Dodgy link needs to go. February 4, 2012 1:41 PM   Subscribe

Why is the second link to this post still up? Several people have mentioned problems with it, including myself, yet the link still remains. Maybe I'm missing something here, but I think that the link should be axed since its absence won't really affect the rest of the post. Or is this just something that is allowed?

The problem website is also linked to in a comment.
posted by MaryDellamorte to Bugs at 1:41 PM (61 comments total) 1 user marked this as a favorite

Perhaps because a number of OTHER people aren't having any problems with it at all?
posted by EmpressCallipygos at 1:50 PM on February 4, 2012


Yes, this is allowed. Unless it's a deliberate prank to cause problems, the bar for removing something like this is very high. We can't police the entire web. Some websites have malware, but we can't be in charge of verifying that. If we removed every site that pops up as having malware on someone's virus scanner we would be removing lots of sites. False positives happen all the time.
posted by pb (staff) at 1:53 PM on February 4, 2012 [1 favorite]


I actually did get a virus from the website so it isn't a false positive. I've never had a problem with Metafilter links before so I didn't think it was a common occurrence. I guess if it's allowed, I just need to get better firewall and antivirus protection. Thanks for clearing things up.
posted by MaryDellamorte at 2:02 PM on February 4, 2012 [1 favorite]


I'm sorry that you got a virus. I can't verify that was the site that infected your computer, and the site isn't scanning as trouble from Google or SenderBase. The site VirusTotal is showing the site is clean. If we get some sort of agreement from a number of sources that something is a serious problem we can pull the link, but we can't pull it based on one or two reports.
posted by pb (staff) at 2:14 PM on February 4, 2012


fwiw there is dodgy javascript that appears in the page when using a "normal" user agent but not using the wget user agent. I did not determine what the snippet in question actually does, but the way it is written it looks not just minified but intended to obscure the functioning of the code from static analysis tools. I'm wary of pasting any specific part of the code, lest some stupid antivirus decide that this page is malicious. But it involved a variable that was a misspelling of "symptom" and which was assigned something that looks like a domain name in mongolia.
posted by jepler at 2:21 PM on February 4, 2012


... and in repeated attempts it's only given me that snippet in 1 case, so it's no surprise if sometimes or for some people the snippet's not there
posted by jepler at 2:22 PM on February 4, 2012


Why don't you just put a warning next to the link, like "(WARNING: POSSIBLE MALWARE)"?
posted by MattMangels at 2:22 PM on February 4, 2012


I got a warning too from AVG about some shady JS.
posted by atrazine at 2:24 PM on February 4, 2012


Unmask Parasites and AVG online are both showing the site as clean.
posted by pb (staff) at 2:25 PM on February 4, 2012


As another data point, the site tries to download a PDF, exactly as described in this comment. I vote for definitely an infected site.
posted by firesine at 2:27 PM on February 4, 2012


I also got a warning from Avast.
posted by k8lin at 2:32 PM on February 4, 2012


ok, that's a lot of confirmation, link removed.
posted by pb (staff) at 2:33 PM on February 4, 2012 [1 favorite]


Fascinating. It seems to be behaving like a real-life virus. My understanding is that they mutate to be less virulent in order to ensure that their hosts will continue to share them with others.
posted by the young rope-rider at 2:35 PM on February 4, 2012 [1 favorite]


Here is the code in question, on Pastebin.

JSUnpack doesn't show the code itself as suspicious, but the site as a whole is. I'm not that familiar with JSUnpack but it appears the reason it is suspicious is due to how long it took the code to execute.
posted by geoff. at 2:38 PM on February 4, 2012


Thank you, NoScript.
posted by maudlin at 2:38 PM on February 4, 2012 [6 favorites]


maudlin: "Thank you, NoScript."

Yah, I'm locked down pretty tight over here, too, NoScript and AdBlock pretty much kill anything before it even gets a chance; if I get some garbage on my puter it's because I've been fool enough to click where I know better, it's like inviting junkies to live in my condo.
posted by dancestoblue at 2:52 PM on February 4, 2012


Yeah, I tend to think like maudlin and dancestoblue myself, but on the balance I'm glad that pb nuked the link.
posted by jepler at 2:59 PM on February 4, 2012


I'm glad he nuked it, too. I poked around that site before the warnings showed up in-thread, and I was briefly worried until I remembered that I had carried over the NS install to FF 10.
posted by maudlin at 3:06 PM on February 4, 2012


