FAQ
I have only this email to contact, but when I opened today php.net in
Google Chrome I've got next message "The Website Ahead Contains Malware".

Link for details:
http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fphp.net%2F&client=googlechrome&hl=en-US

--
Regards,
Konstantin

Search Discussions

  • Kris Craig at Oct 24, 2013 at 8:15 am
    I just checked and I'm getting this, too. Both Chrome and Firefox are
    blocking it. I decided not to try it in IE lol.

    Has the site been hacked?

    --Kris


    On Thu, Oct 24, 2013 at 1:04 AM, Konstantin Leboev wrote:

    I have only this email to contact, but when I opened today php.net in
    Google Chrome I've got next message "The Website Ahead Contains Malware".

    Link for details:

    http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fphp.net%2F&client=googlechrome&hl=en-US

    --
    Regards,
    Konstantin
  • Kris Craig at Oct 24, 2013 at 8:18 am
    Here are some screenshots I took.

    --Kris


    On Thu, Oct 24, 2013 at 1:15 AM, Kris Craig wrote:

    I just checked and I'm getting this, too. Both Chrome and Firefox are
    blocking it. I decided not to try it in IE lol.

    Has the site been hacked?

    --Kris



    On Thu, Oct 24, 2013 at 1:04 AM, Konstantin Leboev <
    konstantin.leboev@gmail.com> wrote:
    I have only this email to contact, but when I opened today php.net in
    Google Chrome I've got next message "The Website Ahead Contains Malware".

    Link for details:

    http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fphp.net%2F&client=googlechrome&hl=en-US

    --
    Regards,
    Konstantin
  • Kris Craig at Oct 24, 2013 at 8:19 am
    ....Aaaand I forgot to include the link. Nice one, Kris.

    Ok, HERE are the screenshots I took: http://imgur.com/a/ZgWW0

    --Kris

    On Thu, Oct 24, 2013 at 1:18 AM, Kris Craig wrote:

    Here are some screenshots I took.

    --Kris


    On Thu, Oct 24, 2013 at 1:15 AM, Kris Craig wrote:

    I just checked and I'm getting this, too. Both Chrome and Firefox are
    blocking it. I decided not to try it in IE lol.

    Has the site been hacked?

    --Kris



    On Thu, Oct 24, 2013 at 1:04 AM, Konstantin Leboev <
    konstantin.leboev@gmail.com> wrote:
    I have only this email to contact, but when I opened today php.net in
    Google Chrome I've got next message "The Website Ahead Contains Malware".

    Link for details:

    http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fphp.net%2F&client=googlechrome&hl=en-US

    --
    Regards,
    Konstantin
  • Martin Jansen at Oct 24, 2013 at 8:24 am

    On 24.10.13 10:19, Kris Craig wrote:
    ....Aaaand I forgot to include the link. Nice one, Kris.

    Ok, HERE are the screenshots I took: http://imgur.com/a/ZgWW0
    People are already working on getting the site removed from the
    blacklist. Please abandon this thread now.

    - Martin
  • Kris Craig at Oct 24, 2013 at 8:24 am
    Looks like Hannes is already on top of it. Here's the link in case you'd
    like to follow it:

    http://productforums.google.com/forum/#!topic/webmasters/puLmvjtK0m8

    --Kris


    On Thu, Oct 24, 2013 at 1:19 AM, Kris Craig wrote:

    ....Aaaand I forgot to include the link. Nice one, Kris.

    Ok, HERE are the screenshots I took: http://imgur.com/a/ZgWW0

    --Kris

    On Thu, Oct 24, 2013 at 1:18 AM, Kris Craig wrote:

    Here are some screenshots I took.

    --Kris


    On Thu, Oct 24, 2013 at 1:15 AM, Kris Craig wrote:

    I just checked and I'm getting this, too. Both Chrome and Firefox are
    blocking it. I decided not to try it in IE lol.

    Has the site been hacked?

    --Kris



    On Thu, Oct 24, 2013 at 1:04 AM, Konstantin Leboev <
    konstantin.leboev@gmail.com> wrote:
    I have only this email to contact, but when I opened today php.net in
    Google Chrome I've got next message "The Website Ahead Contains
    Malware".

    Link for details:

    http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fphp.net%2F&client=googlechrome&hl=en-US

    --
    Regards,
    Konstantin
  • Lester Caine at Oct 24, 2013 at 8:30 am

    Kris Craig wrote:
    Here are some screenshots I took.
    Don't need the screen shots Kris

    The problem is that google has found some suspicious pages ON the site linking
    to malware. MY complaint is that they do not list which page of 1513 they have
    tested has the problem, and it would make a lot more sense for thejm to deal
    with such an important site much better !

    We need find out now where cobbcountybankruptcylawyer<diot>com is on the website ...
    along with stephaniemari<dot>com and northgadui<dot>com and remove them ...

