back to article Scared yet, web devs? Google smears malware warnings over PHP.net

Google's Safe Browsing technology is blocking access to PHP.net as a precaution, after apparently detecting that some of its pages were booby-trapped with links to malicious software. The move put warning blocks in the way of accessing a site that's widely used by web developers. Google didn't specify the types of Trojans …

COMMENTS

This topic is closed for new posts.
Bronze badge

InB4

"Indictment of PHP's inherent insecurity, froth, rant, etc."

4
1
Anonymous Coward

Re: InB4

Looks like Google are finally trying to catch up with Microsoft in browser malware detection...

0
6
Devil

Three hops

Better to block anything that is up to three hops from the malware. That will make us all a lot safer!

With Google indexing world+dog, thus distancing two hops in general, would ensure a pretty good cleanup of the Internet.

Time to enable safe-browsing >click< powering down.

0
0
Anonymous Coward

Re: Three hops

You visit a web page (1 hop) which displays an ad from an ad network (2 hops). That ad contains a link to a malicious file (3 hops).

Now if the advert on that page tries to trick the user into clicking on it (like the download pages on sourceforge used to with a big download now button) it is very easy for a visitor to hit that third hop.

1
0
Bronze badge

Re: Three hops

So....

As an alternative, Google include a functional AdBlocker into Chrome, block the ad's and prevent the second and third hops and everyone lives happily ever after.

OK - maybe not the things that make the ad's but they're not people so it's all OK.

I realise this will kill ad-revenue for websites but shutting down the whole Internet would make malware even harder to spread.

0
0

Re: Three hops

Google blocking ads by default? Nope don't think we'll be seeing that anytime soon.

2
0

Re: Three hops

It is highly improbable that Google would include an Ad blocker with their browser. They make the vast majority of their profits through advertising and catering to spammers.

2
0
Coat

Re: Three hops

Silly rabbit, the Chocolate Factory ad blocker will block all those nasty, untrustworthy, non-Google ads. Problem solved!

3
0
Bronze badge
Holmes

@AC 12:00GMT

if the advert on that page tries to trick the user into clicking on it

Don't they all? I mean, that's the whole point of ads on a webpage, right?

3
1

Beta documentation to blame?

I wonder if it's related to the new beta PHP manual? Possibly something up with the comments system?

0
0

Always a backup

Dear NSA, can i please have your backup copy of php.net The main one seems to be broken !

8
0
Pirate

Looks like it's deeper than just comment spam too: https://news.ycombinator.com/item?id=6604251

2
0
Anonymous Coward

Unwanted extras

Were any of the unwanted software downloads for the Google Toolbar?

7
0
Silver badge

Buried Lede: Google apparently can't write a secure browser

4 page(s) resulted in malicious software being downloaded and installed without user consent.

Shurely that's as much or more the fault of the browser downloading and installing files without user consent than of the site hosting links to links to links to such content...?

5
3
Bronze badge
Thumb Down

Re: Buried Lede: Google apparently can't write a secure browser

Silly me, here was me thinking that the providers of one of the building blocks of the World Wide Web could be trusted to maintain a secure website.

0
1
Silver badge

Re: Buried Lede: Google apparently can't write a secure browser

PHP.net is secure. There's nothing malicious on the site. Some user content apparently contains links to sites which allegedly contain links to malware.

Websites should be able to link to pretty much anything, and they could, if the browser followed the standards and prompted the user for anything out of the ordinary.

It's much easier to NOT write code to automatically download everything than it is to monitor and moderate a website which is designed for user collaboration and is accessed by people around the world.

2
0

Re: Buried Lede: Google apparently can't write a secure browser

Wrong, but thanks for letting everyone know that when you're ill informed, you'll still make crap up.

PHP.net confirmed that two of their servers were compromised and used to attack visitors. However, the administrators are still not sure how the attackers accessed the servers.

Source: http://www.csoonline.com/article/742051/php.net-confirms-server-breach-after-google-flags-them-for-malware

1
0

not php.net

cobbcountybankruptcylawyer.com is not php.net

They must be sharing the ip address as other sites due to the way the host manages IP addresses.

My site has the same problem sometimes because we don't have our own IP address.

1
1
Meh

Re: not awake yet

"Malicious software is hosted on 4 domain(s), including cobbcountybankruptcylawyer.com/, stephaniemari.com/, northgadui.com/."

PHP.net page(s) reference stuff stored at cobbcountybankruptcylawyer.com

Please read above about 1 hop, 2 hops, 3 hops

0
0
Anonymous Coward

Re: not php.net

Do you really think a major site like php.net is on a shared hosting platform ?

0
0

Not there now

Just accessed the site using FF and Chrome. No problem.

0
0
Silver badge

PHP: Forbidden in Idaho

Soon.

0
1

That's why you should just turn silly nannying site ranking/search result checking filters like that off. I don't care if it's that McNorton shit, or AVG, or Google's "phishing and malware protection" in Chromium/Chrome it's the wrong approach. You can't blacklist the whole interent.

That kind of "security" just results in sites that no longer have (or never had) malware serving ads being on the shit list, and sites with malicious content that they don't know about unfiltered. That's most of them. It has always been that way ever since the first "Site Ranker" product. (That McAfee bought)

Checking sites against databases is extra gyration that you don't need, too. I turn stuff like that off wherever it exists.

1
0

Instruction manual broken

Couldn't load the instructions on making the internet. So went sailing.

1
0
Gold badge

@Grogan. Not really. I've found it to be pretty effective; sites flagged as bad are scanned more frequently so they come up clean pretty shorty after they have been cleaned up. I use Linux, so I won't get viruses and spyware anyway. That said, I'm not about to try to suggest you turn it back on or anything, this is up to you.

Anyway, yes, 1 bad link is 1 too many, a system like this is useless if it knowingly allows *some* malware to get through (just not sites with *too much*.) That said, php.net is loading for me now so it may not have been listed for long.

0
0
Joke

The guy in the picture reaching through the screen controlling your computer..

..is Google.

1
0
Anonymous Coward

Google Keeps wanking the wankers.

Nuf Said.

0
0
This topic is closed for new posts.

Forums