Thanks for axing the link. It looks like my first Metatalk post went relatively well. In everyone's opinion, what is the best firewall and antivirus setup? I currently use ZoneAlarm as my firewall and have Spybot S&D and Super Antispyware to scan for malware. Since I was so susceptible to an attack, what should I change?
posted by MaryDellamorte at 3:22 PM on February 4, 2012


I'm sorry, but if you're the kind of person who gets a virus from a website, I'm not sure anyone should trust your judgment about its provenance.
posted by toomuchpete at 3:24 PM on February 4, 2012


Toomuchpete, I'm not the only one who had a problem with the website so what was your point again?
posted by MaryDellamorte at 3:28 PM on February 4, 2012 [10 favorites]


Well that was weird. Report a bad link and get ragged on for it? Freaks.
posted by heyho at 3:47 PM on February 4, 2012 [7 favorites]


Mary, what browser are you using?
posted by empath at 4:17 PM on February 4, 2012


Firefox.
posted by MaryDellamorte at 4:22 PM on February 4, 2012


Everyone should absolutely run noscript.
posted by OnTheLastCastle at 4:28 PM on February 4, 2012


Yeah, this thread finally unlazy-fied me enough to install noscript. It's taking a little getting used to, but so far, so good.
posted by rtha at 4:32 PM on February 4, 2012


toomuchpete: "I'm sorry, but if you're the kind of person who gets a virus from a website, I'm not sure anyone should trust your judgment about its provenance."

Anybody who had JavaScript enabled could have gotten a virus from that website. Or are you suggesting that the only people allowed to render judgements here are people who refuse to use the Internet?
posted by koeselitz at 4:42 PM on February 4, 2012 [7 favorites]


Unless they're not using Windows ...
posted by iotic at 4:43 PM on February 4, 2012


My experience with a dodgy link from the metafilter archives, leading to a pretty severe virus infection, led me to installing noscript. Very happy I did.
posted by knapah at 4:58 PM on February 4, 2012


I'm sorry, but if you're the kind of person who gets a virus from a website, I'm not sure anyone should trust your judgment about its provenance.

That's kind of an odd thing to say. I don't really follow your reasoning.
posted by Tell Me No Lies at 5:01 PM on February 4, 2012 [1 favorite]

I'm sorry, but if you're the kind of person who gets a virus from a website, I'm not sure anyone should trust your judgment about its provenance.
This is silly. I had my computer compromised a year or two ago by way of a vulnerability in flash. It lasted for like 36 hours before they patched it, but I managed to connect to a website that was serving one of the exploited ads in that timeframe.
posted by kavasa at 5:05 PM on February 4, 2012


Is there any quick and easy way to set up NoScript for a parent or grandparent? Because I like it a lot but I'm constantly allowing sites and I don't see me training non-computer people to do that.

The best virus protection I've used is Microsoft Security Essentials, which is free, and doesn't hog memory the way AVG used to.
posted by graventy at 5:06 PM on February 4, 2012


Everyone should absolutely run noscript.

I don't and never have, so I'm not entirely sure how scattershot the tool is -- manual whitelisting is required, I assume -- but I will suggest that there are very very few sites indeed these days -- Metafilter, old school as it is, included -- that do not rely on legitimate scripting to function as intended.

If you understand how the web works, it may be good prophylaxis to run a script blocker -- I personally do not think it is all that necessary -- but blanket advice to do so to everyone, including the non-technical folks out there, without explaining the downsides and what to do when sites that use scripting legitimately are broken, seems ill-advised.
posted by stavrosthewonderchicken at 6:02 PM on February 4, 2012 [6 favorites]


In everyone's opinion, what is the best firewall and antivirus setup? I currently use ZoneAlarm as my firewall and have Spybot S&D and Super Antispyware to scan for malware.

Linux. (Imagine me saying this in a very tired voice.) This would involve replacing the entire operating system. If you've got a PC, though, this would probably be really easy to do. Whether this is feasible or not would depend on what kind of software you're using.

I'm not going to proselytize. If you want to know the ins and outs of this and other options ask an AskMe question.
posted by nangar at 6:15 PM on February 4, 2012 [3 favorites]


I flagged the post for this very reason, and it's probably good pb removed the link.

While I'm an AdBlock/Noscript/etc. kind of cat, I can recognize that many people are not.
posted by box at 6:20 PM on February 4, 2012


In everyone's opinion, what is the best firewall and antivirus setup? I currently use ZoneAlarm as my firewall and have Spybot S&D and Super Antispyware to scan for malware.

