PDA

View Full Version : Onecoin.eu thread "Reported Attack Page" using Mozilla?



shipdit
07-07-2016, 03:10 PM
.
When using Mozilla Firefox, I get the:


Deceptive Site!

This web page at RealScam Forum (http://www.realscam.com) has been reported as a deceptive site and has been blocked based on your security preferences.

Deceptive sites are designed to trick you into doing something dangerous, like installing software, or revealing your personal information, like passwords, phone numbers or credit cards.

Entering any information on this web page may result in identity theft or other fraud.

warning for links to the Onecoin.eu thread (http://www.realscam.com/f9/onecoin-eu-ponzi-scam-3368/). Doesn't matter if I'm asking for any particular page or any particular post.

Doesn't happen with Internet Explorer or Chrome.

SD

.

nomaxim
07-07-2016, 10:02 PM
Got the same thing.

Click on 'Ignore this Warning' at the bottom right.

It will ask you to submit a report for a false warning. You can submit a comment if you wish.

That takes care of the warning at least, but does nothing about the possible reason for the warning in the first place.

Poyol
07-08-2016, 10:51 AM
Hi Guys,

I'm currently taking a look into this issue.
Please let me know the search terms you're using to replicate this and I'll take a look.

shipdit
07-08-2016, 11:37 AM
Got the same thing.

Click on 'Ignore this Warning' at the bottom right.

It will ask you to submit a report for a false warning. You can submit a comment if you wish.

That takes care of the warning at least, but does nothing about the possible reason for the warning in the first place.
Good idea. I'm sure it would be beneficial for everyone to "submit a report for a false warning". I submitted:

"I believe that this single internet forum thread has been erroneously and maliciously reported as a "deceptive site" because it exposes a Ponzi scheme masquerading as a legitimate business"


Hi Guys,

I'm currently taking a look into this issue.
Please let me know the search terms you're using to replicate this and I'll take a look.
Poyal, this warning is not search-triggered like the "filestore72" bug. It occurs when using Mozilla Firefox to click any Realscam.com links to the Onecoin.eu thread, regardless of which particular page or particular post.

SD

.

Poyol
07-11-2016, 02:57 AM
I really can't replicate this.
I've tried searching for "Realscam Oncecoin.eu" and then finding links and clicking through to them.
Then copying the link and tried going direct.

Can you send me a link where it's happening for you?
Which version of FireFox are you using? (Mines 47.0.1)

shipdit
07-11-2016, 10:54 AM
I really can't replicate this.
I've tried searching for "Realscam Oncecoin.eu" and then finding links and clicking through to them.
Then copying the link and tried going direct.

Can you send me a link where it's happening for you?
Which version of FireFox are you using? (Mines 47.0.1)Mine is 47.0.1 also.

This happens for any Realscam link to anything in the onecoin.eu thread:

The Onecoin.eu thread link from the "MLM, Network Marketing and Pyramid Schemes" folder:
http://www.realscam.com/f9/onecoin-eu-ponzi-scam-3368/

Any link to any page of that thread:
http://www.realscam.com/f9/onecoin-eu-ponzi-scam-3368/index1.html
http://www.realscam.com/f9/onecoin-eu-ponzi-scam-3368/index2.html
http://www.realscam.com/f9/onecoin-eu-ponzi-scam-3368/index3.html
http://www.realscam.com/f9/onecoin-eu-ponzi-scam-3368/index4.html
http://www.realscam.com/f9/onecoin-eu-ponzi-scam-3368/index5.html

Any link to any post on those pages:
http://www.realscam.com/f9/onecoin-eu-ponzi-scam-3368/#post76089
http://www.realscam.com/f9/onecoin-eu-ponzi-scam-3368/index2.html#post87230
http://www.realscam.com/f9/onecoin-eu-ponzi-scam-3368/index3.html#post87936
http://www.realscam.com/f9/onecoin-eu-ponzi-scam-3368/index4.html#post97991
http://www.realscam.com/f9/onecoin-eu-ponzi-scam-3368/index5.html#post101571

I am now getting a similar warning using Chrome browser on any of the Onecoin.eu links.

SD

.

