Google blacklist blocking php.net

Google blacklist blocking php.net

Summary: Claiming the well-known web software site is serving malware, Google's safe browsing API is marking php.net as malicious.

SHARE:
TOPICS: Security
13

Google's safe browsing API, a security blacklist service which warns of malicious web sites, has marked the php.net site as malicious. As a result, users of Google Chrome and Mozilla Firefox get a dire warning when attempting to visit the site.

[Update: 9:30 AM EST and I'm not seeing the warning on one of my systems. Perhaps the fix is in.]

Google-Site-Blocked-Firefox
The warning in Firefox

PHP is an extremely popular web server-side scripting language and PHP.net is the home page for it. PHP creator Rasmus Lerdorf tweeted several hours ago about the blockage and claimed it was a false positive.

The detail provided by Google includes the following information:

Of the 1613 pages we tested on the site over the past 90 days, 4 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-10-24, and the last time suspicious content was found on this site was on 2013-10-23.

Malicious software includes 4 trojan(s).

Malicious software is hosted on 4 domain(s), including cobbcountybankruptcylawyer.com/, stephaniemari.com/, northgadui.com/.

3 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including stephaniemari.com/, northgadui.com/, satnavreviewed.co.uk/.

Google-Site-Blocked-Chrome
The warning in Chrome

Hat tip to Netcraft.

The Netcraft analysis points to a Hacker News analysis which indicates that PHP.net may, in fact, have been compromised. And the file they cite as malicious has since been removed from the PHP repository.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

13 comments
Log in or register to join the discussion
  • Just tried it...

    myself @ 10am central. Still all clear.
    neverhome
  • False positives...malware!

    You get more of those on downloads dot com
    Jaytmoon
  • Hat tip to Google, who got it right in the first place

    This was a non-story.
    A legitimate website was compromised - not the first and certainly won't be the last.
    Google DNS blocked the site - as it is supposed to do.
    Site owners removed malicious code - again, as they should have done.
    Google DNS stopped blocking the site as it is no longer compromised.
    There is no story here - unless technology working as it should is now news.
    cavan@...
    • Bias

      Your bias is evident Cavan. There was no malware to begin with. Google is notorious for false positives in relation to their blacklist. The difference here is normally it happens with smaller websites whose owners take a big financial hit as a result
      mikeh810
      • Bias??

        I don't think I'm biased... the story itself concludes with this:

        "Hat tip to Netcraft.

        The Netcraft analysis points to a Hacker News analysis which indicates that PHP.net may, in fact, have been compromised. And the file they cite as malicious has since been removed from the PHP repository."

        Why hat tip Netcraft and not Google?
        cavan@...
      • Biased how?

        Here is an extract that came directly from the php.net website:

        To summarise, the situation right now is that:

        JavaScript malware was served to a small percentage of php.net users from the 22nd to the 24th of October 2013.
        Neither the source tarball downloads nor the Git repository were modified or compromised.
        Two php.net servers were compromised, and have been removed from service. All services have been migrated to new, secure servers.
        SSL access to php.net Web sites is temporarily unavailable until a new SSL certificate is issued and installed on the servers that need it.
        sgtm8@...
    • Google DNS?

      How is this related to Google DNS?
      danbi
    • Google is Destroying Legitimate Businesses

      It's about time that someone investigated the damage that Google has done to legitimate businesses.
      Take my car rental site BestCarHire.com - this was ranked by Google ( not that high) until I had the site rebranded in August. As soon as the new site was submitted for indexing, it suddenly disappeared off the planet. What had been a successful growing concern suddenly flat-lined overnight. It now transpires that our server, within a national hosting provider, has been blacklisted. I have contacted the hosting company and they are currently attempting to reverse this situation.
      The ironic thing is that BestCarHire.com ranks page 1 on Yahoo and Bing for specific keywords.
      malcolm@...
      • Maybe that is just one reason...

        I don't use Google - maybe I don't like their EULA either - anyways, I ain't used Google in more than a year, as a general practice, anyways!

        I can't stand Yahoo!, so I guess I'll have to go with Bing in a more or less secure browser like Comodo Dragon. Tomorrow may change everything - so the landscape is chaotic!
        JCitizen
  • Rasmus Lerdorf claimed it was a false positive

    "The Netcraft analysis points to a Hacker News analysis which indicates that PHP.net may, in fact, have been compromised. And the file they cite as malicious has since been removed from the PHP repository."

    And I'll bet they apologised for wronging Google. Immediately.
    Heenan73
  • Still blocked

    I get in with Firefox 24 but not with IE 10 or Chrome 30.

    I assume php.net is still blacklisted, but Mozilla Firefox (at least with my settings) lets it through anyway.
    dhendricks@...
  • hog wash !

    just tried it on 2 computer no problems , I have far more trouble when using Google and downloading any of these .com on their web site , but perhaps dumping dozen of site while looking for one is google perception of business , SPAMING .
    BuyAmerican
  • Hog wash 2

    just went on the deep web with another pc , no problems , is google blocking the competition ????
    BuyAmerican