Hi,
when using Chrome/Chromium:
http://www.qgis.org/
The site ahead contains harmful programs
Attackers on www.qgis.org might attempt to trick you into installing
programs that harm your browsing experience (for example, by changing
your homepage or showing extra ads on sites you visit).
likewise for other *.osgeo.org sites...
Now what?
Markus
Markus
I do not get this warningOSX Chrome Version 44.0.2403.130 (64-bit)
Are you sure this isn’t just you ?
Norman
On Aug 7, 2015, at 9:38 AM, Markus Neteler <neteler@osgeo.org> wrote:
Hi,
when using Chrome/Chromium:
http://www.qgis.org/
The site ahead contains harmful programsAttackers on www.qgis.org might attempt to trick you into installing
programs that harm your browsing experience (for example, by changing
your homepage or showing extra ads on sites you visit).likewise for other *.osgeo.org sites…
Now what?
Markus
Sac mailing list
Sac@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/sac
I get the warning too.
On Chromium Version 43.0.2357.130 Ubuntu 14.04 (64-bit),
Not in FF 39.0 though…
Christian
Am 07.08.2015 um 15:50 schrieb Norman Vine:
Markus
I do not get this warningOSX Chrome Version 44.0.2403.130 (64-bit)
Are you sure this isn’t just you ?
Norman
On Aug 7, 2015, at 9:38 AM, Markus Neteler <neteler@osgeo.org> wrote:
Hi,
when using Chrome/Chromium:
http://www.qgis.org/
The site ahead contains harmful programsAttackers on www.qgis.org might attempt to trick you into installing
programs that harm your browsing experience (for example, by changing
your homepage or showing extra ads on sites you visit).likewise for other *.osgeo.org sites…
Now what?
Markus
Sac mailing list
Sac@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/sac_______________________________________________ Sac mailing list [Sac@lists.osgeo.org](mailto:Sac@lists.osgeo.org) [http://lists.osgeo.org/mailman/listinfo/sac](http://lists.osgeo.org/mailman/listinfo/sac)
On Fri, Aug 7, 2015 at 3:50 PM, Norman Vine <nhv@cape.com> wrote:
Markus
I do not get this warning
OSX Chrome Version 44.0.2403.130 (64-bit)Are you sure this isn't just you ?
Unfortunately not:
https://lists.osgeo.org/pipermail/qgis-developer/2015-August/038774.html
https://lists.osgeo.org/pipermail/grass-dev/2015-August/075923.html
...
Markus
On 07-08-15 15:38, Markus Neteler wrote:
when using Chrome/Chromium:
http://www.qgis.org/
The site ahead contains harmful programsAttackers on www.qgis.org might attempt to trick you into installing
programs that harm your browsing experience (for example, by changing
your homepage or showing extra ads on sites you visit).likewise for other *.osgeo.org sites...
Now what?
Hi Markus,
This was reported on the qgis lists [0]
I tried to do some further digging for QGIS, and (because I have
godaddy/DNS access for qgis.org) registred:
https://www.google.com/webmasters/tools/home?hl=en
the sent you to this page:
http://www.google.com/safebrowsing/diagnostic?site=http://www.qgis.org
and only show use the msg above. There is also the possibillity to get
sample url's for the malicious pages, but for what I tried all these
lists are emtpy!
There is the possibility to do a 'malware review request' which I did
just 6 hours ago, and now I receive the message:
"Google has received and processed your malware review request.
Unfortunately, http://www.qgis.org/ appears to be still infected with
malware that can harm visitors. Google will continue to display a
warning whenever a user clicks a link to your site from our search results."
BUT again: NO url's or further info 
@markus were you able to find another osgeo-url which gave this msg?
I'm not sure what Google meant by 'infected networks', we probably all
have the same network ranges...???
But as a sidenote: Nyall also noted that dash had the same msg [1]
Anyway, if somebody has further info, please let us know.
[0] https://lists.osgeo.org/pipermail/qgis-developer/2015-August/038774.html
[1] https://dash.orfeo-toolbox.org/index.php
Regards,
Richard Duivenvoorde
On 07-08-15 15:50, Norman Vine wrote:
Markus
I do not get this warning
OSX Chrome Version 44.0.2403.130 (64-bit)Are you sure this isn't just you ?
Hi Norman,
with me (on Debian) it did not show untill I checked a checkbox in
advanced settings to 'Enable phishing and malware protection'.
