1. Google/Firefox, please go easy on the trigger

    April 13th, 2008

    Anyone seen this before?

    It popped up when I followed a link from a comment left on this blog. Firefox would not let me see the site, not even view source.  I have to say, it’s a great way to protect users from potential phishing, scamming and malware.

    Not this nosy blogger, though. Something didn’t sit right, so I used wget and peeked at the source.  Seems benign to me.  The post references my talk about read consistency databases, CouchDB and Google AppEngine.  Doesn’t look like the dumb stuff you find on spam/scam blogs (and I get a lot of these trackbacks).

    Firefox suggest the site is marked as malware by Google.  Indeed, a search on the author name returned 95 links to that blog, all of which are marked with:

    This site may harm your computer.

    A LinkedIn search finds the author is a Senior Programmer at IBM.  So I opened the blog in Safari and started reading.  JSON this, Atom that, OpenID, Java, comments and good technical discussion all around.  Actually a good blog all around, nothing malicious.

    I don’t know what tripped the Google Homeland Security system, but I see no evidence of foul play, just a false positive.

    I contacted the author, let’s see what comes out of this.

    Update: Turns out this is a known problem:

    Currently, many sites that are the subject of Google’s warnings have been the victims of a malicious hacking attack, in which code linking directly to badware through exploits was inserted onto an otherwise innocent, but poorly secured, website. In other cases, a website with no intention to distribute badware hosts content (such as ads or hit counters) provided by a third party, and can inadvertently distribute badware through that content. If you are confused about why your site has a Google warning, then there are strong odds that your site has experienced one of the above situations.

    At the very least they do attempt to made contact:

    Google makes a good faith effort to contact the owners and administrators of sites with Google search warnings. Google sends emails to potential site owner addresses such as webmaster@domain.com Google also notifies site owners with Webmaster Tools accounts.

    Update 2: This is getting better. AutoWorld is now blocked for the very same reason (I’m researching my next car).

    Posted by Assaf Filed in general

    1. Christian

      April 14th, 2008 at 12:23 am

      Seems Googles spam protection is starting to cause problems several places. We recently had our company blog kuttisme.no (which mainly deals in online marketing and responsible search engine visibility/”optimization”) banned from Google for 30 days more than a month after our Wordpress installation was hacked (and fixed the same day).

      This all serves to remind us that having a market dominated by one single big player is rarely a good idea :)

    2. sosiouxme

      April 14th, 2008 at 6:31 am

      could’ve been hacked in the past and was passing out malware. could be this is a copy of someone else’s site and not as benign as it looks. hard to say… trust (or lack thereof) is difficult to establish in an automated fashion.

    3. Blocked by Google at robubu

      April 14th, 2008 at 10:27 am

      [...] folks have told me recently that Google is identifying my site as evil. I assure you it isn’t, however I know why google [...]

    4. Assaf

      April 14th, 2008 at 10:44 am

      See update above. Apparently while they won’t tell you why you’ve been blacklisted, at least they’ll attempt to tell you about it.

      The hacks are, unfortunately, quite common. Happened to me once (spam, though, not malware) and other people I know.

    5. Chris Adams

      April 14th, 2008 at 12:25 pm

      I think this is going to become routine - stuff like the WordPress exploits going on right now are distributed and approached a lot more professionally than they used to be. One thing we need is some sort of trusted communication so someone like Google could notify known-responsible ISPs about the problem and the ISP could trigger an immediate relist when the problem has been fixed rather than waiting for the site’s [often non-technical] owner to figure out how to contact each search engine and request a review. This would also provide a nice incentive for ISPs to be more responsible than is currently the case.

    6. Labnotes » Rounded Corners - 201 (I can has Shawarma?)

      April 16th, 2008 at 11:45 pm

      [...] Putting the squeeze on malware is a good idea, I like it.  But this one is going form 0-60 in no seconds. Is anyone on the Firefox team reading this?  Please start small, give site owners time to adjust, and us users something to access in the meanwhile.  I don’t like it when Firefox goes dark. [...]

    7. http://mylid.net/webdesign

      April 23rd, 2008 at 3:53 am

      Such an attempt to contact is only formal. You say: “Google sends emails to potential site owner addresses such as webmaster@domain.com Google also notifies site owners with Webmaster Tools accounts”.
      The real site contacts are often not at these termination points, and they should not be.
      As you know a common way of contacting a webmaster is via whois. Google could do a whois on the domain and e-mail the Admin contact. Google could also do a whois on the site IP address and thus contact the hosting company.

    Leave a Reply | Trackback | Track with co.mments

    Where's my comment? I get too much comment spam, so I have to moderate comments. Damn those spammers. If you don't see your comment immediately, be patient. I'll approve it the minute I see it. Want to know when your comment shows up, or check if anyone responded? Track it.

    Or using OpenID