Note: this was resolved by CityWeekly within a day of me notifying them.
Opening Link 1 in Chrome, I get this:
 |
Details about problems on this website:
 |
| Suspicious |
3 malicious pages out of 760 (0.3947%) and 3 exploits (a pretty broad term) seem like pretty low thresholds to meet to warrant getting blocked by Google. I guess that's a good thing, but it would be great if Google offered up more details about the kind of exploit detected. Maybe I've already patched the offending application on my machine and I can safely proceed.
For fun, I visited the two sites that Google says CityWeekly.net infected. Dlvr.it produces no warning screen from Chrome. However, Google's report on Dlvr.it:
 |
| Not suspicious |
Citywk.ly forwards to bit.ly and produces no Chrome warning screen. Google's report on Citywk.ly. Nothing exciting there.
Returning to cityweekly.net, it appears that their next step would be to have their web admin visit Google's Webmaster Help Center and get things sorted out. I wonder who their admin is. Maybe I can send him a friendly email. Let's try finding him, but not with Chrome since I know I'll get the warning screen. What about Firefox?
Nope, Firefox doesn't like it either. Clicking on the button "Why was this page blocked?" leads us to Google Safe Browsing diagnostic page for cityweekly.net/utah. I've been down that rabbit hole already.
Note: I only get those two warning screens when I have specific browser security settings enabled.
With Firefox 28:
Let's have another scanning service weigh in. Using Sucuri.net's SiteCheck, I get this:
Which is it, Google? Is cityweekly.net safe or not? It would be nice if Sucuri provided clickable links to each of those blacklists' reports.
More opinions:
Web Inspector (powered by Comodo) says it's safe.
VirusTotal lists a detection rate of 1/52, detected by Fortinet. Look down that results list and you'll see Quttera list it as a Clean Site. Search for cityweekly.net/utah directly on Quttera's website and the website appears to be compromised by a malicious javascript file and one other suspicious file. Okay...
StopBadware.com says there used to be a problem, which explains the mixed bag of results I'm finding.
UnmaskParasites.com says it's suspicious but only because it has a 301 redirect. This website is provided by Sucuri. Their report says Google considers it safe, but clicking the associated link takes us to the Google diagnostic page we saw earlier that says the site is suspicious.
McAfee's SiteAdvisor says it's safe, but when clicking on a link from a recent @CityWeekly tweet, bit.ly says the website has a problem:
The free website malware scanners seem to indicate that the CityWeekly website is not currently harmful. However, Chrome and Firefox warn the user not to proceed but only when the user has previously asked to be warned about such things.
What to do?
Ah-ha! Here's some useful info courtesy of AVG ThreatLabs:
3/23, 7 AM -Emails sent to CityWeekly.
Update 1: 5 minutes after I sent the emails, Chrome stopped throwing up the warning. Firefox still has their warning and the Google safe browsing report hasn't changed.
Update 2 : Chrome shows the warning again. Tweet sent to @CityWeekly.
Conclusion
On 3/23 an editor from CityWeekly emailed me to say that their web host is working on it. Looks like they notified Google:
Sitelock scanned me again on 3/24 and says I passed. All is well.
No comments:
Post a Comment
Relevant comments will be approved as soon as possible.
Thank you for contributing!