Author Topic: Malicious URL warning on GH page  (Read 3061 times)

0 Members and 1 Guest are viewing this topic.

Offline noisyturtle

  • * Exalted Elder
  • Thread Starter
  • Posts: 6051
  • comfortably numb
Malicious URL warning on GH page
« on: Thu, 10 October 2013, 15:06:39 »
URL: http: SLASH SLASH st4.divshare.com/launch.php?f
URL:Mal

every time I go to this page: http://geekhack.org/index.php?topic=6874.1560
« Last Edit: Thu, 10 October 2013, 16:24:09 by mkawa »

Offline mkawa

  •  No Marketplace Access
  • Posts: 6562
  • (ツ)@@@. crankypants
Re: Malicious URL warning on GH page
« Reply #1 on: Thu, 10 October 2013, 16:25:55 »
not seeing the url in macos chrome. what platform/browser are you using? (if someone managed to embed javascript, it could be possible that only some platforms and browsers are affected).

NOTE: you are not supposed to be able to embed interpretable javascript into posts. it would indicate a huge vulnerability, so yes, i'm treating this as an extremely big deal.

to all the brilliant friends who have left us, and all the students who climb on their shoulders.

Offline Tym

  • [CTRL]ALT
  • * Maker
  • Posts: 1582
  • Location: England
Re: Malicious URL warning on GH page
« Reply #2 on: Thu, 10 October 2013, 16:29:09 »
Not getting anything my end in Firefox.
unless they have some unforeseeable downside (like they're actually made of cream cheese cunningly disguised as ABS)


Offline esoomenona

  • Gnillort?
  • Posts: 5323
Re: Malicious URL warning on GH page
« Reply #3 on: Thu, 10 October 2013, 16:29:48 »
http://geekhack.org/index.php?action=profile;u=30046

This guys signature picture is the source. I don't get any notice though.

Offline mkawa

  •  No Marketplace Access
  • Posts: 6562
  • (ツ)@@@. crankypants
Re: Malicious URL warning on GH page
« Reply #4 on: Thu, 10 October 2013, 16:52:41 »
i have cleared the offending signature. (god i keep losing posts..). it may have been a drive-by attack on XP and early vista era machines via their jpg2000 parser. it's far from a zero day, and if you're running one of those platforms you've already been infected by something else anyway.

to all the brilliant friends who have left us, and all the students who climb on their shoulders.

Offline noisyturtle

  • * Exalted Elder
  • Thread Starter
  • Posts: 6051
  • comfortably numb
Re: Malicious URL warning on GH page
« Reply #5 on: Thu, 10 October 2013, 19:33:16 »
not seeing the url in macos chrome. what platform/browser are you using? (if someone managed to embed javascript, it could be possible that only some platforms and browsers are affected).

NOTE: you are not supposed to be able to embed interpretable javascript into posts. it would indicate a huge vulnerability, so yes, i'm treating this as an extremely big deal.

It's a warning via Avast in Aurora

38559-0
« Last Edit: Thu, 10 October 2013, 19:35:03 by noisyturtle »

Offline Rayne

  • Posts: 214
  • For Science!
Re: Malicious URL warning on GH page
« Reply #6 on: Thu, 10 October 2013, 19:43:09 »
i got the same thing as OP, using Avast! and chrome

Offline Photoelectric

  • * Administrator
  • Posts: 6763
Re: Malicious URL warning on GH page
« Reply #7 on: Thu, 10 October 2013, 19:44:02 »
Unrelated, but I'll take this opportunity to note that being redirected through viglink is annoying as hell.  It's fast on a desktop, but significantly delays following links on wireless.  I wish GH didn't use viglink =/
- Keyboards: LZ-GH (Jailhouse Blues)M65-a, MIRA SE, E8-V1, MOON TKL, CA66
- Keyboard Case Painting Tips -
- Join Mechanical Keyboards photography group on Flickr -

Offline mkawa

  •  No Marketplace Access
  • Posts: 6562
  • (ツ)@@@. crankypants
Re: Malicious URL warning on GH page
« Reply #8 on: Thu, 10 October 2013, 20:27:27 »
Unfortunately, viglink pays a small portion of the bills here, and we would have to replace that revenue for the forum if we lost it.

Anyway, the signature in question was just a malformed URL, and not anything serious to worry about. The user in question copied and pasted the divshare url a bit wrong, and pasted the php query instead of the actual jpg. the 'mal' warning was that the url was wildly malformed, and that the data returned was garbage, not that it was confirmed malware (ie, a file that matched a malware signature). The user has put the proper url in his or her signature and is now showing dat alps pride again.

to all the brilliant friends who have left us, and all the students who climb on their shoulders.