For what it's worth (as a PC user since the late 1970s, before this kind of thing was even on the horizon) I've never run anything special in terms of virus/malware protection, and never had a problem in all those years. These days, on Win7, I just run the built-in Microsoft Security Essentials (doing a scan when it tells me to) and the built-in firewall. It may be that I'm just lucky -- knock on wood -- but I do exercise a reasonable level of caution, and don't tend to stray too far into the dark end of the woods. I can't remember which podcast it was -- one of Leo Laporte's maybe -- where the constant refrain was that no level of automated protection can replace user education in terms of protection from malware and viruses.

On the other hand, my web sites have been bot-hacked no less than three times in the past year, so.
posted by stavrosthewonderchicken at 6:24 PM on February 4, 2012


Just FWIW, I'm the OP

I checked the link before posting, had no issues.

I noticed one user had a prob, but a comment or two later, said it seemed fine, and was puzzled himself.

Then another user reported a problem, and I got all contact-formy about it with the mods that be, and suggested zapping the link.

Sorry for any hassles anyone had.
posted by timsteil at 6:26 PM on February 4, 2012 [3 favorites]


Okay, is the conclusion that this English professor is trying to infect people's computers with a virus, or that some third party has compromised his website?
posted by Dasein at 6:29 PM on February 4, 2012


It is almost certainly the latter. Like I said, it's happened to me several times in the past year (Wordpress being the open door -- keep those WP installs updated, people!), and also to a friend.

The friend's site I fixed for him was gnarly -- it was sending password recovery emails that appeared to be from a bank, with spoof login pages and all manner of horrors. I started digging, made my 'holy shit' face, and just ended up nuking and rebuilding the whole shebang for him.
posted by stavrosthewonderchicken at 6:33 PM on February 4, 2012


Someone should let him know - someone who can explain to him in layman's terms what is going on and how to fix it.
posted by Dasein at 6:39 PM on February 4, 2012


... using rap.
posted by crunchland at 6:51 PM on February 4, 2012 [15 favorites]


Another Firefox user here voting for NoScript. You can set it to always allow top-level sites, which makes it a little less tedious. I would not recommend it to people who aren't that comfortable with computers, though.
posted by wondermouse at 9:02 PM on February 4, 2012


As I have noscript on as well, I went to the site and had no problems. Of course that doesn't mean that it's not a problematic site. I just wouldn't know. I also have a lot of other browser software protection. So the OP might also have that running and be unaware of issues.

Should everyone that goes to a site shut down their protection before posting it in a FPP? That might be reasonable. But maybe you should protect your system.
posted by Splunge at 10:22 PM on February 4, 2012


Anybody who had JavaScript enabled could have gotten a virus from that website.

To be fair, Firefox allowing Javascript to actually compromise your computer is a very worrying sign. Not the user's fault, of course, but WTF Mozilla.
posted by kmz at 10:41 PM on February 4, 2012


Toomuchpete, I'm not the only one who had a problem with the website so what was your point again?

Maybe I'm wrong, but I read Toomuchpete's comment as an oblique joke at the expense of conservatives and the way they treat issues of sexual health.
posted by Philosopher Dirtbike at 12:12 AM on February 5, 2012


In everyone's opinion, what is the best firewall and antivirus setup? I currently use ZoneAlarm as my firewall and have Spybot S&D and Super Antispyware to scan for malware.

Linux. (Imagine me saying this in a very tired voice.)


Imagine everyone else being very tired of anyone saying it too. Or, on preview, imagine proposing abstinence as the only way to avoid STDs. Sound fucking retarded? Yes, it does.
posted by jacalata at 12:43 AM on February 5, 2012 [1 favorite]


The server may only be serving the malicious javascript at random intervals, which might be why it turns up clean some times for some people.
posted by wayland at 12:48 AM on February 5, 2012


Is there a good NoScript equivalent for Chrome yet? I'm nervous now.
posted by subbes at 1:25 AM on February 5, 2012


You shouldn't be, but.
posted by stavrosthewonderchicken at 2:01 AM on February 5, 2012


I actually did get a virus from the website so it isn't a false positive.

That's some skanky antimalware software that tells you that a site is infected and then goes ahead and lets your machine get infected anyway.

Spybot S&D

Are they still working on Spybot S&D? I stopped finding it useful many years ago now. I run Malwarebytes Anti-malware (plus No-Script and Adblock in Firefox), and Keep Superantispyware to run alternate scans with Malwarebytes whenever I actually do get infected. Which is pretty well never.

