Google Chrome thinks TechExams has malware

IristheangelIristheangel CCIEx2 (Sec + DC), CCNP RS, CCNA V/S/R/DC, CISSP, CEH, MCSE 2003, A+/L+/N+/S+, and a lot more from mPasadena, CAMod Posts: 4,133 Mod
I've been getting this popping up on two computers today when I'm navigating through TE. Anyone else?
BS, MS, and CCIE #50931
Blog: www.network-node.com
«1

Comments

  • jmritenourjmritenour Member Posts: 565
    I'm seeing it too - Google is known to register false positives from time to time. Server compromise *is* possible, I guess, but I'd say unlikely given the background of the admins here.
    "Start by doing what is necessary, then do what is possible; suddenly, you are doing the impossible." - St. Francis of Assisi
  • SteveLordSteveLord Member Posts: 1,717
    Firefox just did the same thing for me.
    WGU B.S.IT - 9/1/2015 >>> ???
  • N2ITN2IT Inactive Imported Users Posts: 7,483 ■■■■■■■■■■
    Yeah I stopped visiting the site until they get the Malware cleaned up ;)
  • IristheangelIristheangel CCIEx2 (Sec + DC), CCNP RS, CCNA V/S/R/DC, CISSP, CEH, MCSE 2003, A+/L+/N+/S+, and a lot more from m Pasadena, CAMod Posts: 4,133 Mod
    Stop visiting?!!??? How will I get my techie fix?! *taps vein*

    :) I know it's a false positive. It's just annoying. Probably someone posted a link to a site that was flagged for malware or something else.
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • cnfuzzdcnfuzzd Member Posts: 208
    Suspicious page is suspicious:

    Safe Browsing
    Diagnostic page for techexams.net/forums

    What is the current listing status for techexams.net/forums?

    Site is listed as suspicious - visiting this web site may harm your computer.

    What happened when Google visited this site?

    Of the 13 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-06-22, and suspicious content was never found on this site within the past 90 days.

    This site was hosted on 1 network(s) including AS21844 (THEPLANET).

    Has this site acted as an intermediary resulting in further distribution of malware?

    Over the past 90 days, techexams.net/forums did not appear to function as an intermediary for the infection of any sites.

    Has this site hosted malware?

    No, this site has not hosted malicious software over the past 90 days.

    How did this happen?

    In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

    Next steps:

    Return to the previous page.
    If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center
    __________________________________________

    Work In Progress: BSCI, Sharepoint
  • IristheangelIristheangel CCIEx2 (Sec + DC), CCNP RS, CCNA V/S/R/DC, CISSP, CEH, MCSE 2003, A+/L+/N+/S+, and a lot more from m Pasadena, CAMod Posts: 4,133 Mod
    Yep. I read that before I posted. It was probably just something linked on the page in one of the posts. Sometimes even posting a link to a site that is confirmed to have malware on it will set off these warnings.
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • martell1000martell1000 Member Posts: 389
    +1 on getting the warning

    i was just clicking on tech exams and left my desk to get some lunch and as i returned i saw this nice fat warning .. icon_cheers.gif


    was like "wtf"
    And then, I started a blog ...
  • BradleyHUBradleyHU Member Posts: 918 ■■■■□□□□□□
    yeah FF is flaggin this too...
    Link Me
    Graduate of the REAL HU & #1 HBCU...HAMPTON UNIVERSITY!!! #shoutout to c/o 2004
    WIP: 70-410(TBD) | ITIL v3 Foundation(TBD)
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,917 Mod
    Sorry, it's me spreading infections icon_smile.gif
  • HypntickHypntick Member Posts: 1,451 ■■■■■■□□□□
    Might wanna get that checked out, they have creams and stuff...
    WGU BS:IT Completed June 30th 2012.
    WGU MS:ISA Completed October 30th 2013.
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,917 Mod
    Sadly enough you are not the first one to mention it. I think it's time to go check WebMD. HAHAHA!!
  • tpatt100tpatt100 Member Posts: 2,991 ■■■■■■■■■□
    noticed it this morning also.
  • N2ITN2IT Inactive Imported Users Posts: 7,483 ■■■■■■■■■■
    tpatt did you reimage your machine?

    icon_lol.gif
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    Currently investigating this. Will probably have to close the boards in a bit.
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    Ok, opened up the boards again. I will post a more extensive reply/explanation later - just need a 15 min break from looking at my screen. In short: the vulnerability has been "closed", and no passwords/data has been compromised. Also the malicious links some pages pointed to were pointing to a server that was already suspended due to abuse reports so besides the warning messages no actual info or data has been sent or downloaded to clients.

