# Attack Page warning?!



## Greg K

*Chrome Malware Warning*

I just tried to go to the Dungeons and Dragons/Pathfinder forum and I received a screen from Google Chrome saying it detected malware for the forum.


----------



## Ahnehnois

Same thing here.


----------



## JamesonCourage

I'm getting it, too.


----------



## Obryn

Ditto

Edit: The website scanning pages I found aren't finding any problems, though...


----------



## billd91

I'm using Safari, but I'm getting the warning too.


----------



## (Psi)SeveredHead

Firefox, getting it too. I don't think it's a browser issue. Oddly, the "reason" page showed no good reason not to visit ENWorld. But I suspect a lot of people are ducking it right now.

I'm computer literate, but somehow fail to post on Twitter. There's an ENWorld Twitter page, maybe someone should post about this there.


----------



## dd.stevenson

I'm getting it too on chrome.


----------



## Blood Jester

*Blame Google*

I believe all of these browsers are backending these alerts on Google, which according to the alert received a single report of a problem on this site in the past 90(?) days.  And thus is reporting to all capable browsers that this is an attack site.

I would guess this was part of / a result of the recent hack (intentionally or otherwise).

I believe a site admin or owner can address this with Google directly, there was a link to do so.


----------



## Mishihari Lord

I got a warning in Firefox too.  It took me to a Google Advisory that said the page was "reported 1 time in the last 90 days as an attack site"


----------



## mach1.9pants

Me too on Chrome, IE I just get "waiting for ENWorld.org"


----------



## JamesonCourage

Well, just wanted to chime in saying I've been skipping the warnings and just reading the threads, like normal. I've just run two scans on my PC, and nothing bad so far. But, I do have AdBlock, so if it's from the ads, I don't think I'll be in much danger, anyways. Just wanted to throw that out there to people, so they can choose to risk it or not based on my experience.


----------



## Morrus

We're 99% sure this was a slightly dodgy ad we have since blocked.


----------



## jonesy

Opera just keeps saying "This site has a clean security record".


----------



## steeldragons

Don't know if this is worrysome, but figured you should know.

When trying to open EN World in a new tab in Firefox (I needed to check something out and didn't want to leave the page I was on), I got this:
Reported Attack Page!

          This web page at www.enworld.org has been reported as an attack page and has been blocked based on your security preferences.    

          Attack pages try to install programs that steal private information, use your computer to attack others, or damage your system.Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.​The window I'm currently in has been opened since yesterday. That message popped up on the first time I tried to access it today.

I REALLY hope whoever if f**kin' with you gets bored and knocks it off soon. Gettin' really annoying.

The actual page I was trying to get to was my Settings. Dunno if that matters/helps.

--SD


----------



## steeldragons

When going to get the details of the situation...here's what pops up:

*What is the current listing status for www.enworld.org/forum/d-d-pathfinder?*
Site is listed as suspicious - visiting this web site may harm your computer.
Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.​*What happened when Google visited this site?*
Of  the 19 pages we tested on the site over the past 90 days, 4 page(s)  resulted in malicious software being downloaded and installed without  user consent. The last time Google visited this site was on 2012-11-30,  and the last time suspicious content was found on this site was on  2012-11-30.Malicious software includes 3 exploit(s). Successful  infection resulted in an average of 7 new process(es) on the target  machine.
Malicious software is hosted on 2 domain(s), including igitalspintssorysmen.net/, domainpostmethods.net/.
1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including kattycatyd.org/.
This site was hosted on 2 network(s) including AS30221 (T3COM), AS15169 (Google Internet Backbone).​*Has this site acted as an intermediary resulting in further distribution of malware?*
Over  the past 90 days, www.enworld.org/forum/d-d-pathfinder did not appear  to function as an intermediary for the infection of any sites.​*Has this site hosted malware?*
No, this site has not hosted malicious software over the past 90 days.​*How did this happen?*
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.​*Next steps:*


Return to the previous page.
If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.

Hope any of this helps. Means next to nuthin' to me.
--SD


----------



## JamesonCourage

Just an update: I keep bypassing the warnings, and I just ran another scan for any malware/viruses, and came up clean. So, the malware warning may not be fixed on the site yet, but I haven't had any negative consequence of using it anyways. And, just to remind people, I do have AdBlock, so that might help me avoid the offending ads, if they are indeed the problem, so your results may differ. As always, play what you like


----------



## Elf Witch

JamesonCourage said:


> Just an update: I keep bypassing the warnings, and I just ran another scan for any malware/viruses, and came up clean. So, the malware warning may not be fixed on the site yet, but I haven't had any negative consequence of using it anyways. And, just to remind people, I do have AdBlock, so that might help me avoid the offending ads, if they are indeed the problem, so your results may differ. As always, play what you like




How do you get around it? The only choice I get is go back no matter what I do I can get on the that [art of the site.


