This is Cristian Kit Paul, graphic designer, photographer and traveller.
Also, founding partner of Brandient. Hello and welcome to Kitblog.
Let’s keep in touch: I am @Kitone on Twitter, Flickr, Instagram and Tumblr.
I am Cristian Kit Paul on Facebook. Here's my RSS feed. Search:
Navigate this site: Home, Notes, Archives, Articles, About, Colophon, and Contact.

Entry no.: 626

17 Nov 2008, 11:38 AM

Tags: ,

Comments: 8

Internet What is this mess?

So, I've upgraded to Version 3.2 of Safari. The shock came when I tried to access pages from my blog, other than the homepage—I got this instead:

Warning

If you landed here using the same version of the browser, you've probably seen that, too.

What's with that russian site? I do not even have a link to that site. Franticly, I started digging to see what's wrong, what has been compromised and how.

  • In Google Webmaster Tools, the site appears verified, not flagged.

What is the current listing status for kitblog.com?
This site is not currently listed as suspicious.

What happened when Google visited this site?
Google has not visited this site within the past 90 days.

Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, kitblog.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.

Ok, just as I thought. But... "Google has not visited this site within the past 90 days"? Weird.

Let's try Safe Browsing diagnostic on the very page where Google announces the launch of Safe Browsing diagnostic page:

What is the current listing status for malware.testing.google.test/testing/malware?
Site is listed as suspicious - visiting this web site may harm your computer.

What happened when Google visited this site?
Google has not visited this site within the past 90 days. Suspicious activity was detected over 90 days ago, but no data is available for the past 90 days.

Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, malware.testing.google.test/testing/malware did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.

How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Again, "Google has not visited this site within the past 90 days." They're not indexing their own blogs? Hard to believe. But—and here it gets really weird—there is more: "Suspicious activity was detected over 90 days ago, but no data is available for the past 90 days"!

Malware on Google's Online Security Blog? Come on! This diagnostic doesn't seem very reliable, does it?

I'm not a web designer, so all this leaves me pretty clueless. Is it a browser bug? A Google bug? How can I verify their claim (I tried LinkScanner and everything came out clean) and make sure it's not a glitch, as it seems to me now? And if their claim does not verify, how should I react?

What is this mess? Help!


UPDATE: All the evidence pointed to the 3rd party captcha mechanism, so I wiped it off and I'll replace it with CMS's own. In order to be able to do that, I moved the blog database to a fresh install of Movable Type 4.2.1—the basic functions are working, but there are some glitches left.

Please bear with me a couple of days until I have a chance to iron out the remaining issues and also please let me know if you encounter anything suspicious. Thank you.

Comments

Reply no.: 1

17 Nov 2008, 8:21 PM

Russell:

For what it's worth, Google's Chrome browser throws up a very similar page when I visit your site from a PC. I think (by process of elimination) that you can point the finger directly at Google. They clearly need to work on this. If it helps, also, I run Wordpress on Hostrocket and don't get these messages. Good luck!

Reply no.: 2

18 Nov 2008, 9:46 AM

Kit:

I'm on Movable Type—maybe it's time to upgrade... but the idea of having to re-configure all this makes me puke.

Reply no.: 3

18 Nov 2008, 12:44 PM

Tudor Vedeanu:

If you look in Safari's Activity window you'll see that when you load this blog entry in your browser, you also load something from that russian website. Hacker alert?

Reply no.: 4

18 Nov 2008, 3:40 PM

Kit:

I hate to say it, but you're right.

Reply no.: 5

18 Nov 2008, 4:21 PM

vlad:

Aha! I knew it! You! "Carpa kaghebista" (bad joke)

Reply no.: 6

18 Nov 2008, 5:31 PM

Kit:

Yep, bad indeed.

Reply no.: 7

4 Feb 2009, 12:45 PM

led:

hey kit, yesterday I encountered the same not so welcoming warning box.
in case you felt cured :)

Reply no.: 8

4 Feb 2009, 3:44 PM

Kit:

Thank you, Led.

It seems that those Russian boys are hard at work. I'll keep an eye on that.

Follow the comments to this entry via Subscribe to this post's comments RSS feed. XML feed.


Or follow all comments via Subscribe to global comments RSS feed. XML feed.

Post a comment (in English, please)

Rules: Allowed HTML tags: a href,b,i,br/,p,strong,em,ul,ol,li,blockquote. Textile 2 text formatting is enabled. Please use English for comments. Be responsible. Flames, trolling or bad language will get your response deleted and your IP possibly banned.