DU Community Help
Related: About this forumMalwarebytres does not like some of the posts I click on!
Website blocked due to compromisedMost recently: https://www.democraticunderground.com/100219841342
Any idea why this is happening?
highplainsdem
(52,962 posts)a YouTube video from Sky News Australia in one of the replies, but no other links.
Liberal In Texas
(14,706 posts)This isn't the only time it's happened. I was just wondering if the admin knew of why it might be.
highplainsdem
(52,962 posts)Liberal In Texas
(14,706 posts)I don't remember the others I've seen. I was pretty much ignoring it as it was only now and then and didn't seem to be doing any damage, but this time I thought I probably should ask someone who knows how the nuts and bolts of the site work.
I suspect it might not be your OP but one of the replies.
brer cat
(26,569 posts)has posted. I think the gif in her sig line is the problem.
Liberal In Texas
(14,706 posts)You may have something there.
brer cat
(26,569 posts)and that is where it started happening. It was easy for me to look for the common posts since there are way fewer people on MIRT than on the whole forum.
highplainsdem
(52,962 posts)Attilatheblond
(4,731 posts)I get an occasional 'warning' from Microsoft that a site could be dangerous. When I go via a more secured browser I have, the site is fine.
Thinking corporate censorship of our internet use might be a thing now.
eggplant
(4,009 posts)The web server hosting one of the images in sheshe2's signature is on a blacklist because some *unrelated* website on the same server has nastiness on it.
malwarebytes checks these blacklists and stops you before you can connect to that server. Different antimalware tools may use different blacklists, so the server won't be blocked.
brer cat
(26,569 posts)in the thread. I am assuming that the gif in her sig line is the issue.
EarlG
(22,645 posts)When you're browsing DU, the information that you're viewing is not all hosted on DU. When members link to media that is hosted on other sites -- for example, YouTube videos, tweets, and images --- that media is not lifted from the host site and then re-hosted on DU's servers. It remains on the host site, and DU's software simply displays it as is.
Therefore, when you're browsing DU, each page is really a mix of content from different sources. The vast majority of that content is hosted on DU's servers (eg. the entire page layout, user-written text, etc.), but some of it isn't (eg. images that are linked to from elsewhere).
Generally speaking, viewing mixed content is considered "safe" (although that probably depends on your view of network security), and modern browsers will alert the user if the browser thinks that any content which it is about to load is "dangerous."
A lot of the time -- and especially on DU, because we only allow a few types of outside content to be linked to -- this happens because the page contains an image with an http:// prefix instead of an https:// prefix. The former (http) is the original standard protocol for Internet data transfer, whereas the latter (https) is a more modern, secure version which encrypts the data that is exchanged between a website and a browser.
These days, the vast, vast majority of websites use the https protocol, but some still use the old version, and it also possible to retrieve an image from an https site by using the http prefix. I have seen situations where people's browsers throw errors because they load a DU page which contains an http image prefix.
Since you suspected sheshe2's post as being the possible culprit, I checked those and and the images in her sigline all use the https protocol. I did find one image on the page that does not -- the image in lindysalsagal sig line has an http prefix. But I'm not sure that's the issue in this particular case.
This may be the answer:
The error message in your OP is an "outbound" error, and the website that it is blocking is located at 104.207.254.75. That is NOT a DU IP address. Instead it belongs to "Liquid Web L.L.C" which provides VPN services.
Are you using a VPN? If so, that is probably the issue. When you use a VPN, you connect to your target server (in this case, DU) by connecting to another server first, which then connects to the target server. This obscures your personal IP address from the target server, because the target server can only record the IP address of the VPN server, not your personal IP address. People do this legitimately, for privacy reasons.
In this case, it appears that MalwareBytes thinks that the VPN server -- the one you are connecting to before you connect to DU -- is compromised.
If you are using a VPN, my advice would be to either try disabling it and visiting DU to see if the error persists, or force your VPN program to connect to a different server by changing the location.
