AX84 comming to an end, TAG needs fixing real bad

[R.G.]

This train of posts is a study in human psychology. Humans observing any phenomena will almost never conclude "whatever caused that is a mystery".

What they will do is to latch on to any explanation they can make up that seems to fit the most obvious facet of the phenomena. For instance, thunderstorms were once thought to be caused by one or another deity being angry, the storm being its expressed wrath.

This leads directly to the observed phenomena of blaming the messenger. Whatever brings a human the news that something funny is going on is blamed for causing the something funny.

Posters here blamed google for issuing a warning. They blamed the browser, the phones, the internet, mysterious net entities, and so on, and looked for signs and portents of things getting better in whether the warning appeared, and for how long.

This is simple folks. The warnings will continue to appear, probably intermittently, until the site software is updated and re-scanned by google to remove it from the warning list, or until the site crashes and burns.

The intermittency may even be caused by google re-scanning and finding that nothing has changed. Maybe. That's me opining about what a sign and portent may mean.

But it's not going to stop until the issue that caused the warning note is dealt with. And that's not only unlikely to happen, it gets unlikelier every day. We can talk about whether the red warning appears or not, and what shade of red it looks like through which-colored glasses as much as we like, or blame Maxwell's Demon for it, but it's not going to stop until the underlying cause is dealt with.

The plane is on autopilot.

[rogb]

Agreed!
The sad part is if you enter "tube guitar amp forum" or similar into Google there is no mention of this forum on the first few pages!
So not only is there a malware warning which I get everyday on this site using FF, and only on this site, it will be hard to find this place, like I did when I was getting interested in building.

No real point in ranting and moaning, this is what it is now. The owner for what ever reason just don't care.

[JazzGuitarGimp]

No real point in ranting and moaning, this is what it is now.

^^^ This!^^^

[brentm]

https://developers.google.com/webmaster ... hl=en&rd=1

The site owner (Allyn) has to request a review and jump through some hoops. I think he mentioned he was going to do this at some point after the site is upgraded.

I know I read that Allyn has some other challenges, and it doesn't make sense to have Google take you off the naughty list if you can just end up back on it because of an unpatched vuln.

One challenge I remember him mentioning is that he doesn't have the admin password for the MySQL database. And the original owner doesn't remember it either... Not that this can't be worked around, but I think it's just another layer of crap to cut through to get the site upgraded to a level where there's not a long list of vulns that attackers can use to put you back on the naughty list.

I'm thankful that he's still paying the bill to keep the lights on. And he's never asked anyone for a dime to help with the hosting costs. I'm a member of a few boards where members are actively solicited to become "VIPs, supporters, etc"... Not that I wouldn't support this board too, but it's pretty selfless of him to keep the lights on without asking us for help.

Just use Internet Explorer 11 (with all current updates) when visiting. No nags

[R.G.]

The "hoops" take well under 10 minutes the first time. I've personally done that process on my personal web site.

As I mentioned, and you allude, the clearing of the red flag is dependent on doing the few minutes of messing about.

What is very unclear is what about the site needs upgraded before it can be re-scanned and un-listed. There have been some comments about missing passwords, and Omar having forgotten the passwords, and working with some BB tech types, and not wanting to lose what's been built up over X years.

This leads to some logical questions:

1. Is a site BB software a prerequisite to getting google to re-scan and release it from the bad-guys list? If not, I don't see why the few minutes of work can't be done sometime in over a year.

2. If the site MUST be upgraded before google can re-scan, why is this? Is the older level of phpbb (or whatever) a security problem on its own?

3. If either (a) the site software is a security problem on its own, or (b) there are embedded bad-nesses that can't be touched because of the missing passwords, then the site is in fact a security risk to every user, and google is simply telling the truth. In this case, having the users self-train to ignore the red flag is setting them up, one way or another.

[brentm]

Yeah, I assumed that he didn't want to put the effort into submitting a request to Google to remove them from the naughty list until he could upgrade phpBB.

It looks like this site is running 2.0.18 of phpBB - Here's a list of vulns that apply to the phpBB product.

http://www.cvedetails.com/vulnerability ... 6794e54666

Those that apply are probably about the top 20 on the list... dating back 10 years to current. I'd say running this version of the board version has risks. I'm not sure what mitigation he's done to prevent the issues of attackers injecting their REDIRECT into the CSS of the site. Like we saw last year...

I agree, the site is basically on life support. Typically, if you have control panel access to your host, you can work around the missing password issues. I agree with your #3 statement.

I'd be willing to help out if Allyn needed some technical help. I know he has the chops, but maybe just not the time. Life is busy, especially with kids, family, employment, etc. It's a cool community that's developed here, it'd be a shame to see it disappear one day.

[gui_tarzan]

I know a guy that can hack the database password if that's the only thing holding up recreating this site. It's legit, as long as we have permission from the owner.

Unfortunately it may come down to someone building a new site with the archives from this one as a starting base. To have it on the "bad" list for so long is inexcusable.