Whip
07-11-2016, 10:58 AM
14532

14533

14534

14535

Whip
07-11-2016, 11:06 AM
don't know if this will help. from the 'inspect element' option under 'debugger':


<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE html [
<!ENTITY % htmlDTD PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd">
%htmlDTD;
<!ENTITY % globalDTD SYSTEM "chrome://global/locale/global.dtd">
%globalDTD;
<!ENTITY % brandDTD SYSTEM "chrome://branding/locale/brand.dtd" >
%brandDTD;
<!ENTITY % blockedSiteDTD SYSTEM "chrome://browser/locale/safebrowsing/phishing-afterload-warning-message.dtd">
%blockedSiteDTD;
]>

<!-- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
- file, You can obtain one at http://mozilla.org/MPL/2.0/. -->

<html xmlns="http://www.w3.org/1999/xhtml" class="blacklist">
<head>
<link rel="stylesheet" href="chrome://global/skin/netError.css" type="text/css" media="all" />
<link rel="icon" type="image/png" id="favicon" href="chrome://global/skin/icons/blacklist_favicon.png"/>

<script type="application/javascript"><![CDATA[
// Error url MUST be formatted like this:
// about:blocked?e=error_code&u=url(&o=1)?
// (o=1 when user overrides are allowed)

// Note that this file uses document.documentURI to get
// the URL (with the format from above). This is because
// document.location.href gets the current URI off the docshell,
// which is the URL displayed in the location bar, i.e.
// the URI that the user attempted to load.

function getErrorCode()
{
var url = document.documentURI;
var error = url.search(/e\=/);
var duffUrl = url.search(/\&u\=/);
return decodeURIComponent(url.slice(error + 2, duffUrl));
}

function getURL()
{
var url = document.documentURI;
var match = url.match(/&u=([^&]+)&/);

// match == null if not found; if so, return an empty string
// instead of what would turn out to be portions of the URI
if (!match)
return "";

url = decodeURIComponent(match[1]);

// If this is a view-source page, then get then real URI of the page
if (url.startsWith("view-source:"))
url = url.slice(12);
return url;
}

/**
* Check whether this warning page should be overridable or whether
* the "ignore warning" button should be hidden.
*/
function getOverride()
{
var url = document.documentURI;
var match = url.match(/&o=1&/);
return !!match;
}

/**
* Attempt to get the hostname via document.location. Fail back
* to getURL so that we always return something meaningful.
*/
function getHostString()
{
try {
return document.location.hostname;
} catch (e) {
return getURL();
}
}

function initPage()
{
var error = "";
switch (getErrorCode()) {
case "malwareBlocked" :
error = "malware";
break;
case "deceptiveBlocked" :
error = "phishing";
break;
case "unwantedBlocked" :
error = "unwanted";
break;
case "forbiddenBlocked" :
error = "forbidden";
break;
default:
return;
}

var el;

if (error !== "malware") {
el = document.getElementById("errorTitleText_malware");
el.parentNode.removeChild(el);
el = document.getElementById("errorShortDescText_malware");
el.parentNode.removeChild(el);
el = document.getElementById("errorLongDescText_malware");
el.parentNode.removeChild(el);
}

if (error !== "phishing") {
el = document.getElementById("errorTitleText_phishing");
el.parentNode.removeChild(el);
el = document.getElementById("errorShortDescText_phishing");
el.parentNode.removeChild(el);
el = document.getElementById("errorLongDescText_phishing");
el.parentNode.removeChild(el);
}

if (error !== "unwanted") {
el = document.getElementById("errorTitleText_unwanted");
el.parentNode.removeChild(el);
el = document.getElementById("errorShortDescText_unwanted");
el.parentNode.removeChild(el);
el = document.getElementById("errorLongDescText_unwanted");
el.parentNode.removeChild(el);
}

if (error !== "forbidden") {
el = document.getElementById("errorTitleText_forbidden");
el.parentNode.removeChild(el);
el = document.getElementById("errorShortDescText_forbidden");
el.parentNode.removeChild(el);
el = document.getElementById("whyForbiddenButton");
el.parentNode.removeChild(el);
} else {
el = document.getElementById("ignoreWarningButton");
el.parentNode.removeChild(el);
el = document.getElementById("reportButton");
el.parentNode.removeChild(el);

// Remove red style: A "forbidden site" does not warrant the same level
// of anxiety as a security concern.
document.documentElement.className = "";
}

