# Off Topic > Suggestions for Improvement >  >  Websense categorises ExcelForum as "compromised"

## Olly

Not sure if this is the best place to post this, but...

Out office use Websense web proxies to protect our work network. This week, excelforum.com has been blocked, categorised as "compromised".

I'm trying really hard to find out more details, but our support guys are being typically inept and secretive. So, I have no idea what form this alleged compromise takes, but are refusing to lift the block, until action has been taken to satisfy the Websense filters.

Please, please, please, please look into this, and fix it. I hate not being able to access the forum from my office!

----------


## JieJenn

I can feel your pain. Some days ExcelForum is blocked due to compliance reason. Just some days.

----------


## Metrazal

I encountered the same problem Olly.  Hopefully, it is a temporary issue.  I like to access the site from my office as well.

Met

----------


## romperstomper

Same here. Oddly it didn't happen when the forum _was_ compromised previously.

----------


## StephenR

I've had the same problem. My IT people suddenly tell me that "the site is on medium level of compromised website, this site is a security vulnerability ... out of 285 links 275 are found to be malicious links."

Please could somebody at EF look into this?

----------


## FDibbins

I have pushed this to the Admin, Im sure they will send it on to the TT.

Just as a check though, is it possible that this site has blocked your IP?  That has happened to me a couple of times - 1 minute I can get in, then next, i cant...only to find out later that my (work) IP got caught up in a IP range ban

----------


## romperstomper

Nope - any attempt to access this site from work redirects to a page saying websense has blocked access because it's a compromised site.

I won't hold my breath if the TT are on the case.

----------


## FDibbins

OK, thought it was worth mentioning  :Smilie:

----------


## romperstomper

I agree!  :Smilie:  

From a purely personal point of view,  it would be nice if it could get resolved pronto as my participation here is limited to using my phone while commuting until it is!  :Frown:

----------


## FDibbins

I have used my phone once or twice, and even though it is a big 1 (Note 4), it is still a huge pain  :Frown:

----------


## Deepasha9

Hi Everyone

Happy New Year!
Firstly, the upgrade will make EF responsive to different devices (mobile and pads). So it will be easier to access it from non-PC's/ laptops.
As for the websense report, thanks for informing us. It was primarily because we weren't listed under the right category. We have now resolved that and are listed under Application and Software Download. All will be good now.  :Smilie:

----------


## romperstomper

Ahh, thank you - access has been restored!  :Smilie:

----------


## StephenR

Yes, thanks, sorted here too.

----------


## Olly

Not for me - our office blocks Application and Software Download, as well. That still doesn't seem to be the correct category - what are people downloading from this site? None of the other Excel forums are in this category...

----------


## romperstomper

Blocked again today - listed as compromised.

----------


## romperstomper

Still blocked, FWIW.

----------


## StephenR

Yes the problem has returned for me too

----------


## romperstomper

Still blocked. Does anyone care?

----------


## Doc.AElstein

> Still blocked. Does anyone care?



 The Voluntary expert help for Excel problems is amazingly good in this, like many forums…

….   Like many Forums, I guess, it is hard to find someone to Voluntarily sort out Board Software or Board Improvement issues.. 

..   It is a great Detriment to the excel World  that you are "blocked!"


....
.  Edit: Just realized that means you were blocked and having to work from your phone the last time you helped me. … So thanks again for that amazing effort.

----------


## JBeaucaire

> Blocked again today - listed as compromised.



I'm just now seeing this for the first time.  Notes like this in public threads are understandable, but not the fastest way to ensure the folks who can look at it know about your messages.... for that, a PM to EFManagement delivers the message directly.

Now that I've seen this, I will send them a link to these new comments.

----------


## romperstomper

And there was me thinking the whole point of _this_ forum was that the management would be listening.  :Wink:

----------


## shg

Then they probably also don't know that no one has been able to see images in the forum since last fall. Maybe you could let them know that also, JB.

