocks access to the entire
website, negatively affects Google search results, and offers limited
options to website operators. Website operators are not warned or
notified in advance of being blacklisted because the clearinghouse
system apparently can't be bothered to look up WHOIS records for a
domain and send a couple of e-mails. The clearinghouse website is also
vague and difficult to navigate for the website operator who wants to be
removed from the blacklist. Therefore, when I find malware on a host, I
attempt to seek out a contact before using that Help menu option because
I know how difficult it is to identify the actual issue and then get
removed from the list. Usually I find a human contact and they reply in
a timely fashion, are grateful for the notice, and work to quickly clean
up the issue, which is a much better solution.
https://www.stopbadware.org/clearinghouse/search?url=http://php.net/
Important note: Six to eight months from now the entire php.net domain
will likely be declared to have malware again. However, at that time it
will be from anti-virus vendors. Some of them grab outdated information
(for some reason) from the clearinghouse database on an irregular basis
and integrate it into their products. Getting removed from those
requires hunting down buried contact information for each anti-virus
product and again waiting up to 48 hours to be removed globally.
--
Thomas Hruska
CubicleSoft President
I've got great, time saving software that you might find useful.
Thomas Hruska wrote:
and again waiting up to 48 hours to be removed globally.
If it is only 48 hours ... took over two weeks to sort one of my customers sites
that had been spammed and they had not noticed. Certainly it should now be easy
to report problems direct to a site rather than this 'guilty until proved we got
it wrong' approach ?
As a slight aside, it is nice to see phishing sites being dealt with promptly
and sensibly. I do follow the links knowing they are fraudulent, but all but one
in the last few months has either just been killed, or has a message saying that
there was a problem. Something that we can all help with when managing sites.
--
Lester Caine - G8HFL
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk
More info about it: https://news.ycombinator.com/item?id=6604156
Thomas Hruska wrote:
and again waiting up to 48 hours to be removed globally.
If it is only 48 hours ... took over two weeks to sort one of my customers
sites that had been spammed and they had not noticed. Certainly it should
now be easy to report problems direct to a site rather than this 'guilty
until proved we got it wrong' approach ?As a slight aside, it is nice to see phishing sites being dealt with
promptly and sensibly. I do follow the links knowing they are fraudulent,
but all but one in the last few months has either just been killed, or has
a message saying that there was a problem. Something that we can all help
with when managing sites.--
Lester Caine - G8HFLContact - http://lsces.co.uk/wiki/?page=**contacthttp://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.**ukhttp://rainbowdigitalmedia.co.uk--
--
Guilherme Blanco
MSN: guilhermeblanco@hotmail.com
GTalk: guilhermeblanco
Toronto - ON/Canada
So it's saying functions.js on static is different from that of
functions.js on the main, inserting an iframe to
http://lnkhere.reviewhdtv.co.uk/stat.htm
I can't test this as the functions.js on static is 404'ing for me now.
Was there an intrusion on static manually altering the file?
On Thu, Oct 24, 2013 at 2:15 PM, guilhermeblanco@gmail.com <
guilhermeblanco@gmail.com> wrote:
More info about it: https://news.ycombinator.com/item?id=6604156
Thomas Hruska wrote:
and again waiting up to 48 hours to be removed globally.
If it is only 48 hours ... took over two weeks to sort one of my
customers
sites that had been spammed and they had not noticed. Certainly it should
now be easy to report problems direct to a site rather than this 'guilty
until proved we got it wrong' approach ?As a slight aside, it is nice to see phishing sites being dealt with
promptly and sensibly. I do follow the links knowing they are fraudulent,
but all but one in the last few months has either just been killed, or
has
a message saying that there was a problem. Something that we can all help
with when managing sites.--
Lester Caine - G8HFLContact - http://lsces.co.uk/wiki/?page=**contact<;
http://lsces.co.uk/wiki/?page=contact>;
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.**uk<;
http://rainbowdigitalmedia.co.uk>;--
--
Guilherme Blanco
MSN: guilhermeblanco@hotmail.com
GTalk: guilhermeblanco
Toronto - ON/Canada
So it's saying functions.js on static is different from that of
functions.js on the main, inserting an iframe to
http://lnkhere.reviewhdtv.co.uk/stat.htmI can't test this as the functions.js on static is 404'ing for me now.
Was there an intrusion on static manually altering the file?
functions.js was removed
http://git.php.net/?p=web/php.git;a=commit;h=8e87088c3f51b594dc7d7ed71115d215a7acf78b
The site meanwhile was also taken out of Google's blacklist.
Aside from that: We are investigating the cause for these issues, public
announcements will follow later.
No need for speculation here. :-)
johannes
Johannes Schlüter wrote (on 24/10/2013):
Aside from that: We are investigating the cause for these issues,
public announcements will follow later. No need for speculation here.
:-) johannes
In case anyone missed them, there are now two updates on
http://www.php.net/archive/2013.php with investigations on going, and a
Twitter account has been brought into service
https://twitter.com/official_php
tl;dr: Two servers were compromised; services have been migrated to
new hardware; Git and release tarballs are OK.
--
Rowan Collins
[IMSoP]
So it's saying functions.js on static is different from that of
functions.js on the main, inserting an iframe to
http://lnkhere.reviewhdtv.co.uk/stat.htmI can't test this as the functions.js on static is 404'ing for me now.
it is 404ing because Hannes removed it hoping that it would solve the issue
(and we don't use that piece of code for years now):
http://git.php.net/?p=web/php.git;a=commit;h=8e87088c3f51b594dc7d7ed71115d215a7acf78b
2013/10/24 Ferenc Kovacs tyra3l@gmail.com
On Thu, Oct 24, 2013 at 3:42 PM, Paul Dragoonis dragoonis@gmail.com
wrote:So it's saying functions.js on static is different from that of
functions.js on the main, inserting an iframe to
http://lnkhere.reviewhdtv.co.uk/stat.htmI can't test this as the functions.js on static is 404'ing for me now.
it is 404ing because Hannes removed it hoping that it would solve the issue
(and we don't use that piece of code for years now):http://git.php.net/?p=web/php.git;a=commit;h=8e87088c3f51b594dc7d7ed71115d215a7acf78b
Seems to be up normal again :-)
Thanks a lot for the fast work!