A warning from Google!

Discussion in 'Computer Security' started by BoaterDave, May 15, 2009.

  1. BoaterDave

    BoaterDave Guest

    Hi :)

    I went to this URL
    http://www.linkedin.com/ppl/webprof...thType=name&trk=ppro_viewmore&lnk=vw_pprofile
    where there is the LinkedIn profile for Gregory Gooden. (The owner of
    Annex.com)

    Under 'Websites' I selected 'My Blog' and went to this URL
    http://www.luftmensch.com/ I then clicked on RanZ(Blog) ..........

    And received this:- "Warning: Visiting this site may harm your
    computer" (White font on a bright red banner). That was followed
    by .........

    "The website you are visiting appears to contain malware. Malware is
    malicious software that may harm your computer or otherwise operate
    without your consent. Your computer can be infected just by browsing
    to a site with malware, without any further action on your part.

    For detailed information about problems found on this site, visit
    Google Safe Browsing diagnostic page for 74.222.134.170"

    The IP number was a link which, when followed, provided this
    information:-

    "What is the current listing status for 74.222.134.0?
    This site is not currently listed as suspicious.

    Part of this site was listed for suspicious activity 1 time(s) over
    the past 90 days.

    What happened when Google visited this site?
    Of the 13 pages we tested on the site over the past 90 days, 0 page(s)
    resulted in malicious software being downloaded and installed without
    user consent. The last time Google visited this site was on
    2009-05-14, and the last time suspicious content was found on this
    site was on 2009-05-14.
    Malicious software includes 8 trojan(s), 6 scripting exploit(s), 4
    exploit(s).

    This site was hosted on 1 network(s) including AS35908 (VPLSNET).

    Has this site acted as an intermediary resulting in further
    distribution of malware?
    Over the past 90 days, 74.222.134.0 did not appear to function as an
    intermediary for the infection of any sites.

    Has this site hosted malware?
    Yes, this site has hosted malicious software over the past 90 days. It
    infected 6 domain(s), including blonging.com/, myinvestorblog.com/,
    dollarandsense.net/.

    Next steps:
    Return to the previous page.
    If you are the owner of this web site, you can request a review of
    your site using Google Webmaster Tools. More information about the
    review process is available in Google's Webmaster Help Center.

    **************************

    There was a "Go Back" and an "Ignore warning" button. Selecting the
    latter, I ended up here http://www.luftmensch.com/wordpress/

    It seems a great site to own - you might even notice that there is a
    comment which I left there last July with regard to "A day at the
    zoo"!

    *** Googling 74.222.134.170 gives some interesting results! ***

    From what I can gather with my limited knowledge, 74.222.134.170 is
    located in California (http://www.geoiptool.com/en/?IP=74.222.134.170)

    I'm left wondering who might have wished to infect Mr Gooden's Blog
    pages ...... and if the same folk may have 'got at' the Annexcafe
    newsgroups too!

