Results 1 to 22 of 22

Thread: Google re-directs and Alerts

  1. #1
    Join Date
    Feb 2002
    Location
    Nipmuc USA
    Posts
    11,950

    Google re-directs and Alerts

    For well more than a year, Google Chrome browsers running Google searches have led to redirects to a basic spam url. More recently on Chrome if clicking a Google search result, or even if using a new tab and clicking an SFI bookmark has brought up the following. Also notable when continuing to what is listed as a dangerous site.

    I've not encountered it with other browsers and have been notified by others that there is something triggering their sniffers. I know that resetting cookies has worked over the years during many renditions of the board but this seems particular and persistent on Chrome browsers, in this case a Chromebook. It may be as simple as that, in that Chromebooks are sensitive but I have encountered it on Windows machines as well.

    Chromebooks can get malware and propagate to an associated Chrome browser on a Windows machine, so when in doubt, reset Chrome settings, along with any cookies that look suspect. There are malware apps that can creep in.

    Cheers

    GC

    Note url


    pop-up following opening bookmark link in new Chrome tab

  2. #2
    Join Date
    Oct 2007
    Location
    Kingston area, Ontario Canada
    Posts
    2,902
    I get this too. I have a red triangle with !, then "Dangerous ww.swordforum.com. " Googling for SFI it says above it "this site may be hacked"

    Possibly disgruntled person attacking SFI??

    For me this has happened only 2 days ago at most.

  3. #3
    Join Date
    Feb 2002
    Location
    Nipmuc USA
    Posts
    11,950
    Hi Will

    What browser are you using and are you using Windows, or other?

    I have spent zillions of hours over the years using Google to search for SFI threads, as quicker sometimes to zero in on a specific post or thread and this new alert is just in the past few days but the weird re-direct from Google searches goes back more than a year, if not two. I just got so used to it that double clutching to get to SFI from a search result became just a matter of course. I did today just sent a report to Google and perhaps others have as well.

    If I had a hunch, it might be in the way the page appears to the web but there don't really seem to have been a lot of changes except maybe the way ads are coded into the tables. I'm no webmaster, that's for sure but somehow I get emailed or messages, long after I was modding here. There has been some sort of script tripping sniffers for quite awhile and even if harmless, is probably responsible. On the other hand, other forums have had a lot of intrusion for some phising contact info, etc. Might be time to see a change/update here.

    Cheers

    GC

  4. #4
    Join Date
    Oct 2007
    Location
    Kingston area, Ontario Canada
    Posts
    2,902
    Hi Glen I use an Apple MacBook Air and Chrome. I found the regular Safari could not open more and more things so I relented and used Chrome.
    Has someone hacked this forum? I find Apple computers don't get virus and virus protection is free and Apple recommends the protections to use. Very user friendly and help is free.
    Since switching to Apple from a Acer and Windows I've saves so much $$ by not paying for computer fixes and virus protection. Yes initial cost is double but years later no problems and no crashes, and no $$ spent.

  5. #5
    Join Date
    Feb 2002
    Location
    Nipmuc USA
    Posts
    11,950
    I think it is a Chrome and Google issue but has been persistent for a long time (especially on my Chromebook). I'll try on my tower with Mozilla, Explorer and Opera but never encountered it using those in the past.

    This new alert is a pita because of the device I use the most. the search issue I was used to but clicking a bookmark and getting the alert is most perturbing and a waste of time.

    I was using Chrome on my windows tower yesterday and logged in without any issue at all.

    Weird

  6. #6
    Join Date
    Oct 2007
    Location
    Kingston area, Ontario Canada
    Posts
    2,902
    I shut down my computer twice but same thing came up, the red screen. Must be a setting chrome changed or??

  7. #7
    Join Date
    Dec 2007
    Location
    Rugby, UK
    Posts
    528
    Just set up a new computer 3 days ago. Windows 10 Pro. Got the red screen today using Chrome. I had imported my settings from an older machine but this is the first time I got this.
    The journey not the destination

  8. #8
    Join Date
    Feb 2002
    Location
    Nipmuc USA
    Posts
    11,950
    I browsed a bit on my Win 10 machine and Chrome, Mozilla (Firefox) with both older and newer Opera browsers showing alerts. The Microsoft Edge browser seems unaffected.

    There is definitely a site issue of some sort.

  9. #9
    Join Date
    May 2017
    Location
    NW England, UK
    Posts
    19
    I've just had this today with the IceDragon browser from comodo, using Windows 7. I visited the site yesterday and it did not happen then.

    PaleMoon still loads the page today with no problem.

    Both of the above are using my shortcut straight to the site, not from a search engine.

    I still have the redirect from google search issue on every browser (I have four different browsers here, and not google's chrome!)
    Last edited by Rick Fox; 09-20-2017 at 06:36 AM.
    When offered a spoon, one should not cling to one's fork. The soup will get cold.

  10. #10
    Join Date
    May 2017
    Location
    NW England, UK
    Posts
    19
    The redirect to myfilestore is definitely server-side.

    It's a well-known exploit of part of the forum software. That is also evidenced by the fact that it happens on all my browsers, so it's not one of them suffering from local malware. To test it I even installed a new, clean windows 7 OS in VMware workstation, with just the basic install and Internet Explorer. The google redirect happened in there too.
    When offered a spoon, one should not cling to one's fork. The soup will get cold.

  11. #11
    Join Date
    May 2017
    Location
    NW England, UK
    Posts
    19
    Oh yes, I reported it to google too, some time ago, and before I figured out what was really going on. Never heard back from google about it. It's not really their issue though; it's a server hack that I guess trips on the headers received on an http request from a google search. All google could do is flag the hacked sites themselves (like SFI) as dangerous.
    When offered a spoon, one should not cling to one's fork. The soup will get cold.

