Why is AVG blocking legitimate sites?

October 15, 2009

AVG is a “free” antivirus software package that has become fairly popular lately. The b5media tech team has been asked many times in the last 24 hours about why AVG is blocking legitimate sites. There is a FAQ on AVG’s site about this, but it is incomplete and, in my opinion, inaccurate*. People are asking the questions in the AVG forum, but responses have just been long paragraphs explaining how they’ve asked the question in the wrong forum and links to the FAQ. I’ll attempt to better address the question here.

The FAQ says:

There are several possibilities how a clean and legitimate website may become infected:

  • Website was exploited by some hacktoolkit which searches for vulnerable websites, and automatically infects them.
  • Infection was inserted on the machine that is used to create/upload websites, which means that the author’s/administrator’s computer is infected.
  • An attacker gained direct access to the website administration thanks to a weak or stolen access password.

We recommend to contact the administrator of such website.

This may have largely been true 5 years ago, but it isn’t now. Yes, breaches in security happen and always will. However, the most common vector for malware to get on today’s sites is through ads.  These ads aren’t even ever seen by the webserver you are visiting**. 

The FAQ would be accurate if they added:

  • The website is currently displaying an ad/image hosted on a site that AVG has deemed dangerous.

The unprinted bullet point is:

  • We mess up. We are humans. We are not perfect and neither are the tools we use. Sometimes we will say a site is infected when it isn’t. Sometimes we will say something is malware, that really is, but it is so common place that blocking it will make so many sites unusable that we will have to back down. When this happens, we will try to “fix” the issue as quickly as possible.

This ad vector is something that all websites are fighting right now. It’s difficult because servers can be spotless and tight, but tools like AVG and the Google toolbar will see one of these ads (that we have nothing to do with) and will list that site as infected.  If a bad ad is served when Google scans for infection, then the site is completely dropped from the Google index. NOT GOOD. Then the admin has to go and figure out which ad is bad and from that which ad manager let something slip through that they should have blocked.***

So, what is the current issue? Well, on October 14, 2009 AVG reclassified an ad/cookie used on a large majority of websites out there as dangerous. That’s why AVG is blocking familiar sites such as http://nytimes.com, http://imageshack.us, http://yahoo.co.uk, http://babelfish.yahoo.com, http://problogger.com as well as other b5media entities like http://everyjoe.com http://splendicity.com and http://blisstree.com

Everything seems to point to ads.YieldManager.com as what is being blocked. Yieldmanager.com has an Alexa rating of 198. Think what you want of Alexa, 198 means they are BIG. You probably know the name as they have been on most sites you’ve visit for years.  YieldManager is run by Right Media, which, since 2007, has been controlled by Yahoo. This is why the ip addresses, that come up in the AVG LinkScanner alerts, all point to Yahoo.

In short, AVG will either change this decision or lose market share. It won’t take long for them to make up their mind.

UPDATE: Around 9am the forum included a post stating “UPDATE…. It’s now been ascertained that it was actually a false positive. Please update the AVG on your system.”

Forum users report that AVG has changed their statement from:

Let us inform you that this is not a false detection. Our LinkScanner
technology detects a real threat, which is Geo-IP and also browser
specific targeted, therefore it is detected only at www.yahoo.co.uk
(IP: ) in Mozilla Firefox web browser only.

Over to:

Unfortunately, the previous AVG Link scanner database might have
detected the mentioned web page as threat. However, after thorough
analysis we can confirm that it was a false alarm. We have released a
new Link scanner update that removes the false positive detection on
this web page. Please update your AVG and check if your are able to
open the web page properly.

As you can also see from that thread, some people received an update this morning, but still are having problems on popular sites.  My only suggestion is that you update AVG a few more times and hope that they allow you to surf your favorite sites.

 

 

 

* Yes, I’ve submitted feedback about this.

