HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options
Accessing Vanillaforums.org shows Chrome Malware Door
Hi all,
Especially @Tim, @Todd and @Lincoln. Very often when i try to access Vanillaforums Chrome shows me a red site warning not letting me access the website. It lays out that there is a misconfiguration on the server or a hacker is trying to trick me into something. You should definitly check this warning out.
By the way. The mobile version of the Vanillaforums.org startpage hides the main menu on top halfway.
Both problems are here since months.
- VanillaAPP | iOS & Android App for Vanilla - White label app for Vanilla Forums OS
- VanillaSkins | Plugins, Themes, Graphics and Custom Development for Vanilla
0
Comments
That is odd because you would need to be using something like a WOT app browser extension that you rate websites with and have settings to warn you etc etc. Usually they are wrong. And only based on your settings.
What you have there is a false positive, have you any extension on chrome that would give warning like that? Or antivirus with tool similar to WOT app ?
I don't get that warning at all on any browser pc or mac
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
From what i know these screens are default on Chrome and Firefox and don't come in with an addon. Here is the screenshot. The warning appears especially if i'm coming from Google searches to Vanillaforums.org, because i usually search for forum entries with Google.
It is a problem with the signature. You can proof that by just opening https://www.vanillaforums.org
yes the default setting for known malware sites, this checks against a list of already flagged sites as far as I know , it does not test the site for malignancy . try disabling
Enable phishing and malware protection from chrome . I have it enabled but still no warning....
Lets say it happens, it is just a warning, it does not prevent you from accessing the site. The buttons there say access site anyway even after warning. I think this is caused by your antivirus. Do you use Avast? Maybe you should whitelist , or put on trusted sites list this website to avoid the warnings....
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
As far as I know this site is not encrypted, so trying to access it via https,browser asks for the ssl certificate which it does not have or recognize. That is not a malware warning.
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
I have run into this problem before. Some search results on Google link to the https protocol of this site and changing the link to the http protocol would stop the error from showing up.
Add Pages to Vanilla with the Basic Pages app
The ssl certificate check , I suspect it is a marketing extortion so you fork out the cash to make your site encrypted...
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
No. Anyone can make their site encrypted, this has to do with being a trusted source.
http://en.wikipedia.org/wiki/Certificate_authority
grep is your friend.
there is no need to use vanilla over secure http, for information you are putting into the public anyway.
grep is your friend.
right, but do you also think this is what triggered a malware warning for phreak ?
Usually just a small dropdown appears about a lacking certificate when trying access via https instead of http. But no malware warning only that identity could not be confirmed.
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
ok I was able to reproduce in chrome , it thinks this:
You have to clear the cache and cookies to get the message again if you clicked go ahead before.
It says it knows for sure lmao , yea right....it is not a malware warning at any rate. It is an identity warning.
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
The SSL certificate is only for the .com site.
Browse via http and all is good.
Search first
Check out the Documentation! We are always looking for new content and pull requests.
Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.
Yes, .org doesn't have an SSL cert.
Great investigation. I just wanted to mark that, as probably some users who come here via a Google search will fall into this trap believing that Vanillaforums isn't such secure or something. Yo never know.