    --
    Dave
    BoaterDave, May 15, 2009
    #1
    1. Advertising

  2. BoaterDave

    ~BD~ Guest

    BoaterDave wrote:
    > Hi :)
    >
    > I went to this URL
    > http://www.linkedin.com/ppl/webprof...thType=name&trk=ppro_viewmore&lnk=vw_pprofile
    > where there is the LinkedIn profile for Gregory Gooden. (The owner of
    > Annex.com)
    >
    > Under 'Websites' I selected 'My Blog' and went to this URL
    > http://www.luftmensch.com/ I then clicked on RanZ(Blog) ..........
    >
    > And received this:- "Warning: Visiting this site may harm your
    > computer" (White font on a bright red banner). That was followed
    > by .........
    >
    > "The website you are visiting appears to contain malware. Malware is
    > malicious software that may harm your computer or otherwise operate
    > without your consent. Your computer can be infected just by browsing
    > to a site with malware, without any further action on your part.
    >
    > For detailed information about problems found on this site, visit
    > Google Safe Browsing diagnostic page for 74.222.134.170"
    >
    > The IP number was a link which, when followed, provided this
    > information:-
    >
    > "What is the current listing status for 74.222.134.0?
    > This site is not currently listed as suspicious.
    >
    > Part of this site was listed for suspicious activity 1 time(s) over
    > the past 90 days.
    >
    > What happened when Google visited this site?
    > Of the 13 pages we tested on the site over the past 90 days, 0 page(s)
    > resulted in malicious software being downloaded and installed without
    > user consent. The last time Google visited this site was on
    > 2009-05-14, and the last time suspicious content was found on this
    > site was on 2009-05-14.
    > Malicious software includes 8 trojan(s), 6 scripting exploit(s), 4
    > exploit(s).
    >
    > This site was hosted on 1 network(s) including AS35908 (VPLSNET).
    >
    > Has this site acted as an intermediary resulting in further
    > distribution of malware?
    > Over the past 90 days, 74.222.134.0 did not appear to function as an
    > intermediary for the infection of any sites.
    >
    > Has this site hosted malware?
    > Yes, this site has hosted malicious software over the past 90 days. It
    > infected 6 domain(s), including blonging.com/, myinvestorblog.com/,
    > dollarandsense.net/.
    >
    > Next steps:
    > Return to the previous page.
    > If you are the owner of this web site, you can request a review of
    > your site using Google Webmaster Tools. More information about the
    > review process is available in Google's Webmaster Help Center.
    >
    > **************************
    >
    > There was a "Go Back" and an "Ignore warning" button. Selecting the
    > latter, I ended up here http://www.luftmensch.com/wordpress/
    >
    > It seems a great site to own - you might even notice that there is a
    > comment which I left there last July with regard to "A day at the
    > zoo"!
    >
    > *** Googling 74.222.134.170 gives some interesting results! ***
    >
    > From what I can gather with my limited knowledge, 74.222.134.170 is
    > located in California (http://www.geoiptool.com/en/?IP=74.222.134.170)
    >
    > I'm left wondering who might have wished to infect Mr Gooden's Blog
    > pages ...... and if the same folk may have 'got at' the Annexcafe
    > newsgroups too!
    >
    > --
    > Dave


    Mr Gooden responded to me by email and said .......

    "Normal people would see something like that google warning and inform
    the person affected (me) instead of posting it to alt.whatever... and
    then submit some surreptitious feedback form to me. Once I saw what you
    were talking about, I determined it to be an sql injection "iframe"
    within one of the posts I posted to my blog from another blog. Once I
    knew, post removed."

    Maybe that is why I cannot replicate that same Google warning now.

    Hmmm. But that doesn't explain why the blog site had hosted malware
    previously ..... *does* it?

    Stroking chin!

    --
    Dave
    ~BD~, May 15, 2009
    #2
    1. Advertising

  3. BoaterDave

    ~BD~ Guest

    David H. Lipman wrote:
    > From: "~BD~" <>
    >
    > | BoaterDave wrote:
    >>> Hi :)

    >
    >>> I went to this URL
    >>> http://www.linkedin.com/ppl/webprofile?action=vmi&id=1317524&pvs=pp&authToken=jNAa&
    >>> authType=name&trk=ppro_viewmore&lnk=vw_pprofile
    >>> where there is the LinkedIn profile for Gregory Gooden. (The owner of
    >>> Annex.com)

    >
    >>> Under 'Websites' I selected 'My Blog' and went to this URL
    >>> http://www.luftmensch.com/ I then clicked on RanZ(Blog) ..........

    >
    >>> And received this:- "Warning: Visiting this site may harm your
    >>> computer" (White font on a bright red banner). That was followed
    >>> by .........

    >
    >>> "The website you are visiting appears to contain malware. Malware is
    >>> malicious software that may harm your computer or otherwise operate
    >>> without your consent. Your computer can be infected just by browsing
    >>> to a site with malware, without any further action on your part.

    >
    >>> For detailed information about problems found on this site, visit
    >>> Google Safe Browsing diagnostic page for 74.222.134.170"

    >
    >>> The IP number was a link which, when followed, provided this
    >>> information:-

    >
    >>> "What is the current listing status for 74.222.134.0?
    >>> This site is not currently listed as suspicious.

    >
    >>> Part of this site was listed for suspicious activity 1 time(s) over
    >>> the past 90 days.

    >
    >>> What happened when Google visited this site?
    >>> Of the 13 pages we tested on the site over the past 90 days, 0 page(s)
    >>> resulted in malicious software being downloaded and installed without
    >>> user consent. The last time Google visited this site was on
    >>> 2009-05-14, and the last time suspicious content was found on this
    >>> site was on 2009-05-14.
    >>> Malicious software includes 8 trojan(s), 6 scripting exploit(s), 4
    >>> exploit(s).