** The way most ads work is a webpage will include instructions for your computer to say “Hey, you big sexy ad server, give me an ad to display.” when the page is loaded.  At that point, the big sexy ad server says “Very well then. Go to ads.example.com and get the ad.”.  Your computer then visits ads.example.com which can return any number of different ads. Some will be perfect nice ads. Some may be nasty infectious ads. Others will work on one browser, and throw errors on another.  The site has no control over this. Really, neither does the big, sexy ad server (though it should run its own periodic checks) since the ad that appears at ads.example.com was probably legit when the ad was purchased. The ads that appear are only as reliably legit as the checks in place at that third party ad server.

*** That said, it is kinda interesting to look at all the sites out there listed as infected. For example go here to see an infected site and then bounce up from there into any of the 3 networks that site is hosted on. That will lead you to thousands of other infected listings.

Posted by Brian | Filed Under Tips, Techniques and Technologies | Leave a Comment 

How do you get the current directory name in PHP?

July 1, 2009

I ran into a situation where I wanted to get the name of the directory I was in, in PHP. To be clear, I didn’t want the full path, just the directory/folder name

To be clear, if I was working in the directory:
/home/username/public_html/addonname

I wanted to have addonname returned.

I worked out two solutions.

The first solution used the getcwd() function which returns the full directory path as shown above but to use the basename function to get the part I needed. It worked so… “echo basename(getcwd());” returns “addonname” in this scenario.

That would meet my needs perfectly. I believe that matches my requirements in spirit, but was not literally correct. That statement returned the current working directory, but not the directory where the file was located. In fact, PHP 4 and PHP 5 differ when getcwd() is called from the command line. If you are in the ‘/’ directory and execute “php /test/talktome.php“, a php 4 getcwd() in that file will return the path “/test” while PHP 5 will correctly return ‘/’.

To resolve this, this next call works even better:
echo basename(dirname(__FILE__));

Does anyone want to do some speed tests to see which is faster after 10,000 calls? Let us know your results.

Posted by Brian | Filed Under PHP | Leave a Comment 

WordPress 2.8 Beta 1 Released

May 17, 2009

While I was rolling around near comatose yesterday WordPress 2.8 beta 1 hit the streets. We plan to do a thorough review of this project on Thursday at the Ohio WordPress meetup here in Akron, Ohio. So, I figured it would would be a good time to run it officially here in The Code Cave.

The upgrade process is as simple as always. Unzip the file, copy it over the existing files, go to wp-admin upgrade and click continue. When the official release comes out, I plan upgrading my wp-upgrade script as I still think it is useful. Even though WordPress itself has upgrade abilities within it, the full file backup and database backup that my script does, still provides added benefit. So, I’ll keep it around a while longer.

As for WordPress 2.8, you don’t need to fear about learning a totally new system from scratch. There are a number of nice changes and tweaks, but the basic interface remains the same. There are a lot of changes for plugin developers and the like, but the everyday users will see some things like the new widget drop zone that makes it easy to make a widget inactive without loosing its settings. I’ll be testing over the next few weeks to see what I’d consider note worthy for a release post. I used to even do a line by line comparison, but I don’t know if I’ll don’t be returning to that. For now you can read about the changes here.

If there is any part of this upgrade that you definitely think we should cover at the Ohio WordPress Meetup, please let me know so that I don’t miss it!

Posted by Brian | Filed Under WordPress | 1 Comment 

MySQL Founder Resigns from Sun over Quality of MySQL 5.1

February 5, 2009

A picture of MySQL founder Michael "Monty" Widenius

I first laid eyes on Michael Widenius, the original and principle author of the MySQL database software at the 2008 MySQL Conference in San Jose.  Michael, who is more commonly known simply as “Monty”, had recently had his pride and joy, the MySQL AB company purchased by Sun Microsystems. I’d say that just about every attendee was extremely nervous about the future of MySQL, and every (new) Sun employee was eager to say “Oh, the purchase was great thing!”. There certainly was a Sun head hunter at every corner ready to hand out an application form (and a pair of boxer shorts or two).


