Mefi.us flagged as malware? March 31, 2010 10:24 AM   Subscribe

Mefi.us flagged as malware?

MetaFilter and all related subdomains (ask, talk, prjects, etc) started looking really ugly an hour or so ago, as if the style sheet was broken. Turns out, my employer has started blocking mefi.us. See friendly message below:

This Page Cannot Be Displayed

Based on your corporate access policies, this web site ( http://mefi.us/images/mefi/metafilter.png ) has been blocked because it has been determined to be a security threat to your computer or the corporate network. This web site has been associated with malware/spyware.

If you have questions, please contact ITS Help Desk ###-#### ( ITS.Helpdesk@dirtdirt's-employer.org ) and provide the codes shown below.

Notification codes: (1, MALWARE_GENERAL, BLOCK-MALWARE, , 0x00b915fc, 1270055776.533, AAAASwAAAAAAAAAAJP8ACP8AAABAAAAAAAAAAA==, http://mefi.us/images/mefi/metafilter.png)


I guess I should be happy that I can still, you know, READ the site (at least for now!), and that since I am fucking off at work I have no recourse for complaint anyway.

ALSO I know this has nothing to do with MetaFilter, really, that it is an issue on my end. I guess I just wanted to commiserate. I assume that the fools in my IT dept are subscribing to some service, anyone else having this issue?
posted by dirtdirt to Bugs at 10:24 AM (85 comments total)

.
posted by MexicanYenta at 10:31 AM on March 31, 2010


boy are you an idiot
posted by Brandon Blatcher at 10:32 AM on March 31, 2010 [2 favorites]


"Let's embed steganographic paeans to Cthulhu in the header graphics", he said.

"What could possibly go wrong", he said.
posted by cortex (staff) at 10:35 AM on March 31, 2010 [14 favorites]


What's wrong with malware? That's where I buy all my ware.
posted by found missing at 10:37 AM on March 31, 2010 [1 favorite]


I'll commiserate. One of the categories that my workplace blocks is "blogs". Half the time when I'm looking for a solution to a technical issue, my search leads me to a blog that I have to read on a secondary connection. So annoying.
posted by ODiV at 10:40 AM on March 31, 2010


"Let's embed steganographic paeans to Cthulhu in the header graphics", he said.

"What could possibly go wrong", he said.,


Take out the repeated "he said", which allows you to also leave out the quote marks and then you push it as an edgy novel by a hot new writer with a fresh, inventive style.
posted by Brandon Blatcher at 10:41 AM on March 31, 2010


What about using this instead: http://mobile.metafilter.com/?

As far as I know, it doesn't use content from mefi.us.
posted by zarq at 10:44 AM on March 31, 2010


dirtdirt, you going to flame out? because, boy are you an idiot

just adding to the pile on.
posted by cjorgensen at 10:46 AM on March 31, 2010


Did you contact the ITS Help Desk? They can probably... help you.
posted by desjardins at 10:46 AM on March 31, 2010


Hey cortex, you've got me thinking. A really fun game to play is "Cthulhu Mythos or Israeli surname?"

It's fun–and simple!

Ghroth
Dayan
LLoigor
Olmert
Azathoth
posted by Mister_A at 10:53 AM on March 31, 2010 [7 favorites]


Have you tried turning it off and back on again?
posted by jtron at 10:53 AM on March 31, 2010 [6 favorites]


I refuse to commiseration. Why would I want your miseration all over me?
posted by DU at 10:54 AM on March 31, 2010


MAL MEANS BAD.
posted by dirtdirt at 10:55 AM on March 31, 2010


dirtdirt can be an idiot if he wants to. Have you SEEN the profile pic? Dude's like Chris Isaak on hottie pills.

Also he's not an idiot.
posted by Ambrosia Voyeur at 10:56 AM on March 31, 2010


MAL MEANS BAD.

If you're going to refuse to have an open mind, I can't deal with you.
posted by found missing at 10:58 AM on March 31, 2010 [1 favorite]


Hey cortex, you've got me thinking. A really fun game to play is "Cthulhu Mythos or Israeli surname?"

