Closed Bug 514676 Opened 16 years ago Closed 16 years ago

Web forgery report - proven false positive after verifying with Google

Categories

(Toolkit :: Safe Browsing, defect)

Product:
Toolkit
Component:
Safe Browsing
Version:
3.5 Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: ray, Unassigned)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 When visiting the website http://www.hyundaiblainville.com the web forgery blocking page is being shown. Originally the site was reported to google as safe and a reinclusion request was done in Google Webmaster Console. This seemed to fix the problem but a week later the site is again being blocked. After digging around I found the google safebrowsing diagnostic page and tested the site. It says there is no problem with the url. http://www.google.com/safebrowsing/diagnostic?site=hyundaiblainville.com Seeing as the google diagnostic is coming up clean is there something that we can check with at Mozilla to verify where the block is coming from? Reproducible: Always Steps to Reproduce: 1.Visit the url http://www.hyundaiblainville.com 2. 3.
Version: unspecified → 3.5 Branch
Not sure if this is relevant, but when I go to http://www.hyundaiblainville.com/, get the web forgery page, and then click "Why was this page blocked?", I get sent to http://en-us.www.mozilla.com/en-US/firefox/phishing-protection/ rather than the page explaining why it's blocked. Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.3a1pre) Gecko/20090903 Minefield/3.7a1pre
(In reply to comment #1) > Not sure if this is relevant, but when I go to > http://www.hyundaiblainville.com/, get the web forgery page, and then click > "Why was this page blocked?", I get sent to > http://en-us.www.mozilla.com/en-US/firefox/phishing-protection/ rather than the > page explaining why it's blocked. Isn't that where it is supposed to go? That's where the mozilla test page goes to. Confirming anyways, I can see this too on Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2
Status: UNCONFIRMED → NEW
Ever confirmed: true
(In reply to comment #2) > Isn't that where it is supposed to go? That's where the mozilla test page goes > to. No, it's supposed to go to the Google safebrowsing diagnostics page for the site.
Although the two blocking pages look very similar, the safebrowsing diagnostics page only applies to URLs blocked because of malware. That is http://www.mozilla.com/firefox/its-an-attack.html vs. http://www.mozilla.com/firefox/its-a-trap.html A site can be clean for malware and still be a phish and vice versa. I don't know of a good way to get Google diagnostics for phishing sites, but we do have the "this is not a web forgery" help item that will let you report the site to Google's anti-phishing team.
I have reported the site to google as being clean. So far no news. Not sure how long it takes them to check into it though.
A fresh profile doesn't show the site as blocked, and as the safe-browsing database is populated with data it eventually does become blocked. There does not appear to be a Firefox "bug" that can be fixed here, the mis-classification is on the data end which we don't control. Google has been responsive to complaints; if they're not in this case please let us know so our business contacts can work it out. A bug report probably isn't the best way, but I guess as long as this is already filed we could reopen it and figure something out. "invalid" for now only because it's not a Firefox bug per se.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → INVALID
I have used the forms to tell google that the site is clean on 3 occasions over the past 4 weeks. So far I have not seen any improvement.
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.