Phishing warnings

coverartarchive
googlechrome
google
browser
Tags: #<Tag:0x00007fcb4cf849f8> #<Tag:0x00007fcb4cf84890> #<Tag:0x00007fcb4cf84700> #<Tag:0x00007fcb4cf84598>

#1

Does anyone else get a phishing warning when they visit this page?

https://musicbrainz.org/collection/ac668219-3f0e-4f11-98a9-6d400e6479a2/edits

The text seems to imply that it’s an issue on the Archive.org end:

Deceptive site ahead

Attackers on ia601506.us.archive.org may trick you into doing something dangerous like installing software or revealing your personal information (for example, passwords, phone numbers, or credit cards).


#2

Yes, I do get the warning when I visit it, I believe it’s Chrome that triggers that warning.

There have been similar problems with the Archive.org and NOD Antivirus (ESET Security) in the past, see the discussion at The Cover Art Archive is currently experiencing difficulties.


#3

They are regular and from MB point of view harmless. MB is pulling images from servers. There is also a lot of other dodgy data hosted on the same servers. Maybe someone at MB needs to have a bit of a word with Google about these warnings.

When I get them I just find a number of the image boxes on the front page of MB are empty. And it always seems to be the front page more than any other.


#4

Great, thanks for the info both of you!


#5

Typical - the block popped up on a “outstanding edits” page today. Which is a little frustrating, so I started filling in the feedback with sarcastic comments to Google.

The big red page is just an “advisory” though. And Google doesn’t care as this isn’t a Google website so they quite happily mess with MB’s reputation.


#6

I’m getting it the main page right now.


Security Error Main MusicBrainz Page
#7

If you look on the red blocking page there is a feedback link. Hit it and add notes about how MusicBrainz website is being misleadingly blocked. Add notes saying that you are trying to go to a website that uses the CAA for images.

The more complaints that are fed into that feedback form the better. It is a very misleading block. Links to grab some images should not be setting off phishing sirens!

From previous threads I don’t think there is much MB can do about this. I don’t know if there is someone official who can try hassling Google over this. It is damaging reputation and will surely be putting many people off.

It is also very noticeable that the blocks only last a short time. So I think someone at Google probably knows that they are misleading. They need to have a better focus on what they target as they are blaming a whole shared server instead of just the parts with the dubious content on.


#8

That is unfortunate, it means that every user running Chrome is actively discouraged upon visiting the main site now and some probably never come back :confused:

Pinging @Zas because afaik he has some connections to the guys at CAA, so maybe he might be able to do something about it.


#9

https://transparencyreport.google.com/safe-browsing/search?url=http:%2F%2Fia601506.us.archive.org

I tested few others ia*.us.archive.org and most are considered safe.
I don’t think IA guys or us can do anything about this, as we don’t know why this url was added to Google’s suspicious urls at first. It can be a false positive or not.

A review can be asked, but it always takes some time for an url to be removed. See https://support.google.com/transparencyreport/answer/7380435?hl=en&ref_topic=7380433 " How quickly do you take the site off the list once it’s been cleaned?"

Currently, https://www.stopbadware.org/clearinghouse/search?url=http://ia601506.us.archive.org gives no results.

I’ll try to get in touch with IA guys about this, but i think it’s a temporary issue, and it’s likely to be gone even before anything was done. Plus if this url was actually serving badware (or triggered a false positive), the warning is perfectly expected.


#10

I wrote to our IA contacts. They said they’d pass the notification to whoever needs to see it, and this:

We do get those reports periodically, and if we can figure out which item on the server is responsible, we can take it down. but it is hard to keep google happy, given how many files from how many different uploaders pass through a given server, and how obscure their criteria are (intentionally, i guess, to keep spammers from gaming the system, but it also keeps well-intentioned hosts from finding the malware on our own).

So, as @zas said, all we can do is wait sadly.


#11

Maybe remove the recently added section and anything that displays CAA content off the main page so at least new visitors are not turned away.


#12

Here is a direct link to report false positives. the more peole that report it will help google in deciding to white list the domain that MusicBrainz uses.

https://safebrowsing.google.com/safebrowsing/report_error/?hl=en


#13

Firefox does not use the allmighty Google empire software… no warnings from it really.


#14

I’m not having this problem either. Running Firefox with latest updates.


#15

You call https://musicbrainz.org/ and get this scary screen:

I know that the source is the ia801504.us.archive.org. But are you sure, that everyone will come back after this huge red “Phising-Suspicion” screen as startpage for MB? :scream: :flushed:


#16

@InvisibleMan78 click the link to complain to Google. The more people complain the better.

Personally I think this is borderline libellous of Google with this accusation. The “warning” page is directly worded to imply that MusicBrainz “the site you are visiting” is hosting the phishing content. When the actual issues lie on the SHARED use archive website.

Totally agree with you that it is going to be putting people off accessing the MusicBrainz website. You can see in this thread that some things are being done to try and address this… but Google is too arrogant to listen.


#17

Interesting, I just tried with Chrome, it doesn’t warn me at all. Not even when I visit http://ia801504.us.archive.org/ directly. “Safe Browsing” is active. Obviously Chrome does not want to protect me from the evils lurking in the interwebs :smiley:


#18

It is totally messed up random as to when that warning appears. There is no sensible pattern to it at all.

One visit it is there, next visit it is gone. There is no logic to how Google decides this. I’ve not seen the warning today, but did get one yesterday.

I don’t use Chrome, but it is a Chromium based browser. One of the features left accessible is this spyware check. It can be useful when it works. But seeing how it keeps randomly popping up here just because MB links to a few images on that server shows that it is probably just as unreliable on other sites too.

Conspiracy Theory says it only started happening when the MB Privacy Policy started blocking Google Analytics… they clearly got upset when all our tracks were not being passed to them anymore. (:wink: need sarcasm font…)


#19

Thanks for the link @therealdero, here is where we can all of us report https://safebrowsing.google.com/safebrowsing/report_error/?url=musicbrainz.org where I pasted this topic URL, BTW.


#20

Done @jesus2099

And Google answers with:

Vielen Dank, dass Sie Google einen Bericht gesendet haben. Da Sie nun Ihre gute Tat für den Tag geleistet haben, können Sie:

  1. Sich einen Moment Zeit nehmen und sich darüber freuen, dass Sie dazu beigetragen haben, das Web zu einem sichereren Ort zu machen.

  2. Einen Freund anrufen (oder eine E-Mail schreiben), um ihm zu erklären, was Phishing ist und wie sie sich schützen können.

  3. Mehr über Malware erfahren, die Ihren Computer infizieren kann – auf Stopbadware.org.