Brand new version: Cthulhu Mythos, Israeli surname, or Hutaree militia rank?
posted by Pollomacho at 10:59 AM on March 31, 2010 [7 favorites]


How is he an idiot? I mean, I guess if he is, I am too, since I don't understand what it is about his question that makes him an idiot. At least I'm in good company.
posted by rtha at 11:00 AM on March 31, 2010 [2 favorites]


No, no, it's "Hutaree militia rank or Pokemon character".
posted by cortex (staff) at 11:02 AM on March 31, 2010


pssst. rtha. read his profile.
posted by It's Raining Florence Henderson at 11:03 AM on March 31, 2010 [3 favorites]


I always knew this would lead to no good.
posted by lukemeister at 11:03 AM on March 31, 2010


Have you SEEN the profile pic? Dude's like Chris Isaak on hottie pills.

Oh my. Yes indeed.
posted by The Light Fantastic at 11:04 AM on March 31, 2010


dirtdirt, if you can run Greasemonkey and get to this page there might be ways to hack around this. Talking to your IT department is probably the high road though.
posted by pb (staff) at 11:04 AM on March 31, 2010


I subscribe to the MeFi print edition to get around this situation.
posted by lukemeister at 11:05 AM on March 31, 2010 [3 favorites]


I pledge allegiance to the flag of mefi.us, and to the website for which it stands, one community under mathowie, divisible, with liberty and justice for most.
posted by gman at 11:06 AM on March 31, 2010


OMG, and his penis is HU...oh wait, that's a baby. Nevermind and carry on.
posted by iamkimiam at 11:09 AM on March 31, 2010 [6 favorites]


MetaFilter: AAAASwAAAAAAAAAAJP8ACP8AAABAAAAAAAAAAA
posted by davejay at 11:13 AM on March 31, 2010


Your best bet is probably to get the network admin hooked on MeFi.
posted by ODiV at 11:16 AM on March 31, 2010


I get paid on commiseration. Some months are good, some bad.
posted by backseatpilot at 11:17 AM on March 31, 2010 [1 favorite]


Thanks, IRFH!
posted by rtha at 11:21 AM on March 31, 2010


dirtdirt, perhaps this is a response to the still-unfolding "USian" imbroglio...
posted by Mister_A at 11:27 AM on March 31, 2010 [1 favorite]


Yes, we're holding out for the ".america" tld basically.
posted by cortex (staff) at 11:28 AM on March 31, 2010 [4 favorites]


No, no, it's "Hutaree militia rank or Pokemon character".

Take your dang hat off when you talk to me–I'm a Charizard first class!
posted by Mister_A at 11:28 AM on March 31, 2010 [1 favorite]


Brand new version: Cthulhu Mythos, Israeli surname, or Hutaree militia rank?

Tsk. I have all the major Cthulhu Mythos memorized and the rest are in a hand guidebook on my bedside table - isn't that the same for everyone?*

*Sadly this is actually the truth.
posted by Artw at 11:29 AM on March 31, 2010 [1 favorite]


I'm a Chrome user. I guess there is a Greasemonkey for me, but since I've never used it and everything functions I'll probably just muddle along. I don't think I'll be alerting IT to my concerns. Thanks for the tip though, if I get too annoyed maybe I'll try it.

And, um. I normally use a picture of Frankenberry as my profile picture. Rest assured Frankenberry is at least as accurate a representation of me as what's up there. Sorry for the confusion. Uh, but thanks.
posted by dirtdirt at 11:32 AM on March 31, 2010


I get paid on commiseration. Some months are good, some bad.

Geez, that's rough bsp, but if I feel for you, can I get a cut too?
posted by Cold Lurkey at 11:33 AM on March 31, 2010


What's a good way to get started on Ramsey Campbell? Is there a good way to do so at all?
posted by Mister_A at 11:46 AM on March 31, 2010


I am but a Snorlax for Christ.
posted by fairytale of los angeles at 11:51 AM on March 31, 2010 [3 favorites]


if I feel for you, can I get a cut too?