Is that checked with you?
Regards,
Richard
So, in Google's Webmastertools I can see this alarm as well but they
do not indicate the page(s) which cause the mess.
Does anyone have a scanner?
Markus
On Aug 7, 2015, at 10:13 AM, Richard Duivenvoorde <richard@duif.net> wrote:
On 07-08-15 15:50, Norman Vine wrote:
Markus
I do not get this warning
OSX Chrome Version 44.0.2403.130 (64-bit)Are you sure this isn't just you ?
Hi Norman,
with me (on Debian) it did not show untill I checked a checkbox in
advanced settings to 'Enable phishing and malware protection'.
Is that checked with you?Regards,
Richard
Thanks Richard
I am seeing the warning with that checked
Norman
On 07-08-15 16:15, Markus Neteler wrote:
So, in Google's Webmastertools I can see this alarm as well but they
do not indicate the page(s) which cause the mess.Does anyone have a scanner?
Mmm, I googled some online scanners...
This one:
http://quttera.com/detailed_report/www.qgis.org
Reports 3 'malicious files':
Detected reference to malicious blacklisted domain raw.githubusercontent.com
Mmm, can that be the problem?
That google is now listing this as 'suspicious'?
We do link to some images that way:
https://raw.githubusercontent.com/qgis/QGIS/master/images/splash/splash.png
and
Regards,
Richard Duivenvoorde
On Fri, Aug 07, 2015 at 03:38:34PM +0200, Markus Neteler wrote:
Attackers on www.qgis.org might attempt to trick you into installing
programs that harm your browsing experience (for example, by changing
your homepage or showing extra ads on sites you visit).
Is this an outcome of Google's new strategy to enforce the use of SSL
encryption or do OSGeo's sites indeed contain malicious content ?
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
Markus wrote:
Attackers on www.qgis.org might attempt to trick you into installing
programs that harm your browsing experience (for example, by changing
your homepage or showing extra ads on sites you visit).
Martin Spott:> Is this an outcome of Google's new strategy to enforce the use of SSL
encryption or do OSGeo's sites indeed contain malicious content ?
I'd find that pretty hard to believe, based on the text of the error message and other collateral damage that would be happening on the wider net. Short of other information we need to take them on their word that there are links to some nasty site on a wiki or else where. Frustrating they don't give you a clue what it is!
Likewise if links to github users' content was really triggering the warning surely the internet would be alight. Unless that's a typo-squat.
I guess we could try removing those links and see what happens.
Is the qgis wiki hosted within the same domain?
Any other scanning option?
regards,
Hamish
(ps- Hi everyone 
On 07-08-15 16:28, Richard Duivenvoorde wrote:
On 07-08-15 16:15, Markus Neteler wrote:
So, in Google's Webmastertools I can see this alarm as well but they
do not indicate the page(s) which cause the mess.Does anyone have a scanner?
Mmm, I googled some online scanners...
This one:
http://quttera.com/detailed_report/www.qgis.org
Reports 3 'malicious files':
Detected reference to malicious blacklisted domain raw.githubusercontent.com
Mmm, can that be the problem?
That google is now listing this as 'suspicious'?
We do link to some images that way:
https://raw.githubusercontent.com/qgis/QGIS/master/images/splash/splash.png
and
Ok, fully removed qgis website yesterday, and clean rebuild it after
removing references to raw.githusercontent.com...
Asked for a review..
This morning:
www.qgis.org should be ok now (but "As a result, we're removing the
malware warning from your site. This may take some time to happen".
www.qgis.org/pyqgis-cookbook 'still infected' (again NO hints, do
not know where to look for...)
Thanks Google... NOT
Richard
Hi,
I have cleared the CMS cache and reinstructed the Google bot to fetch
the pages again.
Seems most of the subdomain 140.211.15.* is blacklisted?
The urlquery.net scan site does (no longer?) report any issue with
grass.osgeo.org:
http://urlquery.net/report.php?id=1439023968946
Sigh... hoping the best.
Markus
Mmm, I googled some online scanners...
This one:
http://quttera.com/detailed_report/www.qgis.org
Reports 3 'malicious files':
Detected reference to malicious blacklisted domain
raw.githubusercontent.com
Mmm, can that be the problem?
Richard Duivenvoorde wrote:> Ok, fully removed qgis website yesterday, and clean rebuild it after
removing references to raw.githusercontent.com...