    >
    >>> This site was hosted on 1 network(s) including AS35908 (VPLSNET).

    >
    >>> Has this site acted as an intermediary resulting in further
    >>> distribution of malware?
    >>> Over the past 90 days, 74.222.134.0 did not appear to function as an
    >>> intermediary for the infection of any sites.

    >
    >>> Has this site hosted malware?
    >>> Yes, this site has hosted malicious software over the past 90 days. It
    >>> infected 6 domain(s), including blonging.com/, myinvestorblog.com/,
    >>> dollarandsense.net/.

    >
    >>> Next steps:
    >>> Return to the previous page.
    >>> If you are the owner of this web site, you can request a review of
    >>> your site using Google Webmaster Tools. More information about the
    >>> review process is available in Google's Webmaster Help Center.

    >
    >>> **************************

    >
    >>> There was a "Go Back" and an "Ignore warning" button. Selecting the
    >>> latter, I ended up here http://www.luftmensch.com/wordpress/

    >
    >>> It seems a great site to own - you might even notice that there is a
    >>> comment which I left there last July with regard to "A day at the
    >>> zoo"!

    >
    >>> *** Googling 74.222.134.170 gives some interesting results! ***

    >
    >>> From what I can gather with my limited knowledge, 74.222.134.170 is
    >>> located in California (http://www.geoiptool.com/en/?IP=74.222.134.170)

    >
    >>> I'm left wondering who might have wished to infect Mr Gooden's Blog
    >>> pages ...... and if the same folk may have 'got at' the Annexcafe
    >>> newsgroups too!

    >
    >>> --
    >>> Dave

    >
    > | Mr Gooden responded to me by email and said .......
    >
    > | "Normal people would see something like that google warning and inform
    > | the person affected (me) instead of posting it to alt.whatever... and
    > | then submit some surreptitious feedback form to me. Once I saw what you
    > | were talking about, I determined it to be an sql injection "iframe"
    > | within one of the posts I posted to my blog from another blog. Once I
    > | knew, post removed."
    >
    > | Maybe that is why I cannot replicate that same Google warning now.
    >
    > | Hmmm. But that doesn't explain why the blog site had hosted malware
    > | previously ..... *does* it?
    >
    > | Stroking chin!
    >
    > | --
    > | Dave
    >
    > Who said it was "hosting malware" ?



    *Google* said .....

    What happened when Google visited this site?
    Of the 13 pages we tested on the site over the past 90 days, 0 page(s)
    resulted in malicious software being downloaded and installed without
    user consent. The last time Google visited this site was on
    2009-05-14, and the last time suspicious content was found on this
    site was on 2009-05-14.
    Malicious software includes 8 trojan(s), 6 scripting exploit(s), 4
    exploit(s).

    This site was hosted on 1 network(s) including AS35908 (VPLSNET).

    Has this site hosted malware?
    Yes, this site has hosted malicious software over the past 90 days. It
    infected 6 domain(s), including blonging.com/, myinvestorblog.com/,
    dollarandsense.net/.

    ******************

    Have I misunderstood something - or didn't you read what I'd posted?


    > Plaese STOP cross-posting between 'test' news groups and conversational news groups.



    David - you are *not* the Usenet police. I would like to know exactly
    *why* it bothers you that I choose to include that specific test group
    in some of my posts.

    If you explain your reasoning I *might* be more cooperative!

    Try me and see! ;)

    --
    Dave (BD)
    ~BD~, May 16, 2009
    #3
  4. BoaterDave

    ~BD~ Guest

    David H. Lipman wrote:
    > From: "~BD~" <>
    >
    > | David H. Lipman wrote:
    >>> From: "~BD~" <>

    >
    >>> | BoaterDave wrote:
    >>>>> Hi :)

    >
    >>>>> I went to this URL
    >>>>> http://www.linkedin.com/ppl/webprofile?action=vmi&id=1317524&pvs=pp&authToken=jNAa&
    >>>>> authType=name&trk=ppro_viewmore&lnk=vw_pprofile
    >>>>> where there is the LinkedIn profile for Gregory Gooden. (The owner of
    >>>>> Annex.com)

    >
    >>>>> Under 'Websites' I selected 'My Blog' and went to this URL
    >>>>> http://www.luftmensch.com/ I then clicked on RanZ(Blog) ..........