----------



## Ahnehnois

Elf Witch said:


> How do you get around it? The only choice I get is go back no matter what I do I can get on the that [art of the site.



Click "advanced" and then "proceed at your own risk" (in Chrome). At least, if that's what you want to do. You have to keep doing it for every thread so it's kind of a pain, but nothing happened to me when I did it.


----------



## JamesonCourage

Elf Witch said:


> How do you get around it? The only choice I get is go back no matter what I do I can get on the that [art of the site.



Ahnehnois covered what I've been doing to get around it. I use Chrome, and to get around it in Chrome, you click on Advanced, then on "proceed at your own risk". And, yes, the warnings are up for me even now, but I still haven't had any issues from any scans I've done.


----------



## Elf Witch

Thanks guys.


----------



## tuxgeo

I got the same warning. (Also Firefox.)


----------



## Aeolius

Same Here.

Safe Browsing
Diagnostic page for www.enworld.org

What is the current listing status for www.enworld.org?
This site is not currently listed as suspicious.

Part of this site was listed for suspicious activity 3 time(s) over the past 90 days.

What happened when Google visited this site?
Of the 350 pages we tested on the site over the past 90 days, 14 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-12-01, and the last time suspicious content was found on this site was on 2012-12-01.
Malicious software includes 23 scripting exploit(s), 11 exploit(s). Successful infection resulted in an average of 6 new process(es) on the target machine.

Malicious software is hosted on 5 domain(s), including digitalspointsstorys.net/, highmoonmedia.com/, igitalspintssorysmen.net/.

1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including kattycatyd.org/.

This site was hosted on 2 network(s) including AS30221 (T3COM), AS15169 (Google Internet Backbone).

Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, www.enworld.org did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.

Next steps:
Return to the previous page.
If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.


----------



## Alzrius

I also got the warning, also using Firefox on my home computer.


----------



## Li Shenron

I've been getting a similar warning all day.

I'm using Chrome.

This is the text of the warning I get:

"The Website Ahead Contains Malware!
Google Chrome has blocked access to www.enworld.org for now.
Even if you have visited this website safely in the past, visiting it now is very likely to infect your computer with malware.
Malware is malicious software that causes things like identity theft, financial loss, and permanent file deletion."

It happens only when I try to go to the "D&D and Pathfinder" forum, but not the other forums of enworld.


----------



## Darkness

Li Shenron said:


> It happens only when I try to go to the "D&D and Pathfinder" forum, but not the other forums of enworld.



Same here.


----------



## Scott DeWar

google powered warning on firefox browser too!!

Safe Browsing
Diagnostic page for www.enworld.org/forum

What is the current listing status for www.enworld.org/forum?

    This site is not currently listed as suspicious.

    Part of this site was listed for suspicious activity 4 time(s) over the past 90 days.

What happened when Google visited this site?

    Of the 381 pages we tested on the site over the past 90 days, 19 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-12-01, and the last time suspicious content was found on this site was on 2012-12-01.

    Malicious software includes 25 scripting exploit(s), 12 exploit(s). Successful infection resulted in an average of 6 new process(es) on the target machine.

    Malicious software is hosted on 7 domain(s), including digitalspointsstorys.net/, highmoonmedia.com/, igitalspintssorysmen.net/.

    1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including kattycatyd.org/.

    This site was hosted on 2 network(s) including AS30221 (T3COM), AS15169 (Google Internet Backbone).

Has this site acted as an intermediary resulting in further distribution of malware?

    Over the past 90 days, www.enworld.org/forum did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

    No, this site has not hosted malicious software over the past 90 days.

Next steps:

    Return to the previous page.
    If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.


----------



## Treebore

Earlier today I was only getting this warning for the D&D/Pathfinder forum, I now get it for Enworld, period. I use Firefox.


----------



## Fast Learner

For reference, in case you're seeing something different, Google lists multiple issues (all of which could have been from ads, certainly, but it sounds like it could be more than one):


*What is the current listing status for enworld.org?*

Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 4 time(s) over the past 90 days.


*What happened when Google visited this site?*

Of the 460 pages we tested on the site over the past 90 days, 19 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-12-01, and the last time suspicious content was found on this site was on 2012-12-01.

Malicious software includes 25 scripting exploit(s), 12 exploit(s). Successful infection resulted in an average of 6 new process(es) on the target machine.

Malicious software is hosted on 7 domain(s), including digitalspointsstorys.net/, highmoonmedia.com/, igitalspintssorysmen.net/.

1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including kattycatyd.org/.

