Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.
I clicked the link, and it was not caught by the phishing filter at the time I clicked it. I also submitted the link for you to the Security Response Team using the following link.
False Positives - https://submit.symantec.com/antifraud/false_positive.cgi
You might also want to read this post, for an explaination of how the system works. The site was not specifically targeted, but rather scored base on the way it was designed by it's programmers.
I am not sure what credentials or information your software uses as a basis to identify phishing sites, but it appears, from reading this forum whatever formula, credentials, or algorithms you use, you have a major flaw in your phishing detection system. As indicated from other posts on this forum your software incorrectly identifies some safe sites as phishing sites. This is not only bad for the site that is safe and you report as a phishing site, this is bad for your company too. It reflects poorly on your software.
This morning two people who use your software reported to us that they are getting phishing warnings on our site at http://notoverthehill.com/ . It certainly is not a phishing site, nor could it be. There is absolutely no financial information collected on this site, there is nothing sold on this site, there are no viruses, Trojans, worms or other malicious activity on this site - there isn't even any software offered for download from this site, yet your software is giving users a false "phishing warning" when they visit this site.
This is not only detrimental to our site but to your software since your software isn't able to differentiate between a real phishing site and a safe site.
We have told our users that they must be cautious about depending on a security program that produces false-positives as it might also mean that it isn't detecting real threats either. One thing for sure, your software is flawed and needs to be fixed immediately.
Reporting false positives when users are visiting a safe site like http://notoverthehill.com/ isn't good our site and it really looks bad for your software.
TC
Cloudeight Internet LLC
Cloudeight "NotOverTheHill"
I am one of the two people that have been getting phishing warnings at http://notoverthehill.com/ . This started when I went to view my page at http://notoverthehill.com/mouse/ at approximately 1:45 a.m. . Of course you might not be able to view it as a guest without knowing my password. Then as I started trying to view other parts of the site, the phishing filter started warning me even more. I've never had a problem with my Norton's antivirus program before this morning. I disconnected from the site and ran LiveUpdate and then did a scan on my computer. The only thing that popped up security-wise was something about a temporary cookie. Now while we're on that subject, why is my antivirus program even alerting me about cookies? So at this point, I've turned the Phishing Filter off and will only turn it on when I'm not on the NotOverTheHill site. When you get it fixed, please let me know. Thanks!
I've visited your site several times consecutively after reading this post. Sometimes it got blocked as phishing, other times it didn't.
Is it possible that one of the revolving adverts on there is being mistakingly flagged as phishing, or is indeed malicious rather than your site itself.
Edit: I think this is the case, just visited it again, and the URL that is blocked as phishing is:
http://cubics.com/displayAd.aspx?pid=X (Removed this for obvious reasons).
Hello I am a representative of Cubics.com (the site indicated in the comment below). We operate an ad network for Social Networking application developers.
We've just become aware of this issue and I've already submitted the false positive information. But I still have some questions:
- What type of turn-around time can we expect?
- Will I be notified when our site has been removed?
- Can I speak to someone directly? (the submission included my phone number)
Cubics.com serves thousands of ads every second and hand-reviews every ad that goes into our system. The block is happening on our publisher's pages which are typically running on Facebook. So this makes lots of very legitimate people look bad (us, the publisher and Facebook)
This is a very big deal to us, so we need to know what's going to happen.
Who can we contact directly?
gvoyerperrault wrote:
- What type of turn-around time can we expect?
- Will I be notified when our site has been removed?
- Can I speak to someone directly? (the submission included my phone number)
1) It should be a fairly quick turnaround, depending on the number of submissions at the time.
2) You will be notified of the results by email, to the address you used for submission.
3) If the results of the analysis are not satisfactory to you, there are further instructions to contact our Technical Support team. However, you can also send me a Private Message through these boards with your contact information.
I would recommend submitting all possible URLs that are being detected as phishing sites. We want to ensure we have as much information as possible regarding the problem so we can resolve it quickly. Thanks!
