so, for those that are unsure about things, this is what I've learned:

There was an exploit that allowed someone to put "redirect" code into some of the site pages. This particular exploit wouldn't harm your computer if you didn't do anything at the sites you were redirected to.

There is time delay between the site getting cleaned up and the Google listing service knowing that the site has been cleaned up. That's why after the site was fixed, the browsers that check the Google Safe Browsing listing still show it as suspicious. And there is no requirement for Google to be fast in fixing thier listing!

As far as NAM being owned by internet brands, yes it is. While that is true, it's also possible that one can get value from the site, while IB makes money from the site. That's the say large forum sites work, for better or worse! They make money from add revenue and vendor fees (or premium memberships). The vendors get access to qualified customers, and the membership gets to participate in a hostest internet community. If you don't buy anything or click on any adds, NAM doesn't make a cent (directly) from your presence here.

Matt

 

The site is what we make of it. They can advertise all they want on here, but unless they start directing the content, we're the ones who make the site what it is.

What about this site makes us "shills for a mass marketing company"? I ask that question because I really want you to think about why you asked it. We do the posting, we provide the content, we go to the rallies, we put together the meetups... Not some mass marketing company. They just maintain the playground. Now, if they were to start modifying posts, deleting threads, modifying topics, then we can point and cry, "Foul!"

Very, very few people have the kind of money it takes to run a site like this even with the amount of advertising we see here. I participate on another forum that's run by a very wealthy person from Silicon Valley. He's given us some indications as to how much money it takes to keep his site going with no advertising. It's staggering. Staggering like, even if I had as much money as he does, there's no way on Earth I would throw that kind of cash at a website that doesn't earn anything.

So who cares if the car is leased, as long as we're the ones driving it?

 

Herleman - I'm really not sure what you are implying. Can you be more specific?

It costs an outrageous amount to host/run a site this size. Of course the site hosts (Internet Brands) place ads to make money. All large sites do. Otherwise you're just pouring a lot of money down a large hole.

 

I am implying nothing. It just worries me a bit whenever something as large as Google is worried about the safety of the site.

That came up at the exact same time as a message that I received about some one having replied to a thread I suscribed to which launched an attack of some sort or another on my machine. I spent an hour cleaning up all the stuff that one uploaded to my computer.

That, of course, raised the question in my mind as to where the issue came from -- was it from the sender, or was it something more insideous that occurred from the website. It also follows my having recieved a lot of spam type email -- I'm talking hundreds, not a few -- all of which were automotive product related.

I know nothing of how all of this works. I can only watch what happens on my end and try to draw conclusions. Then, when I try to log in to the site and getg bright red screens that warn me away, I wonder what actually is going on.

So I tried to figure it all out to the best of my ability, only to find that I was advised that the website was perhaps jsut a huge data collection device to provide lotential leads to various vendors.

I have no idea -- nor do most of out here -- of what it takes and what it costs to run a website. Others have advised me that if I search long enough I would find that BMW had a large interest. That worries me, because we all share so many thoughts about our cars -- good and bad -- and it raises the issue of whether we should expect our comments to have been shared with our dealers. And in fact, at least one dealer specifically asked me about a comment I had made. I had said that I was giving serious consideration to buying an "S" model. Within 24 hours, I got a call from a dealer suggesting that he had just such a machine that he could offer at a good price. I presumed that the dealer's person simply read the site for himself. I prefer to think that it what happened.

But I do get worried about these things -- as do many others out here. And in the absence of any information to the contrary, many of us may develop concerns about what we are doing. Remember, this went on for several days before it was ever mentioned here.

I make no implication other than that it worries me and if you have drawn any other inference, I apologize. But I think you can understand how a single user might feel when something that has become almost ritual suddenly gives every indication of having been something harmful.

Will it change anything? Most likely not, but I do think that now we may all have a better understanding of how this sort of thing works.

And I have to say that I still do not understand why Google blocked the site. But there is no doubt that they did. And thre is no doubt that it is worrisome to many of us website illiterates out here in user land. And darn, its still blocked as I write this, and when I ask for mor information from Google, is tells me that the site has been identified as a site which may install malicious software on my computer which may be used for purposes that they have not identified. Its scary.

 

No more NAM for me from home........ My PC has been popping up this crap since this started......

Had to completely clean house.......

