road.cc malware alerts: what happened

If you are getting a warning alert, here's why...

by Dave Atkinson   October 14, 2011  

Malware warning

Tags

Some of you contacted us this evening to let us know about malware warnings on the site. We've been investigating the problem, and here's what we've found out...

So, what happened?
Somebody utilised a back door in one of the scripts in our ad serving platform, and used it to add a javascript call to some of the banner ads on the site. The call was to a malware site.

What are you doing about it?
We've deleted the offending scripts and we'll be doing a clean install of our ad serving software from the newest available version to make sure that any known vulnerabilities are removed. In the meantime we've set up processes to check for any new scripts being added, and remove them immediately.

Is my personal data safe?
Yes - the ad database is separate from the site database, and to be on the safe side we've changed all the back-end passwords site-wide.

Why am I still getting malware warnings?
Google is constantly spidering websites collecting information - those spiders will have flagged up the attempted malware attack on road.cc to Google as it happened yesterday. Even though we were instantly aware of the attack and removed the rogue script that flag will automatically appear on Google searches to this site and will have been picked up by browser security setting particularly those for Google Chrome, Firefox and Safari. We have asked Google to review and remove its warning about the site because road.cc is NOT infected with malware. For now all we can do is wait for Google to review the site at which point those malware warnings will stop. Be assured that we take the security of this site very seriously and will continue to do so.

What should I do if I get another malware warning on road.cc?
Email us at info@road.cc and let us know, giving as much info as possible.

13 user comments

Oldest firstNewest firstBest rated

I just got it again this second, its 5.34am GMT Nerd

Every different section, News, Forum......etc gives me another one Angry

Gkam84's picture

posted by Gkam84 [8699 posts]
15th October 2011 - 5:35

like this
Like (1)

that may be because google has picked up the infected pages and is marking them as attacked; we've requested a review of that.

Dave Atkinson's picture

posted by Dave Atkinson [7262 posts]
15th October 2011 - 6:08

like this
Like (1)

I always knew you guys were up to something. You'll be telling me to put my road shoes in the freezer next....tsk tsk!

posted by londonplayer [671 posts]
15th October 2011 - 8:14

like this
Like (0)

Didn't have it before but I just got it now.

abudhabiChris's picture

posted by abudhabiChris [499 posts]
15th October 2011 - 13:08

like this
Like (1)

Yes, I only got it a little while ago myself when I quit out of Safari and then turned it on again. I've just added a bit to the original story about why that is happening - basically it's the security settings in your browser picking up the flag from Google - they all link back to that Google message.

As Dave says above, we've asked Google to review the flag and we're confident that when they do it will be removed.

I just wish they'd hurry up Sad

Tony Farrelly's picture

posted by Tony Farrelly [4132 posts]
15th October 2011 - 14:20

like this
Like (1)

Ah ha, that explains why i can't get from your facebook links to, just get a security warning from there aswell

Quote:
Security Alert: This Link May Not Be Safe
Facebook has teamed up with Google to help protect you online. The link you are trying to visit has been identified as potentially unsafe by our trusted partner. Visit the Facebook Security Page to learn more about staying safe on the Internet.

Visiting this website mayb harm your computer
This page appears to contain malicious code that could be downloaded to your computer without your consent. You can learn more about harmful web content including viruses and other malicious code and how to protect your computer at StopBadware.org. Advisory provided by Google. Learn more

Gkam84's picture

posted by Gkam84 [8699 posts]
15th October 2011 - 16:15

like this
Like (1)

Switch the google tracking off in your browser settings. They aren't trustworthy and - like on road.cc - usually only flag mainstream sites after the problem has been fixed. Just keep your antivirus and intrusion detector up to date!

posted by a.jumper [681 posts]
15th October 2011 - 17:26

like this
Like (1)

I tried to get in this morning to add Oliver Zaugg and Dan Martin to my fantasy league team but was blocked. Anyone know how they got on?
Smile

TheHatter's picture

posted by TheHatter [810 posts]
15th October 2011 - 18:01

like this
Like (1)

a.jumper wrote:
Switch the google tracking off in your browser settings. They aren't trustworthy and - like on road.cc - usually only flag mainstream sites after the problem has been fixed. Just keep your antivirus and intrusion detector up to date!

Nah i think i'll leave my browser settings as they are, they are there for a reason

As for anti virus and intrusion software, i've yet to find one that works for me, being a techy i'm quite happy to run my systems without it and haven't used anti virus for around 12 years

Gkam84's picture

posted by Gkam84 [8699 posts]
15th October 2011 - 18:32

like this
Like (2)

The good news is Google has stopped flagging the site so hopefully we can all get back to the usual stuff of talking about bikes, and riding in all their various forms

Tony Farrelly's picture

posted by Tony Farrelly [4132 posts]
15th October 2011 - 19:13

like this
Like (1)

Tony, FYI I have just been confronted by Facebook's alert mentioned above by Gkam84.

Simon E's picture

posted by Simon E [1919 posts]
15th October 2011 - 20:19

like this
Like (2)

Gkam84 wrote:
Nah i think i'll leave my browser settings as they are, they are there for a reason

Two reasons in fact: security theatre and big brother!

posted by a.jumper [681 posts]
17th October 2011 - 9:21

like this
Like (1)

The web still has ads? Confused

posted by Matt_S [182 posts]
17th October 2011 - 9:41

like this
Like (1)