Offline Morwrath

  • Posts: 203
  • Location: Norway
Re: Malicious URL warning on GH page
« Reply #9 on: Thu, 10 October 2013, 20:34:02 »
I asked IRC about it some time ago, no one answered though :/ Atleast it wasn't any serious problems.
Ducky Mini w/ white LEDs [Browns]

WTB SLUSHY RED CC/BROBOT!!
Got 3D and Hack Orange for trade, both MX.

Offline mkawa

  •  No Marketplace Access
  • Posts: 6562
  • (ツ)@@@. crankypants
Re: Malicious URL warning on GH page
« Reply #10 on: Thu, 10 October 2013, 20:46:42 »
please report any post or thread that triggers your malware scanner (unless it's ridiculously obvious that it's a false positive). i'm quite happy to look into these things to at least a first order.

to all the brilliant friends who have left us, and all the students who climb on their shoulders.

Offline Morwrath

  • Posts: 203
  • Location: Norway
Re: Malicious URL warning on GH page
« Reply #11 on: Sun, 13 October 2013, 11:36:49 »
This happened to me right now aswell. Not sure what thread it was on since I just opened a lot of threads that had received new replys :S
Ducky Mini w/ white LEDs [Browns]

WTB SLUSHY RED CC/BROBOT!!
Got 3D and Hack Orange for trade, both MX.

Offline mkawa

  •  No Marketplace Access
  • Posts: 6562
  • (ツ)@@@. crankypants
Re: Malicious URL warning on GH page
« Reply #12 on: Sun, 13 October 2013, 13:13:45 »
dante ironically posted an innocuous link that was red flagged by google for other reasons (the image hosting site doesn't have strong enough anti-malware measures apparently). i confirmed it was a false positive and rehosted the image on our server, so it has been cleared.

the ironic thing is the dante posted it and then reported the google warning to me without knowing that he accidentally caused it. lol! nbd dude. anyways, all cleared up now.

if you're still getting a red flag from google, please post the url here.

to all the brilliant friends who have left us, and all the students who climb on their shoulders.

Offline microsoft windows

  • Blue Troll of Death
  • * Exalted Elder
  • Posts: 3621
  • President of geekhack.org
    • Get Internet Explorer 6
Re: Malicious URL warning on GH page
« Reply #13 on: Mon, 14 October 2013, 14:53:10 »
I tried clicking that URL link but the site won't load in Internet Explorer 6.

Yet another excellent display of IE6's seamless security integration!
CLICK HERE!     OFFICIAL PRESIDENT OF GEEKHACK.ORG    MAKE AMERICA GREAT AGAIN MERRY CHRISTMAS

Offline Belfong

  • Formerly known as Ballfong
  • Posts: 5198
  • Location: Malaysia
Re: Malicious URL warning on GH page
« Reply #14 on: Sun, 25 May 2014, 03:34:09 »
Hi,

Today I see a consistent Malware detection page by Chrome every time I visit the "Post Your Clack" page. Other threads are ok.

Here's the screenshot.
 

Offline madhias

  • Posts: 1176
  • Location: Wien, Austria
  • BS TORPE
    • Madhias' Flickr
Re: Malicious URL warning on GH page
« Reply #15 on: Sun, 25 May 2014, 03:57:06 »
For me the same, when browsing to the 'Post your clacks!' thread - cdn.memegenerator.net seems to be the problem?
... ...

Offline Alessandro

  • * Vendor
  • Posts: 1120
  • Location: Lancashire, England
  • The Price Is Right
    • Alessandro's Sweet Shop
Re: Malicious URL warning on GH page
« Reply #16 on: Sun, 25 May 2014, 04:00:30 »
Yep, just got it too, it's on the very first page.
KBC Poker | MX Reds | Beige Doubleshots
Goldtouch 10Key Pad | MX Browns | Beige Doubleshots
IBM Model M-122 Terminal (Bolt modded) | Buckling Springs | Beige Dyesubs

Alessandro's Sweet Shop- "I never said they were art."

