On Aug 20, 2009, at 6:31 PM, CathyM wrote:
> Well, this is true and not true. > I went to the website and was blocked exactly the way that they said. > But when I went into Options>Security and unchecked the box: Tell me > if the site I’m visiting is a suspected attack site, I was able to > get right onto the site. > So you can access the site. The problem is if another site you > visit is malicious you won’t know it unless you recheck the box. > I had the same thing happen on a different site today and another > person also had McAffee turn down the site, so we both agree we > won’t go there. This site I decided to take a chance because of > what their email said and yes you can get to it. The other problem that can happen is that many sites can be blocked by one bad site if they all share the same IP address. This is a common problem for sites of small businesses and small organizations because they almost always lack dedicated hosting (too expensive). For example, our small business site is http://mistymanormercers.com . It uses a shared hosting package. The same physical computer runs the Misty Manor web site and something like 100 other sites, including a group I operate at http://thestatesmen.org. They have different registered domains but they all go to the same numeric address (like a shared office building with different suites). If one site gets infected and one of the Internet scanners catches it (or one of the human-edited rating sites like WOT), it is possible that ALL OF THEM will be blacklisted. This is not entirely by accident, either. It makes sense from a security standpoint to blacklist them all. Why? Because that virus got into the web site somehow. If it is because someone cracked security on that single server ("rooted" the box), which is likely, then that person has the ability to install a virus or any number of malicious tools on EVERY ONE OF THEM. This is also why many of these listings do not go away as soon as the offending code is removed. If someone has root access to the box, they can simply reinstall the virus code (or a different virus/trojan horse/whatever) at any time. So, in order for the site to become safe again, someone has to figure out HOW THEY GOT IN, close that door, and any other backdoors they might have opened while they were there. I had the Statesmen site get broken into late last year. They got in and changed my password, locking me out. They were able to do it because I was behind on installing security patches on the content management system (the software that lets me handle news, articles, comments, and so forth). Since I knew that, I looked at the latest patches to see what they had fixed so I could simply break in the same way the intruder did, kick THEM out, then install the security patches I was missing to KEEP them out. I also restored a backup of my website to get rid of anything they might have hidden while inside. It's a pain, but the Internet is a pain these days. It's like losing your wallet and then finding it on the street somewhere. You still have to change all of your credit cards because you don't know how many people had access to them since you lost the wallet. MANY legitimate sites these days end up serving malicious code because someone got past their security. In the 'old days,' a cracker would deface the site or do something obvious. Nowadays, they are just as likely to quietly use your site by hooking other people to break into their computers to use their computers to hook still more people... So, anyway, it IS POSSIBLE that Google is doing this maliciously, but they do not have to be. Sincerely, Eric Vought "Faith does not absolve us from trying to understand our world and make moral distinctions with the eyes and brain given us. Religion is as much responsibility as direction: Duty not Distinction." --~--~---------~--~----~------------~-------~--~----~ This is a Free Speech forum. The owner of this list assumes no responsibility for the intellectual or emotional maturity of its members. If you do not like what is being said here, filter it to trash, ignore it or leave. If you leave, learn how to do this for yourself. If you do not, you will be here forever. -~----------~----~----~----~------~----~------~--~---
