Announcement

Collapse
No announcement yet.

Quakone landing page is tripping

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Quakone landing page is tripping

    The page just keeps refreshing. I hit view source and found iframes at the top of the page outside of the html node.

    Code:
    <iframe src=http://www.suigeneris.to.it/code.html frameborder="0" width="0" height="0" scrolling="no" name=counter></iframe><iframe src=http://www.suigeneris.to.it/code.html frameborder="0" width="0" height="0" scrolling="no" name=counter></iframe>
    
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html dir="ltr" lang="en" xmlns="http://www.w3.org/1999/xhtml">
    <head>
    http://www.nextgenquake.com

  • #2
    Same...

    Comment


    • #3
      The page keeps redirecting for me too, obv.
      Quakeone.com - Being exactly one-half good and one-half evil has advantages. When a portal opens to the antimatter universe, my opposite is just me with a goatee.

      So while you guys all have to fight your anti-matter counterparts, me and my evil twin will be drinking a beer laughing at you guys ...

      Comment


      • #4
        It's fixed now.

        May need to wait a few hours for Google to remove it from their malware blocker.

        Comment


        • #5
          thanks to all those who reported, I started to do it then got side tracked, oof
          (I blame solecord not being online on his messenger )
          Want to get into playing Quake again? Click here for the Multiplayer-Startup kit! laissez bon temps rouler!

          Comment


          • #6
            yeah i noticed it too earlier. adam poked me on steam asking about it and
            when i tried to visit the site i kept getting non-stop warnings from AVG untill i closed the page again.

            glad to see its fixed again and we can visit the site again safely without receiving warnings about malware
            .
            are you curious about what all there is out there in terms of HD content for quake?
            > then make sure to check out my 'definitive' HD replacement content thread! <
            everything that is out there for quake and both mission-packs, compiled into one massive thread

            Comment


            • #7
              @Solecord
              Was it actually a targeted attack on the site or like an antivirus false positive thing?

              Originally posted by Google advisory
              Safe Browsing
              Diagnostic page for quakeone.com

              What is the current listing status for quakeone.com?

              Site is listed as suspicious - visiting this web site may harm your computer.

              Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

              What happened when Google visited this site?

              Of the 60 pages we tested on the site over the past 90 days, 13 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2015-05-02, and the last time suspicious content was found on this site was on 2015-05-02.

              Malicious software is hosted on 1 domain(s), including mbcobretti.com/.

              1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including suigeneris.to.it/.

              This site was hosted on 2 network(s) including AS13335 (CLOUDFLARENET), AS15169 (GOOGLE).

              Has this site acted as an intermediary resulting in further distribution of malware?

              Over the past 90 days, quakeone.com appeared to function as an intermediary for the infection of 1 site(s) including beatdownalley.com/.

              Has this site hosted malware?

              No, this site has not hosted malicious software over the past 90 days.

              How did this happen?

              In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

              Next steps:

              Return to the previous page.
              If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
              Username : Atomic Robokid on Steam

              Please check out my Quake made things:

              https://www.indiedb.com/games/run-over
              https://adam-freeman.itch.io/hazard
              https://adam-freeman.itch.io/diver
              https://adam-freeman.itch.io/beyond

              Comment


              • #8
                Originally posted by Adam View Post
                @Solecord
                Was it actually a targeted attack on the site or like an antivirus false positive thing?
                whatever it is, that annoying ass red page of "omg omg danger danger" STILL is propagating my browser instead of the typical....

                damnit!
                Want to get into playing Quake again? Click here for the Multiplayer-Startup kit! laissez bon temps rouler!

                Comment


                • #9
                  as well as other pages hosted by the site. the proquake site did the same thing, and when i tried to snag a copy of proQ chrome blocked the download.
                  My Avatars!
                  Quake Leagues
                  Quake 1.5!!!
                  Definitive HD Quake

                  Comment


                  • #10
                    There was malicious code injected into the server browser code file(s). It's been removed... stupid Google takes forever to review the site and lift the malware warning.

                    Comment


                    • #11
                      Originally posted by Solecord View Post
                      There was malicious code injected into the server browser code file(s). It's been removed... stupid Google takes forever to review the site and lift the malware warning.
                      good to hear that it was fixed. god knows what would happen if peeps couldn't get there Q1.com fix!
                      My Avatars!
                      Quake Leagues
                      Quake 1.5!!!
                      Definitive HD Quake

                      Comment


                      • #12
                        @mindz - just tell the page to ignore or it never will. I'm pretty sure that page is cached as a mother fucker til you tell it to be otherwise. I had that page yesterday. I hit ignore (not giving a fuck if solecord fixed it yet) and I have not seen the page since. I also clicked "not an attack site" but I was redirected to some page that basically said: "We aren't gonna let you do that." Summin about badware.

                        Google might be really good but it isn't elite. The only page that had the injection (that I found) was the landing page. By googling Quakeone (before google blocked it) I was able to navigate to other Quakeone pages via the little list google provides in the search results. Then google "stole" back all those links and replaced it with the malware message. If google is smart enough to know if you have malware, it should also be smart enough to determine where and only block results containing the offense. Actually, why can't google just fix it client side? It knows there is bad code, why can't it document.replace(badCode, "<p>malicious code was removed from this page</p>");

                        A google search of Quakeone still labels it as an attack site in the results.
                        Last edited by MadGypsy; 05-03-2015, 03:27 PM.
                        http://www.nextgenquake.com

                        Comment


                        • #13
                          MadGypsy has it right... the process Google uses is kind of a joke. They have an automated system that detects malware on your site and then send you a warning email. About 15 minutes after the warning email, your site gets labeled as being malicious and that red page of doom starts showing.

                          The email Google sends you tells you to fix the issues and then request a review of your site. It sounds like the review process is manual... I would assume if they have an automated script that detects malware, they can have the automated script detect it's not there anymore and lift the red page of doom automatically!

                          Comment


                          • #14
                            I would assume the reason they don't lift it automatically is because they assume your attackers will come right back. By making you wait a long time they are also making your attackers wait (and get bored waiting) but my method .replace() would foil the attackers from beginning to end cause it makes their attack impotent.

                            I mean, you had iframes OUTSIDE of the entire document. That's so sloppy and noobish that it should be some kind of automatic that shit like that gets stripped. I can't even think of a reason why my browser couldn't (wouldn't) strip that. I realize people don't really follow validation rules in most cases but when are you EVER gonna put iframes outside of the document. I'll tell you when. When you are injecting "badware" in a site. In other words never for a good reason.
                            http://www.nextgenquake.com

                            Comment


                            • #15
                              Are these pages really html or php with some address bar tom-foolery? If they are php it wouldn't be hard to write your own check for planted document nodes.

                              Actually, I've been working on my CMS off and on and I am exactly going to make some post assembly document checker the next time I work on it. I kknow there are lots of ways to inject stuff into a site but I'm gonna make sure the uber noob way never makes it to the browser. Who knows, maybe in my work I will end up making sure lots of ways don't make it to the browser. Isn't that really the bottom line in most cases? If it doesn't make it to the browser, it never happened?

                              document = (document.replace(/.*<!DOCTYPE/i, "<!DOCTYPE")).replace(/</html>.*/i, "</html>");

                              lol, or something
                              Last edited by MadGypsy; 05-04-2015, 08:02 AM.
                              http://www.nextgenquake.com

                              Comment

                              Working...
                              X