Asked for a review..This morning:
www.qgis.org should be ok now (but "As a result, we're removing the
malware warning from your site. This may take some time to happen".www.qgis.org/pyqgis-cookbook 'still infected'
not know where to look for...)
Hi,
Looking at the pyqgis-cookbook site it's pretty simple, the only vectors I can think of are the CMS/server hacked and javascript malware inserted; seems doubtful and something the other scanners would find, but who knows. links to external graphics (github user content) which somehow got infected/replaced with a malformed image designed to exploit something in libpng etc.; isn't an exact match for the Google error message, but who knows.
And then we have the 3 pdfs here:
http://docs.qgis.org/testing/pdf/en/
The original diag msg complained about 3 files, I seem to be updating adobe software about once every week to patch newly found exploits, maybe the software that built them went bad or now triggers a false positives in Google's tests?
A long shot, but it's a theory to test, which is better than sitting around waiting.
regards,
Hamish
On 09-08-15 03:22, Hamish wrote:
Looking at the pyqgis-cookbook site it's pretty simple, the only vectors I can think of are the CMS/server hacked and javascript malware inserted; seems doubtful and something the other scanners would find, but who knows. links to external graphics (github user content) which somehow got infected/replaced with a malformed image designed to exploit something in libpng etc.; isn't an exact match for the Google error message, but who knows.
And then we have the 3 pdfs here:
http://docs.qgis.org/testing/pdf/en/The original diag msg complained about 3 files, I seem to be updating adobe software about once every week to patch newly found exploits, maybe the software that built them went bad or now triggers a false positives in Google's tests?
A long shot, but it's a theory to test, which is better than sitting around waiting.
Hi Hamish,
not waiting, but muddling along, and feel like Google is playing as the
greek gods: punishing; but leaving us mortals to question what we are
punished for
I've posted a Questing in Google's Webmaster Central Help (as pointed
out by Google in one of it's review answers):
People also hint stuff there, and I can come up myself with a lot of
other vectors too (we have downloadable exe's which were in history
triggered falsely by virus scanners etc etc).
One of the posters tell me to use http://aw-snap.info/file-viewer/
And that one is complaining about some weird redirects we do and some
javascript injecting non displayed divs. And I can fix that maybe, but
without any clues this is all taking time for nothing...
To me it looks weird that www.qgis.org is evil, and qgis.org is ok ???
It's good though, that people have a choice which browser to use
Regards,
Richard
ps I'm going to send an email to a google plugin builder (Google Maps
Engine Connector ), hopefully he has some warm connections...
Other tips appreciated...
Hi,
does Google want to kill our projects?
http://www.qgis.org/
http://grass.osgeo.org/
.. still blacklisted.
No indication of why and what. No other scanner reports any issue.
??
Markus
Someone else may have thought of this already, but maybe it's worth trying to use the access log to narrow down what they're running into? Presumably, they try to snag the same files when they've been asked about delisting.
--- Harrison
Markus Neteler wrote:
Hi,
does Google want to kill our projects?
http://www.qgis.org/
http://grass.osgeo.org/.. still blacklisted.
No indication of why and what. No other scanner reports any issue.??
Markus
_______________________________________________
Sac mailing list
Sac@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/sac
On Mon, Aug 10, 2015 at 2:12 PM, Harrison Grundy
<harrison.grundy@astrodoggroup.com> wrote:
Someone else may have thought of this already, but maybe it's worth trying
to use the access log to narrow down what they're running into? Presumably,
they try to snag the same files when they've been asked about delisting.
I checked for grass.osgeo.org and they just scanned the entire site
once again (many thousand page/file requests).
No trace of what they dislike ...
Markus
Markus Neteler wrote:
On Mon, Aug 10, 2015 at 2:12 PM, Harrison Grundy
<harrison.grundy@astrodoggroup.com> wrote:Someone else may have thought of this already, but maybe it's worth trying
to use the access log to narrow down what they're running into? Presumably,
they try to snag the same files when they've been asked about delisting.I checked for grass.osgeo.org and they just scanned the entire site
once again (many thousand page/file requests).
No trace of what they dislike ...
Well that's just obnoxious. I'll try reaching out to the Google contact for some FreeBSD stuff and see if he's got any ideas. If nothing else, he might know who to e-mail.
--- Harrison
Hi,
I just tested from two computers here and both grass.osgeo.org and www.qgis.org load as normal again.
Fixed?
Hamish
