Edoropolis Emporium

I'm not entirely certain this should go here, but we don't have a section for forum issues, sooo...

I use Internet Explorer 7 Beta 3. The browser includes a filter designed to detect and alert the user of websites suspected of conducting phishing activity. This alert appears both in the form of a pop-up, and as a color change of the URL in the address bar. Suspicious websites appear as yellow; confirmed phishing sites appear as red.

For whatever reason, several pages on the Edoropolis forums are appearing as suspicious to the filter, from threads to user profiles. I'm guessing that something in the source code is triggering whatever signs of underhanded scheming the filter is designed to detect.

While this is not a forum-breaking flaw, as it doesn't prevent me from surfing around, logging in, or posting, and can be remedied easily enough--the filter can be told that edoropolis.org is not a threat, or can be deactivated entirely--it's still going to set off warning bells for new users who see the alert. Although many people are switching or have switched to other browsers like Firefox, IE maintains a dominant share of the market (largely as a virtue of its being included with Windows), and IE7 is scheduled as an automatic update for Windows when the final version is released later this year. This means that a lot of computers will be using the filter, and some of those will belong to prospective forum-goers who might be scared away because they think Samurai Pizza Cats is OMG teh spyware.

I'd recommend alerting the webmaster--whoever that may be--to this problem, so that it can be corrected.

I guess this is due to those avatar images which, can be either uploaded or set to a picture somewhere on the internet.

The latter may cause the browser to think there's a phishing attack going on. It goes like this:

Evil person joins the forum, filling out the avater like http://www.evilperson.com/evilpicture.jpg

The evil persons now posts an evil message, and honest people will respond to his evil message. Every time the thread is read by someone, http://www.evilperson.com/evilpicture.jpg will be requested by the honest persons' browser.

Evil person can now track which IP addresses have 'read' his thread and take evil actions.

I suppose Supersonic should say something about forum policy. It's recommended to upload an image, instead of filling out an URL in the personalised image profile settings.

(My picture is on a different site, so this thread may now seem like a phishing attempt. Although it may not because the other site is actually on the same host.)

Follow-up: the "external pictures" theory probably isn't the cause. However, I can't find anything "phishy" in the offending threads. I haven't got IE7, asked a collegue to browse the forums, with the same results as the OP, and checked the threads IE complained about..

Maybe someone else can have a look at the things IE is complaining about? The hints IE give are unhelpful as always.

yea i've had a look in both the 32 bit and 64 bit version of IE6.8 (i get it cos i'm on windows 64)

There is something which is within the 'non hosted' images, which are particularily based from corporate hosts. i believe some of our users have avatars sourced from warner etc. this will cause a flag, as it is a 'image redirect' and under the new security system it can track (and log) peoples ip/etc just because their browser has been 'under' redirected to a site which isn't within this host.

i believe we should ensure all users keep images/sigs within EE to prevent this. Also the IP logging system which is used by EE (and just about every other forum) when a user posts is flagging on my browser.

I user firefox cos i hate IE. and firefox doesn't normally load images which don't originate from the site.

this is the problem, and due to some spyware systems using redirects, IE detects it as a potential threat or 'hack' and this is why it's coming up as a problem

simple solution

stop non EE hosted avatars, and jobs done.

Neko

Thanks for the research Tsuneko, that'd indeed be the preferred solution

It happened to me as well, but I never paid any attention to it.(Digs through piles of net warez)