Offline rowdy

  • HHKB Hapster
  • * Erudite Elder
  • Posts: 21065
  • Location: melbourne.vic.au
  • Missed another sale.
Re: Malicious URL warning on GH page
« Reply #17 on: Sun, 25 May 2014, 04:55:03 »
I've been using Chrome on Mac on and off all day and not seen this.
"Because keyboards are accessories to PC makers, they focus on minimizing the manufacturing costs. But thatís incorrect. Itís in HHKBís slogan, but when Americaís cowboys were in the middle of a trip and their horse died, they would leave the horse there. But even if they were in the middle of a desert, they would take their saddle with them. The horse was a consumable good, but the saddle was an interface that their bodies had gotten used to. In the same vein, PCs are consumable goods, while keyboards are important interfaces." - Eiiti Wada

NEC APC-H4100E | Ducky DK9008 Shine MX blue LED red | Ducky DK9008 Shine MX blue LED green | Link 900243-08 | CM QFR MX black | KeyCool 87 white MX reds | HHKB 2 Pro | Model M 02-Mar-1993 | Model M 29-Nov-1995 | CM Trigger (broken) | CM QFS MX green | Ducky DK9087 Shine 3 TKL Yellow Edition MX black | Lexmark SSK 21-Apr-1994 | IBM SSK 13-Oct-1987 | CODE TKL MX clear | Model M 122 01-Jun-1988

Ị̸͚̯̲́ͤ̃͑̇̑ͯ̊̂͟ͅs̞͚̩͉̝̪̲͗͊ͪ̽̚̚ ̭̦͖͕̑́͌ͬͩ͟t̷̻͔̙̑͟h̹̠̼͋ͤ͋i̤̜̣̦̱̫͈͔̞ͭ͑ͥ̌̔s̬͔͎̍̈ͥͫ̐̾ͣ̔̇͘ͅ ̩̘̼͆̐̕e̞̰͓̲̺̎͐̏ͬ̓̅̾͠͝ͅv̶̰͕̱̞̥̍ͣ̄̕e͕͙͖̬̜͓͎̤̊ͭ͐͝ṇ̰͎̱̤̟̭ͫ͌̌͢͠ͅ ̳̥̦ͮ̐ͤ̎̊ͣ͡͡n̤̜̙̺̪̒͜e̶̻̦̿ͮ̂̀c̝̘̝͖̠̖͐ͨͪ̈̐͌ͩ̀e̷̥͇̋ͦs̢̡̤ͤͤͯ͜s͈̠̉̑͘a̱͕̗͖̳̥̺ͬͦͧ͆̌̑͡r̶̟̖̈͘ỷ̮̦̩͙͔ͫ̾ͬ̔ͬͮ̌?̵̘͇͔͙ͥͪ͞ͅ

Offline rowdy

  • HHKB Hapster
  • * Erudite Elder
  • Posts: 21065
  • Location: melbourne.vic.au
  • Missed another sale.
Re: Malicious URL warning on GH page
« Reply #18 on: Sun, 25 May 2014, 05:15:37 »
Ok, I got this now, on the first page of the Post your Clacks thread.
"Because keyboards are accessories to PC makers, they focus on minimizing the manufacturing costs. But thatís incorrect. Itís in HHKBís slogan, but when Americaís cowboys were in the middle of a trip and their horse died, they would leave the horse there. But even if they were in the middle of a desert, they would take their saddle with them. The horse was a consumable good, but the saddle was an interface that their bodies had gotten used to. In the same vein, PCs are consumable goods, while keyboards are important interfaces." - Eiiti Wada

NEC APC-H4100E | Ducky DK9008 Shine MX blue LED red | Ducky DK9008 Shine MX blue LED green | Link 900243-08 | CM QFR MX black | KeyCool 87 white MX reds | HHKB 2 Pro | Model M 02-Mar-1993 | Model M 29-Nov-1995 | CM Trigger (broken) | CM QFS MX green | Ducky DK9087 Shine 3 TKL Yellow Edition MX black | Lexmark SSK 21-Apr-1994 | IBM SSK 13-Oct-1987 | CODE TKL MX clear | Model M 122 01-Jun-1988