MySQL_Boxer_shortsI left the conference having learned a lot of the techniques Lee Newton would be soon applying to the b5media database architecture. But far as the Sun purchase was concerned… I felt a little less safe. It was worrying that something that important was not quite as secure as it once was.  There was no indication something bad was about to happen, but the way things were, it was sure to be painful if something did.

So now not a year later, Monty announced today that he has quit because Sun released MySQL 5.1 without first resolving significant flaws despite Monty’s strenuous objections. Monty previously released a detailed list describing some of the “many known and unknown fatal bugs in the new features that are still not addressed.” My take from the article is that we should consider MySQL 5.1 should be considered a 5.0 maintenance release with pre-release beta features included.

Obviously Monty had spoken up to the higher ups at Sun prior to the release, but as he explained this had little affect.  I think that the open source world collided heavily with the corporate reality of “Cost, Schedule, Features, or Quality – Choose 3”. In the open source communities, the choice is simple, the schedule rarely if ever enters the mix. In this corporate battle, it obviously was one of the three chosen. Monty had been seen this coming early on and had been very vocal even back in April 2008 (see page 19) calling for Sun to “Create a release policy and independent release policy board that can’t be manipulated by people in charge of server development (to not allow anyone to sacrifice quality to reach personal goals)” Whoa… “To reach Personal Goals” – even then it sounded to me like he had someone in particular in mind. Additionally, from another comment later in the keynote: “Sun is more opensource/free software friendly than MySQL AB has been lately and is driving MySQL in the right direction” it seems obvious that there was a power struggle going on. After all MySQL AB was co-founded by Michael and he should have had significant influence over the company’s philosophies. I don’t know the rest of this particular sub-plot, but I’m certain there is more to be told.

In any case, in light of MySQL 5.1’s quality issues at time of general availability Michael tells us he immediately quit  but was talked into giving three months months to Sun for reconciliation and putting things right. That stretched into seven months, but the end result was the same. Michael announced today that he’s resigned and will be creating his own version of MySQL called MySQL-Maria which will will incorporate all MySQL updates but include rewrites and additional code to improve stability. It will be primarily developed by a new company he is forming named Monty Program Ab which will be “a true open source company”. I’m still not sure what that means, but I guess I could read up on it in more detail, if I wanted to.

So, what does this mean? Is it a good thing? I guess it is good that someone is out there fixing known bugs in MySQL, but won’t that happen anyway with an open source project? It’s great to see another company formed to further the open source movement, but can a MySQL standards war be beneficial?  Given the adoption rate of new MySQL releases, does it even matter that 5.1 was released? It’s not as if ISPs will install it anytime before 2010 by which time there will be patches.

In the end, from the clues I’ve seen I suspect this episode occurred due to a personal, philosophical dispute that Monty didn’t win. Regardless, I wish him success with his new project and thank him for providing a tool that I use ever day: MySQL.

Posted by Brian | Filed Under MySQL | Leave a Comment 

WordPress Quick Tip: Fixing the number of comments per post

January 7, 2009

For various reasons, sometimes the number of comments shown under the title of the post may not match the number of actual comments displayed under the post.

Here is a simple SQL statement that will resolve the issue:

update `wp_posts` set comment_count = (select count(*) from wp_comments
WHERE `comment_post_ID` = `ID` and comment_approved = '1')

You can use this to verify what would change and where your problems may lie:

SELECT ID, `post_title`, `comment_count`,
    (select count(*) from `wp_comments`
        WHERE (`comment_post_ID` = `ID`) and (`comment_approved` = '1')) as NewCC
    FROM `wp_posts`
    WHERE `comment_count` <> (select count(*) from `wp_comments`
        WHERE (`comment_post_ID` = `ID`) and (`comment_approved` = '1'))

Posted by Brian | Filed Under MySQL, PHP, WordPress | 56 Comments 

How to instantly watch a YouTube video in High Quality

January 2, 2009

You know how the “Watch in High Quality” link never shows up right away on YouTube?

