# Off Topic > The Water Cooler >  >  excel forum blocked

## martindwilson

well chrome seems to think excelforum is doing something nasty
Safe Browsing
Diagnostic page for www.excelforum.com/excel-formulas-and-functions

What is the current listing status for www.excelforum.com/excel-formulas-and-functions?
Site is listed as suspicious - visiting this website may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?
Of the 53 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-09-23, and the last time suspicious content was found on this site was on 2013-09-23.
Malicious software includes 2 trojan(s), 2 exploit(s). Successful infection resulted in an average of 3 new process(es) on the target machine.

Malicious software is hosted on 1 domain(s), including deedfoolowinghoor.us/.

1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including storeheremysk.com/.

This site was hosted on 2 network(s) including AS13335 (CLOUDFLARENET), AS32244 (LIQUID-WEB-INC).

Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, www.excelforum.com/excel-formulas-and-functions did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.

How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:
Return to the previous page.
If you are the owner of this website, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Centre.

----------


## TMS

Oops, that's not nice is it?

----------


## FDibbins

yes I just posted regarding that too...
http://www.excelforum.com/moderators...m-for-now.html

----------


## xladept

I just PM'd Jerry about an Attack Page warning I got from this thread.

----------


## TMS

I got a malware warning on this thread:

http://www.excelforum.com/excel-form...ues-arose.html

----------


## Miraun

Getting the same error on Firefox, appears to be a google function overlaid on both Firefox and Chrome.  

Did not receive the error on IE though...

----------


## TMS

> Did not receive the error on IE though...



Not sure if that's a good thing or a bad thing ... but I won't be putting it to the test.

I have PM's the OP where I encountered a problem just to raise awareness.

Regards, TMS

----------


## DBY

Also getting Malware warning in Chrome here:  :EEK!: 

http://www.excelforum.com/excel-form...tml?highlight=

In fact I'm getting warnings in numerous threads including ones in which I've posted replies. They were clear earlier today!

DBY

----------


## tigeravatar

I am getting the same issue on both firefox and IE

----------


## arlu1201

This message was due to the malware attack we had earlier today.  It should be sorted now.  

Incase you get this message again, please let us know.

----------


## JBeaucaire

I use IE, boucing around the forum and the links posted above I'm getting no alerts.  Will keep looking around.

----------


## xladept

My "Attack" thread is OK now.

----------


## :) Sixthsense :)

Just to confirm I don't get any attacks in the provided links and I am using *Opera 12.15*

----------


## SDCh

26 Sept 2013 9.39am using Firefox, said as attack page when I want to download attachment.

----------


## JapanDave

Using Chrome and still getting the message.

----------


## FDibbins

Agree with JD, seems to be back again, using chrome, got that same malware attack warning again (9/26/13 - 1:23am)

----------


## john55

yeap, the same warning again!

----------


## TMS

Chrome on my laptop completely blocks access to the forum.  Previously, Kaspersky was reporting issues with every thread I opened.

Can get through on my iPad but obviously that's not got the same risk of infection.

I've emailed the Safe Browsing information to the Site Admin.

Regards, TMS

----------


## SDCh

Use firefox and still report as attack page on 26 Sept 2013 06.45 PM

----------


## Richard Buttrey

> This message was due to the malware attack we had earlier today.  It should be sorted now.  
> 
> Incase you get this message again, please let us know.



Hello Arlette,

I confirm that it's started happening for me here in the UK this morning using Google Chrome 29.0.1547.76m

!!!!! ...and the minute I posted this using the Firefox Browser that too cut me off and started telling me about the site attack.

----------


## :) Sixthsense :)

Me too confirming the same.  Attaching the screenshot file for reference. Using Mozilla Firefox v23.0.1

----------


## TMS

IE10 lets me in; Chrome on my Laptop blocks me completely ... but I am allowed access using Chrome on my iPad.

I'm counting on Kaspersky trapping anything that tries to get through (as it has been doing)

Regards, TMS

----------


## TMS

How long does it take before Google "trusts" a site again?

----------


## Simon Lloyd

It usually takes at least 24hrs if you request another scan. My works firewall wont let me access the site so this is from my mobile, there's still an issue somewhere.

----------


## snb

You can simply see the malware in every html page:

//<![CDATA[
try{if (!window.CloudFlare) { var CloudFlare=[{verbose:0,p:0,byc:0,owlid:"cf",bag2:0,mirage2:0,oracle:0,paths:{cloudflare:"/cdn-cgi/nexp/abv=3462778032/"},atok:"242dd895c985793aba84a70c4b68715e",zone:"excelforum.com",rocket:"0",apps:{}}];CloudFlare.push({"apps":{"ape":"41c3d40572be88e49517fac62d8d96cc"}});var a=document.createElement("script"),b=document.getElementsByTagName("script")[0];a.async=!0;a.src="//ajax.cloudflare.com/cdn-cgi/nexp/abv=3600133553/cloudflare.min.js";b.parentNode.insertBefore(a,b);}}catch(e){};
//]]>

----------


## Simon Lloyd

Thats not malware, thats plugin php code for using cloudflare to mitigate ddos attacks, spam...etc http://blog.cloudflare.com/cloudflar...e-for-your-for particularly 



> •Let the community members know that the challenge page will appear if there are indications that their machine is infected with a computer virus or malware. The best thing to do is to run an anti-virus scan on their machine as a precaution.
> 
> •Let your members know that sometimes there are false positives with the data, but it is most common when the visitor is coming from a shared network like an office, college network or coffee shop. What this means is that although their computer isn't infected, someone else on the same network does have an issue. Your community member should run an anti-virus scan as a precaution. If there is no virus or malware, then they can enter the CAPTCHA to access the forum. The data set will refine over time.