    >
    >>>>> And received this:- "Warning: Visiting this site may harm your
    >>>>> computer" (White font on a bright red banner). That was followed
    >>>>> by .........

    >
    >>>>> "The website you are visiting appears to contain malware. Malware is
    >>>>> malicious software that may harm your computer or otherwise operate
    >>>>> without your consent. Your computer can be infected just by browsing
    >>>>> to a site with malware, without any further action on your part.

    >
    >>>>> For detailed information about problems found on this site, visit
    >>>>> Google Safe Browsing diagnostic page for 74.222.134.170"

    >
    >>>>> The IP number was a link which, when followed, provided this
    >>>>> information:-

    >
    >>>>> "What is the current listing status for 74.222.134.0?
    >>>>> This site is not currently listed as suspicious.

    >
    >>>>> Part of this site was listed for suspicious activity 1 time(s) over
    >>>>> the past 90 days.

    >
    >>>>> What happened when Google visited this site?
    >>>>> Of the 13 pages we tested on the site over the past 90 days, 0 page(s)
    >>>>> resulted in malicious software being downloaded and installed without
    >>>>> user consent. The last time Google visited this site was on
    >>>>> 2009-05-14, and the last time suspicious content was found on this
    >>>>> site was on 2009-05-14.
    >>>>> Malicious software includes 8 trojan(s), 6 scripting exploit(s), 4
    >>>>> exploit(s).

    >
    >>>>> This site was hosted on 1 network(s) including AS35908 (VPLSNET).

    >
    >>>>> Has this site acted as an intermediary resulting in further
    >>>>> distribution of malware?
    >>>>> Over the past 90 days, 74.222.134.0 did not appear to function as an
    >>>>> intermediary for the infection of any sites.

    >
    >>>>> Has this site hosted malware?
    >>>>> Yes, this site has hosted malicious software over the past 90 days. It
    >>>>> infected 6 domain(s), including blonging.com/, myinvestorblog.com/,
    >>>>> dollarandsense.net/.

    >
    >>>>> Next steps:
    >>>>> Return to the previous page.
    >>>>> If you are the owner of this web site, you can request a review of
    >>>>> your site using Google Webmaster Tools. More information about the
    >>>>> review process is available in Google's Webmaster Help Center.

    >
    >>>>> **************************

    >
    >>>>> There was a "Go Back" and an "Ignore warning" button. Selecting the
    >>>>> latter, I ended up here http://www.luftmensch.com/wordpress/

    >
    >>>>> It seems a great site to own - you might even notice that there is a
    >>>>> comment which I left there last July with regard to "A day at the
    >>>>> zoo"!

    >
    >>>>> *** Googling 74.222.134.170 gives some interesting results! ***

    >
    >>>>> From what I can gather with my limited knowledge, 74.222.134.170 is
    >>>>> located in California (http://www.geoiptool.com/en/?IP=74.222.134.170)

    >
    >>>>> I'm left wondering who might have wished to infect Mr Gooden's Blog
    >>>>> pages ...... and if the same folk may have 'got at' the Annexcafe
    >>>>> newsgroups too!

    >
    >>>>> --
    >>>>> Dave

    >
    >>> | Mr Gooden responded to me by email and said .......

    >
    >>> | "Normal people would see something like that google warning and inform
    >>> | the person affected (me) instead of posting it to alt.whatever... and
    >>> | then submit some surreptitious feedback form to me. Once I saw what you
    >>> | were talking about, I determined it to be an sql injection "iframe"
    >>> | within one of the posts I posted to my blog from another blog. Once I
    >>> | knew, post removed."

    >
    >>> | Maybe that is why I cannot replicate that same Google warning now.

    >
    >>> | Hmmm. But that doesn't explain why the blog site had hosted malware
    >>> | previously ..... *does* it?

    >
    >>> | Stroking chin!

    >
    >>> | --
    >>> | Dave

    >
    >>> Who said it was "hosting malware" ?

