Page 3 of 3
Re: TSRA site compromised
Posted: Sun Jul 08, 2012 9:03 am
by G.A. Heath
tommyg wrote:I have been hearing stories about google attempting to block out pro gun websites. This looks like one of their attempts
use another search engine for now
Google is innocent in this case, see the above discussion. The culprits here are criminals who inserted links into the TSRA website that have since been removed. With that said Google wasn't the only search engine providing the results, BING and Yahoo provided similar results. Is google gun friendly? No. Are they Anti-Gun? Maybe, Just because they have made a decision against weapons in their shopping results doesn't mean that they are. That could have been a lawyer induced decision, possibly in an effort to avoid a threatened lawsuit (We probably will never know). They haven't taken down gun related content out of their search results or youtube so I don't really think they are 100% anti-gun.
Re: TSRA site compromised
Posted: Sun Jul 08, 2012 9:07 am
by Charles L. Cotton
92f-fan wrote:Im disappointed that folks here think that Google due to the perceived anti gun stance some how fabricated all this....
The warnings are there to protect the tech innocent .... Not to promote some political stance....
I didn't say Google did; I questioned the possibility. I did so based upon years of using Google as my preferred search engine and never once seeing that warning in many thousands of searches.
I still don't like the generic warning that something is possibly compromised. That doesn't tell me anything. If it is designed to help those who aren't tech savvy, all it does is scare them away from the site without providing any information about the level of the risk, if any.
Chas.
Re: TSRA site compromised
Posted: Mon Jul 09, 2012 12:49 pm
by EconDoc
It worked correctly for me. My preferred search is Dogpile.com. They are a meta-search engine that goes out to Google, Bing, Yahoo, and one or two others.

Re: TSRA site compromised
Posted: Mon Jul 09, 2012 12:59 pm
by 92f-fan
Google has a ton of detailed information on the compromises available to the webmaster. All free. TAM or anyone else who can help fix it can get details from google about what they found in the webmasters tools.
They dont show detail to search users because most search users dont care ( and cant do anything about it ) - they are blindly clicking links trying to locate stuff.
Also showing TOO much info to search users is a BIG security problem. For example if I know how to exploit a certain version of Joomla for example I can use google to find targets running that version. Or perhaps exploited sites are easier to access for OTHER bad guys. Putting a detailed target on the sites is not good either ...
Re: TSRA site compromised
Posted: Tue Jul 10, 2012 2:25 pm
by aceat64
I work at a datacenter, we see this sort of thing all the time. What has happened is that an attacker has somehow gained access to the server or the ability to upload/modify files. Typical vectors of attack:
- Outdated or unpatched software (CMS software, blogs, forums, etc)
- Insecure passwords
- Custom written PHP, ASP or CGI scripts that lake basic security precautions (most common seem to be "form mailers")
- For shared hosting, compromises from another site being leveraged to compromise the entire server or other sites on the server
- Someone social engineered the hosting company to grant them access to the server, somewhat rare
- So called "0 day" exploits, these are really rare
Re: TSRA site compromised
Posted: Tue Jul 10, 2012 4:01 pm
by The Annoyed Man
Well somebody fixed it, whatever was causing it:
Re: TSRA site compromised
Posted: Tue Jul 10, 2012 10:32 pm
by 92f-fan
The Annoyed Man wrote:Well somebody fixed it, whatever was causing it:
Screen Shot 2012-07-10 at 3.59.52 PM.png
great news

Re: TSRA site compromised
Posted: Wed Jul 11, 2012 1:01 pm
by koolaid
If you are running on a common CMS platform and don't have the resources available to keep things patched and secure, it is probably worth looking into moving to a managed solution where the hosting provider is responsible for these sorts of things.
Blogs and CMS software are constantly exploited by spammers and botnet creators because it is an easy way to quickly get their malware/scam site pushed up in Google's index for popular search terms and drive unsuspecting people to get their computers hijacked. This is the reason Google flags sites that get hacked, even if they aren't serving up malware themselves. The advent of the nofollow tag has pushed things from simple comment spamming into more nefarious tactics, like injecting the garbage code into the site templates.