Isn’t that annoying???? I thought it was. So I wrote this little bookmarklet to allow me to switch any video I’m on to HQ immediately.

If you want to use it, just drag this link on to your link bar (or add it to your favorites) and then click it when you want to switch any YouTube! video to High Quality:

Watch in HQ

Posted by Brian | Filed Under Tips, Techniques and Technologies | 2 Comments 

Favorite Windows Vista Features: Open Dialog Internet Integration

June 30, 2008

Ok everyone loves to bash Vista. It’s the in thing. I get it. I run vista with the User Access Control (UAC) turned off. Once that is done, it is modern version of Windows XP with some nice features built in. Now some of these have been made available in a limited fashion in XP service packs, like this first example: the integration of the internet into the Open Dialog box.

This is one of my favorite Vista features.
I’ll demonstrate in this video:

Article Series – Favorite Windows Vista Features

  1. Favorite Windows Vista Features: Open Dialog Internet Integration

Posted by Brian | Filed Under WINDOWS | Leave a Comment 

WordPress 2.6 – Causing waves on Mars: The XMLRPC controversy

June 26, 2008

WordPress 2.6 has been been trouble.  There’s been confusion about whether it would be out in July or August.  There was one date in the road map, and one in Trac.  On Sunday night, Charles Stricklin and I recorded episode 43 of The WordPress Podcast and I stuck with the August date that was in the Trac tool used for development. 

Then the next day Ryan Boren sent this reply to the WP Testers mailing list the next day:

On Mon, Jun 23, 2008 at 1:01 PM, Kirk M wrote:
> Do my eyes deceive me or am I seeing a due date of July 7th for the release
> of 2.6 with a fall back for July 14? Any reason for the releasing a month
> early? I’ve barely setup my test sites figuring I had a month to go ye;). 

[Ryan Boren Replied:]
There was some confusion because the roadmap had July and trac had
August.  Given that all of the features went into 2.6 early and that
its been running this whole time on wordpress.com and lots of our
personal blogs, a shorter beta seems doable.  I think we can launch
the beta cycle now, pound on it until the 7th and decide if it’s
ready.  If not,  pound it another week and decide of it’s ready.  I
merge 2.6 to wordpress.com almost daily and get tons of feedback in an
instant.  I’m pretty confident in being able to finish off 2.6 in a
few weeks.  We won’t be adding any more features to 2.6 so there’s no
need to linger for an extra month.  Also, a July 2.6 release allows us
to consider an early September 2.7 release that focuses on pulling in
some of the GSoC work.  That work would be too much to try to push
into an early August 2.6 release.

Ah, well you win some you lose some.  At least I wasn’t the only one who thought it would be August.

Since then a much more controversial debate has arisen.  Westi made the announcement that WordPress 2.6 would have the XMLRPC feature turned off.  XMLRPC is the technology that allows programs like Windows Live Writer, MarsEdit, ecto and other external blog editors use to communicate with your WordPress blog.  Here is what Westi had to say about it in his announcement:

WordPress 2.6 will be more secure out-of-the box including better support for running the admin over SSL and changes to disable the remote publishing protocols by default.

We have choosen to disable Atom Publishing Protocol and the variety of XML-RPC protocols by default as they expose a potential to be a security risk.  So from WordPress 2.6 onwards you will need to go into the Settings->Write page and enable them individually if you want to use them.

Mac software developer and MarsEdit creator Daniel Jalkut believes this to be a fundamentally wrong choice.  He’s said so on the wp-hackers list and on his website:

WordPress’s decision to shut off remote access by default is analogous to a bank offering unrestricted drive-through access to its cash machines, while requiring pedestrians to ring a bell and wait for a security guard to open the door to the machines.

Also worth considering: if a service is disabled by default for security considerations, what message does that send to people who choose to, or who are encouraged to turn the service back on? It sets up a perception of insecurity which may not even be warranted. If the remote publishing interfaces are insecure, they should be fixed, not merely disabled!

