Malware warning on an Exploding Rabbit Wiki page

Discussion in 'Exploding Rabbit' started by Erik Mouse, Oct 21, 2012.

  1. Erik Mouse

    Erik Mouse Level 0: Newbie

    Hi, I'm new here. I found my way here from YouTube to play Super Mario Bros. Crossover and remember watching a Let's Play Legend of Zelda Parallel Worlds with Exploding Rabbit on YouTube. While I was playing Super Mario Bros. Crossover, I decided to check out the Wiki and ended up coming across a problem that I'm not sure if anyone here is aware of. While I was trying to view http://www.explodingrabbit.com/wiki/Super_Mario_Bros._Crossover/Character_Requests thinking about a character request, I get a page that says "Warning: Something's Not Right here!" with "www.explodingrabbit.com contains content from odysseedupixel.fr, a site known to distribute malware. Your computer might catch a virus if you visit this site." I don't know whether it is coming from the ad displayed on that page or if something bad is uploaded there, but I think Jay or someone needs to check it out and find out what is causing it. If there is some sort of malware there, it needs to be removed as I think Jay could be at risk of site suspension due to it. Thank you for your time, I have attached a pic of what I am seeing. The URL about odysseedupixel.fr is http://safebrowsing.clients.google....ure%20island.gif&client=googlechrome&hl=en-US
     

    Attached Files:

    Rey D likes this.
  2. Rey D

    Rey D Level 12: Super Mod
    Patron

    Thanks for the warning!
    I think I'll contact Jay directly about this.
     
  3. aliceandsven

    aliceandsven Level 9: Spike Top

    I just looked over that page and didn't see anything odd. But yeah, I guess stay away from that page until we figure it out, it's deprecated anyway.
     
  4. Erik Mouse

    Erik Mouse Level 0: Newbie

    Yeah, but something there is causing me to get the warning page in my attached pic, and seems to happen just about every time I try to go there. I guess I'll have to avoid that page until someone can solve this.
     
  5. aliceandsven

    aliceandsven Level 9: Spike Top

    Giving the page a more thorough investigation, this turned up;

    Untitled.png

    it appears "oddysseed" is hosting an image used for one of the character descriptions. I'm assuming this is what you're picking up. I'm pretty sure nothing bad can happen just by viewing an image on a web-page.

    I don't recommend going to oddysseedupixel.fr

    but that image is the only content I could find from there
     
    Rey D likes this.
  6. Omicron

    Omicron Level 9: Spike Top

    Actually, there's an exploit that can bomb a machine through ext tags on pngs and jpegs.

    Not gif, though.
     
  7. JoMamma

    JoMamma Level 6: Lakitu

    Well at least not very many people look at the wiki.
    That way we know that the virus won't spread too far.
     
  8. aliceandsven

    aliceandsven Level 9: Spike Top

    I think just Oddyseed is compromised, but his security is freaking out because it detected a picture hosted there and it counts as "content" from the compromised site.
     
  9. Faruga

    Faruga Level 12: Super Mod
    Patron

    At first I was gonna say "fuck Norton". Then I noticed it might not have been Norton.
     
    Omicron likes this.
  10. Jay

    Jay Level 13: ER Team

    Mike knows a lot of web stuff so I'll have him take a look. Thanks for letting me know.
     
  11. sbq92

    sbq92 Level 9: Spike Top

    Couldn't we just remove/replace the image with one from a safer site?
     
    Rey D likes this.
  12. aliceandsven

    aliceandsven Level 9: Spike Top

    good idea I"ll do that now

    EricMouse let us know if you're still catching a security warning

    EDIT: We've noticed that the google security page being linked to is actually not reporting any security threats on some machines. Eric, are you using a current version of your web-browser? And what operating system / service pack / etc. are you on?

    I'm going to download the image and re-upload it directly to our wiki so that it doesn't snag any false-positives
     
    Rey D likes this.
  13. Erik Mouse

    Erik Mouse Level 0: Newbie

    Yeah, this has nothing to do with Norton Internet Security as I don't even have that installed.

    Yeah, it's probably just Odysseedupixel.fr that is compromised, not the ExplodingRabbit Wiki.

    Maybe he needs to take a look to make sure the ExplodingRabbit Wiki isn't getting compromised by someone.

    Nope, I just checked and wasn't getting the security warning anymore. Apparently, it was that one .gif hosted on Odysseedupixel.fr because Odysseedupixel.fr is likely compromised, and is why I was getting that security message on the Wiki. Probably should avoid hosting anything else on Odysseedupixel.fr until the security issue that has Google listing it as compromised has been fixed. Now the only thing wrong with the Wiki page is whatever the ad is on there is not loading and causing the browser window to not load from taking too long to respond, but the ads on other pages here load okay.
     
  14. aliceandsven

    aliceandsven Level 9: Spike Top

    I edited my last post with more questions / information

    I can't help you with the ad problem since I use AdBlock
     
  15. Erik Mouse

    Erik Mouse Level 0: Newbie

    Well, maybe someone else can check to see if there is an ad problem and whether or not it can be fixed.

    Yeah, I am using the current version of Google Chrome and my operating system is Windows XP with Service Pack 3.

    Definitely a good idea, you don't want to end up with the risk of Google deciding to list ExplodingRabbit.com as a site hosting malware over a bad image.
     
  16. imgdat

    imgdat Level 5: Spiny
    Patron

    Erik Mouse, I think the Google Safe Browsing warning is at this point a false positive. I'm not getting the warning and no one else I've talked to is getting it. I'm glad to hear your OS and browser are up to date though.

    Maybe your ISP's DNS is out of date. Try ipconfig /flushdns from the command line. That could also explain the ads not showing up correctly. Chrome itself pre-fetches DNS so try turning off the "Predict network actions to improve page load performance" setting then turning it back on.

    You could also change your DNS settings to see if it's the problem. I recommend using either

    OpenDNS
    208.67.222.222
    208.67.220.220

    or

    Google Public DNS
    8.8.8.8
    8.8.4.4

    I use OpenDNS usually since I'm a little paranoid about Google being Big Brother. The only other thing I could think of is if you have a third party firewall or something installed but that shouldn't be causing this.

    EDIT: This shows that site with the image was flagged from other domains, most probably due to cross-site scripting. The warning on our wiki then came from the hot linked image.
     
    Omicron and aliceandsven like this.
  17. Faruga

    Faruga Level 12: Super Mod
    Patron

    I've always wondered what that means. Does it mean the antivirus software thinks it's a virus but it's not?
     
  18. aliceandsven

    aliceandsven Level 9: Spike Top

    Yep exactly.
     
  19. imgdat

    imgdat Level 5: Spiny
    Patron

    Yes that's one definition of a false positive. But in this case the false positive is that the Google Safe Browsing filter flagged that wiki page due to the image being hosted at odysseedupixel.fr, a site which according to that link I put in my edit never directly hosted malware at least for the past 90 days. The Safe Browsing page does say it contained malware from other domains however.

    I want to be clear that the wiki page never hosted anything resembling a "virus" or malware but was simply flagged (as far as I can tell for one person possibly due to an outdated DNS) because of its association with another site that isn't even hosting malware directly either. It's good the image was replaced, but I wouldn't consider the situation a truly credible security threat. I'm glad it was brought to our attention though.

    Here's the Google Safe Browsing report for explodingrabbit.com
     

Share This Page