 

All I know for sure is that I miss my daily NAM board visits & Firefox has me blocked & I refuse to use IE on my home computer. The only place I feel I can look at this site is on an old clunky wore out computer at work that already was crashing about 4 times an hour anyway, so we wouldn't be losing a lot if I finished it off visiting NAM! Hoping they get the problem worked out & things get back to normal because this is the best mini forum that I've ever found.

 

People keep mentioning an exploit being used against the site...

Nobody of any authority has ever said anything about any exploit being used at all to cause the problem google flagged the site for. So unless those of you who keep saying "exploit, exploit, exploit!" have some actual evidence to back that assertion up, could you please stop throwing "exploit" out there as if you actually knew what was going on.

-------

For those of you who are scared about what's going on because Google says this or Google says that...

Google constantly crawls webpages for search engine indexing by following links from page to page to page. A while back, they decided it was a good idea to also check to see if any of this crawling led to malicious things, and to provide that information as a service to everyone. Of course, if you use the Google search engine, Google will warn you if a search result is somehow flagged by their system. But some web browsers (notably Chrome, Firefox, Safari) look at Google's public data as well for an added security feature.

What happened here is that northamericanmotoring.com was flagged by Google's system (apparently due to some malicious hyperlinks), the admins took care of the issue, but Google hasn't yet reversed their flagging of the site. The text of Google's risk summary for the site seems to suggest that they look at the past 90 days of crawling history to determine risk. Hopefully, there is a way for responsible websites (such as this one) to get off the warning list faster than that 90 days after resolving an issue.

 

Looks like the Mariana's Trench

 

"exploit" is a bit of a generic term for an attack using security holes in systems..evil pages often have many...some fixed in most system, some still unpatched from the manufacturer...look up the page from ff... It lists the domain, and says it tries to install software without user permission...the definition of using an exploit.
The fact there was a bad link or two here is not what folks are mad about...it is the "hack" that was done to the site software that inserted the site redirect, sending users that used the Google search feature to a 3 party site momentarily, tried the exploits, then redirected folks back here...unknowingly!!
For such a attack to work, the site software must have been compromised in some way...the user machine must be vulnerable to said attacks, and the user had to use the Google site search....not super common among users, but useful.
A couple users keep trying to redirect the conversation to talk about a bad link on a users site...sure it happens...but the crux of the issues is much deeper...it has to do with the owners keeping the software that runs thee sites patched and current.
This exploit has been " in the wild" for weeks.....folks that run boards for fun have been hit..fixed it, and moved on in Hours.
Why has it taken days for the same issues here?!


Edit: I would like to state that in all my research, about 90% says this type of attack is mainly an attempt to steal Add revenue....IT USUALLY DOES NOT have the pages installing "bad software"...it is still possible..but most reports of this attack..going back to FEBRUARY has to theft of advertising revenue. The Software support people do recommend that users change passwords, since the installer of the hack did gain unauthorized access to deep portions of the software...and anything was possible.
Thanks Matt, AKA DR O for tracking down the support sites, and a few useful threads to add the ones I had found!!

 

As of last night I'm still getting the redirect to Google msg.

 

That NAM is not alone. This exact exploit has been used against lots and lots of sites.

Most sites are attacked directly, with someone going to the server, exploiting a weakness in the security settings, and inserting some code that contains something like "eval(base64_decode('bunch of askii craaap......')" This tells the host server to create the re-directs. By wrapping it up in the base64 code that isn't human readable, it's harder to find burried in the tons of other stuff that is there. Most that report the redirect exploit had poor server security. There is ONE lister in the thread I read who reported the code was embedded in an uploaded .gif file, but this seems unlikely, or depressing, as it would be sad that security was so poor that any embedded code could do such damage when uploaded as an image. One would think that image file uploads wouldn't be allowed to execute ANYTHING!.....

What's interesting is one site reported that the exploit was used to both insert the re-direct, and later to remove it! The theory was that the exploiter didn't want his work to be found and analyzed... So he or she removed it.

You can like or not the term exploit. The site WAS compramised. It was done by people who didn't have permissions to do so. By definition, they used an exploit to hack the site. Seems pretty clear cut to me.

You want to know more? Google "vBullitin redirect hack".... This is far from a secret. Want to go cross-eyed? Read this thread at VBSEO forum.