----------


## JBeaucaire

It has been noted to EFManagement, I, too, am unable to see most images in posts.   I've pinged them to read this thread now, so they will see this as well.

----------


## Doc.AElstein

> ........ no one has been able to see images in the forum since last fall. .............



.   I apologies for “hijacking here” , but I wanted to try this image thing  ( IMG ) out myself (as I had just mastered it elsewhere and wanted to use it here to help answering a Thread..) … Unfortunately I see that in the Test Forum (Excel Forum Development & Training) the “IMG” code is Off. So I would not expect the following below  to work there. But here I see that the “IMG code is On”. 
.  As the Image problem is discussed here I thought I would just give it a shot. So I paste in now  “ SHARE LINKS “ which I prepared and have been able to successfully use to produce a nice seeable image elsewhere in forum Threads…..
.  So here Goes…...  pasting in all of the  4 options given to me in the right hand margin next to my uploaded image in a free file sharing site that I was recently recommended by an experienced Forum user…..
.1   Email & IM
.2   Direct
.3   HTML
.4    IMG 

.1   Email & IM

http://s1065.photobucket.com/user/Do...0jbor.jpg.html

…………………………………………………..

.2   Direct

http://i1065.photobucket.com/albums/...ps4ks0jbor.jpg

………………………………………………….

.3   HTML

<a href="http://s1065.photobucket.com/user/DocAElstein/media/ExcelForumLog%20in_zps4ks0jbor.jpg.html" target="_blank"><img src="http://i1065.photobucket.com/albums/u400/DocAElstein/ExcelForumLog%20in_zps4ks0jbor.jpg" border="0" alt="ExcelForumLog in Example for shg &amp; joe photo ExcelForumLog in_zps4ks0jbor.jpg"/></a>

……………………………………………………..

.4    IMG




……………………………………………………………..

----------


## Doc.AElstein

well "B_____ me with a B____ Poll"

... I never expected that to work.....

----------


## Alf

I got this waring but when I tried two minutes later there was no warning.

Alf

----------


## Alf

forum_safety.jpg

Testing to add warning as jpg file. Rather strange text I would say. It seems like it's an add-on on the forum page the "Microsoft Essentials" don't like???

Alf

----------


## Doc.AElstein

> .........Rather strange text I would say. It seems like it's an add-on on the forum page the "Microsoft Essentials" don't like???
> 
> Alf



..Good you "captured" that!  -----... interesting that Google finds nothing for "aibeegheey"  .. suggests I guess that someone is mucking about!

----------


## FDibbins

To get back on track with the thread title...


I am still getting this error/warning from McAfee (for 2 days now)...




> Use caution on this site
> http://www.excelforum.com/search.php?searchid=4080275
> Although the content on this site does not violate the acceptable usage policy, please exercise good judgment.
> A security risk is posed by this site.
> McAfee Content Category: Technical Information
> McAfee Security Rating: Yellow
> 
> 
> Powered By:  SiteAdvisor Enterprise



I get this EVERY time I open ANY window from this forum - very frustrating  :Mad:  :Mad:  :Mad:

----------


## Norie

Ford

Isn't that just a 'warning' about the site's content?

Have you checked the definition for the category 'Technical Information' in the McAfee documentation?

----------


## FDibbins

I agree that it's a warning, but I get that every time I open a window - and need to "continue" every time

I had this same problem a few weeks ago, it was fixed then - IT NEEDS TO BE FIXED now, as well!

Reported before on 02-12-2015, 03:28 PM

----------


## Doc.AElstein

> To get back on track with the thread title...
> .........



And if I may be so bold as to add getting back to possibly the main problem just now.. ….





> ......... it would be nice if it could get resolved pronto as my participation here is limited to using my phone while commuting until it is!



…. Him being shut – out for over a week now is a great loss to the Forum..

----------


## romperstomper

Well, Ford's experiences probably explain why it's blocked, and possibly also the delay in rectifying that. 