// Set sitename
document.getElementById(error + "_sitename").textContent = getHostString();
document.title = document.getElementById("errorTitleText_" + error)
.innerHTML;

if (!getOverride()) {
var btn = document.getElementById("ignoreWarningButton");
if (btn) {
btn.parentNode.removeChild(btn);
}
}

// Inform the test harness that we're done loading the page
var event = new CustomEvent("AboutBlockedLoaded");
document.dispatchEvent(event);
}
]]></script>
<style type="text/css">
/* Style warning button to look like a small text link in the
bottom right. This is preferable to just using a text link
since there is already a mechanism in browser.js for trapping
oncommand events from unprivileged chrome pages (BrowserOnCommand).*/
#ignoreWarningButton {
-moz-appearance: none;
background: transparent;
border: none;
color: white; /* Hard coded because netError.css forces this page's background to dark red */
text-decoration: underline;
margin: 0;
padding: 0;
position: relative;
top: 23px;
left: 20px;
font-size: smaller;
}

#ignoreWarningButton:-moz-dir(rtl) {
left: auto;
right: 20px;
}

#ignoreWarning {
text-align: end;
}
</style>
</head>

<body dir="&locale.dir;">
<div id="errorPageContainer">

<!-- Error Title -->
<div id="errorTitle">
<h1 id="errorTitleText_phishing">&safeb.blocked.phishingPage.title2;</h1>
<h1 id="errorTitleText_malware">&safeb.blocked.malwarePage.title;</h1>
<h1 id="errorTitleText_unwanted">&safeb.blocked.unwantedPage.title;</h1>
<h1 id="errorTitleText_forbidden">&safeb.blocked.forbiddenPage.title2;</h1>
</div>

<div id="errorLongContent">

<!-- Short Description -->
<div id="errorShortDesc">
<p id="errorShortDescText_phishing">&safeb.blocked.phishingPage.shortDesc2;</p>
<p id="errorShortDescText_malware">&safeb.blocked.malwarePage.shortDesc;</p>
<p id="errorShortDescText_unwanted">&safeb.blocked.unwantedPage.shortDesc;</p>
<p id="errorShortDescText_forbidden">&safeb.blocked.forbiddenPage.shortDesc2;</p>
</div>

<!-- Long Description -->
<div id="errorLongDesc">
<p id="errorLongDescText_phishing">&safeb.blocked.phishingPage.longDesc2;</p>
<p id="errorLongDescText_malware">&safeb.blocked.malwarePage.longDesc;</p>
<p id="errorLongDescText_unwanted">&safeb.blocked.unwantedPage.longDesc;</p>
</div>

<!-- Action buttons -->
<div id="buttons">
<!-- Commands handled in browser.js -->
<button id="getMeOutButton">&safeb.palm.accept.label;</button>
<button id="reportButton">&safeb.palm.reportPage.label;</button>
<button id="whyForbiddenButton">&safeb.palm.whyForbidden.label;</button>
</div>
</div>
<div id="ignoreWarning">
<button id="ignoreWarningButton">&safeb.palm.decline.label;</button>
</div>
</div>
<!--
- Note: It is important to run the script this way, instead of using
- an onload handler. This is because error pages are loaded as
- LOAD_BACKGROUND, which means that onload handlers will not be executed.
-->
<script type="application/javascript">initPage();</script>
</body>
</html>

Whip
07-11-2016, 11:10 AM
14536.....

littleroundman
07-11-2016, 11:20 AM
Yep, I get the warning in FF d Chrome when I try to access http://www.realscam.com/f9/onecoin-eu-ponzi-scam-3368/ (http://www.realscam.com/f9/onecoin-eu-ponzi-scam-3368/)

Joe_Shmoe
07-11-2016, 12:17 PM
I get the following on Safari from this link.

http://www.realscam.com/f9/onecoin-eu-ponzi-scam-3368/index1.html


14537

EagleOne
07-11-2016, 04:29 PM
You can now add Belgium to growing list of countries that have issued a warning about OneCoin. Financial Services and Markets Authority (FSMA) issued a warning against OneCoin.

The warning, issued in conjunction with the Bank of Belgium, states that neither OneCoin or their investors are “recognized by the FSMA”. The FSMA wishes to warn the public that OneCoin has not received any form of recognition whatsoever from the FSMA. The same is true of the persons who are promoting OneCoin: they do not hold an authorization or any other form of recognition from the FSMA.