Only if you're Chaka Khan.
posted by evilcolonel at 11:54 AM on March 31, 2010


Chaka Khan, I choose you!
posted by Mister_A at 11:55 AM on March 31, 2010 [2 favorites]


MALL MEANS BAD L.
posted by koeselitz at 12:08 PM on March 31, 2010


What's a good way to get started on Ramsey Campbell? Is there a good way to do so at all?

Probably Cold Print, which pretty much covers all his Mythos stuff. He's a bit Garth Marenghi TBH.
posted by Artw at 12:17 PM on March 31, 2010


(Ghroth is from The Tugging, which is probably my favourite story of his, mainly for the ending)
posted by Artw at 12:18 PM on March 31, 2010


Wow, this sounds awesome!
posted by Mister_A at 12:24 PM on March 31, 2010 [1 favorite]


It's hard to find other useful reports, but Google doesn't consider mefi.us suspicious at the moment.
posted by Pronoiac at 12:28 PM on March 31, 2010


Have you tried writing a greasemonkey script to redirect mefi.us to 4chan.com?
posted by special-k at 12:31 PM on March 31, 2010



Your public library should have bound copies of MetaFilter.
posted by Cranberry at 12:37 PM on March 31, 2010


Your public library should have bound copies of MetaFilter.

If not then try to get it via ILL. I think we may even have some librarian mefites.
posted by special-k at 12:41 PM on March 31, 2010 [1 favorite]


Your public library should have bound copies of MetaFilter.

Warning: MetaFilter in Bondage may be NSFW.
posted by It's Raining Florence Henderson at 12:52 PM on March 31, 2010 [1 favorite]


MALL MEANS BAD L

See, I don't know how I'm supposed to go into BAD L without my Hutaree militia rank.
posted by Brak at 12:59 PM on March 31, 2010


Wait, what were we talking about again? cortex, you're saying that .fuckyeah tld is actually going to go through?
posted by Brak at 1:02 PM on March 31, 2010


Like Pronoiac, I've been trying to track down who thinks mefi.us is a malware site. The error message is surprisingly free of information about which security product generated it, but I think this might be from an IronPort.

Looking up mefi.us on SenderBase.org (which is where you look up things in the database IronPorts use) produces a "poor" web reputation. It lists a bunch of malware/phishing type of examples as the most common reasons for this reputation, but doesn't say specifically why mefi.us has been categorized as poor.

So far that's the only lookup I've done that has come back with anything negative. They don't seem to talk about any way to get un-listed if it's a mistake (perish the thought!). Maybe it's worth checking closely to make sure there really isn't anything funky happening on that server, though?
posted by FishBike at 1:09 PM on March 31, 2010 [1 favorite]


I think Brak is a Hutaree military rank. It is just above Grand Mahoff and just below Ice Cream Salesman.
posted by Mister_A at 1:26 PM on March 31, 2010


"That's right, Grand Mahoff Smith, always use a higher gauge when you're executing liberal heathen scum. And I should know – it's not for nothing they've made me the Supreme Koeselitz of the Eastern Seaboard."
posted by koeselitz at 1:41 PM on March 31, 2010 [2 favorites]


Do not adjust your Koeselitz. We are controlling transmission…
posted by It's Raining Florence Henderson at 1:59 PM on March 31, 2010 [1 favorite]


It's a hack but because mefi.us is only hosting static content you could make a local mirror on an unrestricted connection; transfer it to your work machine; and then edit your hosts file to use the local copy instead of bouncing off the corp filter set. As a bonus you can use custom header images to rotate Mefi: taglines.
posted by Mitheral at 2:15 PM on March 31, 2010


MAL MEANS BAD.

Shut up or the Browncoats will get you.
posted by ROU_Xenophobe at 2:19 PM on March 31, 2010


dirtdirt can be an idiot if he wants to. Have you SEEN the profile pic? Dude's like Chris Isaak on hottie pills.

Thanks to meetups, I can attest to his personal hottitude. Also, he plays a mean game of Words with Friends, so if he's an idiot, he's an idiot with a big dictionary.
posted by immlass at 3:23 PM on March 31, 2010


the John Holmes of geeks, if you will.
posted by gman at 3:28 PM on March 31, 2010


Not directly related, but on a number of occasions I have had mefi.us being the element screwing up my MeFi experience. Waiting for it, not finding it, having it hang...