    >
    >
    > | *Google* said .....
    >
    > | What happened when Google visited this site?
    > | Of the 13 pages we tested on the site over the past 90 days, 0 page(s)
    > | resulted in malicious software being downloaded and installed without
    > | user consent. The last time Google visited this site was on
    > | 2009-05-14, and the last time suspicious content was found on this
    > | site was on 2009-05-14.
    > | Malicious software includes 8 trojan(s), 6 scripting exploit(s), 4
    > | exploit(s).
    >
    > | This site was hosted on 1 network(s) including AS35908 (VPLSNET).
    >
    > | Has this site hosted malware?
    > | Yes, this site has hosted malicious software over the past 90 days. It
    > | infected 6 domain(s), including blonging.com/, myinvestorblog.com/,
    > | dollarandsense.net/.
    >
    > | ******************
    >
    > | Have I misunderstood something - or didn't you read what I'd posted?
    >
    >
    >>> Plaese STOP cross-posting between 'test' news groups and conversational news groups.

    >
    >
    > | David - you are *not* the Usenet police. I would like to know exactly
    > | *why* it bothers you that I choose to include that specific test group
    > | in some of my posts.
    >
    > | If you explain your reasoning I *might* be more cooperative!
    >
    > | Try me and see! ;)
    >
    > | --
    > | Dave (BD)
    >
    > A. You misinterpreted both messages.



    A very blasé answer. How can I ever learn if you chose not to explain
    how/why? As you sometimes say "drop me an email" if you don't wish to
    show your cards here.

    Are you telling me that 74.222.134.0 is *not* associated with Mr Gooden?
    If so, please tell me why you think this.


    > B. 'Test' groups are for 'test' messages only and their subject matter are to be
    > IGNORED. Leave discussions to discussion groups. You should *never* cross-post between
    > a test group and a discussion group.


    Again - you haven't said WHY! What difference does it make to you - or
    to anyone else?

    I do understand that what I do may be 'unconventional', and not what you
    have met before, but that doesn't make it *wrong* per se.

    --
    Dave (BD)
    ~BD~, May 16, 2009
    #4
  5. BoaterDave

    Todd H. Guest

    ~BD~ <> writes:

    > Hmmm. But that doesn't explain why the blog site had hosted malware
    > previously ..... *does* it?



    Rotated banner ads can have malware. There's also a blog-takeover
    hack that's been recently announced at a security con (can't remember
    details), a cross site scripting issue taken advantage of by a blog
    commenter--lots of possible reasons that google may have flagged it as
    such.

    The web is a nutty place.

    --
    Todd H.
    http://www.toddh.net/
    Todd H., May 16, 2009
    #5
  6. BoaterDave

    Scarlett Guest

    David H. Lipman wrote:
    > From: "~BD~" <>
    >
    >> BoaterDave wrote:
    >>> Hi :)

    >
    >>> I went to this URL
    >>> http://www.linkedin.com/ppl/webprofile?action=vmi&id=1317524&pvs=pp&authToken=jNAa&
    >>> authType=name&trk=ppro_viewmore&lnk=vw_pprofile
    >>> where there is the LinkedIn profile for Gregory Gooden. (The owner
    >>> of Annex.com)

    >
    >>> Under 'Websites' I selected 'My Blog' and went to this URL
    >>> http://www.luftmensch.com/ I then clicked on RanZ(Blog)
    >>> ..........

    >
    >>> And received this:- "Warning: Visiting this site may harm your
    >>> computer" (White font on a bright red banner). That was followed
    >>> by .........

    >
    >>> "The website you are visiting appears to contain malware. Malware is
    >>> malicious software that may harm your computer or otherwise operate
    >>> without your consent. Your computer can be infected just by browsing
    >>> to a site with malware, without any further action on your part.

    >
    >>> For detailed information about problems found on this site, visit
    >>> Google Safe Browsing diagnostic page for 74.222.134.170"

    >
    >>> The IP number was a link which, when followed, provided this
    >>> information:-

    >
    >>> "What is the current listing status for 74.222.134.0?
    >>> This site is not currently listed as suspicious.

    >
    >>> Part of this site was listed for suspicious activity 1 time(s) over
    >>> the past 90 days.

    >
    >>> What happened when Google visited this site?
    >>> Of the 13 pages we tested on the site over the past 90 days, 0
    >>> page(s) resulted in malicious software being downloaded and
    >>> installed without user consent. The last time Google visited this
    >>> site was on 2009-05-14, and the last time suspicious content was
    >>> found on this site was on 2009-05-14.
    >>> Malicious software includes 8 trojan(s), 6 scripting exploit(s), 4
    >>> exploit(s).

    >
    >>> This site was hosted on 1 network(s) including AS35908 (VPLSNET).

    >
    >>> Has this site acted as an intermediary resulting in further
    >>> distribution of malware?
    >>> Over the past 90 days, 74.222.134.0 did not appear to function as an
    >>> intermediary for the infection of any sites.

