Accessing Vanillaforums.org shows Chrome Malware Door

phreak

Hi all,

Especially @Tim, @Todd and @Lincoln. Very often when i try to access Vanillaforums Chrome shows me a red site warning not letting me access the website. It lays out that there is a misconfiguration on the server or a hacker is trying to trick me into something. You should definitly check this warning out.

By the way. The mobile version of the Vanillaforums.org startpage hides the main menu on top halfway.

Both problems are here since months.

vrijvlinder

That is odd because you would need to be using something like a WOT app browser extension that you rate websites with and have settings to warn you etc etc. Usually they are wrong. And only based on your settings.

What you have there is a false positive, have you any extension on chrome that would give warning like that? Or antivirus with tool similar to WOT app ?

I don't get that warning at all on any browser pc or mac

phreak

From what i know these screens are default on Chrome and Firefox and don't come in with an addon. Here is the screenshot. The warning appears especially if i'm coming from Google searches to Vanillaforums.org, because i usually search for forum entries with Google.

R_J

It is a problem with the signature. You can proof that by just opening https://www.vanillaforums.org

vrijvlinder

yes the default setting for known malware sites, this checks against a list of already flagged sites as far as I know , it does not test the site for malignancy . try disabling

Enable phishing and malware protection from chrome . I have it enabled but still no warning....

Lets say it happens, it is just a warning, it does not prevent you from accessing the site. The buttons there say access site anyway even after warning. I think this is caused by your antivirus. Do you use Avast? Maybe you should whitelist , or put on trusted sites list this website to avoid the warnings....

vrijvlinder

As far as I know this site is not encrypted, so trying to access it via https,browser asks for the ssl certificate which it does not have or recognize. That is not a malware warning.

Shadowdare

I have run into this problem before. Some search results on Google link to the https protocol of this site and changing the link to the http protocol would stop the error from showing up.

vrijvlinder

The ssl certificate check , I suspect it is a marketing extortion so you fork out the cash to make your site encrypted...

x00

@vrijvlinder said:
The ssl certificate check , I suspect it is a marketing extortion so you fork out the cash to make your site encrypted...

No. Anyone can make their site encrypted, this has to do with being a trusted source.

http://en.wikipedia.org/wiki/Certificate_authority

x00

there is no need to use vanilla over secure http, for information you are putting into the public anyway.

vrijvlinder

right, but do you also think this is what triggered a malware warning for phreak ?

Usually just a small dropdown appears about a lacking certificate when trying access via https instead of http. But no malware warning only that identity could not be confirmed.

vrijvlinder

ok I was able to reproduce in chrome , it thinks this:

"Google Chrome can say for sure that you reached .vanillaforums.com, but cannot verify that that is the same site as www.vanillaforums.org which you intended to reach. If you proceed, Chrome will not check for any further name mismatches."

You have to clear the cache and cookies to get the message again if you clicked go ahead before.

It says it knows for sure lmao , yea right....it is not a malware warning at any rate. It is an identity warning.

hgtonight

The SSL certificate is only for the .com site.

Browse via http and all is good.

Linc

Yes, .org doesn't have an SSL cert.

phreak

Great investigation. I just wanted to mark that, as probably some users who come here via a Google search will fall into this trap believing that Vanillaforums isn't such secure or something. Yo never know.