A warning from Google!
BoaterDave
I went to this URL
http://www.linkedin.com/ppl/webprofile?action=vmi&id=1317524&pvs=pp&authToken=jNAa&authType=name&trk=ppro_viewmore&lnk=vw_pprofile
where there is the LinkedIn profile for Gregory Gooden. (The owner of
Annex.com)
Under 'Websites' I selected 'My Blog' and went to this URL
http://www.luftmensch.com/ I then clicked on RanZ(Blog) ..........
And received this:- "Warning: Visiting this site may harm your
computer" (White font on a bright red banner). That was followed
by .........
"The website you are visiting appears to contain malware. Malware is
malicious software that may harm your computer or otherwise operate
without your consent. Your computer can be infected just by browsing
to a site with malware, without any further action on your part.
For detailed information about problems found on this site, visit
Google Safe Browsing diagnostic page for 74.222.134.170"
The IP number was a link which, when followed, provided this
information:-
"What is the current listing status for 74.222.134.0?
This site is not currently listed as suspicious.
Part of this site was listed for suspicious activity 1 time(s) over
the past 90 days.
What happened when Google visited this site?
Of the 13 pages we tested on the site over the past 90 days, 0 page(s)
resulted in malicious software being downloaded and installed without
user consent. The last time Google visited this site was on
2009-05-14, and the last time suspicious content was found on this
site was on 2009-05-14.
Malicious software includes 8 trojan(s), 6 scripting exploit(s), 4
exploit(s).
This site was hosted on 1 network(s) including AS35908 (VPLSNET).
Has this site acted as an intermediary resulting in further
distribution of malware?
Over the past 90 days, 74.222.134.0 did not appear to function as an
intermediary for the infection of any sites.
Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It
infected 6 domain(s), including blonging.com/, myinvestorblog.com/,
dollarandsense.net/.
Next steps:
Return to the previous page.
If you are the owner of this web site, you can request a review of
your site using Google Webmaster Tools. More information about the
review process is available in Google's Webmaster Help Center.
**************************
There was a "Go Back" and an "Ignore warning" button. Selecting the
latter, I ended up here http://www.luftmensch.com/wordpress/
It seems a great site to own - you might even notice that there is a
comment which I left there last July with regard to "A day at the
zoo"!
*** Googling 74.222.134.170 gives some interesting results! ***
From what I can gather with my limited knowledge, 74.222.134.170 is
located in California (http://www.geoiptool.com/en/?IP=74.222.134.170)
I'm left wondering who might have wished to infect Mr Gooden's Blog
pages ...... and if the same folk may have 'got at' the Annexcafe
newsgroups too!
--
Dave
~BD~
Mr Gooden responded to me by email and said .......
"Normal people would see something like that google warning and inform
the person affected (me) instead of posting it to alt.whatever... and
then submit some surreptitious feedback form to me. Once I saw what you
were talking about, I determined it to be an sql injection "iframe"
within one of the posts I posted to my blog from another blog. Once I
knew, post removed."
Maybe that is why I cannot replicate that same Google warning now.
Hmmm. But that doesn't explain why the blog site had hosted malware
previously ..... *does* it?
Stroking chin!
--
Dave
David H. Lipman
| BoaterDave wrote:
>> Hi :)
>> **************************
>> --
>> Dave
| Stroking chin!
| --
| Dave
Who said it was "hosting malware" ?
Gooden wrote...
"...determined it to be an sql injection "iframe" within one of the posts I posted to my
blog..."
That's not malware per se, that's a malicious script that was flagged.
He also correctly pointed out...
"Normal people would see something like that google warning and inform the person affected
(me) instead of posting it to alt.... "
Plaese STOP cross-posting between 'test' news groups and conversational news groups.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
~BD~
*Google* said .....
What happened when Google visited this site?
Of the 13 pages we tested on the site over the past 90 days, 0 page(s)
resulted in malicious software being downloaded and installed without
user consent. The last time Google visited this site was on
2009-05-14, and the last time suspicious content was found on this
site was on 2009-05-14.
