

Google blocking all FastSpring stores - chaosmachine
http://www.google.com/safebrowsing/diagnostic?site=fastspring.com

======
fastspring
Unfortunately one of our marketing servers was exploited (our store servers
are completely separate, not even in the same data centers) which caused a
Google Badware flag. We immediately cleaned the server and submitted it for
review, Google just informed us that the site is clean and the badware
warnings are being removed. They said it will take some time for the change to
propagate, but we expect everything to be normal again shortly. We'll be
working on changes to ensure there's never a repeat. Just to reiterate, there
was no problem with our store servers or SpringBoard/Order Pages; our
e-commerce sites were _not_ hacked and there was _no_ data breach of any kind.

Thank you to everyone for your patience and understanding during this
temporary challenge.

------
chaosmachine
I use FastSpring for several of my businesses. All my Firefox and Chrome
customers are currently bouncing off a scary malware warning when they go to
check out:

<http://i.imgur.com/aaV50.png>

FastSpring support says:

"Our marketing page on fastspring.com was hacked with some malware. Because of
this, google lists any FastSpring.com URL as hosting malware and blocks Chrome
and Firefox visitors from going to FastSpring.com URLs. While Springboard and
Order pages weren't hacked, the net effect is that users of Firefox and Chrome
are temporarily blocked from getting to order pages. We are working to clean
this up and get google to unblock and hope to have it fixed soon. Buyers using
IE, Safari or Opera aren't effected."

For the moment, I've paused all my AdWords campaigns. I'm really hoping this
will get resolved quickly.

------
Joakal
Google.com even thinks some part of Google.com had some suspicious activity:
[http://www.google.com/safebrowsing/diagnostic?site=google.co...](http://www.google.com/safebrowsing/diagnostic?site=google.com)

Yahoo's even worst:
<http://www.google.com/safebrowsing/diagnostic?site=yahoo.com>

The only search engine not been partially suspicious:
<http://www.google.com/safebrowsing/diagnostic?site=bing.com>

~~~
woodall
It even looks like Twitter/Google's url shortners, StumbleUpon and a few
others are flagged as well. My guess is that they tag the url responsible for
the redirect instead of where it resolves to.

------
kevinburke
FastSpring should submit a reconsideration request in Webmaster Tools showing
that they've cleaned up the problems. Then the warnings will go away.

It's not a good sign that an online checkout store is getting hacked, period.

~~~
circa
Yeah definitely. I've had this issue a few times with some of the sites I
manage. Its usually lifted quick once someone submits the proper info but yeah
this can't be good for their customers. bummer.

------
paulkafasis
Just heard from FastSpring, with a forward of the reply from Google:

"Status of the latest badware review for this site: A review for this site has
finished. The site was found clean. The badware warnings from web search are
being removed. Please note that it can take some time for this change to
propagate".

Sounds like this should all be clear in the AM. Or later in the AM, as it
were. Or, within a few hours, for a less US-centric time.

------
paulkafasis
For what it's worth, the warning isn't appearing in Firefox in multiple test
machines either. It certainly is appearing in Chrome, and as you note, it's
scary looking. Fortunately, it DOES have a bypass link.

For now, we're just hoping they'll get it cleaned up by the AM. If not, we'll
have to consider more drastic steps (a very first step being user-agent based
warnings on our side of things).

For the future, we'll certainly want to see a smarter separation of domains,
to avoid this very issue.

~~~
colonelxc
The warning is appearing for me (FF 10.0 on Ubuntu 11.10). It might have just
taken time to propogate.

------
mise
On a tangent: FastSpring rocks. I've ditched 2Checkout.com in favour of them.
Their email support replies in minutes (it seems including during off-hours).
They abstract away subscription calculations (when will that member expire??)
that I found a pain with 2Checkout.

------
retube
Can someone explain how malicious code can be installed without a users
permission? Is it possible do it without a user clicking something? By
literally just loading the page?

~~~
devicenull
An exploit in the browser/flash/pdf reader/etc. Page loads, exploit loads,
computer is compromised.

------
mvelie
It seems like maybe customer sites should use a different domain than
corporate data in order to keep things like this from affecting clients.

------
scrod
Don't worry, this problem is easily solved by moving to Google Checkout!

~~~
richardw
I'd have to move countries to do that. I can pay Google just fine, but they
can't seem to figure out how to pay me. Fastspring has, for years.

~~~
scrod
I sincerely hope you realized that my suggestion was entirely facetious.

