Jump to content


Photo

Brews-Bros is a known phishing site


  • Please log in to reply
86 replies to this topic

#41 BeerBomber

BeerBomber

    Comptroller of Brined Cucumber Liplocks

  • Members
  • PipPipPipPip
  • 7108 posts
  • LocationDelaware

Posted 19 September 2017 - 04:48 PM

I can't even get to it anymore unless it's on my phone.

#42 bdutton

bdutton

    Comptroller of Gifts

  • Members
  • PipPipPipPipPip
  • 10613 posts
  • LocationIn your head, 24x7

Posted 19 September 2017 - 04:52 PM

I was able to get chrome working temporarily with avg>menu>settings>components>online shield>disable for 1 hour.



#43 SimonW

SimonW

    Tech Admin

  • Administrator
  • Pip
  • 4 posts

Posted 19 September 2017 - 04:52 PM

This still doesn't seem all that likely. They're going to cut off a lot of sites that have ZERO reason to even have an SSL cert (like brews-bros.xyz) ... You can get through the warning after multiple clicks (or presumably a whitelist of some sort).. seems dumb.
Google makes the distinction between "not secure" and "dangerous":
 
 
httpss://support.google.com/chrome/answer/95617?visit_id=1-636414410101610046-4094715222&p=ui_security_indicator&rd=1
 
 
 
"Dangerous: Avoid this site. If you see a full-page red warning screen, the site has been flagged as unsafe by [/size]Safe Browsing. Using the site will likely put your private information at risk."[/size]
 
 
Brews-bros is being marked Dangerous, not simply "Not Secure"[/size]
 
 
httpss://transparencyreport.google.com/safe-browsing/search?url=brews-bros.xyz


There is a difference. Sites which don’t have a password field in them will just get a not secure warning, if there is a password field then it gets marked as Dangerous.

The problem we have right now is because google marks us as dangerous we can’t get an SSL certificate issued and the only way to get google to remove the warning is to remove the password field so no-one can login

#44 Area Man

Area Man

    Comptroller of Geometry

  • Members
  • PipPipPipPip
  • 9173 posts
  • LocationAbilizzle

Posted 19 September 2017 - 06:09 PM

Wish I'd seen this thread yesterday. I've been convinced that I had the malwarez. I just deactivated the "suspect website" warning in Safari on my computer, and I get in no problem. Haven't had any issue with Safari on my iPhone.



#45 CaptRon

CaptRon

    Comptroller of jokes about violence against women

  • Patron
  • PipPipPipPipPip
  • 31791 posts
  • LocationRight behind you!

Posted 19 September 2017 - 10:42 PM

It's crazy how much power Google has over the internet

#46 LowcountryBrewer

LowcountryBrewer

    Frequent Member

  • Patron
  • PipPipPipPip
  • 2813 posts
  • LocationMount Pleasant, SC

Posted 20 September 2017 - 04:35 AM

I can't even get to it anymore unless it's on my phone.

Not sure if this was accidental, but I couldn't get past the red screen with Chrome.

I held down CTRL while pressing the "proceed anyway"(or whatever it says) and now I can get in every time.



#47 ScottS

ScottS

    Lord and Master

  • King of the Chickens
  • PipPipPipPipPip
  • 17487 posts
  • LocationMy lawn

Posted 20 September 2017 - 05:04 AM

Google says we're blacklisted because we link to a blacklisted site.... brews-bros.xyz.  Lovely circular reasoning there, assbags.  <_<

 

We're working through some other ideas.



#48 BIG POPPA

BIG POPPA

    Duke of Errrrl

  • Patron
  • PipPipPipPipPip
  • 25965 posts

Posted 20 September 2017 - 05:32 AM

There is a difference. Sites which don’t have a password field in them will just get a not secure warning, if there is a password field then it gets marked as Dangerous.

The problem we have right now is because google marks us as dangerous we can’t get an SSL certificate issued and the only way to get google to remove the warning is to remove the password field so no-one can login


Simon, I am sure by now that Scatts has shared the info I sent him the night this incident happened even though I was rather incoherent at the time and Scott's was rather patient. :blush:

At any rate here is the sequence of events.

Signed into website

Clicked around on a few threads

No problems so far

At around 9:00 PM EST I clicked on a specific thread link

At that time I was redirected to www.clubpenguininsiders.com which triggered Google'red warning page.

I clicked around on a few other thread links to see if maybe this was an anomaly. Everything seemed normal.

So I clicked back on the thread link in question and got the same results as described above.

I made some screen caps and alerted Scott's.

As the evening progressed, the error spread across all of the site bur now Google' red flag page listed brews_bros.com as the culprit.

From there it has progressed to what you see today.

I have no such red flag on Android, which I am attributing to a difference in os architecture.

If you need anything further you can inbox me directly although I'd make it early in the day as Scott's can attest to. Lol :embarrassed:

#49 SimonW

SimonW

    Tech Admin

  • Administrator
  • Pip
  • 4 posts

Posted 20 September 2017 - 06:27 AM

Simon, I am sure by now that Scatts has shared the info I sent him the night this incident happened even though I was rather incoherent at the time and Scott's was rather patient. :blush:

At any rate here is the sequence of events.