I think that’s somewhat misleading.  It makes people think that the switch has to be set  over and over again.  It is much more like, when you open a savings account, checking either the box that says you want an ATM Debit card and/or the box saying you want to access the account through the online site. Eliminating either of those options would make your money more secure.

I agree that there is an issue with people upgrading and finding that MarsEdit, Livewriter or whatever doesn’t work. That is easily solved by keeping the XML interface off by default on new blogs, but not changing the behaviour for upgrades.

But why not just “fix” the security issues?  Well the truth of the matter is that you can no more "fix" all security risk in xmlrpc than you can "fix" it in any software program.  It is a moving target.  New methods are thought of and software improvements introduce new avenues never thought of, even if there is a layer between the final interface and the database.  So even if WordPress was completely clean in 2.6, how can you prove that it is secure in 2.8 or 3.0.

Is xmlRPC secure in WordPress 3.0?  I don’t know it doesn’t exist yet.  But I do know if it is disabled for new blogs, that the new WordPress 3.0 blogs won’t face an XMLRPC security risk.

Article Series – WordPress 2.6

  1. WordPress 2.6 – Causing waves on Mars: The XMLRPC controversy

Posted by Brian | Filed Under WordPress | 6 Comments 

You learn something new every day: 404.html file size issues?

February 21, 2008

I found this in a friend’s 404.html file:

< !--
– Unfortunately, Microsoft has added a clever new
– “feature” to Internet Explorer. If the text of
– an error’s message is “too small”, specifically
– less than 512 bytes, Internet Explorer returns
– its own error message. You can turn that off,
– but it’s pretty tricky to find switch called
– “smart error messages”. That means, of course,
– that short error messages are censored by default.
– IIS always returns error messages that are long
– enough to make Internet Explorer happy. The
– workaround is pretty simple: pad the error
– message with a big comment like this to push it
– over the five hundred and twelve bytes minimum.
– Of course, that’s exactly what you’re reading
– right now.
–>

Does anyone know if that is still the case? I haven’t come across this before, but it is sure worth knowing about even if it is ie6 specific…

Posted by Brian | Filed Under HTML, Microsoft | 3 Comments 

Tip Tuesday: Manipulating Graphics files for your blog

January 22, 2008

When working with graphics files on your blog, it is always smart to optimize their size for their targetted use. A simple corner picture does not need an original size of 8.1 mega pixels. On a windows machine, MS Paint can handle that sort of transformations, with a little pain and bloodshed. I’ve also written and posted here a console app to do the dynamic resizing. Gimp is awesome, but it is over kill.

I strongly encourage Windows users to check out Infranview. You might look at the site and say “Oh it is just a viewer”, but it is soooooo much more than that. Though it is the one of the best picture viewers out there, it also handles basic graphic manipulation better than most other software out there, even the pro stuff.

File resizing is very simple. However following their “It is trying to be simple for beginners and powerful for professionals.” goal, it allows you to, in the advanced menu, choose from various resampling methods in case the image just looks wrong when you resize it. Most programs use the 1 method the programmer preferred and you are stuck with it.

You can get it here:
http://www.irfanview.com/

and once you load the plugins from here:
http://www.irfanview.com/plugins.htm

(I prefer this mirror for downloads.)

You’ve got a powerful graphics manipulation tool that can even accept any photo shop 8bf plugins that you have lying around.

(BTW xnview is a infranview knock off, but it does have pocketPC and Smartphone support and works nicely as a viewer on those platforms)

Posted by Brian | Filed Under Tips, Techniques and Technologies, WINDOWS, WordPress | Leave a Comment 

Next Page »

Cave Drips...

  • So the question is "Is your site at Something.wordpress.com or do you have your own URL?" If they pay for a custom URL, they will know that. 1 day ago
  • Rotating icepack and heating pad. Stupid Porch. Think I'll finally hit the doc up about my knee... #fb 1 day ago
  • More updates...