    -Johan
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,917 Mod
    Glad to hear. I had to do some actual work today since the board was down for so long icon_sad.gif
  • IristheangelIristheangel CCIEx2 (Sec + DC), CCNP RS, CCNA V/S/R/DC, CISSP, CEH, MCSE 2003, A+/L+/N+/S+, and a lot more from m Pasadena, CAMod Posts: 4,133 Mod
    Nice work, Johan!
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • TackleTackle Member Posts: 534
    cyberguypr wrote: »
    Glad to hear. I had to do some actual work today since the board was down for so long icon_sad.gif

    icon_thumright.gif Same here.
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    To add: Google will still, unfortunately, mark TE as unsafe (AVG etc shouldn't). They are currently processing my request to remove that warning (not something that happens as automatically). Not working out so far because they loaded a copy from our CDN... Purged and disabled the relevant portion of the CDN, so should be good soon, you may have to do a hard refresh.
  • bigdogzbigdogz Member Posts: 876 ■■■■■■■■□□
    I was receiving the warning as well. Thanks for fixing it.
  • boredgameladboredgamelad Member Posts: 365 ■■■■□□□□□□
    cyberguypr wrote: »
    I had to do some actual work today since the board was down for so long

    Me too, it was awful. Glad to see everything's back up.
  • hiddenknight821hiddenknight821 Member Posts: 1,209 ■■■■■■□□□□
    Even Firefox just flagged the same thing. I went back to the previous webpage, and I got the warn message.
  • RoguetadhgRoguetadhg CompTIA A+, Network+. Member Posts: 2,489 ■■■■■■■■□□
    I like that this happened here, on these boards.

    It's like swatting a hornets nest of tech geeks.
    In order to succeed, your desire for success should be greater than your fear of failure.
    TE Threads: How to study for the CCENT/CCNA, Introduction to Cisco Exams

  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 12,258 Admin
    And Now A Public Service Message:

    TechExams.net has been happy to have enabled it's members to test the Malware site detection feature in their browsers. If your browser didn't indicate the possibility of Malware when visiting TE, you should consider updating your Web browser software. ;)
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    @JD: You still manage to make me icon_lol.gif on a day like this.

    OK, the longer reply:

    It turns out we had a new vulnerability in a piece of hosting software, which today was somewhat successfully abused by spam sympathizers. "Somewhat" because the target urls/links that were included maliciously in some pages pointed to a server that was already suspended due to abuse reports (hence weren't actually included/loaded). The reason I closed the boards for 6 hours is primarily because I wanted to go over everything to make sure I knew the extend, and make sure it's clean. As I mentioned in a previous reply I'm confident the vulnerability has been fixed (else the boards would still be closed obviously). It looks like Google will still give a warning for a while... as I mentioned above they manually need to review it first.

    Again no passwords or data has been compromised, and also unlike LinkedIn I won't promise "better security". Simply cause compared to most forums we already go an extra costly mile. We are on a hardened server dedicated for TE with our host performing very frequent audits and updates plus I keep a close eye on the server most of the day myself as well. All because we do get attacked all day every day. It obviously doesn't make us 100% secure but the security measures we do use have allowed TE to maintain better than 99.9% up-time over the past years and we'll try to keep it that way.

    I do sincerely apologize for the inconvenience.

    -Johan
  • Brain_PowerBrain_Power Users Awaiting Email Confirmation Posts: 163
    Warning techexams.net is an attack site!
  • chrisonechrisone Senior Member Member Posts: 2,217 ■■■■■■■■■□
    Yikes! i guess ignore is the best feature here?
    Certs: CISSP, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2021 Goals
    Courses: eLearnSecurity - PTXv2 (complete), SANS 699: Purple Team Tactics (completed), PentesterLabs Pro (ongoing)
    EnCase Courses: DF120 (in progress), DF210, DF310
    Certs: AZ-500, SC-200 (fail 1st attempt), EnCE, Splunk Core Power User (obtained), Splunk Enterprise Sys Admin
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    Warning techexams.net is an attack site!

    Read the previous replies please.

    I just read at Google it may actually take up to a day before Google removes that warning. There is and was no malware on TE. An attempt by attackers to spread it through TE succeeded far enough to tick off malware scanners and Google.

    Don't take my word for it though, install a malware scanner if you haven't, or check any URL at TechExams.net through:

    AVG Threat Labs | Safety Ratings | Web Site Reports

    Another one: sitecheck.sucuri.net/results/www.techexams.net/forums
  • CodeBloxCodeBlox Member Posts: 1,363 ■■■■□□□□□□
    It's not just Chrome:

    Currently reading: Network Warrior, Unix Network Programming by Richard Stevens
  • DevilWAHDevilWAH Member Posts: 2,997 ■■■■■■■■□□
    Cheers for the update and explanation, plus all the work you do keeping the site going. Great to see service as normal has resumed ;)
    • If you can't explain it simply, you don't understand it well enough. Albert Einstein
    • An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Sign In or Register to comment.