Signed into website

Clicked around on a few threads

No problems so far

At around 9:00 PM EST I clicked on a specific thread link

At that time I was redirected to www.clubpenguininsiders.com which triggered Google'red warning page.

I clicked around on a few other thread links to see if maybe this was an anomaly. Everything seemed normal.

So I clicked back on the thread link in question and got the same results as described above.

I made some screen caps and alerted Scott's.

As the evening progressed, the error spread across all of the site bur now Google' red flag page listed brews_bros.com as the culprit.

From there it has progressed to what you see today.

I have no such red flag on Android, which I am attributing to a difference in os architecture.

If you need anything further you can inbox me directly although I'd make it early in the day as Scott's can attest to. Lol :embarrassed:

 

I've run the site through multiple site scans for exploits and malware and none of them are finding anything wrong so I'm not convinced that that was triggered by this site. There has also been no file changes made on the server, no template updates or new plugins installed that could trigger it. And it would have to be that as it's not specific posts that are triggering it, as we wouldn't be getting a total block if that was the case. I've been told specifically by one of Googles Help Experts its the password field, if I removed the login field so no-one could login for a couple of days I'm 99.99999% sure the warning would go away 



#50 BIG POPPA

BIG POPPA

    Duke of Errrrl

  • Patron
  • PipPipPipPipPip
  • 25965 posts

Posted 20 September 2017 - 06:47 AM

Just running down the events as they took place here. Good luck with Google. I'd almost rather have an infection than to deal with Google sometimes.
Just running down the events as they took place here. Good luck with Google. I'd almost rather have an infection than to deal with Google sometimes.

#51 SimonW

SimonW

    Tech Admin

  • Administrator
  • Pip
  • 4 posts

Posted 20 September 2017 - 06:49 AM

Something I will; be doing though is I will ban that url, noticed we have a few people linking to that sites emoticons and the fact they are blacklisted will prevent us getting unblocked even if we find a way around the SSL issue



#52 BrewerGeorge

BrewerGeorge

    Pop Pop

  • Administrator
  • PipPipPipPipPip
  • 49096 posts
  • LocationIndianapolis

Posted 20 September 2017 - 06:52 AM

If Google says removing the password for a few days will fix it, I say go for it.

Something I will; be doing though is I will ban that url, noticed we have a few people linking to that sites emoticons and the fact they are blacklisted will prevent us getting unblocked even if we find a way around the SSL issue

You might consider killing the LULZ and GIF threads in the PH, too. Who knows where all those links came from.

#53 BIG POPPA

BIG POPPA

    Duke of Errrrl

  • Patron
  • PipPipPipPipPip
  • 25965 posts

Posted 20 September 2017 - 06:55 AM

Perhaps some new rules on hotlinking.

#54 denny

denny

    Living Legend

  • Members
  • PipPipPipPip
  • 9096 posts
  • LocationEugene OR

Posted 20 September 2017 - 10:55 AM

Yep... I'm getting a "Fraudulent Website Warning" in Safari and Firefox (Chrome works...).


I,m getting it in Chrome

#55 Poptop

Poptop

    Frequent Member

  • Patron
  • PipPipPipPip
  • 5011 posts
  • LocationCoconut Creek, FL

Posted 20 September 2017 - 11:06 AM

I'm jonesing for the beer forum. I have urgent questions regarding starters, gel and boil times.

#56 HVB

HVB

    No Life

  • Patron
  • PipPipPipPipPip
  • 18258 posts

Posted 20 September 2017 - 12:15 PM

I'm jonesing for the beer forum. I have urgent questions regarding starters, gel and boil times.


Post away!

#57 Mynameisluka

Mynameisluka

    Comptroller of Brownies

  • Patron
  • PipPipPipPipPip
  • 24773 posts

Posted 20 September 2017 - 12:34 PM

i feel so dirty when i come here.



#58 Poptop

Poptop

    Frequent Member

  • Patron
  • PipPipPipPip
  • 5011 posts
  • LocationCoconut Creek, FL

Posted 20 September 2017 - 01:32 PM

Post away!


I'll wait :)

#59 ScottS

ScottS

    Lord and Master

  • King of the Chickens
  • PipPipPipPipPip
  • 17487 posts
  • LocationMy lawn

Posted 20 September 2017 - 06:39 PM

Yes, the board is showing up as brews-bros.xyz.  Yes, that is intentional.  We're playing with switching the board to that domain to work around the blacklisting.  If it works out in the end, it should be seamless, but in the meantime it'll look a little weird.



#60 SimonW

SimonW

    Tech Admin

  • Administrator
  • Pip
  • 4 posts

Posted 21 September 2017 - 03:35 AM

The .xyz address is working fine, its not being marked as dangerous by google, although you will still some pages marked as such but that's because those pages are still calling content from .com (mainly the emoticons) which I haven't been able to locate where the url is stored for these so I can switch. You will also get not secure on some of the https pages due to mixed content  due to offsite scripts, mainly google ones like the analytics which I will solve when we get the more important aspects sorted 

 

 

:o




2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users