But as things are NEVER communicated they didnt let you know they were going to use this service!

----------


## Simon Lloyd

The above explains the odd pages folk are getting (the ones where you just see links...etc and no formatting because the css isn't getting loaded), it also shows that there hasn't been an attack or hack but simply poorly set up cloudflare settings.

----------


## TMS

Hi Simon

So how come Kaspersky was picking stuff on every thread all day yesterday and eventually Chrome ( on my laptop) won't let me go near the site.  That said, Chrome on my iPad is happy enough, as is IE10 on my laptop.

Not doubting your interpretation but Kaspersky and Google seem to think there is an issue.

Regards, TMS

----------


## FDibbins

and today (9/26) chrome keeps telling me there is (still) malware on the site, and the only way to get in is to go to advanced and "enter at own risk"

----------


## Simon Lloyd

It's because when you are now entering the site you go via cloudflare servers, they inturn (because of their code and set up) can cause false positives with AV's..etc, if someone goes to one of the "infected" pages and gives me the url i'll be able to tell further, not that it's my job to do that but for the sake of the community and keeping you guys either safe or your minds at ease  :Smilie:

----------


## assainar kutty

same problem me too on firefox browser:  Hope the site owners will look into matter seriously... It is first time i am receiving such message that google considered this site as attacking site.


Safe Browsing
Diagnostic page for www.excelforum.com

What is the current listing status for www.excelforum.com?

    Site is listed as suspicious - visiting this web site may harm your computer.

    Part of this site was listed for suspicious activity 10 time(s) over the past 90 days.

What happened when Google visited this site?

    Of the 1282 pages we tested on the site over the past 90 days, 58 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-09-26, and the last time suspicious content was found on this site was on 2013-09-26.

    Malicious software includes 16 trojan(s), 9 exploit(s). Successful infection resulted in an average of 3 new process(es) on the target machine.

    Malicious software is hosted on 5 domain(s), including deedfoolowinghoor.us/, distexstat102996456.ru/, distexstat167394456.ru/.

    2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including mxtds30.pw/, storeheremysk.com/.

    This site was hosted on 2 network(s) including AS13335 (CLOUDFLARENET), AS32244 (LIQUID-WEB-INC).

Has this site acted as an intermediary resulting in further distribution of malware?

    Over the past 90 days, www.excelforum.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

    No, this site has not hosted malicious software over the past 90 days.

How did this happen?

    In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

    Return to the previous page.
    If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.

----------


## Pete_UK

Simon,

that's very public-spirited of you - thanks, on behalf of all users ...

although I haven't seen any of the blocking messages so I can't pass any on to you.

Pete

----------


## TMS

I had the same message from Chrome as assainar kutty.

I have passed on details of all the messages that I have seen to Site Admin.

Regards, TMS

----------


## john55

in the first part of day I saw a forum message that the defrag is in progress (twice) and it took aprox 1 hr, after "defrag" is the problem solved? I think it does not because I receive the same warning from google chrome.
is safe to open it using internet explorer?

----------


## TMS

et moi aussi, mon ami.

I just assumed they were being discreet  :Roll Eyes (Sarcastic):

----------


## TMS

This post is using Firefox 15.0.1

----------


## FDibbins

I am currently using IE 8.0.6.  I dont get any error message at the moment, alothough it still wont take a "quick reply", have to send this in "advanved"

----------


## TMS

IE10 is fine, it seems ... but Firefox sicked up after I posted a couple of updates to threads.  Ho hum, another one bites the dust ... obviously using Chrome Safe Browsing.

----------


## xladept

I had to use IE to post this now!  But, it's IE8 and I used the quick reply.

----------


## Norie

I'm on IE10 with W8 and it's not quite right.

Still getting the 'new look'.

----------


## JosephP

site has been hacked again-trying to run scripts from videoserver190.ru

I'll try again in a few days :-(

----------


## Kyle123

Same method too, the tech team need to find how someone is doing this, not just keep fixing it.

----------


## xladept

Not even IE worked this morning and it's extremely slow as I write this :Frown:

----------


## TMS

WTF?  Now I get logged out of all my devices and browsers ... when I try to log in it seems to go through the process, welcomes me and then goes back to the "you're not logged in" screen.  Then I refresh and, lo and behold, I'm still logged in.

And here I am, quietly asking, "WHEN IS THIS DIRE SITUATION GOING TO BE RESOLVED!?"

As I say, here I am, for as long as it lasts.

TMS

Edit: and we're back to attempted double posts ...

----------


## FDibbins

yup I had the same problem, it logged me in, said "hi welcome back", then i wasnt logged in.  Chrome and F/F refused to even open EF, only IE would let me in - we been banjaxed big time  :Frown:

----------


## RickAce

Has anything been done to correct this? I get the following:

Screen Shot 2014-01-08 at 11.47.09 AM.png

----------


## arlu1201

Thanks for bringing this up.  I will send it to the tech team for a check.

----------


## aviaf

Just an fyi. My company filter prevents me from accessing this site, so something is still up. It is listed as suspicious.

----------


## Simon Lloyd

Yep me too!

----------


## Philb1

I was blocked from this site last week. I pm'd Jerry who contacted the tech people & it was my ip address that got blocked for some reason. I couldn't load this site from any computer on my home connection, but the site loaded ok if I did it on my phone via the phones network

----------


## Simon Lloyd

This is different, the company firewall/anti virus shows the site as suspicious and will not load it.

----------

