"Report web forgery" isn't working.

RESOLVED WONTFIX

Status

()

Toolkit
Safe Browsing
--
major
RESOLVED WONTFIX
8 years ago
a year ago

People

(Reporter: u360812, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

8 years ago
User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3
Build Identifier: Firefox 3.5.3

When trying to report this web forgery at this link:

http://www.google.com/safebrowsing/report_phish/?tpl=mozilla&continue=http%3A%2F%2Fwww.google.com%2Ftools%2Ffirefox%2Ftoolbar%2FFT2%2Fintl%2Fen%2Fsubmit_success.html&hl=en-US&url=http%3A%2F%2Fservice.oneaccount.com.nytre4rt.me.uk%2FonlineV2_B%2FOSV2.php%3Fevent%3Dlogin%26email%3Djobs%40beautcamppilates.co.uk%26id%3D2729125923328828470314363645931

Firefox 3.5.3 says:

Google Error
 
Request-URI Too Large
The requested URL /safebrowsing/report_phish/Captcha... is too large to process. 

Begin forwarded message:

From: "One Account" <customercare@oneaccount.com>
Date: 22 October 2009 06:54:15 BDT
To: <jobs@beautcamppilates.co.uk>
Subject: Important information for One account online banking user
Return-Path: <microcosmsu2@silmatera.fi>
Delivered-To: jobs@beautcamppilates.co.uk
Received: from ABTS-North-Dynamic-186.0.161.122.airtelbroadband.in (unknown [122.161.0.186]) by localhost.localdomain (Postfix) with ESMTP id 9FEDF3515D for <jobs@beautcamppilates.co.uk>; Thu, 22 Oct 2009 06:55:11 +0100 (BST)
Received: from 122.161.0.186 by smtp3.datamappi.fi; Thu, 22 Oct 2009 11:24:15 +0530
Message-Id: <000d01ca52dc$1659ff40$6400a8c0@microcosmsu2>
Mime-Version: 1.0
Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0006_01CA52DC.1659FF40"
X-Priority: 3
X-Msmail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-Mimeole: Produced By Microsoft MimeOLE V6.00.2900.2180



Dear One account customer,

These days we introduce a new version of online banking software. As you are registered to be an One account online banking user, please update your account records. In order to update your account, please follow the link below:

update One account

We look forward to helping you,

Your One account Customer Care Team.

 
 
The One account is a secured personal bank account with The Royal Bank of Scotland plc. 'The One account ', 'One account ', 'Make one day today' and the associated logos are trademarks of The One account Ltd. The One account, Woodland Place, Pinetrees Road, Norwich NR7 9EJ.


Reproducible: Always

Actual Results:  
When trying to report this web forgery at this link:

http://www.google.com/safebrowsing/report_phish/?tpl=mozilla&continue=http%3A%2F%2Fwww.google.com%2Ftools%2Ffirefox%2Ftoolbar%2FFT2%2Fintl%2Fen%2Fsubmit_success.html&hl=en-US&url=http%3A%2F%2Fservice.oneaccount.com.nytre4rt.me.uk%2FonlineV2_B%2FOSV2.php%3Fevent%3Dlogin%26email%3Djobs%40beautcamppilates.co.uk%26id%3D2729125923328828470314363645931

Firefox 3.5.3 says:

Google Error
 
Request-URI Too Large
The requested URL /safebrowsing/report_phish/Captcha... is too large to process. 

Begin forwarded message:

From: "One Account" <customercare@oneaccount.com>
Date: 22 October 2009 06:54:15 BDT
To: <jobs@beautcamppilates.co.uk>
Subject: Important information for One account online banking user
Return-Path: <microcosmsu2@silmatera.fi>
Delivered-To: jobs@beautcamppilates.co.uk
Received: from ABTS-North-Dynamic-186.0.161.122.airtelbroadband.in (unknown [122.161.0.186]) by localhost.localdomain (Postfix) with ESMTP id 9FEDF3515D for <jobs@beautcamppilates.co.uk>; Thu, 22 Oct 2009 06:55:11 +0100 (BST)
Received: from 122.161.0.186 by smtp3.datamappi.fi; Thu, 22 Oct 2009 11:24:15 +0530
Message-Id: <000d01ca52dc$1659ff40$6400a8c0@microcosmsu2>
Mime-Version: 1.0
Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0006_01CA52DC.1659FF40"
X-Priority: 3
X-Msmail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-Mimeole: Produced By Microsoft MimeOLE V6.00.2900.2180



Dear One account customer,

These days we introduce a new version of online banking software. As you are registered to be an One account online banking user, please update your account records. In order to update your account, please follow the link below:

update One account

We look forward to helping you,

Your One account Customer Care Team.

 
 
The One account is a secured personal bank account with The Royal Bank of Scotland plc. 'The One account ', 'One account ', 'Make one day today' and the associated logos are trademarks of The One account Ltd. The One account, Woodland Place, Pinetrees Road, Norwich NR7 9EJ.


Expected Results:  
Allowed me to report the web forgery.

