Reported Attack Site

[The Wierd It]

Strike that; it's happened again.

EDIT: And suddenly not. Not sure what happened there.

[The Wierd It]

It keeps coming up for me; either there's a problem on my end or the bad code snuck back in.

[Mazryonh]

Yeah, the "Reported Attack Site" keeps coming back for me as well. I was in the middle of creating a new page of mine, but until this is resolved, I'm not sure it's safe to keep doing so.

[The Wierd It]

Seems it's not just our problem but a fairly general one.

[bunni]

It's hard for us to track down which ad causes it due to how specific ad delivery is these days. Every individual sees ads tailored to them. Additionally the ads masquerade as legitimate ads, and load java exploits randomly. Browsers like Chrome and Firefox protect you when this code is detected and don't execute it.

We use two ad networks, AdSense and OpenX, they're as large and legitimate as they come and these issues seem to be hitting quite a lot of large sites right now.

I've looked into analyzing the ad code on our end for exploits before it's served but haven't found anything.

[Mazryonh]

Another strange bug has arisen recently. When I switched to my machine using a 4:3 monitor but did not log in, the main wiki site went into a sort of "safe mode" where frames were not used and only basic HTML text was used, making the site very difficult to navigate. This went away when I logged in, but I'd like to know if anyone else has experienced this bug.

[Spartan198]

Quote:

Originally Posted by Mazryonh

Another strange bug has arisen recently. When I switched to my machine using a 4:3 monitor but did not log in, the main wiki site went into a sort of "safe mode" where frames were not used and only basic HTML text was used, making the site very difficult to navigate. This went away when I logged in, but I'd like to know if anyone else has experienced this bug.

That's not a bug, it's the site's default skin.

[bunni]

Quote:

Originally Posted by Mazryonh

Another strange bug has arisen recently. When I switched to my machine using a 4:3 monitor but did not log in, the main wiki site went into a sort of "safe mode" where frames were not used and only basic HTML text was used, making the site very difficult to navigate. This went away when I logged in, but I'd like to know if anyone else has experienced this bug.

That sounds like the css file wasn't being served - my guess would be that file was unavailable at that moment for whatever reason and instead you were just getting plain html text.

[Sergei Titov]

What is the current listing status for imfdb.org?
This site is not currently listed as suspicious.

Part of this site was listed for suspicious activity 2 time(s) over the past 90 days.

What happened when Google visited this site?
Of the 562 pages we tested on the site over the past 90 days, 48 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-02-03, and the last time suspicious content was found on this site was on 2012-12-23.
Malicious software includes 1 exploit(s).

Malicious software is hosted on 2 domain(s), including iicl.tk/, rltk.us/.

1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including rltk.us/.

This site was hosted on 2 network(s) including AS13335 (CLOUDFLARENET), AS6939 (HURRICANE).

Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, imfdb.org did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.

[bunni]

Quote:

Originally Posted by Sergei Titov

What is the current listing status for imfdb.org?
This site is not currently listed as suspicious.

Part of this site was listed for suspicious activity 2 time(s) over the past 90 days.

What happened when Google visited this site?
Of the 562 pages we tested on the site over the past 90 days, 48 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-02-03, and the last time suspicious content was found on this site was on 2012-12-23.
Malicious software includes 1 exploit(s).

Malicious software is hosted on 2 domain(s), including iicl.tk/, rltk.us/.

1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including rltk.us/.

This site was hosted on 2 network(s) including AS13335 (CLOUDFLARENET), AS6939 (HURRICANE).

Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, imfdb.org did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.

Yea, it happened again over the weekend. It was the same vector again, an ad from one of our ad providers, openx. Here was their response:

Quote:

There was an incident of malicious ads detected within the OpenX Market during the EST evening last night.
The malicious creatives were caught by monitoring & removed from the system.

This issue would cause a Google alert concerning the malicious domain: ads.zitaholdings.com

If your site was blocked by Google, please login to your Google Webmaster account and request a re-scan of the website in order to have the warnings removed.

I now have a direct contact within openx to report malicious ads.