<Glazblog/>

Google, BlueGriffon.org and blacklists

Several painful things happened to bluegriffon.org yesterday... In chronological order:

  1. during my morning, two users reported that their browser did not let them reach the downloads section of bluegriffon.org without a security warning. I could not see it myself from here, whatever the browser or the platform.
  2. during the evening, I could see the warning using Chrome on OS X
  3. apparently, and if I believe the "Search Console", Google thought two files in my web repository of releases are infected. I launched a complete verification of the whole web site and ran all the software releases through three anti-virus systems (Sophos, Avast and AVG) and an anti-adware system. Nothing at all to report. No infection, no malware, no adware, nothing.
  4. since this was my only option, I deleted the two reported files from my server. Just for the record, the timestamps were unchanged, and I even verified the files were precisely the ones I uploaded in january and april 2012. Yes, 2012... Yesterday, without being touched/modified in any manner during the last four years, they were erroneously reported infected.
  5. this morning, Firefox also reports a security warning on most large sections of BlueGriffon.org and its Downloads section. I guess Firefox is also using the Google blacklist. Just for the record, both Spamhaus and CBL have nothing to say about bluegriffon.org...
  6. the Google Search Console now reports my site is ok but Firefox still reports it unsecure, ahem.

I need to draw a few conclusions here:

  • Google does not tell you how the reported files are unsecure, which is really lame. The online tool they provide to "analyze" a web site did not help at all.
  • Since all my antivir/antiadware declared all files in my repo clean, I had absolutely no option but to delete the files that are now missing from my repo
  • two reported files in bluegriffon.org/freshmeat/1.4/ and bluegriffon.org/freshmeat/1.5.1/ led to blacklisting of all of bluegriffon.org/freshmeat and that's hundreds of files... Hey guys, we are and you are programmers, right? Sure you can do better than that?
  • during more than one day, customers fled from bluegriffon.org because of these security warnings, security warnings I consider as fake reports. Since no public antimalware app could find anything to say about my files, I am suspecting a fake report of human origin. How such a report can reach the blacklist when files are reported safe by four up-to-date antimalware apps and w/o infection information reported to the webmaster is far beyond my understanding.
  • blacklists are a tool that can be harmful to businesses if they're not well managed.

Update: oh I and forgot one thing: during the evening, Earthlink.net blacklisted one of the Mail Transport Agents of Dreamhost. Not, my email address, that whole SMTP gateway at Dreamhost... So all my emails to one of my customers bounced and I can't even let her know some crucial information. I suppose thousands at Dreamhost are impacted. I reported the issue to both Earthlink and DH, of course.

Comments

1. On Friday 29 January 2016, 13:49 by Francois Marier

If it's still blocked in Firefox, can you please email me (francois@mozilla.com) the URL so I can see it?

2. On Saturday 30 January 2016, 01:32 by Peter Kasting

I don't think deleting the files in question was the right thing to do. I believe the correct course of action was to request a re-review of the site. See section 3 of http://www.unmaskparasites.com/malw... for details on doing this.

I'm not on the SafeBrowsing team, but I know some folks who were, and I know they did occasionally get false positive reports, which they worked to correct as soon as they were made aware.

3. On Sunday 31 January 2016, 21:52 by check australian visa

With havin so much content do you ever run into any problems
of plagorism or copyright violation? My blog has
a lot of completely unique content I've either created myself
or outsourced but it seems a lot of it is popping it up all over the web without
my permission. Do you know any techniques to
help reduce content from being stolen? I'd truly appreciate it.