1852: Ann Hoag and Jonas Williams 1722: Cartouche’s brother, hanged by the armpits

On the late and unlamented malware warnings

July 30th, 2012 Headsman

Visitors to Executed Today have for the past fortnight generally faced a gantlet of virus warnings labeling this an attack site. Depending on how you interact with your Internets, that warning may have shown in your browser, as an interstitial via a click from a search, as a pop-up from a firewall or virus scanner locally installed on your machine, or other ways.

I want to apologize sincerely to all visitors (actual or prospective) who were affected by this obnoxious interposition.

For much of those two weeks, I’ve been attempting to persuade the (gratifyingly many) inquirers that the warning was a fiction being perpetrated by Google. Unsurprisingly, between “random blogger” and “Palo Alto borg”, most readers preferred safe to sorry. Site traffic tanked by around 70%.

Nevertheless, my implausible story was accurate. The site has been perfectly safe. Google has been gratuitously befouling it.

For anyone interested in the incredibly tedious details, this is the rough sequence of events:

  • For about 3-4 hours running up to 12 noon GMT on Sunday, July 15, the site was indeed compromised by a Rootkit exploit. Google’s malware-sniffer — and it’s one of the maddening contradictions in this affair that Google automates your scarlet letter but requires an impenetrable manual process to remove it — noticed this within about half an hour.
  • This exploit was repaired in very short order by a combination of shuffling plugins and security updates, and immediately reported for removal from Google’s blacklist.
  • Google took its sweet time, but 11 hours later, it did remove executedtoday.com from its blacklist.

In the usual course of things, this would be the end of it.

However, in this case, Google’s algorithms and/or employees blacklisted not only the master site executedtoday.com but a host of individual archive paths such as executedtoday.com/2007/ and www.executedtoday.com/category/milestones/. These archives have never had any special properties apart from the main site: in reality, if one is safe, they’re all safe; if one is buggy, they’re all buggy.

Now, Google helpfully publishes its blacklist, and damn near every antivirus service uses it without further scrutiny as an automatic no-fly list. So even if you, gentle user, never use its services yourself, Google likely acts as a discreet behind-the-scenes butler, screening your guests: for the webmaster, satisfying Sergei and Larry is an offer you can’t refuse.

In a vain quest to accomplish this, the ensuing two weeks after the initial infection was a Kafkaesque cycle in which a dozen-plus requests posted to Google via its execrable webmaster tools led a dozen-plus faceless Google employees to (redundantly) certify ExecutedToday.com malware-free and remove ExecutedToday.com (the main site) from Google’s blacklist … not a one of them also removing any of the many archive links. The review process has no transparency, no visible timetables, and no apparent method of appeal. All you can do is keep re-submitting, cajoling, explaining (if you know the explanation: I didn’t know for more than a week, but is it really for me to know the ins and outs of Google’s own listing process?), begging, threatening, whatever, over and over, and hope the next review defies the experiences of the countless ones preceding.

The net effect during this period was that visitors could get to the home page (not blacklisted!) just fine. Clicking on any (or nearly any) link within the site navigation, however, produced a false malware error.

So once again: I am very sorry that visitors to the site experienced this horrible situation for such a protracted period of time, and I assure all that we do take seriously your safety as a visitor to the site.

To speak a little more plainly, however, Google’s dogshit service in placing me in the position to have to extend this apology is pretty horrendous. Yes, this was originally my own fault for getting caught out by the (original, short-lived) malware issue; and yes, this is #firstworldproblems by any definition. It’s easy enough for some small-time blogger to slate a Silicon Valley behemoth for having an irresponsible indifference to false positives, but it’s a sobering reminder of the ubiquitous control that Google and just a few other companies exercise over most users’ experience of the Internet.

Thanks, by the by, to Sucuri.net for ultimately unraveling the mystery. Their service in this whole affair was very well worth their modest fee for malware monitoring and cleanup.

On this day..

Entry Filed under: Administrative Messages




Execution Playing Cards

Exclusively available on this site: our one-of-a-kind custom playing card deck.

Every card features a historical execution from England, France, Germany, or Russia!