[SAC] Malware alarm: QGIS, ... sites

Richard Duivenvoorde richard at duif.net
Sun Aug 9 00:52:56 PDT 2015


On 09-08-15 03:22, Hamish wrote:

> Looking at the pyqgis-cookbook site it's pretty simple, the only vectors I can think of are the CMS/server hacked and javascript malware inserted; seems doubtful and something the other scanners would find, but who knows. links to external graphics (github user content) which somehow got infected/replaced with a malformed image designed to exploit something in libpng etc.; isn't an exact match for the Google error message, but who knows.
> 
> And then we have the 3 pdfs here:
>  http://docs.qgis.org/testing/pdf/en/
> 
> The original diag msg complained about 3 files, I seem to be updating adobe software about once every week to patch newly found exploits, maybe the software that built them went bad or now triggers a false positives in Google's tests?
> 
> A long shot, but it's a theory to test, which is better than sitting around waiting. :)

Hi Hamish,

not waiting, but muddling along, and feel like Google is playing as the
greek gods: punishing; but leaving us mortals to question what we are
punished for :-(

I've posted a Questing in Google's Webmaster Central Help (as pointed
out by Google in one of it's review answers):

https://productforums.google.com/forum/?utm_medium=email&utm_source=footer#!msg/webmasters/HoEJ2yvfnP8/R--E_XrQq2oJ

People also hint stuff there, and I can come up myself with a lot of
other vectors too (we have downloadable exe's which were in history
triggered falsely by virus scanners etc etc).

One of the posters tell me to use http://aw-snap.info/file-viewer/
And that one is complaining about some weird redirects we do and some
javascript injecting non displayed divs. And I can fix that maybe, but
without any clues this is all taking time for nothing...

To me it looks weird that www.qgis.org is evil, and qgis.org is ok ???

It's good though, that people have a choice which browser to use :-)

Regards,

Richard

ps I'm going to send an email to a google plugin builder (Google Maps
Engine Connector ), hopefully he has some warm connections...
Other tips appreciated...


More information about the Sac mailing list