Anyway, the bad is that it's a real problem. The good is that to fix it one has to take away the security weaknesses that allowed it in the first place (this isn't exactly true, you can remove the offending code pretty easily, but without eliminating the exploit, it seems that it comes back pretty quickly....) and we'll have a more secure site as a result.

As far as the various interest having somewhat different goals for internet forums, I think that Herleman is just learning about the way things are...

Hosts (and owners) want something out of the site: Revenue
Vendors want something out of the site: Access to customers
Members want something out of the site: Access to a community that shares a common interest.

Every forum is exactly the same, to some degree or another. Sure there are some that are run out of just a desire to do something nice for the public at large, but they are few and far between. Especially as they grow! And BMW having an interest? I don't know but it's unlikely... They can read all the posts here without owning anything! We post them, so that they can be read! That's the point, isn't it?

Matt

ps, the huge drop in the Quantcast numbers earlier (end of Sept) isn't this event. What it was I have no clue! But using the traffic logging tools sure can shed some light on what goes on with various sites.....

 

Implying nothing?

You "haven't implied" that we're "shills for a mass marketing company", you "feel differently about the Mini, now", and NAM is "perhaps jsut (sic) a huge data collection device to provide lotential (sic) leads to various vendors".

I think it's pretty clear what you're not implying.

 

So someone targeted and hacked this particular site such that google search is relied on to install malicious things on user machines? Zippy, you don't really know what you're talking about, do you?

Did a NAM moderator or administrator tell you this? … Or perhaps you're adding your own details to what some other random users was theorizing (guessing) as to the cause (like some giant game of scared site user telephone)?

Point to your evidence of an exploit being used directly against this site (or even to any exploit that does what you are saying happened in the first place), or stop yammering on about things you're making up based on half-truths and a very incomplete understanding of network security.

If an exploit (any exploit) was used directly against this site to cause the issue that google flagged us for, you would only have been correct (and in that one detail of your fantastical chain of events story) by sheer chance. I am convinced that you (and a few others in here) have no clue about what really happened, but are going out of your way to try and sound authoritative based on what you believe "must" be the case… which, while entertaining to read, has no basis in reality and does nobody here any good.

In short (and this goes for anyone parroting an "exploit" story):
Put up, or shut up. Where's the supporting evidence for your "exploit" story? Because I don't believe you have any.

 

I just recently bought my first Mini and I joined NAM. I think it is a great site with lots of good people. I don;t believe that NAM is trying to doing anything illicit or underhanded. I do however feel they need to get this situation under control as quickly as possible. I feel for the admins trying to deal with this situation, someone has taken advantage of an exploit and its unfair to NAM. Alexa details reveal a sharp drop in page views, referring page views, traffic from search engines, reach, and rank. I hope that they can get this resolved quickly, as something like this can potentially hurt a community of enthusiasts that are together with a common interest. None of the other forums I have seen have the following this community has.

 

Sometimes I get the feeling Fishbert works for IB.
Here is the info...
Another similar site, with similar content, with similar software, was hit with the same exploit...they have a thread (they have been very honest) of what the actual exploit was, what was added to their server (unknown to them till they caught it) and what it did. That simple. The info is around, stop trying to downplay a serious situation.
I know it is just your job, but let folks make their descesion based upon facts..not upon debate of half facts like a political debate.
You keep trying to derail the conversation, which is violation of site rules...please refer back to the OP.
I believe you intent is good, but you must never downplay security risks...assume the worst, and then prepare for it, and hope the best happens.
To downplay the severity of the risks places IB, the parent company of NAM at risk...and we all have the best intentions in doing what is best for the community.
If the community thrives, IB gets more page views, more add revenue, and more growth....
If an issue is ignored as poorly thoughtout damage control, it can grow, fester, and like a cancer destroy this site.
Nobody has asked for anything other than a USEFUL statement from the site administrator...not a canned PR statement written by the legal department. That type of lame, half hearted responses do more damage than help...it just demonstrates to what level dysfunction and disconnect the corporate parent is at.
Vendors are complaining on other websites...some may/have defected...when will somebody go up the chain of command high enough to see some action?
Edit: I would like to state that in all my research, about 90% says this type of attack is mainly an attempt to steal Add revenue....IT USUALLY DOES NOT have the pages installing "bad software"...it is still possible..but most reports of this attack..going back to FEBRUARY has to theft of advertising revenue. The Software support people do recommend that users change passwords, since the installer of the hack did gain unauthorized access to deep portions of the software...and anything was possible.
Thanks Matt, AKA DR O for tracking down the support sites, and a few useful threads to add the ones I had found!!

