Google Safebrowsing Detected Malware on the Forums.

[remove p l e a s e ? 800]

I was using Google for the replacement of the site's search.

Then I came across a message saying the site hosted malware. I never had this message the other few times when I used Google as the alternative. So I opened up the details to find this:

http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=mlpforums.com

[Rebel the Wolfgirl 5,585]

Hmmm...very interesting. Maybe it's a false alarm?

[Odyssey 5,713]

I had the same problem as well a few hours ago. I'm not sure how many parts of the site hosted malware, but I took a screenshot just in case.

[SCS 7,443]

I can assure you that if anything like this exists on MLP Forums it is certainly not deliberate. My guess is that these instances were the results of advertisements. I and other staff members always keep a lookout for malicious advertisements to blacklist, and we try to stick to trustworthy ad services that don't distribute malware. But some things do slip through the cracks.

 

Another (remote) possibility is it being a part of an attachment in a post somewhere on the site. I've literally never seen this happen though, and I've been here for awhile. But if anyone ever suspects a post of having a malicious file attached to it, don't hesitate to report it. Administrators are able to delete any attachment anywhere on the site.

[ghostfacekiller39 23,857]

I don't think this has anything to do with advertisements, as I just ran into the problem and I have ads disabled.

[SCS 7,443]

I don't think this has anything to do with advertisements, as I just ran into the problem and I have ads disabled. 

 

Thanks for the info.

 

I'm not sure what's going on, but I'll do everything I can to make sure it stops. Running into malware here should never happen.

[KokuraiNoSenshi 3,463]

Just wanted to say really quickly... I got this error too... In Google Images. I'm not sure this is necessarily a mlpforums issue but I do have tabs open for it so it is possible...

[WindShear 532]

I have run into this problem twice today on different parts of the site, and I also have ads disabled.

[ghostfacekiller39 23,857]

Just happened to me again when I went to go look at the Rarity Fan Club. chipisik.com seems to be the perp, but I'm lacking in technological intelligence and that may mean somwthing entirely different than I believe. Here's a screenshot:

 

 

Digging even further into this tells me that IP, 75.102.9.195, is being used by 10 different domains with honest sounding names such as "biggtittis.com"  (lol) and it is based out of Chicago, IL. 

 

I hope this helps in some way.

[ghostfacekiller39 23,857]

Pardon me - the IP for chipisik.com Forgot to specify.

[BastementSparkle 20,312]

Avast antivirus just warned me that it blocked some malware when I attempted to go to one of my PM's. That's the only warning I've had so far from it.

[Andaasonsan 3,205]

I had this happen to me as well a couple of times while I was viewing the site with Google Chrome this morning. But then it just got over it after a few minutes and didn't happen again. I'm pretty sure I remember it mentioning the chipisik site that @ghostfacekiller39 mentioned.

[Zygen 6,065]

Not had this happen yet myself actually, and I'm using google chrome.

 

I hope it's just a false alarm or something though.

 

Regardless, I hope it is resolved, I wish I could help more, but I currently don't have much information to provide, or experience with the whole thing.

[Wind Chaser 4,767]

This has not happened to me yet today, but I must say that this has happened to me at least twice before when redirecting from the homepage to the Poniverse.net login. Most recently, it happened a couple of weeks ago. The problem seemed to have fixed itself right afterwards.

[Jeric 46,834]

Two things I wanted to clear up that have been mentioned that are either lacking detail or incorrect. 

 

1. We are not 'hosting malware'. According to the Google safe site system they detected a link that is hosted elsewhere that is tagged an 'attack site' by their system that is available to our users. 3 pages during their bot scan were detected. Going down the rabbit hole of that network ... we did pretty good. If we had verified malware on MLP Forums the warning would be different. So yes the issue could have been as simple as a bad ad that was served to us through the api and was found and pulled by Google.

 

2. You can still get this warning if you use ad blocker. That has nothing to do with the report your browser is displaying.

 

It's a very simple process to resolve this since as I mentioned ... we are not hosting the malicious malware.  Of course Lavo and Feld0 have been notified. But as a precaution never surf without updated virus and malware protection.

[Samurai Equine 45,851]

I've also been getting the Malware warning. It happens mostly when I go the Ask A Pony section in Beyond Equestria.

[Legacy Dash 438]

My avast antivirus has been picking up some sort of malware aswell... I think it might be one of the ads.

[BastementSparkle 20,312]

Another warning from Avast, telling me it blocked malware. It was on the homepage this time.

[baba_booey 4,299]

Wot, I got that for pressing the "Reply to this thread" button.

 

Plus, I went to search for a Flash Sentry fanclub on here (as a joke) and I got that same thing.

[BastementSparkle 20,312]

I did a scan with Avast and it did find a virus on my computer. The date on it said it was put there sometime last night. Around when I got the first warning. The scan dealt with it and doing a further scan with Avast and one with Malware-bytes I found nothing else.

 

 I was using IE before, but now I've switched to Chrome for the forums. Haven't had any further problems yet.

[IridscentNionios 1,420]

I am having the same problem. Thing is after that when i try to access the same thing i get "Page Not Available" Do you know how i can just... make it go? It's really annoying. I don't want to have to switch to some other browser.

[碇 シンジン 27,427]

I happened me 2 times in a row when I was navigating away from Ask a pony forum.

[Jeric 46,834]

Guys, if you are going to report instances of this occuring, please supply the full link of the page that you received the warning.

 

I am certain it is ad related personally. How? Because my company's security configuration pwns consumer ad blockers and plug-ins. I am not getting any warnings because unlike a browser based system that will still report an issue (as I indicated in an earlier post) ... My company will do this server side. MLP Forums on my corporate network ... is clean.

 

Also, please refrain from speculation regarding us being hacked. Thank you.

[KokuraiNoSenshi 3,463]

I can't even look around on this thread, it keeps giving me the alert about malware... Same place too, chipsik.com

[Admiral Regulus 2,769]

Another (remote) possibility is it being a part of an attachment in a post somewhere on the site. I've literally never seen this happen though, and I've been here for awhile. But if anyone ever suspects a post of having a malicious file attached to it, don't hesitate to report it. Administrators are able to delete any attachment anywhere on the site.

 

I've seen this happen before on a forum that I moderated. Someone's signature was hosted on a site with malware. Google picked it up, so every page with that person's post(s) was flagged as containing malware. I fixed the problem by hosting the image in the member's signature on another site. People freaked out (lol), but it was simple and easy to fix.

 

So, assuming it's something like that, here's how to solve the problem. If you get the message, report the exact page you found it on. From there, we need to look for commonalities. What elements are on those pages but not others? That answer should give us the source of the malware.

 

So far, I've not found the message. Everything is clean on my end. I run Firefox and I have ads disabled.