This web site at opensuse-community.org has been reported as an attack site and has been blocked based on your security preferences.
Attack sites try to install programs that steal private information, use your computer to attack others, or damage your system.
Some attack sites intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.
Never happened before on a fresh install.
Is this site OK?
Good Grief!
Also [noparse]http://packages.opensuse-community.org[/noparse] (openSUSEs webpin) is reported as an attacking site by Firefox. Obviously there has been one report of software being installed without the users interaction - I suppose someone got the intention of webpin and .ymps wrong or something, so the openSUSE-team should reply to that as soon as possible.
caf4926 - the official site you pointed to has a 1 click install on it for the latest drivers and that link points to http://opensuse-community.org/nvidia.ymp which indicates it’s an attack site.
I’ve been having trouble with samba and it appeared as if samba broke right after I installed from the one click. Just trying to weed out all possibilities.
I reported the issue to yaloki and darix, as both have access to opensuse-community.org server. Stay tuned.
opensuse-community.org is a semi-official site (it is the “official unofficial” openSUSE website, call it as you like). It is part of the openSUSE Project, but it is not hosted by Novell for obvious reason.
samba’s breaking after my video driver installation and I’d like to install without going through the “attack site” warning or “make”-ing them the “Hard Way”.
There aren’t any risk in using the opensuse-community.org .ymp links. As far as I know, a similar issue was worked on yesterday but for some reason, o-s.c has been put on the “warning” list again. This is a “false positive” warning, and the o-c.o admins are currently working on this issue.
caf4926 wrote:
> This site is not actually part of Novell/openSUSE
wait a second…it “is not actually part of” nor associated with
Novell is very true…
correct me if i am wrong, but saying is not part of openSUSE is like
saying everyone who is a member of one of these openSUSE
developer/contributor teams <http://en.opensuse.org/Teams>, including
the openSUSE Board!! is not part of openSUSE !!
opensuse-community.org is the site completely independent of Novell
where “the Community” members <http://en.opensuse.org/Members> hang
their virtual hats, offer “extra documentation that is required for a
seamless openSUSE experience” and other stuff…
it is completely unconnected with Novell to insulate them from
potential legal problems and for “the Community” to be completely free
from Novell…
unfortunately, most of those members don’t come to these fora very
often, but that has been changing lately…i have seen SEVERAL around
in the last six months, and even more coming in just the last
month–and that is a very very good thing!!
there is, imho, a risk the user will accept the default action leaving
all repos accessed as enabled…
which often leads to inexperienced users to having over a dozen repos
enabled and then subsequent actions via YOU/YaST/zupper introduce an
amazing array of conflicting packages and really strange ‘bugs’ or
problem systems…
as proof of this ‘risk’ in using one-clicks, just run through the
number of times this
zypper lr -d
is a most important step needed to begin to sort through the problems
in these fora…see: http://tinyurl.com/37kvpk2
I agree with DenverDs statements here - while opensuse-community.org has been created as a platform decoupled of Novell, it is an important part of the openSUSE-project, that’s why I stated the openSUSE-team should handle this. It offers important help on issues that can not be covered by anything related to Novell.
And I also agree that the webpin-service is rather an engine for experienced users, same as the official package search linked here. It looks convenient and easy, but in many cases has led to repository-overkill and multiple troubles with conflicting dependencies and the like. Yet it is an important resource for my forum work, since it helps to find out where a missing package could be found or if it has been build at all.
Either way: indicating opensuse-community.org as an attacking site because it “installs software without the users interaction” (roughly translated from the german google statement) is just plain wrong. When clicking a button saying “Install software via 1-click” everybody should know what will happen next.
What we currently suspect and have partially traced down is that our (very, very old) Mediawiki installation got hacked a little on the site, giving the attacker the possibility of including some Javascript tidbit on the site. (the blame is on me, I didn’t keep that Mediawiki installment up-to-date)
Google simply marks the whole domain as “unsafe”, even though only the wiki was affected. The YMPs, the subpixel repository and such were not affected.
I just spent the last two nights to set up a new, fresh, and up-to-date Mediawiki instance on another server, and imported the content from the old wiki. I’m waiting for the DNS change to point opensuse-community.org to the new server, but in the mean time, I’ve set a global forward to openSUSE Community Wiki
Once the DNS change will be done, I’ll contact Google to re-evaluate our site and remove the blacklisting.
On Thu, 01 Jul 2010 22:47:14 +0000, gropiuskalle wrote:
> Either way: indicating opensuse-community.org as an attacking site
> because it “installs software without the users interaction” (roughly
> translated from the german google statement) is just plain wrong. When
> clicking a button saying “Install software via 1-click” everybody should
> know what will happen next.
A little research that was posted by someone on the mailing lists seems
to indicate there’s a 1x1 pixel frame that redirects to a site that does
install some malware under certain conditions (at least that’s my
understanding) - so it seems that something’s up - but the admins are
looking at it, and that’s a good thing. Hope they identify the problem
soon.
Jim Henderson wrote:
> there’s a 1x1 pixel frame that redirects to a site that does
> install some malware under certain conditions (at least that’s my
> understanding) - so it seems that something’s up - but the admins are
> looking at it,
according to a source on the mail list, a new instance of Mediawiki
was built, tested and put into service which does not have the problem
which triggered the “attack site” warning…
as of the time time of this posting it appears to be working fine,
with no warnings…