    >
    >>> Has this site hosted malware?
    >>> Yes, this site has hosted malicious software over the past 90 days.
    >>> It infected 6 domain(s), including blonging.com/,
    >>> myinvestorblog.com/, dollarandsense.net/.

    >
    >>> Next steps:
    >>> Return to the previous page.
    >>> If you are the owner of this web site, you can request a review of
    >>> your site using Google Webmaster Tools. More information about the
    >>> review process is available in Google's Webmaster Help Center.

    >
    >>> **************************

    >
    >>> There was a "Go Back" and an "Ignore warning" button. Selecting the
    >>> latter, I ended up here http://www.luftmensch.com/wordpress/

    >
    >>> It seems a great site to own - you might even notice that there is a
    >>> comment which I left there last July with regard to "A day at the
    >>> zoo"!

    >
    >>> *** Googling 74.222.134.170 gives some interesting results! ***

    >
    >>> From what I can gather with my limited knowledge, 74.222.134.170 is
    >>> located in California
    >>> (http://www.geoiptool.com/en/?IP=74.222.134.170)

    >
    >>> I'm left wondering who might have wished to infect Mr Gooden's Blog
    >>> pages ...... and if the same folk may have 'got at' the Annexcafe
    >>> newsgroups too!

    >
    >>> --
    >>> Dave

    >
    >> Mr Gooden responded to me by email and said .......

    >
    >> "Normal people would see something like that google warning and
    >> inform the person affected (me) instead of posting it to
    >> alt.whatever... and then submit some surreptitious feedback form to
    >> me. Once I saw what you were talking about, I determined it to be an
    >> sql injection "iframe" within one of the posts I posted to my blog
    >> from another blog. Once I knew, post removed."

    >
    >> Maybe that is why I cannot replicate that same Google warning now.

    >
    >> Hmmm. But that doesn't explain why the blog site had hosted malware
    >> previously ..... *does* it?

    >
    >> Stroking chin!

    >
    >> --
    >> Dave

    >
    > Who said it was "hosting malware" ?
    >
    > Gooden wrote...
    > "...determined it to be an sql injection "iframe" within one of the
    > posts I posted to my blog..."
    >
    > That's not malware per se, that's a malicious script that was flagged.
    >
    > He also correctly pointed out...
    > "Normal people would see something like that google warning and
    > inform the person affected (me) instead of posting it to alt.... "
    >
    > Plaese STOP cross-posting between 'test' news groups and
    > conversational news groups.


    Hi Dave your wasting your time ;-)

    Donna
    Scarlett, May 16, 2009
    #6
  7. BoaterDave

    Scarlett Guest

    ~BD~ wrote:
    > David H. Lipman wrote:
    >> From: "~BD~" <>
    >>
    >>> BoaterDave wrote:
    >>>> Hi :)

    >>
    >>>> I went to this URL
    >>>> http://www.linkedin.com/ppl/webprofile?action=vmi&id=1317524&pvs=pp&authToken=jNAa&
    >>>> authType=name&trk=ppro_viewmore&lnk=vw_pprofile
    >>>> where there is the LinkedIn profile for Gregory Gooden. (The
    >>>> owner of Annex.com)

    >>
    >>>> Under 'Websites' I selected 'My Blog' and went to this URL
    >>>> http://www.luftmensch.com/ I then clicked on RanZ(Blog)
    >>>> ..........

    >>
    >>>> And received this:- "Warning: Visiting this site may harm your
    >>>> computer" (White font on a bright red banner). That was followed
    >>>> by .........

    >>
    >>>> "The website you are visiting appears to contain malware. Malware
    >>>> is malicious software that may harm your computer or otherwise
    >>>> operate without your consent. Your computer can be infected just
    >>>> by browsing to a site with malware, without any further action on
    >>>> your part.

    >>
    >>>> For detailed information about problems found on this site, visit
    >>>> Google Safe Browsing diagnostic page for 74.222.134.170"

    >>
    >>>> The IP number was a link which, when followed, provided this
    >>>> information:-

    >>
    >>>> "What is the current listing status for 74.222.134.0?
    >>>> This site is not currently listed as suspicious.

    >>
    >>>> Part of this site was listed for suspicious activity 1 time(s) over
    >>>> the past 90 days.