If you are not using a VPN, we will have to continue the conversation...
Liberal In Texas
(14,706 posts)The only VPN I'm using is the built-in "Microsoft Edge Secure Network." I went into Edge settings and turned it off. Unfortunately, the MalwarelBytes message still comes up even after refreshing the post.
EarlG
(22,645 posts)Just curious to know if the IP address changed or if it reported a different error.
Liberal In Texas
(14,706 posts)New notice:
EarlG
(22,645 posts)It's the same IP address -- the Liquid Web L.L.C VPN server. Except this time there's a domain attached to it.
Do you happen to know which thread you were on when you got this particular error?
Liberal In Texas
(14,706 posts)Now I'm getting it in this one.
sl8
(16,276 posts)Do you get the same message if you open the pic directly?
===
On edit: deleted sig pic.
===
You may want to try opening it in a new tab.
That domain name is on at least one blacklist. That doesn't necessarily mean it's a "bad" site.
Liberal In Texas
(14,706 posts)gloriafeld t.com
104.207.254.75
That pic in your post 16 looks like a broken icon.
I don't get it when I'm replying to the post just now...until I post and go back to the full OP and replies.
EarlG
(22,645 posts)Malwarebytes doesn't like gloriafeldt.com for some reason and is blocking your connection to that domain. That would explain why you're seeing the message, and also why you're not seeing the image in the post (it's being blocked). It explains why Malwarebytes throws an error on every DU page which contains that image.
You should be able to add an exception somewhere in Malwarebytes to tell it to load content from gloriafeldt.com (assuming you're comfortable doing that -- I don't see anything unusual about the Gloria Feldt website, it could be Malwarebytes generating a false positive).
Just out of curiosity, have you tried going directly to gloriafeldt.com? (My guess is that Malwarebytes won't let you.)
Liberal In Texas
(14,706 posts)sl8
(16,276 posts)I'll bet you'll stop seeing the alerts for this thread (you may need to refresh)
Liberal In Texas
(14,706 posts)Liberal In Texas
(14,706 posts)and I don't get the Malwarebytes alert.
But I just got it composing this reply.
sl8
(16,276 posts)Caveat - I used be somewhat well versed in this sort of thing, but I'm pretty rusty now. Take my input with a grain of salt.
Also, please see my reply to EarlG.
For what it's worth, most of the public blacklists I checked don't list gloriafeldt.com. One that did said the reason was due to it being a source of spam, not malware or such. I also think that, even if that ip was correctly identified as a source of spam, it may not have originated from gloriafeldt.com.
I hesitate to tell anyone not to worry about a possible security concern, but, personally, this wouldn't concern me. Again, "grain of salt".
The safest thing would be to ask Malwarebytes about it.
sl8
(16,276 posts)I'm also seeing that the ip is part of a block of 8192, which, as you said, belongs to Liquid Web, which is a website hosting company.
The DNS HINFO record shows that ip associated with "cloudhost-180693.us-midwest-1.nxcli.net" (per CentralOps.net).
The sig picture is on host gloriafeldt.com. I wonder if that host is actually a virtual server provided by Liquid Web and is using a shared ip? If that's the case, gloriafeldt.com might not even be the cause for the ip being blacklisted.
EarlG
(22,645 posts)The first error message (the one in the OP) didn't specify gloriafeldt.com, but the second one did, so if the image in sheshe2's sig line is hosted on that domain, I'm 99% sure that's what must be causing it.
Liberal In Texas
(14,706 posts)I now know more than I did.
eggplant
(4,009 posts)After further research, the (shared) IP address associated with the site is flagged on https://www.abuseipdb.com/check/104.207.254.75
I would assume that some evil site is sharing the hosted IP and thus the cause. Which means either adding it to malwarebytes' allow list or putting up with the warnings. I'm choosing to put up with the warnings rather than expose the risk, but it's your choice.