Under Attack Again
Apparently the malware warnings are arriving again, and I have no clue what to do.
If you know what is causing it, throw it in the comments.
If you are getting the warning, please let me know what browser you are using.
I don’t know what to do and have other stuff to do, so I’ll check back in a few hours.
July 16, 2009 3:19 pm
Posted in: Site Maintenance
116 Comments
116 Responses
wvblueguy - July 16, 2009 | 3:23 pm · Link
I only get the warning when using Firefox. I am not getting it with Internet Explorer.
wvblueguy - July 16, 2009 | 3:28 pm · Link
The message I am getting in Firefox follows:
Reported Attack Site!
This web site at http://www.balloon-juice.com has been reported as an attack site and has been blocked based on your security preferences.Attack sites try to install programs that steal private information, use your computer to attack others, or damage your system.
Some attack sites intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.
Dennis-SGMM - July 16, 2009 | 3:28 pm · Link
Latest version (2.0.172.37) of Google Chrome.
Ken - July 16, 2009 | 3:28 pm · Link
I’m using Firefox 3.0.11, and that warning/blocking screen is really fucking annoying
IE v 6.0 has no problems at all
shoutingattherain - July 16, 2009 | 3:29 pm · Link
IE8. No probs.
IanY77 - July 16, 2009 | 3:29 pm · Link
John:
I’m using the latest Firefox with WinXP.
Funny thing is, I had no problems this morning. Only with the most recent round of issues.
ninerdave - July 16, 2009 | 3:30 pm · Link
Not getting the warning on Safari, Firefox or Camino.
mantis - July 16, 2009 | 3:31 pm · Link
I get the attack site warning on Firefox 3.5, but not on Safari 3.2.3.
canuckistani - July 16, 2009 | 3:32 pm · Link
Firefox 3.0.8 on Ubuntu 8 – I get the warning
Delia - July 16, 2009 | 3:35 pm · Link
Same story here. Can’t even get past the stupid warning page with Firefox. Have to use IE.
Ken - July 16, 2009 | 3:38 pm · Link
From the “Why was this site blocked” info page
Safe Browsing
Diagnostic page for http://www.balloon-juice.com
What is the current listing status for http://www.balloon-juice.com?
This site is not currently listed as suspicious.
What happened when Google visited this site?
Of the 32 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-07-15, and suspicious content was never found on this site within the past 90 days.
This site was hosted on 1 network(s) including AS19271 (PEAK10ATL).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, http://www.balloon-juice.com did not appear to function as an intermediary for the infection of any sites.
Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.
Calming Influence - July 16, 2009 | 3:39 pm · Link
Getting it in Firefox.
You can get around it by going to Tools > Options > Security and un-checking the 3 top boxes:
“Warn me…etc.”
“Tell me…etc.”
“Tell me…etc.”
But this means you have to be careful about where you’re surfing.
specialcase - July 16, 2009 | 3:40 pm · Link
I get the naughty-site warning in Safari 4 and Firefox 3.5, both running on MacOS 10.6, FWIW. Both of those browsers get that data from Google’s Safe Browsing API blacklist.
MattF - July 16, 2009 | 3:43 pm · Link
Firefox 3.5, OS X 10.5.x. There’s a preference I’ve turned off, so I can post this. Also, I saw the Google reference that specialcase above refers to.
sidereal - July 16, 2009 | 3:44 pm · Link
It’s not the browser. They’re just getting the warning flag from google for your domain. It’s possible someone reported you maliciously. Google makes it clear that they’ve never downloaded malware from here.
Go
here
Scott Alloway - July 16, 2009 | 3:46 pm · Link
3:33 PM EDT
I get the warning on Firefox 3.0.11 (using a Mac), but not on Safari 3.1.2.
Got around the warning once in Firefox.
Scott Alloway
Warning reads as follows:
Safe Browsing
Diagnostic page for http://www.balloon-juice.com
What is the current listing status for http://www.balloon-juice.com?
This site is not currently listed as suspicious.
What happened when Google visited this site?
Of the 32 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-07-15, and suspicious content was never found on this site within the past 90 days.
This site was hosted on 1 network(s) including AS19271 (PEAK10ATL).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, http://www.balloon-juice.com did not appear to function as an intermediary for the infection of any sites.
Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.