Ị̸͚̯̲́ͤ̃͑̇̑ͯ̊̂͟ͅs̞͚̩͉̝̪̲͗͊ͪ̽̚̚ ̭̦͖͕̑́͌ͬͩ͟t̷̻͔̙̑͟h̹̠̼͋ͤ͋i̤̜̣̦̱̫͈͔̞ͭ͑ͥ̌̔s̬͔͎̍̈ͥͫ̐̾ͣ̔̇͘ͅ ̩̘̼͆̐̕e̞̰͓̲̺̎͐̏ͬ̓̅̾͠͝ͅv̶̰͕̱̞̥̍ͣ̄̕e͕͙͖̬̜͓͎̤̊ͭ͐͝ṇ̰͎̱̤̟̭ͫ͌̌͢͠ͅ ̳̥̦ͮ̐ͤ̎̊ͣ͡͡n̤̜̙̺̪̒͜e̶̻̦̿ͮ̂̀c̝̘̝͖̠̖͐ͨͪ̈̐͌ͩ̀e̷̥͇̋ͦs̢̡̤ͤͤͯ͜s͈̠̉̑͘a̱͕̗͖̳̥̺ͬͦͧ͆̌̑͡r̶̟̖̈͘ỷ̮̦̩͙͔ͫ̾ͬ̔ͬͮ̌?̵̘͇͔͙ͥͪ͞ͅ

Offline phoenix1234

  • Posts: 584
  • Location: Saigon - Vietnam
Re: Malicious URL warning on GH page
« Reply #19 on: Sun, 25 May 2014, 05:24:19 »
Confirmed, I saw the warning too.
There are several cdn dot memegenerator dot net links in the page and they seem to be the reason. We also should not quote it to avoid Google block this page again.
I like linear switches

Offline infiniti

  • I <3 KB
  • * Senior Moderator
  • Posts: 2401
  • Location: Thrilla, Manila, Philippines
  • Bob was here
    • PM me and ask for a custom title!
Re: Malicious URL warning on GH page
« Reply #20 on: Sun, 25 May 2014, 06:07:35 »
Thanks for the heads-up. :thumb:

I broke the image tags and image link on purpose as a band-aid solution.

Offline rowdy

  • HHKB Hapster
  • * Erudite Elder
  • Posts: 21065
  • Location: melbourne.vic.au
  • Missed another sale.
Re: Malicious URL warning on GH page
« Reply #21 on: Sun, 25 May 2014, 15:18:41 »
Thanks for the heads-up. :thumb:

I broke the image tags and image link on purpose as a band-aid solution.

Thanks!  Clack page loads fine for me now :)
"Because keyboards are accessories to PC makers, they focus on minimizing the manufacturing costs. But thatís incorrect. Itís in HHKBís slogan, but when Americaís cowboys were in the middle of a trip and their horse died, they would leave the horse there. But even if they were in the middle of a desert, they would take their saddle with them. The horse was a consumable good, but the saddle was an interface that their bodies had gotten used to. In the same vein, PCs are consumable goods, while keyboards are important interfaces." - Eiiti Wada

NEC APC-H4100E | Ducky DK9008 Shine MX blue LED red | Ducky DK9008 Shine MX blue LED green | Link 900243-08 | CM QFR MX black | KeyCool 87 white MX reds | HHKB 2 Pro | Model M 02-Mar-1993 | Model M 29-Nov-1995 | CM Trigger (broken) | CM QFS MX green | Ducky DK9087 Shine 3 TKL Yellow Edition MX black | Lexmark SSK 21-Apr-1994 | IBM SSK 13-Oct-1987 | CODE TKL MX clear | Model M 122 01-Jun-1988

Ị̸͚̯̲́ͤ̃͑̇̑ͯ̊̂͟ͅs̞͚̩͉̝̪̲͗͊ͪ̽̚̚ ̭̦͖͕̑́͌ͬͩ͟t̷̻͔̙̑͟h̹̠̼͋ͤ͋i̤̜̣̦̱̫͈͔̞ͭ͑ͥ̌̔s̬͔͎̍̈ͥͫ̐̾ͣ̔̇͘ͅ ̩̘̼͆̐̕e̞̰͓̲̺̎͐̏ͬ̓̅̾͠͝ͅv̶̰͕̱̞̥̍ͣ̄̕e͕͙͖̬̜͓͎̤̊ͭ͐͝ṇ̰͎̱̤̟̭ͫ͌̌͢͠ͅ ̳̥̦ͮ̐ͤ̎̊ͣ͡͡n̤̜̙̺̪̒͜e̶̻̦̿ͮ̂̀c̝̘̝͖̠̖͐ͨͪ̈̐͌ͩ̀e̷̥͇̋ͦs̢̡̤ͤͤͯ͜s͈̠̉̑͘a̱͕̗͖̳̥̺ͬͦͧ͆̌̑͡r̶̟̖̈͘ỷ̮̦̩͙͔ͫ̾ͬ̔ͬͮ̌?̵̘͇͔͙ͥͪ͞ͅ