Suspected Malware

Status
Not open for further replies.

lemon-tree

x10 Minion
Community Support
Messages
1,420
Reaction score
46
Points
48
When navigating to the x10hosting.com homepage today on multiple occasions (although not every time) I have received a warning about suspected malware. It claims it has something to do with zxfr.salefale.com, but a search of the homepage yields no reference to that page.
A quick Google for info about that site brought up this document that highlights the exploits used on the site. I'm no expert on this, but clearly something is wrong here and I thought I would just bring it to your attention. It's not likely to cause me any problems, but those on more vulnerable browsers may be at risk, provided the warning is valid.
I have attached a screenshot of the warning.

EDIT: I also seem to be having problems signing in to my account panel. I understand it is undergoing an update, so I assume it is just a temporary problem.
 

Attachments

  • sf.png
    sf.png
    97.5 KB · Views: 148
Last edited:

carl6969

Community Support Team
Community Support
Messages
6,874
Reaction score
206
Points
63
Just curious about what browser you were using when you encountered this. I am using Firefox on a Linux OS and have never seen any such warnings on X10. I will be interested in learning more about your find.
 

techairlines

x10 Flyer
Community Support
Messages
2,867
Reaction score
165
Points
63
I believe it might have to do with the ads on the home page. Google's site malware filter not only warns of the parent page, but warns about any elements on the page.
 

masshuu

Head of the Geese
Community Support
Enemy of the State
Messages
2,293
Reaction score
50
Points
48
Google malware thing might also warn about subdomains
 

lemon-tree

x10 Minion
Community Support
Messages
1,420
Reaction score
46
Points
48
Just curious about what browser you were using when you encountered this. I am using Firefox on a Linux OS and have never seen any such warnings on X10. I will be interested in learning more about your find.
I'm using Safari on Snow Leopard. It may be that one of x10's free accounts has links to that page and the whole of the x10hosting.com domain has been blacklisted
 

eksquall

New Member
Messages
4
Reaction score
0
Points
0
Got this on my Uni computer as well: (running IE on Vista enterprise)

4hutdy.jpg
 
Last edited:

Smith6612

I ate all of the x10Pizza
Community Support
Messages
6,518
Reaction score
48
Points
48
Looks to be coming from the advertisements guys. That would explain why I haven't seen this popping up since my network filters ads at the router level. Definitely make sure your PC is good to go, but if you can take a screen shot of the ad that is triggering the message on http://x10hosting.com and post it up. The staff I'm sure would appreciate it.

As for the sub-domains, I don't believe browsers will flag a domain as unsafe over a sub-domain, only when you visit the sub-domain itself. That is, unless the entire domain is known to be naughty.
 

lemon-tree

x10 Minion
Community Support
Messages
1,420
Reaction score
46
Points
48
Got this on my Uni computer as well: (running IE on Vista enterprise)

4hutdy.jpg
I'm being told it is coming from adserve.x10hosting.com too, seems that it may be the root of the problem.
 

jtwhite

Community Advocate
Community Support
Messages
1,381
Reaction score
30
Points
0
It's definitely the advertisements. I've had this problem before :p.
 

aerocrash1

New Member
Messages
80
Reaction score
3
Points
0
Google chrome says :-

Warning: Visiting this site may harm your computer!
The website at x10hosting.com contains elements from the site zxfr.salefale.com, which appears to host malware – software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.
For detailed information about the problems with these elements, visit the Google Safe Browsing diagnostic page for zxfr.salefale.com.
Learn more about how to protect yourself from harmful software online.
I understand that visiting this site may harm my computer.
 

ofivestang

New Member
Messages
3
Reaction score
0
Points
1
Yes, Google chrome is flagging x10hosting.com as a whole, to be a site with malware concerns, not just sub domains.
 

carl6969

Community Support Team
Community Support
Messages
6,874
Reaction score
206
Points
63
I was not seeing any warnings of any kind until this morning.
Now Google Safe Browsing is also giving me warnings on every x10 page including support areas and forums.
"Reported Attack Site!"

