Topics

moderated Phishing warnings


 

[moving this to a separate thread]

On Fri, Feb 23, 2018 at 1:14 PM, LeeAnne Bloye <ecir.archives@...> wrote:
Think my last message got lost. 
Not sure if this has anything to do with this thread but mods and members are getting blocked by dangerous site  and malewar warnings when trying to access groups.io.

I've gotten one other support email about this. I don't know why this would happen, as nothing's changed except for the downtime this morning.

Any additional information you can get me (what the warning say specifically, any URLs, etc) would be of great help.

Thanks,
Mark


LeeAnne
 

Will send what I think you need. Please hold :-)
--
-LeeAnne

ECIR Archivist


 

Mark,

Any additional information you can get me (what the warning say specifically, any URLs, etc) would be of great help.
 
I get a nice green padlock (Verified by: Gandi) from Firefox, but Edge thinks it is unsafe:

Inline image 2


Never seen that before with Groups.io from Edge, but it has been at least a couple days since I tried it.

I wonder "reported" by whom? Possibly confused or disgruntled transferees from a Yahoo Group? There have been mentions of distrust in the Y!Groups moderator groups.

Shal


LeeAnne
 

My groups.io stuff is still working - was on it all day and never closed it.
Mods and members can't get on the site. 
From one mod:



From another:
I can’t access the group at all right now as my security software has suddenly blocked Groups i.o. as a known malicious site.


Also the member who can't access says all links to groups.io bring up warnings from Outlook about maleware (even the old digests) 

--
-LeeAnne

ECIR Archivist


 

Mark,

Any additional information you can get me (what the warning say specifically, any URLs, etc) would be of great help.
 
And this, a report from AVG claiming an infection with URL:Mal - whatever that is.
https://groups.io/g/GroupManagersForum/message/5053

Shal


Douglas Swearingen <dougiebehr@...>
 

I just logged out and back in with Firefox. Neither time did I get a warning of any type.

Doug


 


Shal,

On Fri, Feb 23, 2018 at 1:35 PM, Shal Farley <shals2nd@...> wrote:

I get a nice green padlock (Verified by: Gandi) from Firefox, but Edge thinks it is unsafe:

Inline image 2


Never seen that before with Groups.io from Edge, but it has been at least a couple days since I tried it.

I don't have an edge browser set up at the moment. Can you go through the 'Report that this site does not contain threats' process?

 
I wonder "reported" by whom? Possibly confused or disgruntled transferees from a Yahoo Group? There have been mentions of distrust in the Y!Groups moderator groups.

I am baffled. I did a lot of Y! Group transfers over the past two days, working through the backlog. Maybe that was it?

If I go https://www.virustotal.com/#/home/url and input groups.io, I get a phishing warning from a place called PhishLabs, which I've never heard of.

Hmmm. What a day.

Thanks,
Mark 


Nina Eppes
 

Hello. I’m also experiencing the blocking/malware warning situation, using Firefox on Windows 10. I can’t get to groups.io currently. I run Avast Free Antivirus. Here are some screenshots, in the order they appeared, from when I tried to go to https://groups.io a moment ago (I did click “I trust this website” in the first Warning message):

 

 

 

 

I get “site can’t be reached” messages from Chrome and Edge (but maybe it’s being worked on now?).

 

I can get to Groups.io in Chrome on my Android phone.

 

- Nina

 


Phishing warnings
From: Mark Fletcher
Date: Fri, 23 Feb 2018 16:20:53 EST

[moving this to a separate thread]

 

On Fri, Feb 23, 2018 at 1:14 PM, LeeAnne Bloye <ecir.archives@...> wrote:

 

Think my last message got lost. 
Not sure if this has anything to do with this thread but mods and members are getting blocked by dangerous site
  and malewar warnings when trying to access groups.io.

 

I've gotten one other support email about this. I don't know why this would happen, as nothing's changed except for the downtime this morning.

 

Any additional information you can get me (what the warning say specifically, any URLs, etc) would be of great help.

 

Thanks,

Mark


 

Mark -
When I log in with Firefox, I get pretty much what Shal describes. AVG gives me this warning:

We've safely aborted connection on www.groups.io because it was infected with URL:Mal .
More threats may be lurking!
Threat name URL:Mal
Severity 1 of 3
URL http:www.groups.io
Process C:\Program Files (X86)\Mozilla Firefox\firefox.exe
Detected by Web Shield
Status Connection aborted

Interestingly, when I log in with Epic Privacy Browser I don't get any problems.