From my end it seems more problem than it's worth.
posted by Meatbomb at 3:46 PM on March 31, 2010


From my end it seems more problem than it's worth.

Understandable when things are going wrong. But 99% of the time the site is faster to load thanks to offloading the static elements. We briefly went back to hosting static elements the other night when mefi.us stopped responding, and the site was noticeably slower. If mefi.us does continually cause problems we can move things back to the metafilter server, but our experience has been that these types of problems are few and far between for most people. We've heard from one person experiencing a problem today.
posted by pb (staff) at 3:54 PM on March 31, 2010


Also, he plays a mean game of Words with Friends.

I have recently learned I do not.
posted by cjorgensen at 4:49 PM on March 31, 2010


immlass: "dirtdirt can be an idiot if he wants to. Have you SEEN the profile pic? Dude's like Chris Isaak on hottie pills.

Thanks to meetups, I can attest to his personal hottitude. Also, he plays a mean game of Words with Friends, so if he's an idiot, he's an idiot with a big dictionary
"

Can we cut out the euphemisms? We're all adults here. So is his dictionary unabridged? That's a deal killer for some people.
posted by Splunge at 5:32 PM on March 31, 2010


You could probably make a case for AskMe being useful for work. Then again, you might want to just keep cruisin' under the radar...
posted by Crabby Appleton at 8:01 PM on March 31, 2010


I pronounce "mefi.us" as "Meh Fee Ooze."
posted by lore at 8:59 PM on March 31, 2010 [2 favorites]


But wait! Your profile says you're a lineman for the county. Presumably, linemen are out and about all day, working on the lines. So that leaves three possibilities:

1. You're not really a lineman for the county. This obviously cannot be the case because profiles are always 100% accurate.

2. You're a really bad lineman and instead of doing your job, you hang around the office trying to read mefi. Given the economy, I find it unlikely that the county would put up with such a bad work ethic and that you wouldn't be replaced.

3. You're lying and really can access metafilter just fine. Quit making up stupid stories about the site being blocked and wasting all our time. boy are you an idiot.
posted by zachlipton at 9:15 PM on March 31, 2010


I'm sure dirtdirt is disappointed by your help y'all. dirtdirt, click here and use the professional white background. Your IT will recognise MeFi as indispensable to your job and things will revert to normal. Other than your being promoted.
posted by ersatz at 2:56 AM on April 1, 2010


I'm just here to say, the hotness of dirtdirt came to my attention when he favorited a comment of mine. "Oh delightful, some lone soul approves of (or is at least amused by) by my flawless musical recommendations. Now, let me just pop on over to this person's profile and LAND O GOSHEN WHAT A GOOD DECISION TO MAKE THAT CLICK."
posted by Coatlicue at 5:54 AM on April 1, 2010


Holy crap!

The hosts file (plus a little elbow grease) worked! I made mefi.us point to my local server, then grabbed the resources I needed off of styles.metafilter.com and images.metafilter.com, and built the files structure to match. Yay! The whole damn thing looks exactly normal again.

Thanks Mitheral (for the hosts idea) and PB (for the predictable file structure)!
posted by dirtdirt at 8:04 AM on April 1, 2010 [1 favorite]


He's not really a county lineman. He's a writer; a writer of fictions. If you don't love me, let me go...la la la la...
posted by iamkimiam at 10:54 AM on April 1, 2010


Sorry...trying to be silly...think I just crossed over into weird 'n random. Edit: undo. :P
posted by iamkimiam at 10:58 AM on April 1, 2010


damnit Kim. We're being very serious here. Stop with the derail or take it to Met...never mind.
posted by special-k at 11:16 AM on April 1, 2010


Oh, alrighty then, here's what I was really thinking...

You don't really want to know.

Do you?

Cause I can just keep going smaller.

And smaller.

But I've got work to do.

And closing tags is a bitch.

