mirko
Posts: 131
Joined: Thu Apr 19, 2012 6:26 pm
Delivery Date: 22 Apr 2012
Leaf Number: 18088
Location: Jupiter, FL

malicious software on this site

Tue Jan 15, 2013 11:02 am

Google Chrome is now warning me that there is malicious software on this site. below is the diagnostics from Chrome.

Safe Browsing

Diagnostic page for http://www.mynissanleaf.com" onclick="window.open(this.href);return false;

What is the current listing status for http://www.mynissanleaf.com" onclick="window.open(this.href);return false;?

This site is not currently listed as suspicious.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 14 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-01-15, and the last time suspicious content was found on this site was on 2013-01-15.

Malicious software includes 2 exploit(s).

Malicious software is hosted on 1 domain(s), including adsbyisocket.com/.

This site was hosted on 2 network(s) including AS31815 (MEDIATEMPLE), AS15169 (Google Internet Backbone).
-=mirko=-
2012 Nissan LEAF SL Glacier Pearl

EdmondLeaf
Posts: 1500
Joined: Tue Jan 18, 2011 2:18 pm
Location: Edmond, OK

Re: malicious software on this site

Tue Jan 15, 2013 11:04 am

it was, not anymore

User avatar
TomT
Posts: 10642
Joined: Sun Aug 08, 2010 12:09 pm
Delivery Date: 01 Mar 2011
Leaf Number: 000360
Location: California, now Georgia
Contact: Website

Re: malicious software on this site

Tue Jan 15, 2013 11:06 am

I'm still getting the warning from Firefox...
mirko wrote:Google Chrome is now warning me that there is malicious software on this site. below is the diagnostics from Chrome.
Leaf SL 2011 to 2016, Volt Premier 2016 to 2019, and now:
2019 Model 3; LR, RWD, FSD, 19" Sport Wheels, silver/black; built 3/17/19, delivered 3/29/19.

Volusiano
Posts: 1461
Joined: Thu Feb 24, 2011 2:41 pm
Delivery Date: 03 Jun 2011
Location: Phoenix, AZ

Re: malicious software on this site

Tue Jan 15, 2013 11:11 am

Me too. Below is the details from Google/Firefox combined report.

Safe Browsing
Diagnostic page for mynissanleaf.com

What is the current listing status for mynissanleaf.com?

Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 14 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-01-15, and the last time suspicious content was found on this site was on 2013-01-15.

Malicious software includes 2 exploit(s).

Malicious software is hosted on 1 domain(s), including adsbyisocket.com/.

This site was hosted on 2 network(s) including AS31815 (MEDIATEMPLE), AS15169 (Google Internet Backbone).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, mynissanleaf.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

Return to the previous page.
If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.

User avatar
DaveEV
Forum Supporter
Posts: 6236
Joined: Fri Apr 23, 2010 3:51 pm
Location: San Diego

Re: malicious software on this site

Tue Jan 15, 2013 11:16 am

Google/Chrome are both currently reporting it as potentially malicious, because the site includes javascript from the adsbysocket.com domain.

Firefox appears to use stopbadware.org as their source of information, who in turn gets their data from Google.

It does not appear that MNL is alone in being affected by this:

http://thenextweb.com/google/2013/01/15 ... ac-others/" onclick="window.open(this.href);return false;

It can't hurt to blacklist adsbysocket.com in your browser.

User avatar
vrwl
Forum Supporter
Posts: 846
Joined: Tue May 15, 2012 2:16 pm
Delivery Date: 26 Jun 2012
Leaf Number: 8597
Location: Northeastern PA/Poconos

Re: malicious software on this site

Tue Jan 15, 2013 11:18 am

Yes, I'm getting the site blocked by both Firefox and Chrome too.
Vicki
2011 Silver SL-Mfg 8/11-Purch 6/12
34000 miles

User avatar
wxxyz
Posts: 451
Joined: Mon Aug 03, 2009 10:08 pm

Re: malicious software on this site

Tue Jan 15, 2013 11:42 am

Thanks for the notice guys - I got an email from a user about an hour ago and contacted iSocket Ads. As posted above, Google is removing the warning, it can take a little bit.

Mike

User avatar
JimSouCal
Posts: 860
Joined: Tue Feb 08, 2011 12:54 pm

Re: malicious software on this site

Tue Jan 15, 2013 11:47 am

Any explanation as to what the mechanics are that trigger such a warning? I read the articles associated and the explanation was circular... Just curious...

Smidge204
Posts: 940
Joined: Wed Nov 24, 2010 1:42 pm

Re: malicious software on this site

Tue Jan 15, 2013 11:59 am

JimSouCal wrote:Any explanation as to what the mechanics are that trigger such a warning? I read the articles associated and the explanation was circular... Just curious...
Google crawls the internet periodically to keep their search indexes up to date. They also detect if any malware is downloaded from the pages they check, and if they do catch something suspicious they flag the site. Third party groups then use Google's database of suspicious sites to block access automatically.

I've had this happen to me before, so what I'd like to recommend is that whomever has FTP access to the files for the site check them over carefully... especially PHP and JS files, or anything else containing server or client executable code. In my particular case, every single PHP file on the server had a snippet of code inserted. Uploading fresh copies is the best way to clean this up.

If you're lucky, it's only a third party ad-serving site that was compromised and you can just take those ads out of rotation to fix it. But check everything just to be sure!
=Smidge=

garsh
Posts: 1173
Joined: Sat Feb 12, 2011 5:27 am
Delivery Date: 05 Apr 2012
Location: Pittsburgh PA

Re: malicious software on this site

Tue Jan 15, 2013 12:31 pm

Smidge204 wrote:I've had this happen to me before, so what I'd like to recommend is that whomever has FTP access to the files for the site check them over carefully...
The Google site report states that the malicious code is coming from adsbyisocket.com. Google did not detect infected files actually hosted on this website.
2012 Black SV, bought 2012-04-04, sold 2019-05-10. 7 bars, 101,850 miles.
Current rides: 2018 Tesla Model 3 Performance, 2018 Chevrolet Volt LT

Return to “Website/Forum Discussions”