  12. #12
    Join Date
    Dec 2001
    Location
    North East USA
    Posts
    3,056
    Blog Entries
    1
    It's a google thing (google being evil, etc). There's a likelihood of a CMS change in the near future, and that should stamp out any redirect dickery.
    mark@swordforum.com

    ~ Hostem Hastarum Cuspidibus Salutemus ~

    "Those who beat their swords into plowshares usually end up plowing for those who don't."
    Benjamin Franklin

  13. #13
    Join Date
    Feb 2002
    Location
    Nipmuc USA
    Posts
    11,950
    Hopefully an update will remove any security issues prompting the recent alerts on multiple browsers along with Google annoyances.

    Thanks for weighing in on the issues.

  14. #14
    The bright red screen has just started happening to me over the last 3 days. It happens when I simply type in swordforum.com in the URL bar and try to come here. I keep reporting to google via their report link that this site is not a phishing site. I can only get here by clicking on the "go to the dangerous site anyway" link 3 times. After the third click it lets me continue on, but with the "dangerous" label in the URL bar.

    Until 9/20/2017, I never encountered the screen. Did something change on 19/20 September with the forum SW (update, major change, etc) that triggered Chrome to start generating the screen?

    Maybe if everyone dumps a report message back to google on a daily or twice daily basis someone there will get a clue?

  15. #15
    Join Date
    Feb 2002
    Location
    Nipmuc USA
    Posts
    11,950
    I note the front page is not available.
    http://www.swordforum.com/forums/content.php

    Since the alerts are also on Mozilla and Opera, it is not just a Google/Chrome issue but something else going on. My solution right now is to leave a dedicated window open but I had a large debate with COX last night into the wee hours because COX was getting alerts on the forum as well, listing the possible phishing. Hate to say it but I think I may bid adieu until things are resolved. Other boards have taken measures, some multiple times in the past year, so there must be solutions which will take time to iron out. Visiting here and having COX interrupt my service for security issues is something I'd rather not have to fight on a daily basis. Only the Microsoft browser seems to be ok with this act.

  16. #16
    Join Date
    May 2017
    Location
    NW England, UK
    Posts
    19
    The 'red screen' warning is because your browser is configured to check website URLs against a database for 'dangerous' content, before loading them. Most of the big browsers share the database, as do the anti-malware companies.

    That database is simply a list of sites reported to have something dodgy going on. For instance: SFI searches being redirected to a phishing site... SFI gets added to the database because SFI is where the redirection is happening.

    You can turn off this 'feature' in your browsers. In Firefox, go to options/security and uncheck 'block dangerous and deceptive content'. That's the service that checks the database.

    I use PaleMoon which is based on an older Firefox core and does not use the database, so I load that browser to come here right now. IE doesn't use the database either.

    Frankly, I've always thought the database checking is a bit of a scam. Don't know if this is still the case, but at one point websites could pay to be 'whitelisted' when they got blacklisted on one of these databases. And many places seemed to get blacklisted for no apparent reason. Even email domains were being added to it, including some I dealt with that definitely were not in any way dodgy. That's how I know about this. That is going back a bit now, so probably 'they' have cleaned up their act a bit now.
    Last edited by Rick Fox; 09-23-2017 at 06:29 AM.
    When offered a spoon, one should not cling to one's fork. The soup will get cold.

  17. #17
    Join Date
    Dec 2007
    Location
    Rugby, UK
    Posts
    528
    Is anything being done about this? The forum must be losing viewers as anybody new will be put off. Without new interest this forum will certainly die. This is an important issue.
    The journey not the destination

  18. #18
    Join Date
    Feb 2002
    Location
    Nipmuc USA
    Posts
    11,950
    Quote Originally Posted by Guy C View Post
    Is anything being done about this? The forum must be losing viewers as anybody new will be put off. Without new interest this forum will certainly die. This is an important issue.
    As of today, I no longer get the alerts and dangerous site warning but the Google search redirects still occur. We seem to have lost threads posted after Nov 1st but as of last night, threads have been responded to and at least one new one begun. Unfortunately, archive,org didn't happen to take a snapshot before the threads went missing. Four or so threads (at least stuff I was following) at A&M seem to be gone forever.

    The alert page had become intermittent to me but I am just glad to not have to click three times to get in. I also feel better about referencing content within the forums (other stuff via archive.org).

  19. #19
    Join Date
    Mar 2017
    Location
    Stockholm, Sweden
    Posts
    92
    We should be aware that the site could be targeted by hackers for ideological or criminal reasons, and if possible take necessary precautions. I can imagine that the people who try to sell fake swords on e-bay don’t love the site and might want to prevent prospective buyers from seeking advice on the site.

  20. #20
    Join Date
    Feb 2002
    Location
    Nipmuc USA
    Posts
    11,950
    So those sellers are internet hackers as well? I don't think so.

  21. #21
    Join Date
    Oct 2007
    Location
    Kingston area, Ontario Canada
    Posts
    2,902
    I no longer get the alerts but I had to open a new tab with SF and delete the old one that had it.

  22. #22
    Join Date
    Dec 2001
    Location
    North East USA
    Posts
    3,056
    Blog Entries
    1
    our new IT guru Matt determined that restoring the site at the point of the last backup was necessary. That being 11 days ago, all subsequently logged threads and post text were lost. Sorry for the inconvenience all.
    mark@swordforum.com

    ~ Hostem Hastarum Cuspidibus Salutemus ~

    "Those who beat their swords into plowshares usually end up plowing for those who don't."
    Benjamin Franklin

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •