Solved

a cloud server website called files.secureserver.net is giving me a warning

Posted on 2015-02-18
5
214 Views
Last Modified: 2015-03-15
I am trying to access this site. I am getting a warning that says " The website you are trying to access contains programs that may harm your pc. If you enter you site, you might be tricked into clicking something that will infect your computer." Obviously, not a good message. Questions:

I have used this site before without any issues except today. What might of changed. I have always uploaded word documents and excel files.

Is there something on my pc that is trying to upload to that site?

Has that site been hacked?

Thanks

Dt
0
Comment
Question by:dronethought
5 Comments
 
LVL 42

Accepted Solution

by:
Davis McCarn earned 100 total points
Comment Utility
secureserver.net is part of GoDaddy and the odds are that bunches of other users have infected their websites or files.

To check your own stuff, login to your account, access https://www.virustotal.com/ in a second tab or window, then tell it to scan your files (use the url tab).
0
 
LVL 53

Assisted Solution

by:COBOLdinosaur
COBOLdinosaur earned 200 total points
Comment Utility
It does not matter how often you have used it in the past; it is now infected.  It is common for lowend upload sites to have the kind of sloppy security that allows such thing to happen.  If you have contact info for the operator you should let them know but if it is s godaddy operation they probably don't care.  

If you wait long enough they may clean it up. Then you will have to ask yourself if you want to use a site where this could happen again; and next time you might end up being a victim of the malicious code.

Cd&
0
 
LVL 6

Assisted Solution

by:Oleksiy Gayda
Oleksiy Gayda earned 100 total points
Comment Utility
There is no indication that files.secureserver.net is actually compromised at this moment (VirusTotal, Google SafeBrowsing, SiteAdvisor all show it clean) so the message you are receiving is likely being shown by an add-on you have installed, or your company's internet proxy server, if you are accessing the web through one.

It is not uncommon for corporate IT to block sites that permit file sharing/uploads, as means of preventing corporate data from being inadvertently uploaded to such sites. If you are on a company network, I would check with local IT. If you're at home, try to remember if you installed any "security" software recently, or check with your ISP (it's unlikely, but possible, that your ISP or service like OpenDNS would show you similar warning messages, if they deemed the site suspicious for some reason).

Another possibility is that you somehow got "scareware" installed on your computer, which is trying to show you warnings to trick you into clicking a link to install/purchase some additional "antivirus" solutions. But in cases like this, the message almost always has a call to action (ie. "Click here to protect yourself" or "Scan your system now") so if you're not seeing one of those, it's probably the former.
0
 
LVL 53

Assisted Solution

by:COBOLdinosaur
COBOLdinosaur earned 200 total points
Comment Utility
The message is not the kind of thing you see from blocking by a proxy.  As VirusTotal, Google SafeBrowsing, SiteAdvisor I have seen a number of cases where they proclaimed a site clean when Kaspersky was alerting and even identifying the specific malware.

So it really comes done to where the message is sourcing from.  If it is from the AV thenthat should be considered definitive if it is coming from the browser or an addon It need verification with a second or even a thir browser.

Ignoring warnings is a big part of the reason that by most estimates 35-40% of computers on the internet are infected with some kind of malware.

Cd&
0
 
LVL 61

Assisted Solution

by:btan
btan earned 100 total points
Comment Utility
typically for Chrome, Mozilla Firefox and Apple Safari , they used Google Safe Browsing to check site and in this case, the check as below is alright. https://www.google.com/safebrowsing/diagnostic?site=files.secureserver.net

However, I understand file upload site can easily get bad reputation esp open since file uploaded can itself be malicious though not the site hosting it. It implicate the whole site easily with large user pools. This GoDaddy site hosted and further checking using such as http://files.secureserver.net.ipaddress.com/ did not really show any ill intent of any related registration and entity being non-legit.
Likewise another check using such as http://www.scamadviser.com/check-website/files.secureserver.net did not surface it is ill reputed or even being phished. There is more of reference to its parent domain secureserver.net which looks fine. Sidenote, Enterprise will base don policy still enforce their content filter gateway to block file upload sites..

From stopbadware, likewise symptom to be wary of
Other indications that your site may be infected:
Visitors see a warning from their antivirus software when they visit your site
You see strange search engine results for your site, such as advertisements for pharmaceutical products
Your site redirects to an unknown domain when you navigate to it in your browser, or when you try to access it from search engine results
You notice that permissions or files have been altered, or new users have been added
You have email notifications from Google or your web hosting provider about possible malware on your site
https://www.stopbadware.org/my-site-has-badware

Reference some use tips
How do you determine that a site is unsafe?

For malware sites, we scan sections of our web index to identify potentially compromised websites. Then we test those sites by using a virtual machine to see if the machine gets infected. We use statistical models to identify phishing sites.

What if I don’t think my site is infected?

Malware can hide in many places, and it can be hard even for experts to figure out if their website is infected. Our accuracy rate is very good, but you can submit your site for a malware review by following the instructions here.

How do I report a website that is unsafe?

You can report a website suspected of hosting or distributing malware here, or a suspected phishing site here.
http://www.google.com/transparencyreport/safebrowsing/faq/?hl=en
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
Steve Terp was featured in a video created by CRN about how "Channel Is Crucial To Market Disruption". Click on View source to see the video and article
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now