JGabriel - July 16, 2009 | 3:47 pm · Link
I’m using Firefox 3.0.11, but I wasn’t getting the warning this morning – it just started. It’s a “Reported Attack Site!” warning, which would seem to indicate that Google has distributed info to Mozilla from Chrome statistics that it collected this morning.
In other words, I don’t think you’re re-infected. I think you’ve been listed as an attack site due to this morning’s problems, and now you’ve got to get yourself delisted.
.
The Moar You Know - July 16, 2009 | 3:47 pm · Link
I’m not seeing any intrusion warnings on my end like I was earlier (WinVista, Opera 9.26, Symantec EndPoint 11).
I’ll speculate that, per specialcase’s posting:
that Google may have picked up the earlier .js malware infection and may have added your site to the blacklist.
MikeJ - July 16, 2009 | 3:47 pm · Link
Warnings that popped up this morning probably weren’t warning about b-j.com (this is my guess). They were warning about the .cn site that was loading in the hidden iframe. The link to that site was noticed this morning, b-j went into the list, and just now got to the public.
Ken - July 16, 2009 | 3:49 pm · Link
Calming Influence has the right answer for Firefox users – go to Tools > Options > Security and uncheck the two “warn me if a site….” checkboxes.
You do not have to uncheck the “warn me if a site tries to install add-ons” checkbox. In fact, you probably should leave it checked, or check it if it isn’t already.
Unchecking the two “warn me if…” boxes made the problem completely disappear for me
MikeJ - July 16, 2009 | 3:51 pm · Link
Hmm. Not listed in the stopbadware.org db, and that’s where google says they get data from.
JGabriel - July 16, 2009 | 3:52 pm · Link
sidereal:
Perhaps, but it’s more likely that Chrome browsers auto-reported this morning’s errors to Google, and it was listed then.
Be careful about assuming maliciousness when automation can be blamed just as easily.
.
cleek - July 16, 2009 | 3:53 pm · Link
FF 3.0.11. no problems. (all FF security warnings enabled)
update: oops. now i get the warning.
Dennis-SGMM - July 16, 2009 | 3:54 pm · Link
I blame Mark Sanford.
Ken - July 16, 2009 | 3:55 pm · Link
The problem is likely due to Firefox picking up the “Google Advisory” info about this page, because there are a number of other sites on this “network” that are craphouses
Safe Browsing advisory provided by Google
Diagnostic page for AS19271 (PEAK10ATL)
What happened when Google visited sites hosted on this network?
Of the 11892 site(s) we tested on this network over the past 90 days, 101 site(s), including, for example, wheelsandcaps.com/, surveymoneymakers.com/, ibadhiyah.net/, served content that resulted in malicious software being downloaded and installed without user consent.
The last time Google tested a site on this network was on 2009-07-16, and the last time suspicious content was found was on 2009-07-15.
Has this network hosted sites acting as intermediaries for further malware distribution?
Over the past 90 days, we found 2 site(s) on this network, including, for example, submitawebsite.com/, century21topsail.com/, that appeared to function as intermediaries for the infection of 2 other site(s) including, for example, anthonykirlew.com/, insiders.com/.
Has this network hosted sites that have distributed malware?
Yes, this network has hosted sites that have distributed malicious software in the past 90 days. We found 4 site(s), including, for example, gfi.com/, tintconnection.leads.com/, alanbat.com/, that infected 9 other site(s), including, for example, downloads-portal.com/, coredownload.com/, tamindir.com/.—————————————————————————-
Another example of how shitty neighbors bring down everone’s property values
Woodrow "asim" Jarvis Hill - July 16, 2009 | 3:56 pm · Link
John, try http://www.stopbadware.org/home/reviewinfo—this is the site that Firefox 3.5 is sending me to when I tell it you’re not an attack site. It has instructions.
As I see the same “Google says you’re OK” info as posted about, I think you can skip that section.
Good luck, man.
JGabriel - July 16, 2009 | 3:57 pm · Link
Ken:
No. Only uncheck the box that says “Tell me if the site I’m visiting is a suspected attack site”. Leave the other ones checked, and try to remember to go back and re-check the “suspected attack” warning once John Cole has it straightened out.
Those warnings are there for a reason, and you don’t want to uncheck them, or leave them unchecked, without good cause.
.