    --
    Lester Caine - G8HFL
    -----------------------------
    Contact - http://lsces.co.uk/wiki/?page=contact
    L.S.Caine Electronic Services - http://lsces.co.uk
    EnquirySolve - http://enquirysolve.com/
    Model Engineers Digital Workshop - http://medw.co.uk
    Rainbow Digital Media - http://rainbowdigitalmedia.co.uk
  • Hannes Magnusson at Oct 24, 2013 at 8:24 am

    On Thu, Oct 24, 2013 at 1:04 AM, Konstantin Leboev wrote:
    I have only this email to contact, but when I opened today php.net in
    Google Chrome I've got next message "The Website Ahead Contains Malware".
    All we can do is "Request a Review", which we have done. If anyone
    knows any of the reviewers and wants to bribe them.. Please do so.

    -Hannes
  • Thomas Hruska at Oct 24, 2013 at 11:16 am

    On 10/24/2013 1:04 AM, Konstantin Leboev wrote:
    I have only this email to contact, but when I opened today php.net in
    Google Chrome I've got next message "The Website Ahead Contains Malware".

    Link for details:
    http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fphp.net%2F&client=googlechrome&hl=en-US
    I've had experience with dealing with cleanup for this. It can take
    upwards of 48 hours for the site to be removed globally after the issue
    has been fixed.

    How you get onto the list in the first place is via Firefox's "Report
    Web Forgery..." option under the "Help" menu (Chrome might have a
    similar feature). Some idiot on the Internet chose to use that to
    report an issue on the PHP website instead of locating a contact. The
    issues go into a central clearinghouse for malware sites that, upon
    confirmation of the issue, immediately blocks access to the entire
    website, negatively affects Google search results, and offers limited
    options to website operators. Website operators are not warned or
    notified in advance of being blacklisted because the clearinghouse
    system apparently can't be bothered to look up WHOIS records for a
    domain and send a couple of e-mails. The clearinghouse website is also
    vague and difficult to navigate for the website operator who wants to be
    removed from the blacklist. Therefore, when I find malware on a host, I
    attempt to seek out a contact before using that Help menu option because
    I know how difficult it is to identify the actual issue and then get
    removed from the list. Usually I find a human contact and they reply in
    a timely fashion, are grateful for the notice, and work to quickly clean
    up the issue, which is a much better solution.

    https://www.stopbadware.org/clearinghouse/search?url=http://php.net/

    Important note: Six to eight months from now the entire php.net domain
    will likely be declared to have malware again. However, at that time it
    will be from anti-virus vendors. Some of them grab outdated information
    (for some reason) from the clearinghouse database on an irregular basis
    and integrate it into their products. Getting removed from those
    requires hunting down buried contact information for each anti-virus
    product and again waiting up to 48 hours to be removed globally.

    --
    Thomas Hruska
    CubicleSoft President

    I've got great, time saving software that you might find useful.

    http://cubiclesoft.com/
  • Lester Caine at Oct 24, 2013 at 11:37 am

    Thomas Hruska wrote:
    and again waiting up to 48 hours to be removed globally.
    If it is only 48 hours ... took over two weeks to sort one of my customers sites
    that had been spammed and they had not noticed. Certainly it should now be easy
    to report problems direct to a site rather than this 'guilty until proved we got
    it wrong' approach ?

    As a slight aside, it is nice to see phishing sites being dealt with promptly
    and sensibly. I do follow the links knowing they are fraudulent, but all but one
    in the last few months has either just been killed, or has a message saying that
    there was a problem. Something that we can all help with when managing sites.

    --
    Lester Caine - G8HFL
    -----------------------------
    Contact - http://lsces.co.uk/wiki/?page=contact
    L.S.Caine Electronic Services - http://lsces.co.uk
    EnquirySolve - http://enquirysolve.com/
    Model Engineers Digital Workshop - http://medw.co.uk
    Rainbow Digital Media - http://rainbowdigitalmedia.co.uk
  • Guilhermeblanco at Oct 24, 2013 at 1:16 pm
    More info about it: https://news.ycombinator.com/item?id=6604156

    On Thu, Oct 24, 2013 at 7:40 AM, Lester Caine wrote:

    Thomas Hruska wrote:
    and again waiting up to 48 hours to be removed globally.
    If it is only 48 hours ... took over two weeks to sort one of my customers
    sites that had been spammed and they had not noticed. Certainly it should
    now be easy to report problems direct to a site rather than this 'guilty
    until proved we got it wrong' approach ?

    As a slight aside, it is nice to see phishing sites being dealt with
    promptly and sensibly. I do follow the links knowing they are fraudulent,
    but all but one in the last few months has either just been killed, or has
    a message saying that there was a problem. Something that we can all help
    with when managing sites.


    --
    Lester Caine - G8HFL
    -----------------------------
    Contact - http://lsces.co.uk/wiki/?page=**contact<http://lsces.co.uk/wiki/?page=contact>
    L.S.Caine Electronic Services - http://lsces.co.uk
    EnquirySolve - http://enquirysolve.com/
    Model Engineers Digital Workshop - http://medw.co.uk
    Rainbow Digital Media - http://rainbowdigitalmedia.co.**uk<http://rainbowdigitalmedia.co.uk>

    --
    PHP Internals - PHP Runtime Development Mailing List
    To unsubscribe, visit: http://www.php.net/unsub.php

    --
    Guilherme Blanco
    MSN: guilhermeblanco@hotmail.com
    GTalk: guilhermeblanco
    Toronto - ON/Canada
  • Paul Dragoonis at Oct 24, 2013 at 1:42 pm
    So it's saying functions.js on static is different from that of
    functions.js on the main, inserting an iframe to
    http://lnkhere.reviewhdtv.co.uk/stat.htm

    I can't test this as the functions.js on static is 404'ing for me now.

