mlwave / google-safe-browsing Goto Github PK

What steps will reproduce the problem?
connect to the link:

http://67.202.92.141/AuthenticationDelegatedServlet/SellaAuthentication.htm

http://xxx.llvconsultores.com/AuthenticationDelegatedServlet/SellaAuthentication
.htm

http://yyy.llvconsultores.com/AuthenticationDelegatedServlet/SellaAuthentication
.htm

http://xxx.mutllabres.es/AuthenticationDelegatedServlet/SellaAuthentication.htm

http://yyy.mutllabres.es/AuthenticationDelegatedServlet/SellaAuthentication.htm


The pages are a clone of authentication page of Banca Sella Site 
(https://www.sella.it, then click on "ACCEDI" on the top of page)

What steps will reproduce the problem?
1. Use Firefox 3.0.4
2. in Tools | Options | Security check "Tell me if the site I am visited is
suspected forgery"
3. point browser to http://squamish-properties.com/

What is the expected output? What do you see instead?
I expect my home page to appear
I see a warning page instead that says:
Reported Web Forgery!
This web site at jozobozokapsa.web.aplus.net has been reported as a web
forgery and has been blocked based on your security preferences.


What version of the product are you using? On what operating system?
Firefox 3.0.4 on Vista

Please provide any additional information below.
* squamish-properties.com is redirected to jozobozokapsa.web.aplus.net

What is wrong with my site?
What did I do improperly?

Thank you for your help

Jozef Starosta

[email protected]

What steps will reproduce the problem?
1. search a porn website and it will just stay on search page
2.
3.

What is the expected output? What do you see instead?
just search page

What version of the product are you using? On what operating system?
chrome windows vista

Please provide any additional information below.

python client.py 

h$ python ./client.py 
/Users/nickgalbreath/googlesafebrowsing/server.py:676: SyntaxWarning: assertion 
is always true, perhaps remove parentheses?
  assert(len(self._prefixes),
/Users/nickgalbreath/googlesafebrowsing/server.py:713: SyntaxWarning: assertion 
is always true, perhaps remove parentheses?
  assert(len(self._prefixes),
/Users/nickgalbreath/googlesafebrowsing/server.py:29: DeprecationWarning: the 
sha module is deprecated; use the hashlib module instead
  import sha


Not sure about the sha/hashlib if you are targeting python 2.5, but the 
assertion warnings should not happen.

asdgasd
skajd
sdkjdj
wadkj
sadkjkjasd
hkjk
Please provide any additional information below.

save browser

What steps will reproduce the problem?
1. Ran Server with Windows Python 2.7
2. Ran Fiddler to monitor network traffic.
3. Accessed server with browser (locally) with malicious url: 
http://localhost:8099/check_url?url=seos-poi.ru

What is the expected output?

Expect Fidller not to protocol violation.

What do you see instead?

Fiddler has detected a protocol violation in session #403.

The Server did not return properly formatted HTTP Headers. Maybe missing 
altogether (e.g. HTTP/0.9), maybe only \r\r instead of \r\n\r\n?

What version of the product are you using? 

0.2

On what operating system?

Windows 7 x64 and Windows Server 2008 x64

Please provide any additional information below.

This is causing problems when trying to access the server programmatically from 
.Net however the problem is easiest to demonstrate with a Browser and Fiddler 
running so that you can see the problem.

Traceback (most recent call last):
  File "./client.py", line 419, in <module>
    main(sys.argv)
  File "./client.py", line 407, in main
    PrintUsage()
TypeError: PrintUsage() takes exactly 1 argument (0 given)


Traceback (most recent call last):
  File "./client.py", line 419, in <module>
    main(sys.argv)
  File "./client.py", line 407, in main
    PrintUsage()
TypeError: PrintUsage() takes exactly 1 argument (0 given)


The call for PrintUsage is 

def PrintUsage(argv):
  print >>sys.stderr, ('Usage: %s [check <URL> <URL> ...]'
                       % (argv[0],))

What steps will reproduce the problem?
1. Each instance of 'Browsing' 
2.
3.

What is the expected output? What do you see instead?  I expect to get the 
Google results for a search, or I expect to be taken to the address I've entered


What version of the product are you using? On what operating system?  Where do 
I find the product version? I use Google Chrome.