Woodrow "asim" Jarvis Hill - July 16, 2009 | 3:57 pm · Link
@Ken: Weird. I just looked at that info 15 minutes ago, and it all looked clear. Maybe Google is the issue, after all.
Tim P. - July 16, 2009 | 3:58 pm · Link
I’m getting it with google chrome version 2.0.172.33.
sidereal - July 16, 2009 | 3:59 pm · Link
@JGabriel:
Oh, I’m not assuming anything. I suspect Google’s malware tracking system is resistant to frivolous reports. I was just trying to account for the fact that it was listed despite Google reporting no malicious downloads of its own.
JGabriel - July 16, 2009 | 4:00 pm · Link
Dennis-SGMM:
I just know it’s all Ayn Rand’s fault. Somehow, she’s reaching out from beyond the grave. I always suspected Rand was one of the undead. Now we have: PROOF!
.
Avi - July 16, 2009 | 4:01 pm · Link
I was experiencing it this morning with Safari/Mac 4.0.2 (5530.19), but I’m not having problems now.
DarrenG - July 16, 2009 | 4:01 pm · Link
2) If your site is being reported to StopBadware by Google, request a review from Google’s Webmaster Tools:
* Log into Google Webmaster Tools. If you do not yet have a Webmaster Tools account, you can create one for free.
* Ensure that you are verified as the owner of your website.
* Follow Google’s instructions for requesting a review.
geg6 - July 16, 2009 | 4:06 pm · Link
Yay! I not only was getting the malware warnings, but I couldn’t even bypass to get in. The problem is only when I use Firefox. I got in now through Explorer.
Weird. I thought it was my new computer. Apparently not.
Rich Webb - July 16, 2009 | 4:06 pm · Link
No warnings from Opera (9.64). I do have its “Enable fraud protection” option enabled.
From Opera’s help:
so apparently B-J is clean insofar as those blacklists are concerned.
Foxhunter - July 16, 2009 | 4:07 pm · Link
Following the ‘if Andy Mc didn’t exist’ post, I’d like to follow up with this ‘if Zell Miller didn’t exist’ comment.
From a recent ajc.com blog post , Mr. Miller makes a strange but expected reference to one of the more popular brands of liquid adhesive, Gorilla Glue!
This has to be good news for Republicans. And Sarah Palin. Also.
Wow.
clussman - July 16, 2009 | 4:07 pm · Link
Typed a bunch of advice and the damn warning ate it.
Happening on FF3.0.11 and other versions of FF. The Google page people are quoting above can be found here. It says your safe.
While investigating things you should consider the possibility that something bad has happend and that the warning might be legitimate. Happened to me last year when my WordPress install was hacked on a VPS. It wasn’t immediately obvious that something had happened but a template file had been modified to include a hidden iframe that was serving up malicious content.
You should have someone knowledgeable look at your database and the template files for your theme. You should also backup your DB and then change everything: DB password, hosting password, FTP password, SSH/SFTP password if you have them, DB prefix, etc. It’s a good safety precaution regardless.
Then take a step back. When did the problem start happening? Did you or anybody else that you’ve granted access to your site make any changes? Did your hosting company make any changes? If you’re on shared hosting, did anybody else on your server do something bad? (If you’re on shared hosting, get off of it. “When I was a child I played with childish things, yada yada.” This site is a little past its childhood.)
Tim F. - July 16, 2009 | 4:07 pm · Link
Firefox 3.0.11 started giving me the message after all the ads came back. Safari has no warning so far. OSX 10.5.7 .
MikeJ - July 16, 2009 | 4:11 pm · Link
Just checked for the filename the klikvs.cn site was serving earlier, and the good news is that it doesn’t seem to exist under that name on b-j. HOWEVER, the site was compromised. Every single file needs to be identified and checked. Check the mod dates on everything. grep for some of the fingerprints of that attack (things like the asd-asd2 in the half assed obfuscation).
Don - July 16, 2009 | 4:11 pm · Link
I see it on both Chrome and FFX 3.0.11.
As others have said, if I check the info page it says hey buddy, no problems!
FFX, annoyingly, has no way to bypass it once and get on with your life. I see it initially and then if I bypass, clicking on an individual message will never let me by – I couldn’t post this message in Firefox, has to switch over to Chrome.
kth - July 16, 2009 | 4:11 pm · Link
running Debian Linux with Iceweasel (rebranded Firefox 3.0), not seeing anything unusual here (really not Linux-gloating, actually trying to be helpful).