 

I have never downplayed any risks. Go back and read my posts on earlier pages and you'll see I was one of the loudest calling for an explanation of what was going on by site admins. And I was also the one loudest calling for people to *NOT* turn off the safety feature so many were pushing as a quick fix.

I don't keep trying to derail conversation… I try to bring the conversation back to what we know (facts) rather than what some think they know (speculation, rumor, fantastical guesses, etc.). You, and a few others in here, keep trying to do the exact opposite.

You still haven't pointed to any source of information for your claims that this site was directly targeted by someone using an exploit of any kind. The reason is because that source does not exist. You are not speaking on fact, you are speaking on speculation, rumor, and fantastical guesses. You (and the others in here to keep shouting "exploit, exploit, exploit!") are derailing the conversation away from fact and into fantasy.

So…
1) point to where anyone of authority has said anything about this site being the victim of an exploit, and
2) explain your previous claims that this supposed exploit relies in any way, shape, or form on google search.

If you cannot do those two very simple things, you are talking out orifices other than your mouth on matters which you do not fully understand.

The most reliable information we have received to date was when NAM moderator, MLPearson79, said back in post #77 that the warning was due to a few "bad links" someone posted here, which had been removed by moderators. That could be something as simple as someone creating an account and posting malicious links, a malicious advertisement being put into rotation unknowingly (this has happened to a number of reputable sites before, including the New York Times), or any number of other possibilities. Now, I do question why MLPearson79 went back and edited his post, removing mention of "bad links", but that certainly does not equate to "hack/exploit".

Thus far, there has been zero mention by anyone who would know (NAM admins/moderators, for example) of any hacks or exploits being used against NAM in relation to this issue… and certainly no mention of some fantastical chain of events including a reliance on google search to conduct exploit attempts on user machines. So, again, show us your source that says this is what happened here. I do not believe you have one.

Oh, and I do not work for IB.
I work for a defense contractor in an industry that knows a thing or two about network security.

 

 

I not trying get a big argument going...just trying to keep a conversation going, so perhaps somebody comes out with some real info...
Folks just seem to be sticking their collective heads in dirt with dealing with this stuff.
If this was simply about stealing a few advertisements, or posting a bad link, this would haves died long ago....
There are several weakness in the software this site runs on...others too...most other sites received patches weeks ago..some before hacks, some after...the question is mr security, why did it take sinking here, and why did it go on for so long....
I can't argued with a brick wall..I know what I know, and have seen the threads on stuff firsthand. And working at a security/defense firm does not make one an expert in anything that we are discussing...heck you may do some interesting stuff, but we have already had some folks that work with the spooks in Ft Meede post (if you know stuff about members out side of here) and when they are concerned...maybe we should be too...

It goes on...vendors defect, most of the folks I talk to regularly are now on a different board...guess it is too late...
Time will tell if they come back...the irony is that the other board was one of the folks that started this one...before it went corporate...
Many of the most experanced folks here went there a few years back... That is why when you look back, the the hardcore modding threads kinda died...and the highly technical stuff stopped...it went elsewhere where the managent was a bit more lax with the vendors, and posters...allowing honest reviews and interactions.
I remember this site from when i first found it back in 2003 when I first interested in the mini, read it through much of 04, and made a few posts with a username I don't remember...there was tons of new active pages, lots of folks....not just 3 or 4 folks conversing...look at the page views lately on new threads...worse yet look at the posts in relation to the views...lots of folks looking for info...fewer than ever providing it.
I know where they went...but perhaps they will come back...the bigger the party, the more fun it is usually!!


Edit: I would like to state that in all my research, about 90% says this type of attack is mainly an attempt to steal Add revenue....IT USUALLY DOES NOT have the pages installing "bad software"...it is still possible..but most reports of this attack..going back to FEBRUARY has to theft of advertising revenue. The Software support people do recommend that users change passwords, since the installer of the hack did gain unauthorized access to deep portions of the software...and anything was possible.
Thanks Matt, AKA DR O for tracking down the support sites, and a few useful threads to add the ones I had found!!