Please provide any additional information below.

I just performed a simple search, and received the following notification:

'We're sorry...

... but your computer or network may be sending automated queries. To protect 
our users, we can't process your request right now.

See Google Help for more information'.

I've referred to Google Help, and was unable to find my specific problem.  This 
has been happening for several days.  How do I stop this from happening?

Dear Support, 

Since this afternoon (29.09.2008) the web address of an important client of
ours is blocked due to appparently Reported Web Forgery.

I do not want to write all the information in a public area so pls provide
me an email address or a ticket system to send private messages.

thanks for your understanding - mine is limited though...

regards,
Christoph

christoph (dot) gschier (at) ixsol (dot) at

Facebook Virus

http://effectsbabyborn.blogspot.com/

What steps will reproduce the problem?
1. unzip 0.2 beta

it is a file called "dashboard.py" on the top directory, followed by the main 
directory "googlesafebrowsing/" with the source code.

Expected this to be in "examples" or something else.

What steps will reproduce the problem?
1.
2.
3.

What is the expected output? What do you see instead?


What version of the product are you using? On what operating system?


Please provide any additional information below.

 python ./client.py check xxx
/Users/nickgalbreath/googlesafebrowsing/server.py:676: SyntaxWarning: assertion 
is always true, perhaps remove parentheses?
  assert(len(self._prefixes),
/Users/nickgalbreath/googlesafebrowsing/server.py:713: SyntaxWarning: assertion 
is always true, perhaps remove parentheses?
  assert(len(self._prefixes),
/Users/nickgalbreath/googlesafebrowsing/server.py:29: DeprecationWarning: the 
sha module is deprecated; use the hashlib module instead
  import sha
Traceback (most recent call last):
  File "./client.py", line 419, in <module>
    main(sys.argv)
  File "./client.py", line 412, in main
    CheckForUrl(argv[1:])
  File "./client.py", line 395, in CheckForUrl
    update_hook=checker.Updated)
TypeError: __init__() got an unexpected keyword argument 'update_hook'


update_hook should be pre_update_hook or post_update_hook as the ctor is 
defined:

  def __init__(self, ds, apikey, hp=('safebrowsing.clients.google.com', 80),
               ssl_hp=('sb-ssl.google.com', 443), base_path='/safebrowsing',
               use_mac=True, size_limit=None, force_delay=None,
               pre_update_hook=lambda cl: None,
               post_update_hook=lambda cl: None, gethash_server=None,
               update_lists=False, sb_server=None):

What steps will reproduce the problem?
1. when checking diagnostic?site=www.asf.ro

What is the expected output? What do you see instead?
Website should be clean!

Please provide any additional information below.
I do not understand why this website keeps being reported as infected, although 
I never get any warnings in Webmaster Tools. The website appears clean with 
many antivirus programs (online and offline).
The safe-browsing tool finds something each time it scans the site, but always 
shows that it is currently NOT infected.
Maybe there is something there that triggers a false-positive alert?

I need to fix this, for obtaining SSL certificates!

What steps will reproduce the problem?
1. goto emonline.net
2.
3.

What is the expected output? What do you see instead?
An online community for TTC and women of color should load. Instead we're
getting a phishing notice!

What version of the product are you using? On what operating system?
Im using  Firefox 3.0.4 on OS X  10.5

Please provide any additional information below.

Fixing the pre-post update hook problem gives another error.

python ./client.py check xxx
/Users/nickgalbreath/googlesafebrowsing/server.py:676: SyntaxWarning: assertion 
is always true, perhaps remove parentheses?
  assert(len(self._prefixes),
/Users/nickgalbreath/googlesafebrowsing/server.py:713: SyntaxWarning: assertion 
is always true, perhaps remove parentheses?
  assert(len(self._prefixes),
/Users/nickgalbreath/googlesafebrowsing/server.py:29: DeprecationWarning: the 
sha module is deprecated; use the hashlib module instead
  import sha
Traceback (most recent call last):
  File "./client.py", line 419, in <module>
    main(sys.argv)
  File "./client.py", line 412, in main
    CheckForUrl(argv[1:])
  File "./client.py", line 395, in CheckForUrl
    post_update_hook=checker.Updated)
TypeError: __init__() takes at least 3 non-keyword arguments (2 given)

What steps will reproduce the problem?
1.
2.
3.