Sarcastro - July 16, 2009 | 4:12 pm · Link
Safari 4.0.2 on OS X: OK
Firefox 3.07 on OS X: OK
Firefox 3.011 on Ubuntu: Blocked
Firefox 3.011 on Windows: Blocked
Chrome 2.0 on Windows: OK
IE 8 on Windows: OK
jayackroyd - July 16, 2009 | 4:13 pm · Link
Chrome on XP Home: scary warning.
Woodrow "asim" Jarvis Hill - July 16, 2009 | 4:15 pm · Link
@Don: As stated above, you have to turn off the warnings in Firefox Prefs. I did that, did a reload and it’s all OK for the nonce.
jake 4 that 1 - July 16, 2009 | 4:16 pm · Link
I have no problems on IE but when I search the site using Google:
Balloon Juice
This site may harm your computer.
mistermix - July 16, 2009 | 4:18 pm · Link
I’m getting inconsistent warnings on FF 3.5 and Chrome on two different boxes (XP and Vista). On one box, Chrome warns and FF doesn’t, on the other it’s the opposite.
It looks like I only get warnings when there’s an ad in the upper left-hand Premium Blogads ad position, but I can’t be sure of that.
I’m guessing that these warnings are generated by a verboten domain pushing something out on the page, but unfortunately when you look up the warning, you get that Google page about b-j.com being a fine site.
gwangung - July 16, 2009 | 4:19 pm · Link
Safari 4.0.2 on OS X 10—warning.
Safari on iPhone—-no warning
IE Explorer 7.0 on Vista—no warning
Hm.
BombIranForChrist - July 16, 2009 | 4:19 pm · Link
I see it on Firefox, not IE.
Firefox info: ver. 3.5
Info displayed on warning page:
Of the 32 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-07-15, and suspicious content was never found on this site within the past 90 days.
This site was hosted on 1 network(s) including AS19271 (PEAK10ATL).
Punchy - July 16, 2009 | 4:23 pm · Link
Racist.
Lee - July 16, 2009 | 4:24 pm · Link
Latest versions of Chrome and Opera both report the warning.
EEH - July 16, 2009 | 4:27 pm · Link
@Foxhunter: Too bad Bush’s chief of staff didn’t have some Gorilla Glue handy every time he went gallivanting off to Crawford to clear some more brush.
robertdsc - July 16, 2009 | 4:27 pm · Link
Firefox 2.0.0.14 for Mac: No issues
Safari 3.1.2 for Mac: No issues.
clussman - July 16, 2009 | 4:29 pm · Link
Check with the company or companies serving ads for your site. Make sure nobody else on their network is experiencing something similar. This should provide a fair degree of confidence if that’s the source of the problem or not. I would hope not as they should be doing due diligence prior to serving any ads and ads should all be hosted/served from their own servers.
PS s/your/you’re at the beginning of my last post. It appears that retyping it after the FF warning ate it temporarily damaged my knowledge of the English language.
kevin - July 16, 2009 | 4:29 pm · Link
getting it on google chrome
bobzilla - July 16, 2009 | 4:30 pm · Link
getting it on firefox 3.5, no on IE 8
Rich Webb - July 16, 2009 | 4:32 pm · Link
Has everyone now experiencing the warning recently done their monthly MS patch/update?
Or, is anybody getting the warning(s) who has not installed the July patches?
There is a real, zero-day vulnerability in the MS Video ActiveX control. Unfortunately, there’s not a proper fix for it so MS pushed a “kill bit” for that control in the update.
The vulnerability affected the IE and Firefox browsers on XP and Win2003. Vista is not affected. Opera was not affected (even on XP, apparently).
Anyone who hasn’t installed the July updates probably should (it’s rated “critical” for XP) but it may be that kill-bit along with a link to an innocent media segment that’s sounding the warning bells
mistermix - July 16, 2009 | 4:33 pm · Link
Now I’m getting it from all of my FF and Chrome browsers, so maybe it was just some kind of glitch in the way the browser retrieves the malware info.
John, have you set up a Webmaster Tools account with Google and claimed this site? Once you do that, supposedly the console on Webmaster Tools will give you more info on why it thinks your site is a malware site.
