geekhack
Site Announcements and Feedback => Announcements/Feedback/Suggestions => Topic started by: noisyturtle on Thu, 10 October 2013, 15:06:39
-
URL: http: SLASH SLASH st4.divshare.com/launch.php?f
URL:Mal
every time I go to this page: http://geekhack.org/index.php?topic=6874.1560 (http://geekhack.org/index.php?topic=6874.1560)
-
not seeing the url in macos chrome. what platform/browser are you using? (if someone managed to embed javascript, it could be possible that only some platforms and browsers are affected).
NOTE: you are not supposed to be able to embed interpretable javascript into posts. it would indicate a huge vulnerability, so yes, i'm treating this as an extremely big deal.
-
Not getting anything my end in Firefox.
-
http://geekhack.org/index.php?action=profile;u=30046
This guys signature picture is the source. I don't get any notice though.
-
i have cleared the offending signature. (god i keep losing posts..). it may have been a drive-by attack on XP and early vista era machines via their jpg2000 parser. it's far from a zero day, and if you're running one of those platforms you've already been infected by something else anyway.
-
not seeing the url in macos chrome. what platform/browser are you using? (if someone managed to embed javascript, it could be possible that only some platforms and browsers are affected).
NOTE: you are not supposed to be able to embed interpretable javascript into posts. it would indicate a huge vulnerability, so yes, i'm treating this as an extremely big deal.
It's a warning via Avast in Aurora
[attach=1]
-
i got the same thing as OP, using Avast! and chrome
-
Unrelated, but I'll take this opportunity to note that being redirected through viglink is annoying as hell. It's fast on a desktop, but significantly delays following links on wireless. I wish GH didn't use viglink =/
-
Unfortunately, viglink pays a small portion of the bills here, and we would have to replace that revenue for the forum if we lost it.
Anyway, the signature in question was just a malformed URL, and not anything serious to worry about. The user in question copied and pasted the divshare url a bit wrong, and pasted the php query instead of the actual jpg. the 'mal' warning was that the url was wildly malformed, and that the data returned was garbage, not that it was confirmed malware (ie, a file that matched a malware signature). The user has put the proper url in his or her signature and is now showing dat alps pride again.
-
I asked IRC about it some time ago, no one answered though :/ Atleast it wasn't any serious problems.
-
please report any post or thread that triggers your malware scanner (unless it's ridiculously obvious that it's a false positive). i'm quite happy to look into these things to at least a first order.
-
This happened to me right now aswell. Not sure what thread it was on since I just opened a lot of threads that had received new replys :S
-
dante ironically posted an innocuous link that was red flagged by google for other reasons (the image hosting site doesn't have strong enough anti-malware measures apparently). i confirmed it was a false positive and rehosted the image on our server, so it has been cleared.
the ironic thing is the dante posted it and then reported the google warning to me without knowing that he accidentally caused it. lol! nbd dude. anyways, all cleared up now.
if you're still getting a red flag from google, please post the url here.
-
I tried clicking that URL link but the site won't load in Internet Explorer 6.
Yet another excellent display of IE6's seamless security integration!
-
Hi,
Today I see a consistent Malware detection page by Chrome every time I visit the "Post Your Clack" page. Other threads are ok.
Here's the screenshot.
-
For me the same, when browsing to the 'Post your clacks!' thread - cdn.memegenerator.net seems to be the problem?
-
Yep, just got it too, it's on the very first page.
-
I've been using Chrome on Mac on and off all day and not seen this.
-
Ok, I got this now, on the first page of the Post your Clacks (http://geekhack.org/index.php?topic=33569.0) thread.
-
Confirmed, I saw the warning too.
There are several cdn dot memegenerator dot net links in the page and they seem to be the reason. We also should not quote it to avoid Google block this page again.
-
Thanks for the heads-up. :thumb:
I broke the image tags and image link on purpose as a band-aid solution.
-
Thanks for the heads-up. :thumb:
I broke the image tags and image link on purpose as a band-aid solution.
Thanks! Clack page loads fine for me now :)