Almost ten days ago I wrote briefly about how this site got haxx0red and had been unintentionally serving a hijacking script, and how you would probably have trouble even visiting if you were using FF3. As it turns out, if you attempted to visit any of the pages here through Google, you also got a warning about this being a potential attack site. This was pretty fucking annoying, truth be told. Irony of ironies, I used Google’s very own Analytics service to watch how traffic was directed away from my site day by day as a result of scary warnings from Google and Firefox 3.
Quite honestly, I assumed that the road to reconciling this problem with stopbadware.org (the people who you need to go through to get taken off the “attack site” list for both FF and Google – oh, and possibly some antivirus/antispyware apps as well) would be a long and possibly ultimately futile one.
This suspicion was fueled by the results of the first review I asked stopbadware.org to perform on my site after I had cleaned the hijacking script off it: They said their review showed my site to be clean and that they had asked Google to perform their own review. Google’s review came up with the result that my site was still infected, but this was highly suspect in my eyes because the directories they claimed to find infections in no longer existed – I’d deleted them in my initial cleanup of the site! Was Google searching a cached version of my site? Was it a version Google itself had cached? Madness. I explained as much to stopbadware.org when I requested a second review of my site…
I checked on the status of my site last night and saw that “Google has removed the warning for this site.” I checked in Google search results and in Firefox 3 this afternoon and it seems that my site is being treated as normal again. Overall, I’m very happy with how things turned out and found the review process for stopbadware.org to be reasonably expedient considering the number of requests for review they must receive.
I must admit, however, that I don’t agree with the way FF3 or Google is handling sites that got hacked like mine did. It seems way too much of a “nanny state” mentality to me, especially since the same functionality is already built into many antivirus/antispyware/antiadware apps. I’m not saying that I want people to get infected with malware; I’m saying that I don’t think it’s the role of search engines or web browsers to protect people from it.
////////////////////////////////////////////
thx, gen.
J,
Subscribe to this new, free, service called SERPguard. It scans Google to see if the Big G or any of the blacklists contain your site…then it sends you a mail:
http://serpguard.com/
Great tip, that’s exactly what I needed. Registered, claimed my site, and came up with a clean lookup. Thanks.
I’m glad to hear this is all cleared up. I’m sorry you had to go through this.
“It seems way too much of a ‘nanny state’ mentality to me, especially since the same functionality is already built into many antivirus/antispyware/antiadware apps.”
Let me politely disagree with you here for a few reasons, and I’m speaking here not as an official spokesperson from Mozilla but just as a friend.
Regarding the ‘nanny state’ comment, I certainly understand the libertarian bent of a large segment of people who are very comfortable with technology. That said, the browser has no way of knowing what, if any, anti-virus, anti-spyware, or anti-malware applications the user might or might not have on their machine. I’m sure you know many people who don’t take the time or money or effort to keep updated computer security software on their machines. Thus, the browser should be conservative here.
Also, Firefox is getting really popular these days, we’re coming close to 200 million active users worldwide and close to 20% of all PC-based browser users on the Internet. So we’re way beyond the tech-savvy or geek crowd. We’re into the non-technical, non-security-knowledgeable, general Internet user market. For these users, having anti-phishing and anti-malware on by default is, in my personal opinion, the right thing to do. This way, you can recommend the browser that has those features (I think Opera has both too, not sure) to your non-technical friends and relatives so that they can better protect themselves without having to know the details of how to distinguish what is or is not malware, spyware or a phishing site.
Malware is especially nasty because merely by visiting the site, the user’s computer is infected. One interesting trend that we’ve seen in the dark side of the Internet is that in the past few years, phishing was a big deal and lots of bad people on the net spent a lot of time building pages and trying to phish for user data. As anti-phishing functionality was added to IE 7 and Firefox 2, we’ve seen a steady drop in phishing and a steady growth in malware. And in fact Microsoft has recently stated that IE 8 will have an anti-malware filter.
http://news.cnet.com/8301-10789_3-9982692-57.html
So I know this was a pain in your neck and it sucks to have to deal with this, but the flip side of this experience is that Firefox 3 did identify that your site was hacked and had that not been found, the people who you most care about, who are the people who visit your site, (your friends, your family, etc.) were the ones who were at danger.
I hope you can see why Mozilla implemented this important feature for Firefox 3.
Thanks for that explanation, Gen.
Part of the frustration I felt can be attributed to the implementation of the warning page as described in a mail I received (from Bill, the first commenter for this post):
“Opera is the only way I can get to your site. That FF3 block makes it impossible to use your site. Every time I click on a link I get that warning screen. Even if I click ‘ignore’ I still get a big red bar across the top. I think Opera has something similar, but I turned it off before it could begin to annoy me.”
I tried out FF3 on a couple new PCs at work and experienced the same thing. I really dislike this type of behavior in any app (“ignoring” the ignore command). However, I realize that this is a newly implemented feature in Firefox and as such the programmers are right to err on the side of caution and look out for new users.
///////////////////////
On a semi-related note, I want to add that this sentence on the stopbadware review page was disturbing: “If we find that you are hosting or distributing badware in the future, the reviews process may take considerably longer than the original review.”
Q: Hey, who died and made them king?
A: Nobody had to die, they’ve been newly empowered (most notably by Google).
I think that may be what bothers me the most.
///////////////////////
For anyone interested: My browser of choice is Firefox. At the moment, I’m still using 2.x because I’m waiting for my Add-ons to be ported to version 3.
Hi Justin,
I’ve just been following up a few mentions of SERPGuard. I’m glad your registration on the site went smoothly. We’re still in beta so any feedback on the system is very welcome. Hopefully it’s going to become a v. useful tool for people and so far the response has been great.
BTW – the system also gives out RSS updates. As someone pointed out, you can link that feed up to a TwitterFeed. I’ve just been trying out Ping.fm and it looks like that can be set up as part of an alert system too (SERPGuard email > Ping.fm > Services)