The downside for the forum is that Websense is used by quite a lot of enterprises so that's a lot of potential users lost. And it's not the first time this sort of thing has happened (it's why I always use a script blocker here).

----------


## StephenR

It'e been nearly two weeks now. When it was sorted out last time the impression given was that it was a simple job, just the wrong listing. Is it actually more complicated than it sounds? I'd have thought allowing users to access the site would be fairly high priority?!

----------


## EFmanagement

Hi,

The work is very much on it. We contacted Websense a week back and as per their procedure it takes them about 4-5 days to get back. Have been pushing them. As you said, this is extremely high priority. Thanks a lot for bringing this to our notice.

Thanks
Admin

----------


## StephenR

OK, thanks for the update - good to know it is being looked at.

----------


## Doc.AElstein

> ....... Have been pushing them. As you said, this is extremely high priority. Thanks a lot for bringing this to our notice.
> 
> Thanks
> Admin



.  Thanks for letting us know.
.  Good luck with your efforts.
.  Can you drop a note here if you get it fixed so those not currently able to log- in get to know as soon as possible?
..Thanks
. Alan

----------


## romperstomper

Day 15.
No end in sight. 

Some of the crew have been talking of taking the lifeboats and striking out for one of the other islands. I have ordered them to stand firm for now but the natives are getting restless. I fear for the ship.

----------


## Kyle123

Might want to add another one to the list...

----------


## romperstomper

Day 18.

Supplies are running low. Most of the crew fled during the night. Morale among the remaining men is almost non-existent. 

Hope of rescue is all but gone. If and when it comes I fear there will be naught but bones left to save. 

Save our souls.

----------


## Kyle123

What's that from? Seems hauntingly familiar

----------


## romperstomper

Nothing I'm aware of, I'm just making it up. You should be worried if my thoughts seem familiar...  :Wink:

----------


## romperstomper

Different day, same... um... story

----------


## Kyle123

Flog a dead horse

----------


## romperstomper

It can be therapeutic. I can only assume that there is a real issue.

----------


## FDibbins

OK maybe stupid question - you guys still have that same problem?  (I ask coz mine was fixed)

----------


## romperstomper

Yep - still blocked by Websense as of this morning. Coming up to a month now.

----------


## JBeaucaire

I heard back from Shub today, Websense has made "some tweaks" on our behalf, but have not agreed to fully remove the block just because we tell them to.  They are involving another party to try and get the remaining alerts on our site lifted.

----------


## jaslake

I believe romperstomper is recording all this in the Ship's Log and may well publish :Smilie: 





> Day 15.
> No end in sight. 
> 
> Some of the crew have been talking of taking the lifeboats and striking out for one of the other islands. I have ordered them to stand firm for now but the natives are getting restless. I fear for the ship.







> Day 18.
> 
> Supplies are running low. Most of the crew fled during the night. Morale among the remaining men is almost non-existent. 
> 
> Hope of rescue is all but gone. If and when it comes I fear there will be naught but bones left to save. 
> 
> Save our souls.

----------


## StephenR

romperstomper's comment reminded me of the Rime of the Ancient Mariner, who at the end of which, after a tortuously long journey, is much sadder and wiser. However, I fear I might have forgotten most of my Excel knowledge by the time this journey ends.

----------


## romperstomper

The tales of Captain Horatio Romperstomper. Chapter 5.

Day 28.

Two more of the crew died during the night, whether from impatience or scurvy I cannot say. The atmosphere on board is as rank as the grog the bosun had been hiding.

Blighty is but a distant memory. I pray whoever may find this journal will send word to Cecily and the children, that they may know I thought of them even in this darkest hour. 

God save the King.

----------


## romperstomper

DM 
Capt. Horatio Romperstomper 
Requiescat in Pace

----------


## jaslake

May the good Captain Rest in Peace...

----------


## teylyn

Maybe you should ignore Websense.

----------


## romperstomper

I can't - it simply blocks all access to things it doesn't like.