Dano

----- Original Message -----
From: Mark Fletcher <markf@corp.groups.io>
Reply-To: <main@beta.groups.io>
To: <main@beta.groups.io>
Sent: 2/23/2018 2:20:50 PM
Subject: [beta] Phishing warnings

[moving this to a separate thread]

On Fri, Feb 23, 2018 at 1:14 PM, LeeAnne Bloye <ecir.archives@...> wrote:
Think my last message got lost.
Not sure if this has anything to do with this thread but mods and members are getting blocked by dangerous site and malewar warnings when trying to access groups.io.

I've gotten one other support email about this. I don't know why this would happen, as nothing's changed except for the downtime this morning.

Any additional information you can get me (what the warning say specifically, any URLs, etc) would be of great help.

Thanks,
Mark


 

Hi,

Confirmed – tested with Edge on latest Windows 10 prerelease build.

Thanks.

Cheers,

Joseph

 

From: main@beta.groups.io [mailto:main@beta.groups.io] On Behalf Of Mark Fletcher
Sent: Friday, February 23, 2018 1:50 PM
To: main@beta.groups.io
Subject: Re: [beta] Phishing warnings

 

 

Shal,

 

On Fri, Feb 23, 2018 at 1:35 PM, Shal Farley <shals2nd@...> wrote:

 

I get a nice green padlock (Verified by: Gandi) from Firefox, but Edge thinks it is unsafe:

Inline image 2

 

Never seen that before with Groups.io from Edge, but it has been at least a couple days since I tried it.

I don't have an edge browser set up at the moment. Can you go through the 'Report that this site does not contain threats' process?

 

 

I wonder "reported" by whom? Possibly confused or disgruntled transferees from a Yahoo Group? There have been mentions of distrust in the Y!Groups moderator groups.

 

I am baffled. I did a lot of Y! Group transfers over the past two days, working through the backlog. Maybe that was it?

 

If I go https://www.virustotal.com/#/home/url and input groups.io, I get a phishing warning from a place called PhishLabs, which I've never heard of.

 

Hmmm. What a day.

 

Thanks,

Mark 


 

Hi,

Follow-up: I have reported the website as “safe” via the feedback tool.

Cheers,

Joseph

 

From: main@beta.groups.io [mailto:main@beta.groups.io] On Behalf Of Mark Fletcher
Sent: Friday, February 23, 2018 1:50 PM
To: main@beta.groups.io
Subject: Re: [beta] Phishing warnings

 

 

Shal,

 

On Fri, Feb 23, 2018 at 1:35 PM, Shal Farley <shals2nd@...> wrote:

 

I get a nice green padlock (Verified by: Gandi) from Firefox, but Edge thinks it is unsafe:

Inline image 2

 

Never seen that before with Groups.io from Edge, but it has been at least a couple days since I tried it.

I don't have an edge browser set up at the moment. Can you go through the 'Report that this site does not contain threats' process?

 

 

I wonder "reported" by whom? Possibly confused or disgruntled transferees from a Yahoo Group? There have been mentions of distrust in the Y!Groups moderator groups.

 

I am baffled. I did a lot of Y! Group transfers over the past two days, working through the backlog. Maybe that was it?

 

If I go https://www.virustotal.com/#/home/url and input groups.io, I get a phishing warning from a place called PhishLabs, which I've never heard of.

 

Hmmm. What a day.

 

Thanks,

Mark 


 

Mark,

I don't have an edge browser set up at the moment. Can you go through the 'Report that this site does not contain threats' process?

Already did.  ;-)   It has a selector for whether I'm "just saying" or I'm the site owner. I didn't take the latter path, but perhaps you should arrange to do so.

I am baffled. I did a lot of Y! Group transfers over the past two days, working through the backlog. Maybe that was it?

Maybe. In GMF it was reported that top known posterid has leapt from 700K to 1.6 M in just a couple days. That's a lot of newbies.

I'd hate to suspect a smear campaign, but the tone of some of the warnings I've read...

Shal


 

Today, in the further education of Mark... My findings so far:

https://sitecheck.sucuri.net/results/groups.io/ shows that Norton is blacklisting us. If you go through their site, the URL that they say is causing problems is this page: https://groups.io/g/OHRegionB/message/1538 (don't worry, it really is safe to click on).

I have gone through the site ownership procedure and claimed Groups.io and have initiated a dispute. We'll see if that helps.


On Fri, Feb 23, 2018 at 2:01 PM, Shal Farley <shals2nd@...> wrote:

Already did.  ;-)   It has a selector for whether I'm "just saying" or I'm the site owner. I didn't take the latter path, but perhaps you should arrange to do so.