What is the expected output? What do you see instead?


What version of the product are you using? On what operating system?


Please provide any additional information below.

The website messentools.com has been flagged as a phishing/forgery website
by mistake. This warning (Reported Web Forgery) is displayed on near 50.000
internal pages under messentools.com/es/.

I received a message from Google webmaster tools on November 2009,
notifying me of forgery problem. The URL specified on the message was
http://www.messentools.com/images/avhttp://www.messentools.com/images/avatars/co
mida/Avatars-Food-www.MessenTools.com-80-2XxxPimxxX.jpgatars/comida/Avatars-Food
-www.MessenTools.com-80-2XxxPimxxX.jpg.
As that URL does not exist, at that time I considered it was an error from
Google, and I filled the "Incorrect Phishing Warning" form with the url
specified and the main domain (messentools.com).

Now since 3/26/10 all the pages under www.messentools.com/es/ are flagged
(more than 50.000 internal pages), and all those pages was totally
unindexed and removed from Google search results
(site:www.messentools.com/es/ has no results).

This is a totally clean and safe website, working since two years ago
without problems, I have checked the whole server for phishing or malware
code and its clean. I need please a solution for this mistake.

Daniel.

Hello, 
It seems that this implementation doesn't send the apikey parameter on 
request for full-length hashes. The result is that on queries for 
blacklisted URLs I get an exception and 403 error ("ServerError: 
gethash failed: HTTP Error 403: Forbidden") 

Adding the apikey parameter fixed the problem for me: 

--- server.py.old       2010-05-18 14:08:24.000000000 +0100 
+++ server.py   2010-05-18 14:07:46.000000000 +0100 
@@ -285,10 +285,15 @@ 
         raise Error('All prefixes must have length: %d' % prefix_length) 
     try: 
+      apikey_param = '' 
+      if self._apikey: 
+        apikey_param = '&apikey=' + self._apikey 
+ 
       resp = self._MakeRequest( 
           Server.GETHASH, 
           postdata='%d:%d\n%s' % (prefix_length, prefix_length * len(prefixes), 
                                   ''.join(prefixes)), 
+          extra_params=apikey_param, 
           hp=(self._gethash_host, self._gethash_port)) 
     except ServerError, e: 
       orig = e.OriginalError() 

Original email thread: 
http://groups.google.com/group/google-safe-browsing-api/browse_thread/thread/ff2
ddd64b2f0db0b?
hl=en_US#

http://www.bestbuy.com.gpgc.biz

There is a power seller on eBay whose pages are being blocked.  I have
dealt with this seller in the past without any problems as have many other
people, over 15,000 positive responses at 99.1% satisfaction rating.
This site has obviously been reported with malicious intent to remove
competition from the eBay marketplace.

What steps will reproduce the problem?
1. check seller wd_1976.  All descriptions come up as blocked ar web site
vi.ebaydesc.co.uk

What is the expected output? What do you see instead?
Instead of the product description on eBay I get a web site blocked message.

What version of the product are you using? On what operating system?
Firefox 3.0.2  (3.0.3 is downloading at the moment)  Op. system Windows XP
Professional SP3.

Please provide any additional information below.
I think that this site has been added with malicious intent and there
appears to be no way to over-ride it.  All this sellers products are
blocked.  This is obviously a big flaw in the system if it can be used to
block competition and stop people doing business.

What steps will reproduce the problem?
1. unzip the 0.2 beta file


What is the expected output? What do you see instead?