----------


## StephenR

Most of my shipmates have perished or lost their mind. I'm just clinging on. Is there any news?

----------


## romperstomper

Although I'm used to the lackadaisical management attitude to most of our requests, even I am surprised they don't seem to be taking something seriously that will actively prevent a lot of people from accessing the forum at all!

----------


## jaslake

> Although I'm used to the lackadaisical management attitude to most of our requests, even I am surprised they don't seem to be taking something seriously that will actively prevent a lot of people from accessing the forum at all!



It's terribly disappointing...and discouraging.

What happened to What's her name that was to be our Sounding Board for issues...

----------


## StephenR

Perhaps they don't want our sort hanging around. Lowers the tone.

----------


## twaccess

I've just had this message back from our IT support. This is only an issue for me when I'm located in the office. Most of the time I'm out and about working from sites or home and I can still access the forum.




```
Please Login or Register  to view this content.
```

----------


## daffodil11

And here I thought I was all alone. I've been blocked for about three weeks now.

Daddy needs his medicine. Going through withdrawl.

excel.png

----------


## FDibbins

Yes, I am getting that same message.

If you click Details, you cant still get in - if you want

----------


## romperstomper

Only three weeks - you must be special.  :Wink:  Two and a half months and counting...

----------


## TMS

I also got the pretty message in post #61.  If I clicked on the Details link and carried on regardless the stuff sent back was pretty useless.

That was on Chrome on my iPad.

Seems to have been resolved now but I guess there is still an underlying issue.

----------


## adhawan06

I also got the same message but just checked that some malware attacked on Excel Forum website since 12 GMT so since then they had shut their website and were working on fixing it up. Now their message says the issue has been fixed. 

Excel Forum.png


Cheers!!!

Anil Dhawan

----------


## JBeaucaire

Please let us know if your access is any better now.  Thanks.

----------


## adhawan06

Yeah it is working fine so far but do you guys have any idea how it happened. I remember one thread where user quoted that he was unable to do reply so I was just looking at and then suddenly the red window error message appeared.

----------


## TMS

Probably churlish of me, given that there HAS been a banner message, but 



> A few hours back we were hit by a malware and had to shut down due to the gravity of the issue. We are finally up and running. We apologise for the inconvenience and appreciate your patience.



 needs a date and time for it to be meaningful for anything more than a moment in time.

It IS good that the issue has been acknowledged, addressed and communication put out, but EF Management really need to up their game.  For example, there doesn't appear to be a way of confirming that I've seen the message and stopping it displaying. How long will it be before it is removed?

----------


## jaslake

I received this last Evening...thought it was a major step in the right Communication Direction...

Never mind... jpg will not upload...Ah well...what can I say...fix one, break another...

----------


## adhawan06

> Probably churlish of me, given that there HAS been a banner message, but  needs a date and time for it to be meaningful for anything more than a moment in time.
> 
> It IS good that the issue has been acknowledged, addressed and communication put out, but EF Management really need to up their game.  For example, there doesn't appear to be a way of confirming that I've seen the message and stopping it displaying. How long will it be before it is removed?



I personally feel they may want to keep this for 12~24 hours (logically just to let all users know). May be in next few hours they will remove this.

----------


## FDibbins

@ TMS, lets take this in baby steps  :Smilie: 

1.  acknowledge the need to communicate this kind of info with members
check
2.  start posting info about what has happened and what is being done/was done
check
3.  ID what info realistically needs to be communicated, for it to actually be useful and meaningful
working on?

To the admin and TT...
Definitely a step in the right direction by posting what happened and what was done.  Thank you for that  :Smilie:

----------


## JBeaucaire

The banner ad was meant to be visible only for a single period of 12 hours.