I think that's my next step.

 
I'd hate to suspect a smear campaign, but the tone of some of the warnings I've read...

Well that kind of bums me out.

Continuing to try to figure this out....

Mark 


Sarah k Alawami
 

I believe I got that as well, or somethingn like it when loged in with safari. I heard "infection detected." or something like that.  I cant' remember the  exact warding, but just letting you all know I also got somethingn similar as well.

Take care all.

On Feb 23, 2018, at 1:57 PM, D R Stinson <dano@...> wrote:

Mark -
When I log in with Firefox, I get pretty much what Shal describes. AVG gives me this warning:

We've safely aborted connection on www.groups.io because it was infected with URL:Mal .
More threats may be lurking!
Threat name   URL:Mal
Severity          1 of 3
URL               http:www.groups.io
Process          C:\Program Files (X86)\Mozilla Firefox\firefox.exe
Detected by    Web Shield
Status            Connection aborted

Interestingly, when I log in with Epic Privacy Browser I don't get any problems.

Dano

----- Original Message -----
From: Mark Fletcher <markf@corp.groups.io>
Reply-To: <main@beta.groups.io>
To: <main@beta.groups.io>
Sent: 2/23/2018 2:20:50 PM
Subject: [beta] Phishing warnings

[moving this to a separate thread]

On Fri, Feb 23, 2018 at 1:14 PM, LeeAnne Bloye <ecir.archives@...> wrote: 
Think my last message got lost. 
Not sure if this has anything to do with this thread but mods and members are getting blocked by dangerous site  and malewar warnings when trying to access groups.io.

I've gotten one other support email about this. I don't know why this would happen, as nothing's changed except for the downtime this morning.

Any additional information you can get me (what the warning say specifically, any URLs, etc) would be of great help.

Thanks,
Mark




 

Mark,

Maybe the fact that the cited message explicitly contained a "password" triggered the report. You've inadvertently joined the dark web...

I'd hate to suspect a smear campaign, but the tone of some of the warnings I've read...

Well that kind of bums me out.

In keeping with Hanlon's razor a perhaps more likely scenario is that a transferred group (or groups) didn't bother to warn their membership before the move.
https://en.wikipedia.org/wiki/Hanlon%27s_razor

Then hapless members receive this out-of-the-blue notice that they've been added to something that sounds vaguely like something they've been a part of. Some fraction of those people panic and assume it is some form of 'hacking" at work.

Of course, even if the group owners did try to inform them beforehand, some members may not have received or paid attention to the notice.

Shal


 

On Fri, Feb 23, 2018 at 2:41 PM, Shal Farley <shals2nd@...> wrote:

Maybe the fact that the cited message explicitly contained a "password" triggered the report. You've inadvertently joined the dark web...

My mom will be very disappointed.


I downloaded an Edge VM and got the warning, and went through the steps to report a mistake/represent myself as the site owner.

I also went to the Avast false positive reporting site and reported us there as well.

So, I guess now we wait? Not sure where else I should complain to.

Thanks,
Mark


LeeAnne
 

At the risk of piping up where I know nothing (Please delete if this is dumb info):
One of our Mods just logged in using Firefox - no warning/block. So I opened my Firefox and typed in the addy to this thread.  Was only able to view with Firefox but have never used Firefox for anything groups.io related before.  (Downloaded it just yesterday to help member get groups.io signature posted with pictures she understood)

--
-LeeAnne

ECIR Archivist


 

Hi All,

I just got a response email from Microsoft saying that the review process typically takes 24 hours.

Sorry about this. I'll keep you posted.

Mark

On Fri, Feb 23, 2018 at 3:08 PM, LeeAnne Bloye <ecir.archives@...> wrote:
At the risk of piping up where I know nothing (Please delete if this is dumb info):
One of our Mods just logged in using Firefox - no warning/block. So I opened my Firefox and typed in the addy to this thread.  Was only able to view with Firefox but have never used Firefox for anything groups.io related before.  (Downloaded it just yesterday to help member get groups.io signature posted with pictures she understood)

--
-LeeAnne

ECIR Archivist



Ginny T.
 

One of my users reported being blocked through Norton as well...
Gin
--
Ginny T.  gttemari21@...
========
TemariKai.com


Carol Good
 

And yet bizarrely, I'm using Norton on 2 different computers - one with Chrome and the other IE11 - and neither is giving me any warnings or blocking me at all. Granted, I do have some of the more irritating of Norton's 'features' turned off, but even going directly to the message which is apparently causing the problem, I'm still not getting any warning.

Carol