This site was hosted on 2 network(s) including AS30221 (T3COM), AS15169 (Google Internet Backbone).


*Has this site acted as an intermediary resulting in further distribution of malware?*

Over the past 90 days, enworld.org did not appear to function as an intermediary for the infection of any sites.


----------



## Thalain

Adding one more - the exact same thing. Looks like there are still remains of the hacker attack...


----------



## Artur Hawkwing

Ditto here as well. Though this is the first time I've seen it. As of about 11pm Eastern last night, my Chrome didn't give the report. I wonder if someone spam posted into the repeatedly mentioned thread, or linked to a malware site from there that is causing the issue, since it started there for a few of you. Anyone in that thread happen to see anyone new post there or something odd? 

Do you folks use a favorites link to the forums directly? I use the main page every time and that is where I got the warning this morning.


----------



## JamesonCourage

Just an update -I'm not currently getting the warning anymore. Hopefully that's good news


----------



## El Mahdi

I was getting malware blocked notifications from my Norton during the period the site was hacked.  Even after the site came back up, but still had access issues.  Perhaps that is affecting the ratings or warnings on those sites?  Maybe they are just now catching up with what happened over Thanksgiving...?

I am no longer getting messages of malware or attacks blocked when visiting ENWorld since the Thanksgiving hack...


----------



## Alarian

I was here quite a bit yesterday with no problems.  Today it was giving me the message no matter where on enworld I tried to go.  Finally bypassed the warnings.

This is on Chrome.


----------



## Dannyalcatraz

I got the warning when I did a google search for something.  (Using an iPad2 with Safari.)


----------



## Scott DeWar

you know, the hack could have been someone who was a spammer and got blocked, or even the malware could have been introduced by a spammer, maybe?


----------



## Libramarian

Still getting this warning :/


----------



## Mishihari Lord

I'm still getting it too.  Resolving this should probably be a priority.  It's gotta be hurting your traffic.


----------



## darjr

Looking into it. Just fyi google still has enworld cleared as of now.


----------



## LightPhoenix

Are we sure that it's something to do with ENWorld and not something to do with one (or more) of the ads that have been running on ENW?


----------



## Nikosandros

I had stopped getting the warning, but today I got it again (I'm using Firefox).


----------



## darjr

Nikosandros said:


> I had stopped getting the warning, but today I got it again (I'm using Firefox).




Just so you know we are cleared from google and the other malware warning sites. There is something going on with a yet third party site that hasn't yet gone through the clearing process yet. Nailing it down has proven difficult. The more data I can get the better. Like the url you get the warning on and things like what was on the page and what urls were listed in the warning.


----------



## Nikosandros

I'll post the message I got. Apparently, it's no longer considered "malicious", but since it was in the last 90 days, t still gets flagged.



> Safe Browsing
> Diagnostic page for www.enworld.org/forum
> 
> What is the current listing status for www.enworld.org/forum?
> 
> This site is not currently listed as suspicious.
> 
> Part of this site was listed for suspicious activity 6 time(s) over the past 90 days.
> 
> What happened when Google visited this site?
> 
> Of the 903 pages we tested on the site over the past 90 days, 28 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-12-16, and the last time suspicious content was found on this site was on 2012-12-02.
> 
> Malicious software includes 26 scripting exploit(s), 15 exploit(s). Successful infection resulted in an average of 6 new process(es) on the target machine.
> 
> Malicious software is hosted on 12 domain(s), including digitalspointsstorys.net/, highmoonmedia.com/, igitalspintssorysmen.net/.
> 
> 1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including kattycatyd.org/.
> 
> This site was hosted on 2 network(s) including AS30221 (T3COM), AS15169 (Google Internet Backbone).
> 
> Has this site acted as an intermediary resulting in further distribution of malware?
> 
> Over the past 90 days, www.enworld.org/forum did not appear to function as an intermediary for the infection of any sites.
> 
> Has this site hosted malware?
> 
> No, this site has not hosted malicious software over the past 90 days.


----------



## rbingham2000

My SiteAdvisor is still showing ENWorld as red, which is primarily reserved for sites with malware on them.


----------



## darjr

rbingham2000 said:


> My SiteAdvisor is still showing ENWorld as red, which is primarily reserved for sites with malware on them.




I've started the evaluation process with them. According to McAfee it could take up to a year to process.

Here is their evaluation of the site

http://www.siteadvisor.com/sites/www.enworld.org


 @_*Morrus

*_


----------



## freyar

[MENTION=52905]darjr[/MENTION], today was the first time in at least a week I came to ENWorld on my home computer and _did not_ get the google attack page warning.  The Creature Catalog domain seems clean now, too.  I'll let you know if the warnings come back.