----------


## TMS

@JB: ok, gone. Difficult to determine the timing, but it's gone  :Smilie: 

@Ford: absolutely, hence the opening comment.  There ARE a number of positives, not least of all the fact that the site was back up relatively quickly given the circumstances. Still ...  :Wink:

----------


## FDibbins

> @JB: ok, gone. Difficult to determine the timing, but it's gone



It was still there when I posted at 11:43, probably came down at midnight USA time





> @Ford: absolutely, hence the opening comment. There ARE a number of positives, not least of all the fact that the site was back up relatively quickly given the circumstances. Still ...



yes it was, AND as importantly, we were told what happened.  Based on past experiences, a HUGE step forward  :Smilie:

----------


## Deepasha9

Hi Everyone

As some of you are aware, around a couple of months back ExcelForum was blocked by Websense, we tried to figure out internally what was the issue but could not find anything. We hired one of the top Security companies- sucuri.net, to find out the reason. As per them the site was clean and therefore, they submitted the site to WebSense. But still Websense would not remove the black list status of the site.
We were, therefore, under the impression that the site was clean and there was some kind of an issue at the end of WebSense. As there was no other detection service saying otherwise.

A week back we found out some details that might have been causing the issue. You can read the links below for more information:

http://www.scmagazine.com/cyphort-la...rticle/408293/
http://www.cyphort.com/forums-malware/
https://blog.sucuri.net/2015/01/vbse...execution.html

Hence, we disabled the VBseo plugin on the site so that the security hole gets patched.

Then yesterday morning the site was declared to being under attack by Google. We were in panic mode and started checking every single file on the server. Figured out that the VB seo script was still on the server which could have been the entry path to the hackers, so we deleted those files. Also removed the Ads from the site as Google also blocks sites if they are diverting traffic to sites promoting exploits (in our case it was Fiesta Exploit Kit). 

We also had the experts looking into the case  (https://www.dropbox.com/s/nrgd51xso4...48.20.png?dl=0) and they also pointed out that it could be the ads. 

We are still taking it slow. We have removed all possible ads shown to even the non-logged in users and will activate them one by one to see whats the actual culprit. We are in touch with Google and Websense and are working with them closely along with some top Security experts. 
The Fire Walls have been made even stronger, and we have additional security / monitoring in place.

Thanks for you patience and understanding
Deepasha

----------


## FDibbins

Deepasha

Its great to hear from you, and thank you so much for sharing all of this with us  :Smilie:   As had been said in the past, members here are not stupid, they know when something is wrong - if you tell us what is going on, we WILL understand, and will show far more sup[port and understanding when this info is shared like this.

So, once again, thank you for that - and please pass on those thanks to the TT, and Im sure that they are doing all that they can to secure the site  :Smilie:

----------


## adhawan06

Thanks Deepasha for sharing this info with us.

*@Ford* - I have seen many OPs saying that they are unable to attach any file while posting their query on EF. 

Any such info in your knowledge?? I had replied saying it could be because of the attack happened recently. So asked them to delete the cookies but still they are unable to attach file.

Can you check once.

----------


## FDibbins

Any, I am working with CW to see if we can find the problem.  It is NOT their ability to upload, I just sent - and had them send back - a 900+ meg file  :Smilie:

----------


## adhawan06

Thanks Ford for being so quick. 

Yeah seems CW is trying to upload the extension file which EF i guess do not accept or may be something else. Looking at your response there 

Thanks once again Ford.



Cheers!!

Anil Dhawan

----------


## FDibbins

Just fyi, the reason the file would not upload - it was too small...9k

----------


## adhawan06

> Just fyi, the reason the file would not upload - it was too small...9k



Is It??? But is it really possible because...

I am wondering if this is the case because some time we may have file with very less size and there should be no problem by the time of uploading. (I  remember i had uploaded many files less than 10kb here on forum  :Confused:  )

----------


## FDibbins

THis is not really the thread to discuss this in (some may consider it hijacking lol), but yes, it is.  I created a file that was 9k (it had to be empty to get it that small), and I was unable to upload it

----------


## TMS

@Deepasha9: ditto what Ford said in post #76: http://www.excelforum.com/showthread...=1#post4058096

I think it is really helpful to understand the background, the issue and what has been done, and is still being done, to resolve it.