Favorite me if you read all that. That's how I'll know you have the superpower of microscopic vision.

posted by iamkimiam at 11:24 AM on April 1, 2010 [3 favorites]


/me does not have microscopic vision
/me threw you a bone anyway. :)
posted by zarq at 11:27 AM on April 1, 2010


pb: Understandable when things are going wrong. But 99% of the time the site is faster to load thanks to offloading the static elements. We briefly went back to hosting static elements the other night when mefi.us stopped responding, and the site was noticeably slower. If mefi.us does continually cause problems we can move things back to the metafilter server, but our experience has been that these types of problems are few and far between for most people. We've heard from one person experiencing a problem today.

I'm another. Our corporate NetNanny is blocking mefi.us.
posted by timeistight at 11:48 AM on April 1, 2010


The hosts file (plus a little elbow grease) worked! I made mefi.us point to my local server, then grabbed the resources I needed off of styles.metafilter.com and images.metafilter.com, and built the files structure to match. Yay! The whole damn thing looks exactly normal again.

And now pb knows who to contact if they ever need backups again.
posted by cjorgensen at 11:56 AM on April 1, 2010


Hey, timeistight, if you care, and have a webserver running on your machine you should do the hosts thing. It's a breeze. If you like I can email you an archive of the files and structure of the stuff you need (other than your hosts file, of course). Unzip it to your web root, add the line '127.0.0.1 mefi.us' to hosts, and in about 2 minutes you are basking in the malware again.

Really, I've been feeling so satisfied about this. I'm GLAD they blocked mefi.us.
posted by dirtdirt at 12:04 PM on April 1, 2010


Favorite me if you read all that. That's how I'll know you have the superpower of microscopic vision.
Or the superpower of CTRL+SCROLL.
posted by SpiffyRob at 12:07 PM on April 1, 2010


Geez, SpiffyRob, get an iPhone already!
posted by Pronoiac at 5:38 PM on April 1, 2010


Huh, okay, so I just looked at dirtdirt's profile, and I see he was born exactly one day before me. My theory now is that most, if not all, users with double names are all born in December.

(what this has to do with Mefi.us flagged as malware? Nothing. But I've never really had a chance to go all off topic on metatalk. I just wanted to know what it felt like. )

Glad you found your answer dirtdirt.
posted by anitanita at 6:43 PM on April 1, 2010


Damn, sorry timeistight. Like dirtdirt mentioned there are some ways around this, and you don't need your own local web server if you can run Stylish and Greasemonkey.
posted by pb (staff) at 7:55 PM on April 1, 2010


Geez, SpiffyRob, get an iPhone already!

You can have my G1 (which has pinch to zoom as well, thanks XDA) when you pry it from my warm, living hands. (Please don't.)

But most of my MeFi is done on a real computer anyway.
posted by SpiffyRob at 7:42 AM on April 2, 2010


After a few more reports of blocking we moved all static elements from mefi.us to static.metafilter.com yesterday. You might need to update your NoScript and/or AdBlock Plus whitelists to include this new subdomain if you don't already have a blanket whitelist for *.metafilter.com.
posted by pb (staff) at 9:00 AM on April 3, 2010


pb, will that undo some of the "let's not have all the *.metafilter.com cookies sent along with the GET request for static stuff"1 optimization that came along with using mefi.us before?

1: Why yes, this is the technical term for it. I'm sure of it.
posted by FishBike at 10:32 AM on April 3, 2010


Yeah, unfortunately. We'll keep an eye on the mefi.us rating you pointed out, and if the malware rating is lifted we'll probably shift back. There's no appeal process, they don't point out specifically why they gave that domain a poor rating, and we haven't detected any problems at all on that server. So we're kind of stuck. The performance hit was less painful than introducing a new domain for people to whitelist.
posted by pb (staff) at 11:06 AM on April 3, 2010


I'm not sure how I feel about how this thread relates to the discussion on our boyzone posts.
posted by Blasdelb at 2:13 PM on April 3, 2010


« Older Bloomington IN meetup?   |   Single-link idiocy Newer »

You are not logged in, either login or create an account to post comments