Comment by joseph_grobbles
5 years ago
A bit of deception on how their site ended up on the block list. They strangely block out a part of their response, but we can see "was cleared", which sounds a lot like "the malware some nefarious agent put on my site was removed".
How sites end up on the block list-
-they host malware, either intentionally or because they were hacked.
-they host a phishing site, either intentionally or because they were hacked.
Protecting users is a monumentally more critical task than your concerns.
And this system is incredibly valuable. When I get a text to a phishing site, I immediately report it to the safe browsing list. I also notify the nameserver, the hosting agent, and if applicable the SSL cert provider. Bit.ly if in the chain, though they never do anything [fun fact, even -- phishers and malware authors love putting bit.ly in the chain because they're paying subscribers, and as domains are taken down they can just change the destination. Bit.ly exists on the backs of scumbags, and itself should be on the safe browsing exclusion list]
Usually the safe browsing list addition happens within an hour, saving many people from being exploited. The nameserver and host -- DAYS. Namecheap takes an eternity to do anything, even for outrageously blatant phishing sites. GoDaddy - an eternity. SSL providers seem to act quickly, but propagation delays makes that negligible.
EDIT: 11 days ago I reported the scn- prefixed netflix.com to all of the above. This is a blatant phishing site, and was mass texted to Canadians. It was blacklisted by safe browsing within an hour, likely saving a lot of people grief.
Namecheap, who I informed by their email and by their garbage ticket system, still host the nameserver and physical hosting for this site. 11 days later. Grossly negligent behavior, and there needs to be some window of responsiveness because these players are just grotesque at this point.
Author here. I blocked the message in the screenshot because I narrated the first incident, but took screenshots during the second one, so the redacted part was referencing the first one in which, as described, our domain was cleared without actually doing anything.
Protecting end users from nothing at all (like I said, there is no offending URL) is not more important than making sure Google doesn't literally gatekeep the entire Internet, IMO.
I guess. Odds are that there was something, and you have every reason to state otherwise. You're really focused on the URL, but a whole domain will be tagged when random queries are met with content dispositions with malware, which can be automatically flagged by the search engine.
As an aside, your commentary about Google alerting to phishing emails seems like you're misunderstanding and trying to use this to further your "it's all random!" claims. They aren't flagging it because of the sender, but instead because the contents included a URL on the blacklist. Google re-scans and when they find URLs that are now blacklisted, they warn about Phishing. This isn't new and they've done it for years, and it seems pretty obvious and logical.
e.g. "That email you got a while back that claimed it's from the Netflix billing problem website is actually phishing. If you gave them details, that's a problem".
"Protecting end users from nothing at all (like I said, there is no offending URL) is not more important than making sure Google doesn't literally gatekeep the entire Internet"
This system protects countless people from malware and phishing daily. I have no reason to believe your particular claims about this (though I'm skeptical given that you are blocking details that would allow others -- such as Google -- to repudiate your claims. Why block the subdomain? If it hosts static resources, what's the concern?).
I am not misunderstanding anything, the fact that Google's own legitimate emails are flagged as phishing by their own filters is pretty telling about the reliability of the whole thing. The fact that you can come up with a plausible explanation to why it happened doesn't make it any less damning.
But of course, they don't flag google.com as a spammy domain and stop all emails coming from it, right?
PS: Im not sure exactly what you are disputing. Are you suggesting their report pointed to a smoking gun on my site, and I'm lying? My experience is not unique. There are plenty of instances of the same type of issue affecting other people in the very comments you are reading.
3 replies →
> When I get a text to a phishing site, I immediately report it to the safe browsing list.
Please, don't do that. You're just giving more power to a private company (Google). It's so deceiving, I know: reporting/blocking malware sites is a good thing, but doing so via Google diminishes the returns so greatly that it's no longer worth it.
As opposed to what alternative? Google's safe browsing list is used by everyone, and is currently the gold standard. There exists no alternative. NextDNS uses it. Safari uses it. Firefox uses it.
Yeah, I'm not feeling guilty about this, and I'll do it every time.
Note that the list isn't like a spam list or something where bad actors can just flag something and get them blacklisted. When you report to the safe browsing list it is actually verified, and when it's a fake bank/netflix/Amazon/etc login, it's pretty easy for them.
That's right, there is no good alternative at the moment.