Thanks, TMS

----------


## daffodil11

Thanks for the communication. I negotiated with IT Security to get the corporate ban lifted on this URL.

----------


## romperstomper

Almost 3 months now...

----------


## romperstomper

105 days and counting...

----------


## daffodil11

I feel your pain. If I wasn't able to get IT to lift the websense block.. I don't know what I'd do.

----------


## romperstomper

I have no pain - I am now inured to this.  :Wink:

----------


## romperstomper

So 132 days in, has there been any progress at all? Is anyone actually doing anything about it?

----------


## Kyle123

About as much as you getting a response...

----------


## romperstomper

That's pretty much what I figured but I thought I'd ask one last time.

----------


## StephenR

Ironically I find a message asking me to vote on nominations for Gurus (I can access the site at home)! No doubt you have too romperstomper.

----------


## romperstomper

And now it all becomes clear. Apparently all the efforts have been directed towards a YouTube channel (which is also blocked at work, but that doesn't worry me). I wonder who the team of Excel experts were.

Anyway, it's clear management couldn't care less about this issue so at least we can abandon the faint hope they might ever listen or do something.

----------


## EFmanagement

> And now it all becomes clear. Apparently all the efforts have been directed towards a YouTube channel (which is also blocked at work, but that doesn't worry me). I wonder who the team of Excel experts were.
> 
> Anyway, it's clear management couldn't care less about this issue so at least we can abandon the faint hope they might ever listen or do something.



Hi Rory,

We are aware that users are still facing problem accessing Excel Forum at work. It is highly unfortunate as our hands are tied for the next few weeks. Our technical team is trying their best to come up with a permanent solution but as the website was consistently attacked and hacked in the last few months, we have to wait this out before Websense clears us again.

We are working closely with Sucuri and Websense on this issue and have external security consultants working with us as well. Till we get this resolved, we would request you to access Excel Forum using some other network. 

We urge you to bear with us in the meanwhile. The team behind Excel Forum and Excel Tip is small but passionate. Each one of us in the tech and the content team works hard to ensure as smooth a run as possible. 

Thanks for your patience,
Team Excel Forum

----------


## Kyle123

**** me, there's actually someone there!

----------


## romperstomper

> We are aware that users are still facing problem accessing Excel Forum at work. It is highly unfortunate as our hands are tied for the next few weeks.



[sarcasm]Thanks for keeping us updated.[/sarcasm]





> Our technical team is trying their best to come up with a permanent solution but as the website was consistently attacked and hacked in the last few months, we have to wait this out before Websense clears us again.



Which is what you guys said in April. It's November. 





> We are working closely with Sucuri and Websense on this issue and have external security consultants working with us as well. Till we get this resolved, we would request you to access Excel Forum using some other network.



I think I'll adopt the safer approach of not accessing at all until such times as it is not being hacked or infected. 





> We urge you to bear with us in the meanwhile. The team behind Excel Forum and Excel Tip is small but passionate. Each one of us in the tech and the content team works hard to ensure as smooth a run as possible.



I have borne with you as long as I could. TLTL.

----------


## Doc.AElstein

Just a quick Hijack  :Wink: 

@ EF Management: ( Or tech team, or "Super Admin"*****)

Email Notification Problem seems to be back again. 
http://www.excelforum.com/the-water-...ml#post4252030

My main concern, as always is that whilst this occurs, OP's ( who often do not know about the User Control Panel Option to Check for replies ). So efforts of in answering Threads can go unoticed, and go to waste )

I feel it would be helpful to know at least if this  problem been at least noted by EF Management , Tech Team .... etc.  

Thanks, 

Alan

P.s. Just while I am here:

a few other problems recently
http://www.excelforum.com/the-water-...g-to-site.html
*****http://www.excelforum.com/suggestion...ut-locked.html
http://www.excelforum.com/the-water-...ml#post4231294

----------