Malicious software includes 8 trojan(s), 6 scripting exploit(s), 4
exploit(s).
This site was hosted on 1 network(s) including AS35908 (VPLSNET).
Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It
infected 6 domain(s), including blonging.com/, myinvestorblog.com/,
dollarandsense.net/.
******************
Have I misunderstood something - or didn't you read what I'd posted?
> Plaese STOP cross-posting between 'test' news groups and conversational news groups.
David - you are *not* the Usenet police. I would like to know exactly
*why* it bothers you that I choose to include that specific test group
in some of my posts.
If you explain your reasoning I *might* be more cooperative!
Try me and see! ;)
--
Dave (BD)
David H. Lipman
>> | BoaterDave wrote:
>>>> Hi :)
>>>> **************************
>>>> --
>>>> Dave
>> | Stroking chin!
>> | --
>> | Dave
| *Google* said .....
| ******************
| --
| Dave (BD)
A. You misinterpreted both messages.
B. 'Test' groups are for 'test' messages only and their subject matter are to be
IGNORED. Leave discussions to discussion groups. You should *never* cross-post between
a test group and a discussion group.
~BD~
A very blasé answer. How can I ever learn if you chose not to explain
how/why? As you sometimes say "drop me an email" if you don't wish to
show your cards here.
Are you telling me that 74.222.134.0 is *not* associated with Mr Gooden?
If so, please tell me why you think this.
> B. 'Test' groups are for 'test' messages only and their subject matter are to be
> IGNORED. Leave discussions to discussion groups. You should *never* cross-post between
> a test group and a discussion group.
Again - you haven't said WHY! What difference does it make to you - or
to anyone else?
I do understand that what I do may be 'unconventional', and not what you
have met before, but that doesn't make it *wrong* per se.
--
Dave (BD)
David H. Lipman
>> A. You misinterpreted both messages.
| A very blas� answer. How can I ever learn if you chose not to explain
| how/why? As you sometimes say "drop me an email" if you don't wish to
| show your cards here.
| Are you telling me that 74.222.134.0 is *not* associated with Mr Gooden?
| If so, please tell me why you think this.
>> B. 'Test' groups are for 'test' messages only and their subject matter are to be
>> IGNORED. Leave discussions to discussion groups. You should *never* cross-post
>> between
>> a test group and a discussion group.
| Again - you haven't said WHY! What difference does it make to you - or
| to anyone else?
| I do understand that what I do may be 'unconventional', and not what you
| have met before, but that doesn't make it *wrong* per se.
| --
| Dave (BD)
[ luftmensch.com = 75.126.21.8 ] != 74.222.134.0
OrgName: VPLS Inc. d/b/a Krypt Technologies
OrgID: VPLSI
Address: 1744 W. Katella Avenue.
Address: Suite 200
City: Orange
StateProv: CA
PostalCode: 92867
Country: US
ReferralServer: rwhois://rwhois.vpls.net:4321
NetRange: 74.222.128.0 - 74.222.191.255
CIDR: 74.222.128.0/18
NetName: VPLSNET
NetHandle: NET-74-222-128-0-1
Parent: NET-74-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.VPLS.NET
NameServer: NS2.VPLS.NET
Comment: For abuse please contact ab...@vpls.net no phone
Comment: calls will be accepted!!
RegDate: 2007-01-05
Updated: 2007-06-25
RAbuseHandle: KRYPT-ARIN
RAbuseName: Krypt Keeper
RAbusePhone: +1-714-993-9997
RAbuseEmail: hostm...@krypt.com
As for... "...what I do may be 'unconventional'..."
That's why you were booted from those forums and that's why you have been deemed a troll
by many. I've given you a 2cnd chance, and that's why I'm not outright ignoring you, but
I'm losing patience.
Todd H.
> Hmmm. But that doesn't explain why the blog site had hosted malware
> previously ..... *does* it?
Rotated banner ads can have malware. There's also a blog-takeover
hack that's been recently announced at a security con (can't remember
details), a cross site scripting issue taken advantage of by a blog
commenter--lots of possible reasons that google may have flagged it as
such.