    >>
    >>>> What happened when Google visited this site?
    >>>> Of the 13 pages we tested on the site over the past 90 days, 0
    >>>> page(s) resulted in malicious software being downloaded and
    >>>> installed without user consent. The last time Google visited this
    >>>> site was on 2009-05-14, and the last time suspicious content was
    >>>> found on this site was on 2009-05-14.
    >>>> Malicious software includes 8 trojan(s), 6 scripting exploit(s), 4
    >>>> exploit(s).

    >>
    >>>> This site was hosted on 1 network(s) including AS35908 (VPLSNET).

    >>
    >>>> Has this site acted as an intermediary resulting in further
    >>>> distribution of malware?
    >>>> Over the past 90 days, 74.222.134.0 did not appear to function as
    >>>> an intermediary for the infection of any sites.

    >>
    >>>> Has this site hosted malware?
    >>>> Yes, this site has hosted malicious software over the past 90
    >>>> days. It infected 6 domain(s), including blonging.com/,
    >>>> myinvestorblog.com/, dollarandsense.net/.

    >>
    >>>> Next steps:
    >>>> Return to the previous page.
    >>>> If you are the owner of this web site, you can request a review of
    >>>> your site using Google Webmaster Tools. More information about the
    >>>> review process is available in Google's Webmaster Help Center.

    >>
    >>>> **************************

    >>
    >>>> There was a "Go Back" and an "Ignore warning" button. Selecting
    >>>> the latter, I ended up here http://www.luftmensch.com/wordpress/

    >>
    >>>> It seems a great site to own - you might even notice that there is
    >>>> a comment which I left there last July with regard to "A day at the
    >>>> zoo"!

    >>
    >>>> *** Googling 74.222.134.170 gives some interesting results! ***

    >>
    >>>> From what I can gather with my limited knowledge, 74.222.134.170 is
    >>>> located in California
    >>>> (http://www.geoiptool.com/en/?IP=74.222.134.170)

    >>
    >>>> I'm left wondering who might have wished to infect Mr Gooden's Blog
    >>>> pages ...... and if the same folk may have 'got at' the Annexcafe
    >>>> newsgroups too!

    >>
    >>>> --
    >>>> Dave

    >>
    >>> Mr Gooden responded to me by email and said .......

    >>
    >>> "Normal people would see something like that google warning and
    >>> inform the person affected (me) instead of posting it to
    >>> alt.whatever... and then submit some surreptitious feedback form to
    >>> me. Once I saw what you were talking about, I determined it to be
    >>> an sql injection "iframe" within one of the posts I posted to my
    >>> blog from another blog. Once I knew, post removed."

    >>
    >>> Maybe that is why I cannot replicate that same Google warning now.

    >>
    >>> Hmmm. But that doesn't explain why the blog site had hosted malware
    >>> previously ..... *does* it?

    >>
    >>> Stroking chin!

    >>
    >>> --
    >>> Dave

    >>
    >> Who said it was "hosting malware" ?

    >
    >
    > *Google* said .....
    >
    > What happened when Google visited this site?
    > Of the 13 pages we tested on the site over the past 90 days, 0 page(s)
    > resulted in malicious software being downloaded and installed without
    > user consent. The last time Google visited this site was on
    > 2009-05-14, and the last time suspicious content was found on this
    > site was on 2009-05-14.
    > Malicious software includes 8 trojan(s), 6 scripting exploit(s), 4
    > exploit(s).
    >
    > This site was hosted on 1 network(s) including AS35908 (VPLSNET).
    >
    > Has this site hosted malware?
    > Yes, this site has hosted malicious software over the past 90 days. It
    > infected 6 domain(s), including blonging.com/, myinvestorblog.com/,
    > dollarandsense.net/.
    >
    > ******************
    >
    > Have I misunderstood something - or didn't you read what I'd posted?
    >
    >
    >> Plaese STOP cross-posting between 'test' news groups and
    >> conversational news groups.

    >
    >
    > David - you are *not* the Usenet police. I would like to know exactly
    > *why* it bothers you that I choose to include that specific test group
    > in some of my posts.
    >
    > If you explain your reasoning I *might* be more cooperative!
    >
    > Try me and see! ;)


    Ok what part of "0 page(s)
    resulted in malicious software being downloaded and installed without
    user consent."