Graffiti

Recently Stored

viagra 50 mg indian version of viagra cialis cheapest viagra india online viagra cost comparison viagra for sale without prescription generic tadalafil online buy viagra in korea indian levitra discount cialis online viagra prescription over the counter vardenafil cialis otc cialis no rx cialis 30 mg viagra ranbaxy buy levitra in uk cialis low price tadalafil tablets 10mg cheap viagra fast shipping cheap generic levitra cialis discount cialis 5mg viagra discount prices buy levitra without prescription vardenafil online generic levitra canada viagra professional price cheapest sildenafil citrate indian version of cialis viagra lowest price viagra online prescriptions tadalafil 10mg levitra over the counter levitra prescriptions online buy viagra without a prescription liquid tadalafil citrate buy viagra prescription online tadalafil 20mg india india viagra generic sildenafil citrate for sale vardenafil hcl 10mg cialis discount coupon buy levitra australia viagra over the counter in canada liquid sildenafil tadalafil price comparison viagra cost in india cialis mail order sildenafil sales buy vardenafil cialis offer cheap vardenafil generic cialis no prescription viagra tabs generic indian names viagra price canada vardenafil hcl 20 mg generic viagra without prescription viagra by scilla biotechnologies buy generic cialis free viagra viagra over the counter viagra pills kamagra 100 mg cialis from india tadalafil australia tadalafil 20mg tablets tadalafil soft tabs sildenafil pills viagra no prescription required generic viagra paypal tadalafil online indian viagra cost tadalafil online pharmacy generic soft viagra sildenafil soft tablets viagra generic names buy viagra in ireland levitra without prescription levitra online purchase cialis pill indian tadalafil levitra 5mg cialis cost per pill tadalafil oral jelly sildenafil no prescription vardenafil price generic cialis 10mg cheap cialis no prescription order sildenafil citrate indian generic viagra blue viagra buy cialis usa apcalis 20mg tablets viagra overnight delivery sildenafil india purchase viagra without a prescription viagra prescriptions order viagra without prescription viagra with no prescription levitra for sale purchase viagra canada discount levitra viagra 200mg cheap viagra 100mg cialis overnight delivery buy sildenafil online viagra made in india cialis tabs 10mg viagra indian pharmacy viagra for sale in ireland viagra uk prices buy viagra in europe generic cialis india levitra online viagra for sale india buy viagra in dublin generic cialis soft tabs viagra 50mg cost generic sildenafil 100mg tadalafil generic viagra super active 100 mg kamagra 100mg sildenafil 100 mg tablets cialis no prescription viagra low price online cialis suhagra tablets buy cialis daily use tadalafil sample cialis prices viagra prescription online buy cialis pill kamagra from india cialis online levitra mg vigora india vardenafil 10 mg sildenafil citrate 100mg buy viagra in india buy cialis professional viagra in india buy viagra in singapore generic revatio viagra substitutes sildenafil canada viagra no script cheap kamagra viagra retail price cheap lovegra order viagra uk buy cialis in mexico viagra prescription price purchase cialis online without prescription online cialis prescription ranbaxy caverta buy viagra in hong kong sildenafil price cialis mastercard buy viagra in england viagra mail order canada cialis tablets for sale order cialis cialis soft tabs generic levitra india tadalafil prices cheap sildenafil citrate tablets cialis online prescriptions cialis 5 mg daily levitra prices prescriptions viagra viagra over the counter alternative cialis 20 mg tablets cialis generic india cialis prescribing cialis 20mg daily sildenafil 50 mg viagra drug prices tadalafil generic india cialis sale viagra prices buy viagra 50 mg levitra pharmacy buy viagra generic viagra prescription drug cialis daily cost vardenafil uk viagra soft tabs online buy viagra super active cialis 10mg price 25mg viagra silagra 100mg online viagra prescriptions cialis prescription cheap cialis india revatio 20 mg indian equivalent of viagra tadalafil india viagra capsules cheapest viagra buy cialis without prescription tadalafil overnight cheap tadalafil online purchase viagra online no prescription