Haven't bothered with standard anti-virus software in years now.
posted by PeterMcDermott at 4:01 AM on February 5, 2012 [2 favorites]


For antivirus, I recommend Immunet, a wrapper for the open-source ClamAV. The free version includes a live process scanner, which is what most anti-spyware software does, so you can probably do okay with just Immunet if you're parsimonious about installing things.

"Firewall" is kind of a vague term. Network engineers typically use it to refer to something on a router, where the router in question may be a whole computer devoted to routing packets. That kind of firewall mainly determines what packets are worthy of sending to client PCs. That's called packet filtering, and you can do it on your home PC using e.g. PeerBlock. It is probably overkill if you're not runing a server, but not a bad idea anyway.

Firewall software like ZoneAlarm might or might not block peers. Its primary function is access control. It prevents programs from accessing parts of the computer they're not supposed to. Windows Vista and 7 already have this feature, but it's difficult to make it work just how you want it to. ZoneAlarm provides finer control. I don't really know about the alternatives.
posted by LogicalDash at 6:59 AM on February 5, 2012


NB. If you use any kind of peer-to-peer filesharing (BitTorrent, eMule, etc), you are in fact running a server! Install PeerBlock or something like it.
posted by LogicalDash at 7:00 AM on February 5, 2012


Microsoft Security Essentials to prevent an infection.
Microsoft Safety Scanner if you think you're already tainted.
posted by crunchland at 7:28 AM on February 5, 2012


Maybe I'm wrong, but I read Toomuchpete's comment as an oblique joke at the expense of conservatives and the way they treat issues of sexual health.

It wasn't a joke.
posted by MaryDellamorte at 9:00 AM on February 5, 2012


Someone please correct me, but I'm fairly sure the vector of attack is an unpatched version of Adobe PDF. From what I can tell, the script attempts to load and open a PDF ... probably exploiting some stupid PDF scripting capability.

I use Chrome which has native PDF rendering capabilities that are truly read-only, so if it opened and ran in memory, no big deal, if it even ran at all.

The solution is to really be vigilant at keeping Acrobat up to date, or as I do on my home machine, not have it installed at all. Google Docs does a good enough job of displaying PDFs that I just stick to that. At work I use PDFs and PDF specific functionality too much to ditch it.
posted by geoff. at 10:41 AM on February 5, 2012


Ah, exploiting a third-party plugin/program makes a lot more sense than a browser (any browser) actually letting a host machine get compromised on its own.

Speaking of Adobe, I have to say that now that I'm using Windows a lot due to SWTOR, I've become a lot more sympathetic with the anti-Flash crowd. Flash on Linux never gave me any problems, but the latest Flash update for Windows has been fucking my shit up hardcore. Finally uninstalled it and enjoying HTML5 Youtube for now.
posted by kmz at 10:50 AM on February 5, 2012


You can enjoy HTML5 Youtube without using Flash, see here, it'll set the default player to HTML5.
posted by geoff. at 10:57 AM on February 5, 2012


That is, it won't default to Flash if you have it installed.
posted by geoff. at 10:57 AM on February 5, 2012


I switched to HTML5 YT, but then switched back. I realize that there's years of development for the Flash player that an HTML5 version doesn't benefit from, but still. It seems like they could get them to parity if they really wanted to. So I'm skeptical that they are giving this a priority.

I don't have anything against Adobe and the particular Apple and Flash thing doesn't interest me much (though I do have an IOS device). But it does make much more sense to me to use a new standard for rendering video than relying upon proprietary software. I mean, really. The continued existence of Flash is like some timewarp anomaly of the 1996 web intruding on the present.
posted by Ivan Fyodorovich at 2:42 PM on February 5, 2012


So I'm skeptical that they are giving this a priority.

As one of the engineers who started the HTML player project here (though I don't work on it anymore), I can tell you we are. Both players are much more complicated than I would have thought as an outsider, so I can kind of see why it looks that way from the outside. Of course, even more so than Flash your browser makes a difference in HTML5 as well. And all the browser developers are at various stages and priorities with HTML5 video, not to mention competing video codecs, etc. So it's just not the same world as Flash. There are still a lot of things with video / buffering / etc that work better in Flash.

(I do generally use the Flash player, FWIW, although I'm usually on Windows where Flash performs best)
posted by wildcrdj at 2:01 PM on February 6, 2012


I don't have anything against Adobe --- You should. Security flaws in Adobe Flash and Adobe Acrobat have been huge vectors for viruses and malware in the past 12 to 36 months.
posted by crunchland at 2:06 PM on February 6, 2012


« Older Why the snark, MetaFilter?   |   Animal totem as ethnic slur? Newer »

You are not logged in, either login or create an account to post comments