    Don't you understand...0 = none
    Scarlett, May 16, 2009
    #7
  8. BoaterDave

    Todd H. Guest

    ~BD~ <> writes:

    >> B. 'Test' groups are for 'test' messages only and their subject
    >> matter are to be IGNORED. Leave discussions to discussion groups.
    >> You should *never* cross-post between a test group and a discussion
    >> group.

    >
    > Again - you haven't said WHY! What difference does it make to you - or
    > to anyone else?


    BoaterDave,

    I have been polite to you in the past and given you a wide berth of
    newbieness.

    But, seriously, you're begging for flamage unless you pull your head
    out of your ass on some of these discussions.

    Mr Lipman correctly states usenet netiquette regarding test
    newsgroups.

    > I do understand that what I do may be 'unconventional', and not what
    > you have met before, but that doesn't make it *wrong* per se.


    No, it's wrong to cross post between test and regular nesgroups,
    period. Test groups are for testing. It's not something you'll
    find in an RFC. It's common sense.


    --
    Todd H.
    http://www.toddh.net/
    Todd H., May 16, 2009
    #8
  9. BoaterDave

    ~BD~ Guest

    Todd H. wrote:
    > ~BD~ <> writes:
    >
    >>> B. 'Test' groups are for 'test' messages only and their subject
    >>> matter are to be IGNORED. Leave discussions to discussion groups.
    >>> You should *never* cross-post between a test group and a discussion
    >>> group.

    >> Again - you haven't said WHY! What difference does it make to you - or
    >> to anyone else?

    >
    > BoaterDave,
    >
    > I have been polite to you in the past and given you a wide berth of
    > newbieness.
    >
    > But, seriously, you're begging for flamage unless you pull your head
    > out of your ass on some of these discussions.
    >
    > Mr Lipman correctly states usenet netiquette regarding test
    > newsgroups.
    >
    >> I do understand that what I do may be 'unconventional', and not what
    >> you have met before, but that doesn't make it *wrong* per se.

    >
    > No, it's wrong to cross post between test and regular nesgroups,
    > period. Test groups are for testing. It's not something you'll
    > find in an RFC. It's common sense.
    >
    >


    Hello Todd

    I have appreciated your attitude and thank you for being polite.

    Have you taken time out to go to the 'microsoft.public.test.here' group
    and read any of the conversations which I have enjoyed with, in
    particular, Andrew Taylor and Peter Foldes?

    Regardless, I thank you for your advice and look forward to watching the
    video clips of your rabbits when you get round to posting them on YouTube!

    Have a great weekend! :)

    --
    Dave
    ~BD~, May 16, 2009
    #9
  10. BoaterDave

    DGB Guest

    Todd H. wrote:
    > ~BD~ <> writes:
    >
    >> Hmmm. But that doesn't explain why the blog site had hosted malware
    >> previously ..... *does* it?

    >
    >
    > Rotated banner ads can have malware. There's also a blog-takeover
    > hack that's been recently announced at a security con (can't remember
    > details), a cross site scripting issue taken advantage of by a blog
    > commenter--lots of possible reasons that google may have flagged it as
    > such.
    >
    > The web is a nutty place.
    >



    I most certainly agree with your last point, Todd!

    Thanks for the information.

    David Lipman is trying to tell me something but I am still confused. I
    thought the IP address mentioned related to Mr Gooden but it seems this
    may not be so.

    --
    Dave
    DGB, May 16, 2009
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Charles

    Warning: WARNING

    Charles, Aug 15, 2005, in forum: Computer Support
    Replies:
    7
    Views:
    4,679
    =?ISO-8859-15?Q?Brian_H=B9=A9?=
    Aug 16, 2005
  2. DD

    Google Warning...

    DD, May 13, 2005, in forum: Computer Security
    Replies:
    24
    Views:
    1,273
  3. james

    Google virus/spyware warning

    james, Dec 30, 2005, in forum: Computer Security
    Replies:
    18
    Views:
    7,141
    james
    Jan 30, 2006
  4. Mike Easter

    Re: Question regarding Site Warning from Google

    Mike Easter, Oct 11, 2009, in forum: Computer Support
    Replies:
    1
    Views:
    376
    Buffalo
    Oct 11, 2009
  5. richard

    Re: Question regarding Site Warning from Google

    richard, Oct 11, 2009, in forum: Computer Support
    Replies:
    1
    Views:
    358
    Oldus Fartus
    Oct 12, 2009
Loading...

Share This Page