----------



## Mishihari Lord

darjr said:


> Just so you now we are cleared from google and the other malware warning sites. There is something going on with a yet third party site that hasn't yet gone through the clearing process yet. Nailing it down has proven difficult. The more data I can get the better. Like the url you get the warning on and things like what was on the page and what urls were listed in the warning.




I'm still getting it consistently.  Here's one example:

*URL:*
http://www.enworld.org/forum/forumdisplay.php?2-Tabletop-Gaming

*Warning:*
Reported Attack Page!


          This web page at www.enworld.org has been reported as an attack page and has been blocked based on your security preferences.


          Attack pages try to install programs that steal private information, use your computer to attack others, or damage your system.Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.


*Why was this page blocked? link:*

Safe Browsing
Diagnostic page for www.enworld.org/forum

What is the current listing status for www.enworld.org/forum?

    This site is not currently listed as suspicious.

    Part of this site was listed for suspicious activity 6 time(s) over the past 90 days.

What happened when Google visited this site?

    Of the 903 pages we tested on the site over the past 90 days, 28 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-12-16, and the last time suspicious content was found on this site was on 2012-12-02.

    Malicious software includes 26 scripting exploit(s), 15 exploit(s). Successful infection resulted in an average of 6 new process(es) on the target machine.

    Malicious software is hosted on 12 domain(s), including digitalspointsstorys.net/, highmoonmedia.com/, igitalspintssorysmen.net/.

    1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including kattycatyd.org/.

    This site was hosted on 2 network(s) including AS30221 (T3COM), AS15169 (Google Internet Backbone).

Has this site acted as an intermediary resulting in further distribution of malware?

    Over the past 90 days, www.enworld.org/forum did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

    No, this site has not hosted malicious software over the past 90 days.

Next steps:

    Return to the previous page.
    If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.

Updated 6 hours ago

©2008 Goog

*My setup:
*

Windows 7, Firefox with Flashblock, Adblock, and Noscript.  Security is Kaspersky and Spybot S&D 2

*When I ignore the warning, this page showed up in another tab:
*

http://www.stopbadware.org/firefox?hl=en-US&url=http://www.enworld.org/


----------



## darjr

Mishihari Lord said:


> I'm still getting it consistently.  Here's one example:
> 
> *URL:*
> http://www.enworld.org/forum/forumdisplay.php?2-Tabletop-Gaming
> 
> *Warning:*
> Reported Attack Page!
> 
> 
> This web page at www.enworld.org has been reported as an attack page and has been blocked based on your security preferences.
> 
> 
> Attack pages try to install programs that steal private information, use your computer to attack others, or damage your system.Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.
> 
> 
> *Why was this page blocked? link:*
> 
> Safe Browsing
> Diagnostic page for www.enworld.org/forum
> 
> What is the current listing status for www.enworld.org/forum?
> 
> This site is not currently listed as suspicious.
> 
> Part of this site was listed for suspicious activity 6 time(s) over the past 90 days.
> 
> What happened when Google visited this site?
> 
> Of the 903 pages we tested on the site over the past 90 days, 28 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-12-16, and *the last time suspicious content was found on this site was on 2012-12-02*.
> 
> Malicious software includes 26 scripting exploit(s), 15 exploit(s). Successful infection resulted in an average of 6 new process(es) on the target machine.
> 
> Malicious software is hosted on 12 domain(s), including digitalspointsstorys.net/, highmoonmedia.com/, igitalspintssorysmen.net/.
> 
> 1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including kattycatyd.org/.
> 
> This site was hosted on 2 network(s) including AS30221 (T3COM), AS15169 (Google Internet Backbone).
> 
> Has this site acted as an intermediary resulting in further distribution of malware?
> 
> Over the past 90 days, www.enworld.org/forum did not appear to function as an intermediary for the infection of any sites.
> 
> Has this site hosted malware?
> 
> No, this site has not hosted malicious software over the past 90 days.
> 
> Next steps:
> 
> Return to the previous page.
> If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
> 
> Updated 6 hours ago
> 
> ©2008 Goog
> 
> *My setup:
> *
> 
> Windows 7, Firefox with Flashblock, Adblock, and Noscript.  Security is Kaspersky and Spybot S&D 2




thanks for the heads up. It does look like we are clear and just waiting for the warning to fade. Note the bolded above.


----------



## Griego

Still getting attack page warnings from Google... Seems like it's taking a long time for the warnings to clear, compared to other times I've seen this kind of thing happen.


----------



## Starfox

I got one today, when trying to edit a post I made (Post #6 in http://www.enworld.org/forum/showthread.php?332697-Can-a-Paladin-be-Intimidated). I am on Firefox, and have not gotten a warning since the site went with the new theme.


----------