Diagnostic page for x10hosting.com:
Of the 428 pages we tested on the site over the past 90 days, 11 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-03-06, and the last time suspicious content was found on this site was on 2010-03-06.
Malicious software includes 19 trojan(s), 4 scripting exploit(s), 2 exploit(s). Successful infection resulted in an average of 12 new process(es) on the target machine.
Malicious software is hosted on 18 domain(s), including 364736.com/, adserve.x10hosting.com/, xcdx169.net/.
Over the past 90 days, x10hosting.com appeared to function as an intermediary for the infection of 10 site(s) including ura.exofire.net/, kralform.net.tc/, masterjakeonline.com/.
Yes, this site has hosted malicious software over the past 90 days. It infected 20 domain(s), including stichtingosm.x10hosting.com/, x10hosting.com/, gulsuyu.com/.

In my experience I have found that Google Safe Browsing warnings and diagnostics are very accurate. It would appear that x10 has been "blacklisted" by Google for some very good reasons. I have not personally ever had this problem with x10 before. If this actually does have something to do with advertising it must be some very new type of advertising source which x10 should immediately drop in order to protect both themselves and all their users and visitors.

I have a Linux OS on my PC which is generally immune to malware and virus's. People with Apple's are probably reasonably safe as well. Windows users should be alarmed by all of this - hopefully they all gave good up to date anti virus, anti malware, and firewall setups. And, even though I am not particularly concerned about x10 installing malware on my Linux system, those never ending attack warnings are very annoying and I don't want to disable them because I always avoid websites blacklisted by Google - with the exception of x10.

X10 simply needs to figure out what is causing all of this and fix it.
 

lemon-tree

x10 Minion
Community Support
Messages
1,420
Reaction score
46
Points
48
This has suddenly stepped up a notch. As noted above, the whole of X10hosting.com and any of its subdomains is now listed as malware, on every page request now rather than just occasionally. Basically, any account on X10hosting that hasn't got a custom domain name is being blocked by Google Safe Browsing.

e.g. My homepage is being blocked http://lemon.x10hosting.com/ but my other domain on the same server is perfectly fine http://flight-plan-database.tk/

This is certainly a very serious issue as now all of X10hosting's user's sites are being flagged as malware, which I can imagine is a big deal for a lot of people who's sites do not have a custom domain name. The admins had certainly better get working on this otherwise they could lose a LOT of users and visitors. We can see this is a mistake, but users of our sites or x10 will see the warning and just back out.
 
Last edited:

lynnwood

New Member
Messages
26
Reaction score
0
Points
1
As a non-paying customer of this free hosting service I can't complain much about this atrocity. However, as an Internet citizen I am compelled to say that the administrators of x10hosting.com are not only irresponsible for allowing this to happen, but should also be liable for any damages that have been done to any poor unsuspected win32 users.
 

carl6969

Community Support Team
Community Support
Messages
6,874
Reaction score
206
Points
63
As a non-paying customer of this free hosting service I can't complain much about this atrocity. However, as an Internet citizen I am compelled to say that the administrators of x10hosting.com are not only irresponsible for allowing this to happen, but should also be liable for any damages that have been done to any poor unsuspected win32 users.

Even though you are on a free hosting plan you are still a customer and are absolutely entitled to express comments, concerns, and complaints just like clients using various pay services. You are affected by this as much as anybody else - maybe even more than some clients if you happen to have "x10hosting" somewhere in your website address.

As for X10 liability, take a look at paragraph 5 of the TOS.
http://x10hosting.com/tos.php
Basically says they can't be held legally responsible for things like this.
 

descalzo

Grim Squeaker
Community Support
Messages
9,375
Reaction score
327
Points
83
carl6969 said:
As for X10 liability, take a look at paragraph 5 of the TOS.
http://x10hosting.com/tos.php
Basically says they can't be held legally responsible for things like this.

I don't think he was talking about liability to the people who have sites on x10hosting.

I think he meant liability to visitors to sites hosted on x10hosting. I don't believe the TOS covers that. The TOS is between x10hosting and those with sites.
 

Christopher

Retired
Messages
14,659
Reaction score
8
Points
0
Hello,

The problem has been resolved. Google may take a few hours until they remove the block.
 
Last edited:

lemon-tree

x10 Minion
Community Support
Messages
1,420
Reaction score
46
Points
48
Good to hear, many thanks for the quick resolution.
 
Status
Not open for further replies.
Top