Tsulagi - July 16, 2009 | 4:33 pm · Link
Firefox 3.0.11 tries to block you as an attack site, but Microsoft gives you love. No prob with IE.
asiangrrlMN - July 16, 2009 | 4:37 pm · Link
Chrome (the latest) has the warning. IE, no warning.
WTF is going on?
The Moar You Know - July 16, 2009 | 4:37 pm · Link
@MikeJ: What MikeJ said. The site WAS compromised at some point. You need to back everything up, change all your passwords, and then have someone go through the files and code and find out and get rid of the vulnerability.
Also, as Ken above noted, your hosting company is not maintaining the best of neighborhoods.
geg6 - July 16, 2009 | 4:37 pm · Link
@Woodrow “asim” Jarvis Hill:
I guess that might fix it, but since this is a work computer that I just got 2 days ago and the settings were put where they are by our IT people according to what the university requires, I dare not do that.
I didn’t have this problem until this afternoon and I’m not about to call the IT guys and say, hey! Can I just shut some of this security stuff off so I can get Balloon Juice on Firefox?
You see my problem?
JGabriel - July 16, 2009 | 4:38 pm · Link
clussman:
Yep, what Clussman said.
.
The Moar You Know - July 16, 2009 | 4:41 pm · Link
@Tsulagi: I cannot help but think that this is just like a hooker telling you that you don’t need that pesky condom.
GregB - July 16, 2009 | 4:41 pm · Link
This will serve as a warning for messing with Orly Taitz.
-G
Poopyman - July 16, 2009 | 4:42 pm · Link
Same as nearly everyone else:
No probs in IE 8
Get it in FF 3.0.11
Msg as of 4:40 EDT is
Safe Browsing
Diagnostic page for http://www.balloon-juice.com
What is the current listing status for http://www.balloon-juice.com?
This site is not currently listed as suspicious.
What happened when Google visited this site?
Of the 32 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-07-15, and suspicious content was never found on this site within the past 90 days.
This site was hosted on 1 network(s) including AS19271 (PEAK10ATL).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, http://www.balloon-juice.com did not appear to function as an intermediary for the infection of any sites.
Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.
Next steps:
* Return to the previous page.
* If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google’s Webmaster Help Center.
Jim C - July 16, 2009 | 4:42 pm · Link
Using an old Mac (Mac OS X 10.4.11)
Safari Version 4.0 (4530.17) – Warning: Visiting This Site May Harm Your Computer
Firefox 3.0.11 warned me off, same as the previous posts.
JGabriel - July 16, 2009 | 4:44 pm · Link
@Rich Webb:
I have, but it seems to be irrelevant, given that several Ubuntu (Linux) users have also reported problems.
.
Woodrow "asim" Jarvis Hill - July 16, 2009 | 4:45 pm · Link
@Rich Webb: No MS patches, as I’m running Firefox 3.5 on Ubuntu Linux, and seeing the issue.
@geg6: I do. I was more speaking to Don, but yes, it’s a problem for anyone in such situations. Hopefully this can be resolved with a quickness.
Chris Johnson - July 16, 2009 | 4:45 pm · Link
Well, I recently went to Firefox 3.5 because Twitter whined at me to do so, with the following results:
Yup, faster, for now-
Anything related to RSS lists of podcasts I prefer to download in a web browser, such as the Penny Arcade stuff, instantly died. Kills the browser every time.
And now, it’s all CAN’T HAS! over Balloon Juice, and this is over some activeX control? I’m on a fucking Mac, thank you.
At least with the latter I can turn off the “forbid me to visit a site because some other site I don’t even know has decided the site is possibly releasing malware for an OS I don’t use” feature.
Jesus, how I hate ‘updates’ of software I rely on…
MikeJ - July 16, 2009 | 4:48 pm · Link
Nuke it from orbit. It’s the only way to be sure.
Save the database. Reinstall wp from source.
Michael Deloisy - July 16, 2009 | 4:49 pm · Link
Firefox 3.5 , nanny-browser at work .
i turned off the “switch hacking-site”
MikeJ - July 16, 2009 | 4:51 pm · Link
It has nothing to do with activex or microsoft. I’m convinced it’s the zeus variant prevx was warning everyone about.