    Was there an intrusion on static manually altering the file?

    On Thu, Oct 24, 2013 at 2:15 PM, guilhermeblanco@gmail.com wrote:

    More info about it: https://news.ycombinator.com/item?id=6604156

    On Thu, Oct 24, 2013 at 7:40 AM, Lester Caine wrote:

    Thomas Hruska wrote:
    and again waiting up to 48 hours to be removed globally.
    If it is only 48 hours ... took over two weeks to sort one of my customers
    sites that had been spammed and they had not noticed. Certainly it should
    now be easy to report problems direct to a site rather than this 'guilty
    until proved we got it wrong' approach ?

    As a slight aside, it is nice to see phishing sites being dealt with
    promptly and sensibly. I do follow the links knowing they are fraudulent,
    but all but one in the last few months has either just been killed, or has
    a message saying that there was a problem. Something that we can all help
    with when managing sites.


    --
    Lester Caine - G8HFL
    -----------------------------
    Contact - http://lsces.co.uk/wiki/?page=**contact<
    http://lsces.co.uk/wiki/?page=contact>
    L.S.Caine Electronic Services - http://lsces.co.uk
    EnquirySolve - http://enquirysolve.com/
    Model Engineers Digital Workshop - http://medw.co.uk
    Rainbow Digital Media - http://rainbowdigitalmedia.co.**uk<
    http://rainbowdigitalmedia.co.uk>
    --
    PHP Internals - PHP Runtime Development Mailing List
    To unsubscribe, visit: http://www.php.net/unsub.php

    --
    Guilherme Blanco
    MSN: guilhermeblanco@hotmail.com
    GTalk: guilhermeblanco
    Toronto - ON/Canada
  • Johannes Schlüter at Oct 24, 2013 at 1:55 pm

    On Thu, 2013-10-24 at 14:42 +0100, Paul Dragoonis wrote:
    So it's saying functions.js on static is different from that of
    functions.js on the main, inserting an iframe to
    http://lnkhere.reviewhdtv.co.uk/stat.htm

    I can't test this as the functions.js on static is 404'ing for me now.

    Was there an intrusion on static manually altering the file?
    functions.js was removed
    http://git.php.net/?p=web/php.git;a=commit;h=8e87088c3f51b594dc7d7ed71115d215a7acf78b

    The site meanwhile was also taken out of Google's blacklist.

    Aside from that: We are investigating the cause for these issues, public
    announcements will follow later.

    No need for speculation here. :-)

    johannes
  • Rowan Collins at Oct 25, 2013 at 7:41 am

    Johannes Schlüter wrote (on 24/10/2013):
    Aside from that: We are investigating the cause for these issues,
    public announcements will follow later. No need for speculation here.
    :-) johannes
    In case anyone missed them, there are now two updates on
    http://www.php.net/archive/2013.php with investigations on going, and a
    Twitter account has been brought into service
    https://twitter.com/official_php
    tl;dr: Two servers were compromised; services have been migrated to
    new hardware; Git and release tarballs are OK.
    --
    Rowan Collins
    [IMSoP]
  • Ferenc Kovacs at Oct 24, 2013 at 1:56 pm

    On Thu, Oct 24, 2013 at 3:42 PM, Paul Dragoonis wrote:

    So it's saying functions.js on static is different from that of
    functions.js on the main, inserting an iframe to
    http://lnkhere.reviewhdtv.co.uk/stat.htm

    I can't test this as the functions.js on static is 404'ing for me now.
    it is 404ing because Hannes removed it hoping that it would solve the issue
    (and we don't use that piece of code for years now):
    http://git.php.net/?p=web/php.git;a=commit;h=8e87088c3f51b594dc7d7ed71115d215a7acf78b
  • Martin Keckeis at Oct 25, 2013 at 6:18 am
    2013/10/24 Ferenc Kovacs <tyra3l@gmail.com>
    On Thu, Oct 24, 2013 at 3:42 PM, Paul Dragoonis wrote:

    So it's saying functions.js on static is different from that of
    functions.js on the main, inserting an iframe to
    http://lnkhere.reviewhdtv.co.uk/stat.htm

    I can't test this as the functions.js on static is 404'ing for me now.
    it is 404ing because Hannes removed it hoping that it would solve the issue
    (and we don't use that piece of code for years now):

    http://git.php.net/?p=web/php.git;a=commit;h=8e87088c3f51b594dc7d7ed71115d215a7acf78b
    Seems to be up normal again :-)

    Thanks a lot for the fast work!

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupphp-internals @
categoriesphp
postedOct 24, '13 at 8:04a
activeOct 25, '13 at 7:41a
posts16
users12
websitephp.net

People

Translate

site design / logo © 2022 Grokbase