 

I'm ing at the conspiracy theorists. I wish I had as active of an imagination as some of you guys! I'm so boring

For those that know the history of this site, they know that it was started by a MINI enthusiast who also happened to be pretty computer savvy. Back then, it was called Mini Coopers Online. At some point, MINI took offense to the "copyright infringement" in the name, so the site became North American Motoring (so there goes your "BMW has a large interest" theory ). NAM grew in huge fashion until it was too much to be run by just a couple of people, and the originator sold it to Internet Brands. IB owns hundreds of sites. They make their money off vendor fees and advertising, just like the previous owner did.

I did edit my previous post - I felt like my explanation was pretty simplified for the masses (I am pretty computer savvy but not necessarily about this sort of thing) but a lot of you guys were doing a better job of explaining the process than I was.

My message remains the same - the link causing the warning from Google was removed over a week ago, and we unfortunately are at Google's mercy as far as them removing the warning.

I know this is a huge inconvenience to members and vendors, and for that we are truly sorry.

 

Google is basically now in the "business" of being a protection racket.

They flag web sites and force those sites to purchase software to clean up and prevent further issues.....in many cases, these sites like NAM are not harmful and a false reading(s) can be found from a site who no longer has issues or a link from a site that did at one time. ?!?!?!?!

To me it's like the fox watching the hen house......will have to see how the Justice Department handles Google now.

 

Those that feel the need to start rumors really aren't helping anyone. There was an issue a week ago, someones MINI photo was hosted on a site that got hacked, we were flagged as a guilt by association, the offending links were removed and submission was made for re-evaluation. The IB tech support crew busted their rears to get it taken care of on a holiday weekend and now Google has been dragging their feet on re-evaluation for over a week now. The Martians haven't landed, earth isn't the center of the universe, the world is round, and Elvis, well I'll let you decide, but if conspiracy theorists would like something to talk about; think about how a completely unrelated corporation is controlling the free flow of traffic and therefore information on the internet.

There was also valid information in Post #90

I haven't been sitting here sounding like a broken record for everyone because not much has changed, we're waiting for Google to do their part in clearing the warning. I'm really only posting now to help put many of the rumors to rest. Please do take notice of the colored username and the full disclosure that Mark is from Internet Brands. If you have more detailed questions, feel free to email me through the Contact Us form, or send me a Private Message, and I'll update the group as it applies.

Google will get to NAM, fix their issue and life will return to normal around here; same moderators, same users same vendors (though I do think we may have added one recently) same cars. Next week someone will start a cam thread and that's where all the heated debate will go. In the meantime many are still accessing the site; hopefully those that have decided not to log in, despite there no longer being any threat, have had the chance to drive, maintain, modify, detail and photograph their cars and we'll have some good stories of motoring and fresh ideas for improving enhancing motoring and improving the MINI experience.

 

I have no doubt all is great on NAM.
Thank you mods for chiming in, and bringing reality to the debate!!
Now, the wait for google to release NAM from purgatory!!

Edit: I would like to state that in all my research, about 90% says this type of attack is mainly an attempt to steal Add revenue....IT USUALLY DOES NOT have the pages installing "bad software"...it is still possible..but most reports of this attack..going back to FEBRUARY has to theft of advertising revenue. The Software support people do reccomend that users change passwords, since the installer of the hack did gain unuthroized acess to deep portions of the software...and anything was possible.
Thanks Matt, AKA DR O for tracking down the support sites, and a few useful threads to add the ones I had found!!

 

It appears I can get on here with Opera, somewhat restricted with Safari and unable to get on at all with Firefox. The problem appears to be browser dependent now.

 

exploit = anything that can cause a problem. Thus, there was an exploit applied to this site even if it was a simple link that caused the site to get flagged.

exploit

— n
1. a notable deed or feat, esp one that is noble or heroic

— vb
2. to take advantage of (a person, situation, etc), esp unethically or unjustly for one's own ends

As you can see by number 2.

Mark, I am confused. If it was just a few links that was the offending material then why were the guys busting their butts? Remove a few links and resubmit for a scan should have been all that was needed.

The heated debate is that you guys hadn't been real clear as to what the exploit was and if it could have harmed peoples computers. Then you have folks telling people to disable a layer of security to surf the site. This is where my beef lies.... If you won't the rumors to stop they be open and tell folks what the problem is.

 

Looks to be back to normal for me on FF. Hurray.