When trying to report this web forgery at this link:

http://www.google.com/safebrowsing/report_phish/?tpl=mozilla&continue=http%3A%2F%2Fwww.google.com%2Ftools%2Ffirefox%2Ftoolbar%2FFT2%2Fintl%2Fen%2Fsubmit_success.html&hl=en-US&url=http%3A%2F%2Fservice.oneaccount.com.nytre4rt.me.uk%2FonlineV2_B%2FOSV2.php%3Fevent%3Dlogin%26email%3Djobs%40beautcamppilates.co.uk%26id%3D2729125923328828470314363645931

Firefox 3.5.3 says:

Google Error
 
Request-URI Too Large
The requested URL /safebrowsing/report_phish/Captcha... is too large to process. 

Begin forwarded message:

From: "One Account" <customercare@oneaccount.com>
Date: 22 October 2009 06:54:15 BDT
To: <jobs@beautcamppilates.co.uk>
Subject: Important information for One account online banking user
Return-Path: <microcosmsu2@silmatera.fi>
Delivered-To: jobs@beautcamppilates.co.uk
Received: from ABTS-North-Dynamic-186.0.161.122.airtelbroadband.in (unknown [122.161.0.186]) by localhost.localdomain (Postfix) with ESMTP id 9FEDF3515D for <jobs@beautcamppilates.co.uk>; Thu, 22 Oct 2009 06:55:11 +0100 (BST)
Received: from 122.161.0.186 by smtp3.datamappi.fi; Thu, 22 Oct 2009 11:24:15 +0530
Message-Id: <000d01ca52dc$1659ff40$6400a8c0@microcosmsu2>
Mime-Version: 1.0
Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0006_01CA52DC.1659FF40"
X-Priority: 3
X-Msmail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-Mimeole: Produced By Microsoft MimeOLE V6.00.2900.2180



Dear One account customer,

These days we introduce a new version of online banking software. As you are registered to be an One account online banking user, please update your account records. In order to update your account, please follow the link below:

update One account

We look forward to helping you,

Your One account Customer Care Team.

 
 
The One account is a secured personal bank account with The Royal Bank of Scotland plc. 'The One account ', 'One account ', 'Make one day today' and the associated logos are trademarks of The One account Ltd. The One account, Woodland Place, Pinetrees Road, Norwich NR7 9EJ.
(Reporter)

Comment 1

8 years ago
Hi Guys,

Having tried to report another web forgery today, I've now figured out the problem.

The Google error report is misleading.

Firefox 3.5.3 says:

> Google Error

> Request-URI Too Large
> The requested URL /safebrowsing/report_phish/Captcha... 
> is too large to process. 

Reading that suggests that there are so many redirects to get to the web forgery that Google can't handle it.

However, the truth is that it's not the redirects which caused the failure.

Instead, reporting a second web forgery just now has confirmed that it's the limited size of the COMMENTS box which is available when you click: "Report web forgery" which causes the problem.

When I reported this "One Account" forgery, I simply pasted the entire e-mail, including long headers, into the COMMENTS box.

Having now reported a second web forgery, I didn't include the long headers this time.

Instead, I only submitted a brief amount of text into the COMMENTS box.

The second web forgery report went straight through cleanly.

In plain English, please expand the size of the COMMENTS box which is available when you click: "Report web forgery."

Cool.
(Reporter)

Updated

8 years ago
Component: Build Config → Phishing Protection
OS: Mac OS X → All
Product: Core → Firefox
(Reporter)

Comment 2

8 years ago
We can presume that the same problem exists in all versions of Firefox, and in all versions of all other Mozilla browsers such as Camino.
There may be not much that Firefox can do here, but I'll cc some members of Google's safebrowsing team, to see what help they can offer.

Comment 4

8 years ago
doesn't seem like there is any reason for this bug to be security-private and fixing might go faster if its public, right?
(Reporter)

Comment 5

8 years ago
Thank you for cc'ing some members of Google's safebrowsing team in on this, Jonathan.

It seems reasonable to presume that before Google shuts down an alleged web forgery, they would want to see the long headers in an e-mail which is pointing towards it.

Consequently, it's equally reasonable for Google to give us enough space in the COMMENTS box for us to report the entire story, especially as so many of the phishing e-mails are now being distributed from gmail accounts in any event.

All good with me if you make this bug public, Chris.

Best,



Michael T
London, England

Comment 6

8 years ago
Thanks for using our Report Web Forgery page.  I appreciate that you are trying to give us as much detail as possible when reporting the phishing page, but we won't need the full email in order to determine whether or not the page is phishing.  Please do continue to use the page to report phishing urls to our system.
Thanks,
Marria

Updated

8 years ago
Group: core-security
(Reporter)

Comment 7

8 years ago
Hi Marria,

All good.

Therefore, I would suggest that the information which you have just provided to me is posted permanently on the relevant link page: http://www.google.com/safebrowsing/report_phish/...

Best,



Michael
QA Contact: build-config → phishing.protection

Comment 8

6 years ago
Hello

I'm a student who is taking a class, Software Engineer, this quarter, and is looking forward for an OpenSource
Excursion Project to gain experience exploring the documentation and communicating with open-source
software projects such as exploring the issue database etc.

I'm pretty new and I am wondering is it possible for me be part of this helping out and learning something?
Or...is there any recommened start up project for me so I could gain this experience?

Thank you 

Rosa
Sounds like this issue is really on google's end, and is also wontfix by them per comment 6.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → WONTFIX
(Assignee)

Updated

4 years ago
Component: Phishing Protection → Phishing Protection
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.