Demo Woman - July 16, 2009 | 4:55 pm · Link
Firefox is blocking me. Although Balloon Juice had been loading slow, I did not have the earlier warnings.
Leszek Pawlowicz - July 16, 2009 | 4:59 pm · Link
Both Firefox and Chrome.
Linkmeister - July 16, 2009 | 4:59 pm · Link
I upgraded (?) to Firefox 3.5 yesterday afternoon and had no trouble accessing B-J later on. This morning, however, I’ve gotten the warning. (I’m using Vista Home Premium.)
After doing the upgrade I was informed of a post at the WaPo mentioning a javascript bug in 3.5 and a workaround for it:
I did that, but I don’t think it had any impact on B-J yesterday evening.
I’m posting this using IE8.
LarryB - July 16, 2009 | 5:05 pm · Link
I think Ken@25 hit the nail on the head: John, you are being blacklisted because of your low-rent ISP. You should complain loudly to them and refuse to pay your bill until they get the network un-blacklisted.
From your readers’ point of view, your site is being blocked by the browser, specifically Firefox. I tested with Safari 4.08, IE 8, and Firefox 3.5 and only Firefox blocked the site.
Here’s a workaround for Firefox 3.x users (warning: risky unless you run an anti-virus software with strong browser protection).
Go to Tools->Options->Security
Uncheck “Block reported attack sites.”
Remember to turn it back on when John’s ISP gets clean.
MikeJ - July 16, 2009 | 5:09 pm · Link
@LarryB: No, it’s not his low rent ISP, it’s his having a compromised website this morning.
John, make sure that your ftp logins aren’t on this list:
http://www.prevx.com/ftplogons.asp
Calouste - July 16, 2009 | 5:10 pm · Link
@Foxhunter:
Funny that. “Taking a break” was about all that Zell’s BFF George did while he was in office. The president who set new records for being away from the White House.
asiangrrlMN - July 16, 2009 | 5:13 pm · Link
@The Moar You Know:
Haahah! This made me laugh. Thanks, I needed that.
Mark Gisleson - July 16, 2009 | 5:15 pm · Link
I think this is a badware problem. I got the same message this morning when I went to Haaretz, and I’ve never gotten a message like this before.
In both cases the badware jackasses resized my browser window. I’ve since unchecked all Firefox preferences that enable such blocking. I’m on a Mac and I fear malware about as much as I fear Pat Buchanan.
cybergal619 - July 16, 2009 | 5:16 pm · Link
Opera 9.64 using Kaspersky Anti-Virus 7.0 and this is what it picked up on my first visit to B-J this morning:
detected: Trojan program Trojan-Downloader.JS.LuckySploit.q
URL: http://klikvs.cn/img/?176cab34.....ab//klikvs
Warren Terra - July 16, 2009 | 5:16 pm · Link
When we actually had an active Malware problem, my Norton Virus protection blocked the malware in such a way that the site wouldn’t load.
After the Malware was addressed, everything was fine for an hour or so.
Now, when I try to access the site in Chrome I get a big scary splash page telling me it’s a known hazard, and I can click through if I want to live dangerously.
After giving it an hour or two to see if that went away, I tried accessing it in IE8, and it loads fine, and my Norton Virus protection doesn’t say anything bad is happening.
My best guess, from a position of significant ignorance and from reading about half this thread, is that the brief Malware episode earlier in the day is now no longer a threat but that because it happened your site is now on a list, such that people trying to access the site using Chrome (or, I gather, Firefox) are warned off. How you will get off this list, I have no idea. Maybe it will go away automatically after a time, or maybe you can contact someone?
If it helps at all, as a couple of people have noted upthread, the scary splash page links to this “Google Safe Browsing diagnostic page for http://www.balloon-juice.com”;, and it includes some information for the site owner.
Jen R - July 16, 2009 | 5:17 pm · Link
I wasn’t getting the malware warning earlier today, but am getting it now.
(Firefox 3.0.11, Mac OS X)
Jason Bylinowski - July 16, 2009 | 5:17 pm · Link
Sorry, still getting the error in Mozilla Firefox , 3.0.11& 3.5…..on three different workstations, one of which has AdBlock and the other two which do not. First noticed the error at about noon. I’ve been checking the site everytime I get to a new customer’s PC.
On Internet Explorer 8 I just get compaitiblity view warnings, IE 7 has no problems at all.