The claims made by Mr Laurent Louis’ on his Facebook page, namely, that the FSMA had stated that it had nothing to say about OneCoin,” and that “for the FSMA, OneCoin does not pose any problems and is neither illegal nor a fraud” are false and misleading.

Poyol
07-13-2016, 06:29 AM
Okay, I've now been able to replicate it and will see what I can do about this.
Honestly it's just someone who's reported the website I've asked for a re-assessment from Google.

EagleOne
07-13-2016, 05:45 PM
Expect more of this. OneCoin is just following what they tried to do in Zeek Rewards and BannersBroker. The exposure is hurting recruiting.

shipdit
07-21-2016, 04:50 PM
.
Would it be beneficial to start a second Onecoin.eu thread to meet immediate needs which could be merged with the currently unavailable thread once this bullsh*t is straightened out?

SD

.

shipdit
07-22-2016, 01:47 PM
.
This may be a more complicated problem than the Onecoin.eu thread (http://www.realscam.com/f9/onecoin-eu-ponzi-scam-3368/) being falsely reported.

Although some of us have been able to access the Onecoin.eu thread today, it has turned into a "sometimes can, sometimes can't" problem for me.

Additionally, I am now getting the same warnings when I try to access the MLM, Network Marketing and Pyramid Schemes (http://www.realscam.com/f9/) folder and the Is My Advertising Pays A Scam or Ponzi? (http://www.realscam.com/f9/my-advertising-pays-scam-ponzi-3439/) thread.

SD

.

ProfHenryHiggins
07-22-2016, 03:43 PM
Using Chrome, Google was claiming that http://www.realscam.com/f9/tncl-marketing-mail-fraud-without-end-4281/ was a phishing website today.

Soapboxmom
07-22-2016, 04:35 PM
.
This may be a more complicated problem than the Onecoin.eu thread (http://www.realscam.com/f9/onecoin-eu-ponzi-scam-3368/) being falsely reported.

Although some of us have been able to access the Onecoin.eu thread today, it has turned into a "sometimes can, sometimes can't" problem for me.

Additionally, I am now getting the same warnings when I try to access the MLM, Network Marketing and Pyramid Schemes (http://www.realscam.com/f9/) folder and the Is My Advertising Pays A Scam or Ponzi? (http://www.realscam.com/f9/my-advertising-pays-scam-ponzi-3439/) thread.

SD

.

The Onecoin thread is still a problem. I sent in a report that it is safe. The others I do not get the message. The techies are out of town on business or busy with new precious babies at home etc. So, we will get back on it soon!

Gina
07-22-2016, 05:02 PM
I am getting it on the My Advertising Pays thread. It won't let me click on it without that warning. Using Google Chrome. Will check the other threads.

Gina
07-22-2016, 05:10 PM
In Fact, it blocks me from the entire MLM section.

Soapboxmom
07-22-2016, 10:03 PM
I forwarded this to the techie who does not a new adorable family member. So, I will update once we get this fixed.

HARRISON
07-23-2016, 12:30 AM
You get this warning on the MAPS thread as well.

laidback
07-24-2016, 03:33 PM
I was previously getting this in MAPS, now got it when I enter RS. In Chrome14616

nomaxim
07-24-2016, 04:49 PM
Yep, Firefox doing the same thing;

http://i192.photobucket.com/albums/z149/Oolam/realscam.1_zps8gkpsgmd.png (http://s192.photobucket.com/user/Oolam/media/realscam.1_zps8gkpsgmd.png.html)

Soapboxmom
07-24-2016, 06:01 PM
Thanks for the heads up. New babies and working out of town has our techies tied up temporarily. I need a vacation too!

nomaxim
08-06-2016, 06:12 PM
Problem appears to have been fixed, at least from my end.

:RpS_smile:

Soapboxmom
08-06-2016, 06:19 PM
Problem appears to have been fixed, at least from my end.

:RpS_smile:
Updates, and all kinds of goodies are in place. Glad we are back to 100%.

laidback
08-06-2016, 07:43 PM
YAY, Problem Gone!!!

okosh
08-06-2016, 07:45 PM
Updates, and all kinds of goodies are in place. Glad we are back to 100%.

Goodies like fresh pop corn and real toilet paper in the dunny??.....

Soapboxmom
08-06-2016, 07:46 PM
I was hoping for the Margarita Machine first!