The web is a nutty place.
--
Todd H.
http://www.toddh.net/
Scarlett
Hi Dave your wasting your time ;-)
Donna
Scarlett
Ok what part of "0 page(s)
resulted in malicious software being downloaded and installed without
user consent."
Don't you understand...0 = none
Todd H.
>> B. 'Test' groups are for 'test' messages only and their subject
>> matter are to be IGNORED. Leave discussions to discussion groups.
>> You should *never* cross-post between a test group and a discussion
>> group.
>
> Again - you haven't said WHY! What difference does it make to you - or
> to anyone else?
BoaterDave,
I have been polite to you in the past and given you a wide berth of
newbieness.
But, seriously, you're begging for flamage unless you pull your head
out of your ass on some of these discussions.
Mr Lipman correctly states usenet netiquette regarding test
newsgroups.
> I do understand that what I do may be 'unconventional', and not what
> you have met before, but that doesn't make it *wrong* per se.
No, it's wrong to cross post between test and regular nesgroups,
period. Test groups are for testing. It's not something you'll
find in an RFC. It's common sense.
~BD~
Hello Todd
I have appreciated your attitude and thank you for being polite.
Have you taken time out to go to the 'microsoft.public.test.here' group
and read any of the conversations which I have enjoyed with, in
particular, Andrew Taylor and Peter Foldes?
Regardless, I thank you for your advice and look forward to watching the
video clips of your rabbits when you get round to posting them on YouTube!
Have a great weekend! :)
--
Dave
Tim Jackson
>> matter are to be IGNORED. Leave discussions to discussion groups.
>> You should *never* cross-post between a test group and a discussion
>> group.
>
> Again - you haven't said WHY! What difference does it make to you - or
> to anyone else?
>
> I do understand that what I do may be 'unconventional', and not what you
> have met before, but that doesn't make it *wrong* per se.
>
> --
> Dave (BD)
>
Mostly because it's RUDE!
Newsgroups have a topic for a reason. It is so that users can identify
what to expect to find in it without having to read all the posts.
We need netiquette to make the system work. If everyone goes around
co-opting newsgroups as their own private chat-room and disregarding the
stated topics then we have anarchy, and you will quickly find all groups
taken over and rendered useless by spammers.
As it stands if people make a nuisance of themselves by making off-topic
posts, we can complain to their ISP and get them stopped. If there was
no such thing as a group topic, we would not have that power.
You are clearly technically well in breach of that etiquette. It has to
be flexible, but you are stretching people's tolerance.
Basically, original posts to a newsgroup should be a question or a
timely announcement of new information and should be within the group's
topic. Replies should be pertinent to the original post or previous
replies, although they may drift somewhat from the group topic.
Anything else is in breach.
Tim Jackson
David H. Lipman
>> Who said it was "hosting malware" ?
>> Gooden wrote...
>> "...determined it to be an sql injection "iframe" within one of the
>> posts I posted to my blog..."
>> That's not malware per se, that's a malicious script that was flagged.
>> He also correctly pointed out...
>> "Normal people would see something like that google warning and
>> inform the person affected (me) instead of posting it to alt.... "
>> Plaese STOP cross-posting between 'test' news groups and
>> conversational news groups.
| Hi Dave your wasting your time ;-)
| Donna
OK :-)
DGB
I most certainly agree with your last point, Todd!
Thanks for the information.
David Lipman is trying to tell me something but I am still confused. I
thought the IP address mentioned related to Mr Gooden but it seems this
may not be so.
--
Dave
David in Devon
A lot of water has gone under the bridge since this post of yours.
Subsequent correspondence between us has been extremely useful in my
quest for the truth on-line. Thank you. :-)
Whilst 'here' - I wonder if anyone can cast any light on this new
contender which finds a malicious finding here:-
https://www.virustotal.com/#/url/e8f2ce1f2c0c57786600d4356ece6dd9dc9b0feb1b640f733397e285602e49e0/detection
--
David B.
Devon, UK