total 264
-r--r-----@ 1 nickgalbreath  staff  11358 Jun 29  1956 COPYING
-r-xr-x---@ 1 nickgalbreath  staff      0 Jun 29  1956 __init__.py
-r-xr-x---@ 1 nickgalbreath  staff  14100 Jun 29  1956 client.py
-r-xr-x---@ 1 nickgalbreath  staff    965 Jun 29  1956 client_test.py
-r-xr-x---@ 1 nickgalbreath  staff   2480 Jun 29  1956 datastore.py
-r-xr-x---@ 1 nickgalbreath  staff  11623 Jun 29  1956 expression.py
-r-xr-x---@ 1 nickgalbreath  staff  10327 Jun 29  1956 expression_test.py
-r-xr-x---@ 1 nickgalbreath  staff   4046 Jun 29  1956 hashprefix_trie.py
-r-xr-x---@ 1 nickgalbreath  staff   1865 Jun 29  1956 hashprefix_trie_test.py
-r-xr-x---@ 1 nickgalbreath  staff  11898 Jun 29  1956 sblist.py
-r-xr-x---@ 1 nickgalbreath  staff   9613 Jun 29  1956 sblist_test.py
-r-xr-x---@ 1 nickgalbreath  staff  24035 Jun 29  1956 server.py
-r-xr-x---@ 1 nickgalbreath  staff  10415 Jun 29  1956 server_test.py
-r-xr-x---@ 1 nickgalbreath  staff    922 Jun 29  1956 util.py



What version of the product are you using? On what operating system?


Not 1956!

When running this causes python to barf

python dashboard.py 
Traceback (most recent call last):
  File "dashboard.py", line 21, in <module>
    from googlesafebrowsing import client
OverflowError: modification time overflows a 4 byte field




Please provide any additional information below.

What steps will reproduce the problem?
1. Go to http://auf-bohrinsel-arbeiten.de/
2. Execute the Java application. This will download a trojan automatically.

What is the expected output? What do you see instead?
A web page about working at oil rigs. Nearly nothing displayed instead.

What version of the product are you using? On what operating system?
I'm using Firefox 3.6.12, Java 6 update 22 (Build 1.6.0_22-b04) and Microsoft 
Security Essentials (latest version) which detected and removed the thread.

Please provide any additional information below.
Not flagged as spam by Google.

What steps will reproduce the problem?
1. Use Firefox (sometimes IE)
2. Go to www.tradetwitterfollowers.com
3.

What is the expected output? What do you see instead?
I expect to see the page load as normal.
I see a page displaying a message warning of web forgery

What version of the product are you using? On what operating system?
firefoc 3.5.3, Vista Ultimate 64bit

Please provide any additional information below.

The site is not a phishing or forgery site and provides people a community
to gain twitter followers. We have 2 facebook apps, a facebook group and
thousands of users on our site. There have opt out features for our program
and our newsletter. Our paypal account has over 2000 verified business
transactions. I can provide proof of anything or make any needed changes
but I do not see the issue here?

What steps will reproduce the problem?
1. Go to 
http://www.dell.com/content/topics/topic.aspx/global/shared/solution-station/en/
us/us/dhs/free-pc-health-check
2. Click on begin free checkup
3. Wait for the file to be downloaded and observe that it is shown as malicious

What is the expected output? 
Expected output is a regular download. We provide this application through many 
portals and this seems to be the only one being flagged. The application is 
digitally signed by iolo technologies, LLC and does not register on any 
anti-malware

What do you see instead?
The app is being labelled as malicious. 

What version of the product are you using? On what operating system?
Version 23.0.1271.64 m
Windows 7

Please provide any additional information below.
I am able to download this application through several other portals without it 
being flagged. Another one can be found here 
http://www.iolo.com/promo/welcome/scu/scu-download-index.htm

I came through this error every time I visit /quitquitquit to exit it. 

Traceback (most recent call last):
  File "dashboard.py", line 201, in <module>
    main(sys.argv)
  File "dashboard.py", line 195, in main
    http_server.serve_forever()
  File "/usr/lib/python2.6/SocketServer.py", line 224, in serve_forever
    r, w, e = select.select([self], [], [], poll_interval)
  File "/usr/lib/python2.6/SocketServer.py", line 438, in fileno
    return self.socket.fileno()
  File "<string>", line 1, in fileno
  File "/usr/lib/python2.6/socket.py", line 167, in _dummy
    raise error(EBADF, 'Bad file descriptor')
socket.error: [Errno 9] Bad file descriptor

In the same time, the size of datastore file remains the same, 12288 bytes as 
it's first created. It never grows, and so it seems that the data is never 
stored locally.
I don't know if it have anything to do with the errors above.

So what shall I do?