Page 1 of 1
possible malicious site appeared in whitelist
Posted: Fri Sep 10, 2010 9:37 am
by eradic8
Just checked my No-Script Whitelist this morning, and I found this URL in it: "adinterax.com" Know as far as I am aware I have not allowed this, if so it was an accident. Anyway I'm not really sure how it got in my Whitelist, but on doing a google search I got the following Windows popup message: Secure connection failed: adinterax.com: 443 uses an invalid security certificate. The certificate is only valid for "
http://www.adinterax.com" (Error code: ssl_error_bad_cert_domain) This could be a problem with the server's configuration or it could be someone trying to impersonate the server. If you have connected to this server successfully in the past the error may be temporary and you can try again later. The site appears at the top of the google search list. I suspect this may be a SEO posioning attack site.
Re: possible malicious site appeared in whitelist
Posted: Fri Sep 10, 2010 9:53 am
by Giorgio Maone
This site belongs to Yahoo!, and it's one of its ad networks.
You likely allowed inadvertently by "Allow all on this page", but it's seemingly not malicious.
Re: possible malicious site appeared in whitelist
Posted: Fri Sep 10, 2010 9:55 am
by eradic8
Giorgio Maone wrote:This site belongs to Yahoo!, and it's one of its ad networks.
You likely allowed inadvertently by "Allow all on this page", but it's seemingly not malicious.
Thanks for the quick reply, but I don't understand why I'm getting the popup saying the certificate is invalid.
Re: possible malicious site appeared in whitelist
Posted: Fri Sep 10, 2010 10:05 am
by Giorgio Maone
eradic8 wrote:I don't understand why I'm getting the popup saying the certificate is invalid.
Because of a server-side misconfiguration.
- They've got a SSL cert for www.adinterax.com
- You opened http://adinterax.com
- They've got a server-wide directive to redirect any HTTP traffic to HTTPS
- You're redirected to https://adinterax.com. Since the certificate is only for www.adinterax.com, Firefox warns you about the mismatch
The correct way for them to handle the HTTP->HTTPS redirection should be changing both the protocol (http:->https:) and the host (adinterax.com->
www.adinterax.com), rather than the protocol alone.
Anyway, no malice there, just incompetence.
Re: possible malicious site appeared in whitelist
Posted: Fri Sep 10, 2010 1:51 pm
by eradic8
Giorgio Maone wrote:eradic8 wrote:I don't understand why I'm getting the popup saying the certificate is invalid.
Because of a server-side misconfiguration.
- They've got a SSL cert for www.adinterax.com
- You opened http://adinterax.com
- They've got a server-wide directive to redirect any HTTP traffic to HTTPS
- You're redirected to https://adinterax.com. Since the certificate is only for www.adinterax.com, Firefox warns you about the mismatch
The correct way for them to handle the HTTP->HTTPS redirection should be changing both the protocol (http:->https:) and the host (adinterax.com->
www.adinterax.com), rather than the protocol alone.
Anyway, no malice there, just incompetence.
O.K thanks for the explanation Giorgio, I understand now.
Re: possible malicious site appeared in whitelist
Posted: Fri Nov 25, 2011 8:57 am
by danialpaul1
hey Giorgio thanks for detail description, I appreciate it !
Re: possible malicious site appeared in whitelist
Posted: Sat Nov 26, 2011 10:32 am
by Tom T.
FWIW, this site has a very poor reputation at
mywot.com, where it is accused by some users of loading spyware. My HOSTS file blocks it, with the explanation, "Tracking Cookie".
I'll add this to the
'SOME SITES YOU MIGHT NOT WANT TO ALLOW" list.
Thanks for the report.