I see this in my work all the time, and it’s almost always bad code in the feeds (as I’m sure has been said already) or an ad buyer with malicious intent. If it were the latter though, your ad people should have caught it by now.
LarryB - July 16, 2009 | 5:21 pm · Link
@MikeJ: I’m not sure I believe this based on the Google safe-surfing report. What makes you believe that the site was compromised? John’s fiddling with the ads? I’m not sure that can be taken as definitive. I do know that a) the report on balloon-juice gives his site a clean bill of health except; b) 2 of three “bad” sites called out in the “network AS19271 (PEAK10ATL)” report have similar I.P.s to John’s (one, VERY similar).
diakron - July 16, 2009 | 5:27 pm · Link
Getting “Reported Attack Site!” warnings in Firefox 3.0.11 running on Vista.
Svensker - July 16, 2009 | 5:32 pm · Link
Here’s what my Firefox page said:
Safe Browsing
Diagnostic page for balloon-juice.com
What is the current listing status for balloon-juice.com?
Site is listed as suspicious – visiting this web site may harm your computer.
What happened when Google visited this site?
Of the 32 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-07-15, and suspicious content was never found on this site within the past 90 days.
This site was hosted on 1 network(s) including AS19271 (PEAK10ATL).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, balloon-juice.com did not appear to function as an intermediary for the infection of any sites.
Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.
How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
Next steps:
* Return to the previous page.
* If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google’s Webmaster Help Center.
A friend who had a chat website had this problem and eventually fixed it going through the Webmaster Tools—although she had to call in her own webmaster to figure out which code was causing the problem.
Good luck, John. This stinks.
Fern - July 16, 2009 | 5:41 pm · Link
Getting the message in Google Chrome but not Firefox.
Martin - July 16, 2009 | 5:56 pm · Link
I don’t buy into this nanny-state social!sm virus protection crap. I turn all that stuff off and protect myself from malicious websites with a S+W. Any site that sends me malware gets a bullet right into the monitor.
kdp - July 16, 2009 | 6:36 pm · Link
Firefox 3 – malware warning
IE 7 - no malware warning
Earlier today
http://safebrowsing.clients.go.....juice.com/
That URL said there was nothing wrong with your site, but now it’s claiming it is ‘suspicious’
Alan - July 16, 2009 | 7:09 pm · Link
This is what I get when I use Safari. I don’t know what is causing it.
Rich Webb - July 16, 2009 | 7:16 pm · Link
@JGabriel:
Roger that, WRT Linux users also getting the alerts. I guess “always blame MS first” is only true part of the time. ::sigh::
So, now I have to wonder whether the lack of alerts in Opera is because (a) there is no evil script or malware currently active and Opera is smart enough to know that (notwithstanding any earlier threats that may have been present), or (b) there is something but Opera isn’t vulnerable and won’t throw an alert about something that can’t harm it, or (c ) the Bad Thing is still here and Opera is just clueless.
Maxwel - July 16, 2009 | 7:19 pm · Link
The problem disappeared when I updated Firefox from 3.0.11 to 3.5.
Warren Terra - July 16, 2009 | 7:20 pm · Link
that’s why all the monitor manufacturers are now spreading malware … I wondered what the explanation was …
Clearly, you are doing it wrong. You should fire your weapon directly into the internet, rather than abusing blameless monitors.
Micah616 - July 16, 2009 | 7:44 pm · Link
Delurked just to agree with Maxwel @ 92. As soon as I upgraded to Firefox 3.5, no more attack site warning.
Now, back to the shadows…
Ravi J - July 16, 2009 | 7:55 pm · Link
Warning only in Firefox. IE and Google Chrome work just fine.
Gozer - July 16, 2009 | 8:35 pm · Link
I’ve never gotten that message until today and I only ever use firefox.
I had to post this message with Internet Explorer as Firefox wouldn’t allow me to access the comments.
klondike - July 16, 2009 | 9:10 pm · Link
Got it in Chrome earlier – gone now
Kristine Smith - July 16, 2009 | 9:27 pm · Link
I don’t get the warning with Firefox 3.5. I do get it with Safari 4.0.2
David Hunt - July 16, 2009 | 9:47 pm · Link
I get a warning with Firefox v3.5 and IE v7.
