Labnotes

A blog by Assaf Arkin (about/contact), a geek with a love for bikes and short espresso.

• Bytesized
• Archive
• 

… and remember to always use the right tool for the job

1. Apr 13th, 2008

   Google/Firefox, please go easy on the trigger

   

   Anyone seen this before?

   It popped up when I followed a link from a comment left on this blog. Firefox would not let me see the site, not even view source.  I have to say, it’s a great way to protect users from potential phishing, scamming and malware.

   Not this nosy blogger, though. Something didn’t sit right, so I used wget and peeked at the source.  Seems benign to me.  The post references my talk about read consistency databases, CouchDB and Google AppEngine.  Doesn’t look like the dumb stuff you find on spam/scam blogs (and I get a lot of these trackbacks).

   Firefox suggest the site is marked as malware by Google.  Indeed, a search on the author name returned 95 links to that blog, all of which are marked with:

   This site may harm your computer.

   A LinkedIn search finds the author is a Senior Programmer at IBM.  So I opened the blog in Safari and started reading.  JSON this, Atom that, OpenID, Java, comments and good technical discussion all around.  Actually a good blog all around, nothing malicious.

   I don’t know what tripped the Google Homeland Security system, but I see no evidence of foul play, just a false positive.

   I contacted the author, let’s see what comes out of this.

   Update: Turns out this is a known problem:

   Currently, many sites that are the subject of Google’s warnings have been the victims of a malicious hacking attack, in which code linking directly to badware through exploits was inserted onto an otherwise innocent, but poorly secured, website. In other cases, a website with no intention to distribute badware hosts content (such as ads or hit counters) provided by a third party, and can inadvertently distribute badware through that content. If you are confused about why your site has a Google warning, then there are strong odds that your site has experienced one of the above situations.

   At the very least they do attempt to made contact:

   Google makes a good faith effort to contact the owners and administrators of sites with Google search warnings. Google sends emails to potential site owner addresses such as webmaster@domain.com Google also notifies site owners with Webmaster Tools accounts.

   Update 2: This is getting better. AutoWorld is now blocked for the very same reason (I’m researching my next car).

   Posted by Assaf Filed in general

   1. Apr 14th, 2008

      Christian

      Seems Googles spam protection is starting to cause problems several places. We recently had our company blog kuttisme.no (which mainly deals in online marketing and responsible search engine visibility/”optimization”) banned from Google for 30 days more than a month after our Wordpress installation was hacked (and fixed the same day).

      This all serves to remind us that having a market dominated by one single big player is rarely a good idea :)

   2. Apr 14th, 2008

      sosiouxme

      could’ve been hacked in the past and was passing out malware. could be this is a copy of someone else’s site and not as benign as it looks. hard to say… trust (or lack thereof) is difficult to establish in an automated fashion.

   3. Apr 14th, 2008

      Blocked by Google at robubu

      [...] folks have told me recently that Google is identifying my site as evil. I assure you it isn’t, however I know why google [...]

   4. Apr 14th, 2008

      Assaf

      See update above. Apparently while they won’t tell you why you’ve been blacklisted, at least they’ll attempt to tell you about it.

      The hacks are, unfortunately, quite common. Happened to me once (spam, though, not malware) and other people I know.

   5. Apr 14th, 2008

      Chris Adams

      I think this is going to become routine - stuff like the WordPress exploits going on right now are distributed and approached a lot more professionally than they used to be. One thing we need is some sort of trusted communication so someone like Google could notify known-responsible ISPs about the problem and the ISP could trigger an immediate relist when the problem has been fixed rather than waiting for the site’s [often non-technical] owner to figure out how to contact each search engine and request a review. This would also provide a nice incentive for ISPs to be more responsible than is currently the case.

   6. Apr 16th, 2008

      Labnotes » Rounded Corners - 201 (I can has Shawarma?)

      [...] Putting the squeeze on malware is a good idea, I like it.  But this one is going form 0-60 in no seconds. Is anyone on the Firefox team reading this?  Please start small, give site owners time to adjust, and us users something to access in the meanwhile.  I don’t like it when Firefox goes dark. [...]

   7. Apr 23rd, 2008

      http://mylid.net/webdesign

      Such an attempt to contact is only formal. You say: “Google sends emails to potential site owner addresses such as webmaster@domain.com Google also notifies site owners with Webmaster Tools accounts”.
      The real site contacts are often not at these termination points, and they should not be.
      As you know a common way of contacting a webmaster is via whois. Google could do a whois on the domain and e-mail the Admin contact. Google could also do a whois on the site IP address and thus contact the hosting company.

   8. Jun 3rd, 2008

      Justin Briggs

      I agree Google needs to work on their communication methods, but its a difficult process. Stuff like this has happened multiple times and Google tries to contact the webmaster. If you don’t have a domain email or webmaster tools, than you’re really out of luck.

   Your comment, here ⇓

   Your name

   Email (will not be published)

   Your blog (do not link to a company, a product, or anything SEO-related)

   Or using OpenID

   Your OpenID URL