Jill - July 16, 2009 | 10:03 pm · Link
I got it with the latest version of Firefox on a Mac w/ Leopard OS
Snark Based Reality - July 16, 2009 | 10:06 pm · Link
Firefox pulls down a file containing a list of bad sites from Google’s Safe Browsing service every few hours I believe. Not everyone pulls the file at the same time, hence why some Firefox users aren’t getting the warning… yet.
freelancer - July 16, 2009 | 10:22 pm · Link
Firefox 3.0, Vista Home Premium
John,
I Get a Google Warning Page, I then click ignore,
then BJ loads. But if I click on a post or comments, I get the warning screen again and “Ignore” does not let me go through.
I had to utilize the Mozilla Add-on IETab and change the rendering engine of the browser from mozilla to Internet Explorer to get to this thread.
Aaron - July 16, 2009 | 10:26 pm · Link
firefox 3.5 keeps warning me that this is an attack site and it is displaying wierd.
chrome works fine- like right now.
Good luck john- thats why they pay you the big bucks.
/lol
A
Aaron - July 16, 2009 | 10:28 pm · Link
Seems like I spoke to soon. When I hit submit on the above comment in chrome it gave me the following warning:
Warning: Visiting this site may harm your computer!
The website at http://www.balloon-juice.com contains elements from the site http://www.balloon-juice.com, which appears to host malware – software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.
For detailed information about the problems with these elements, visit the Google Safe Browsing diagnostic page for http://www.balloon-juice.com.
Learn more about how to protect yourself from harmful software online.
I understand that visiting this site may harm my computer
MazeDancer - July 16, 2009 | 10:44 pm · Link
Firefox won’t let me even ignore the warnings, now. First it did. Then when tried to comment, the maroon malware screen came back, and now refuses to go. Won’t let the little hand appear when trying to click on the “ignore”. Can’t get back on the site.
Using Safari, which got upgraded with the latest 2 days ago, now, for this comment. Got zero warning screen at all.
Balloon Juice is certainly worth running two browsers. But still must be very frustrating for all.
west coast - July 16, 2009 | 10:46 pm · Link
been hitting my head against the warning all day with safari, finally turned off “warn when visiting a fraudulent website” and now maybe can post…
Ghost of Joe Liebling's Dog - July 16, 2009 | 11:09 pm · Link
I got the warning in Firefox on a Linux box, but not in Konqueror.
b-psycho - July 16, 2009 | 11:40 pm · Link
Firefox 3.0.11, I get the block message. The Google information link mentions an association with the Chinese site others brought up.
Chrome loads your site w/ no problem, though posting triggers the malware message.
IE loads, but displays the page wrong (of course). Ends up looking like the standard WordPress template.
drumwolf - July 17, 2009 | 2:06 am · Link
Not getting the malware warning now that I’m on Safari on Mac. I got it when I was on a PC (either Firefox or Chrome, don’t remember).
gwangung - July 17, 2009 | 2:08 am · Link
WAS getting it with Safari on a Mac, but now it’s gone…
Equal Opportunity Cynic - July 17, 2009 | 3:20 am · Link
Same story here. Can’t even get past the stupid warning page with Firefox. Have to use IE.
Unless I was seeing a different message in FF 3.5, you can get past it. There’s a small link in the lower RH corner. It’s intentionally inconspicuous because Mozilla doesn’t want you clicking past it if you don’t know what you’re doing.
I don’t know if the warnings are legit or not, but…. oh, just check out The Moar You Know’s comment at #63, that says it all.
Equal Opportunity Cynic - July 17, 2009 | 3:23 am · Link
And I should add that as of 2:50 am EDT, the browser that was getting the message earlier (FF 3.5) isn’t getting it. I hope this means you’re clean.
Gary - July 17, 2009 | 8:02 am · Link
Coincidentally (?), the WaPo securityfix column has an article today about the exact problem you seem to have had:
http://voices.washingtonpost.c.....d=sec-tech
Nathan - July 17, 2009 | 10:11 am · Link
Just to say…
You could get a Mac and not worry about it.
Just sayin.’
hylen - July 18, 2009 | 5:28 pm · Link
Is this where I list all the cool web browsers I’m using? Hold on while I download a really rare one. Wow. I am so cool.
Oh, and I didn’t see any warning. I don’t see any ads either. (See? I am cool.)