I am another person who suddenly started receiving ‘phishing’ notices today at Not Over The Hill. It even said MY page was fraudulent! At first, I thought it was my problem…since I recently re-installed my Norton’s 360; then I heard from other people with the same problem. How can I get around this? I’ve repeatedly clicked on ‘report this as a safe site’…still get the same thing! I’ve always liked Norton 360–but this is very annoying!
It has been 15 hours now and I still get the false positive that http://notoverthehill.com/mouse is a Fraudelent Web page. I sure hope you get it fixed soon. I have 121 days left on my subscription and may just decide to find another antivirus program to run on my computer! I’ve never had a problem with even a free antivirus program - Grifsoft’s AVG Antivirus program. I’ve been on the internet for nine years and this is one of the most upsetting days of my life. I am just a user at notoverthehill.com - but I’ve been going to the various webpages that these people put out and have never had a problem and trust them wholeheartedly. Please get it fixed soon. Thank you very much. I’ve done LiveUpdate twice now and still no results or a fix to this problem.
Ok, it’s been 24 hrs. This ISNT a fast turnaround. I have to click on ‘report this as safe’ every single time I navigate from one page to the next (& even if I go back)–I’m sure I’ve now done it at least 2 dozen times on EACH page. HOw many times do I have to tell them it’s ‘safe’ before they get it? I can understand needing to report a page as safe…but how many times?
Ok…I guess you’ve got it fixed! I just needed to do a couple of things on my end. Thanks! 
This thread totally cracks me up.
For one i'm glad that Norton uses the methods it does to detect phishing. It's pretty dang easy and fast to throw a phishing site up. Someone that knows what they are doing can literally have one going in 10 minutes, or more importantly move one from one domain to another in seconds. The software on your computer HAS to be able to detect new ones, with the speed that they can change, there is no way to keep the list current. If I wanted to I could probaly create one that cycled it's residency thru 12 domains in 12 hours, be hard to catch that if the domain had to be on the list to get caught.
Now lets look at what happened here:
Some poor programmer over at cubics didn't follow industry standard best practices when they created some harmless popup or banner ads. What they did wrong i have no clue, but it probably had to do with mixing domain names and/or something with tracking cookies and/or something else that gets flagged. I read a pretty good post around here someplace (can't find it now found it) about how norton phishing protection works. The results of THEIR (the programmer at cubics) actions created a false positive.
Now we have the group here in this thread that wants to falsely pin the blame for the problem on Norton... the company that they choose to protect their computers and their private information. What's even funnier is when people threaten to 'go back' to the free solution that they used to use... if it was really so great then why did you change away from it?
In reality if you all just chill out for a bit longer, this will all get staightned out. The issue over in the marriot thread didn't last long at all... looks like about 12 hours from the first post in this forum until norton solved the problem. This one may or may not be a little but trickier to resolve.. we don't know. Maybe it can't even be resolved on Norton's end due to the nature of whatever flagged it. (cracks me up when someone calls the algorythm flawed when they don't even know the specifics... it was just inconvient to them.. so therefore it must be a flaw on Norton's part)..
[rant off]
the mods will probaly delete this, I should have coffe before I come here to read.....
PS - If you haven't run liveupdate, you might want to do that now... someone else has posted since i started typing.. but they don't really tell us what they had to do on their end..
Your answer shows a complete disregard for the people who have posted here as well as the Web site affected. If it were your domain and your site and you had spent a decade helping others and earning their trust, I would dare say you would not have been so flippant.
The ad from Cubic's was not coming directly from Cubics, but from Lookery - we have no affiliation with Cubics. And if Norton software is so bad that it finds a domain fraudulent because one or two ads from Cubics running on that site, then we're back to the beginning - there something Wrong with Norton. I didn't see McAfee's Site Advisor warning me off the site because of an ad. Obfuscating the fact that Norton software should never ban a site because some legitimate advertising network's coding was flawed doesn't address the issue or make Norton a better product. If you're going to criticize Cubics programmers, you should spend more time on this forum and review the myriad of problems Norton's flawed programming presents.
And speaking of Norton's glaring weaknesses: There are dozens of advertisements for FunWebProducts on the site which we cannot block because FunWebProducts disguises their product by continually buying new domains, making it impossible for Webmasters to block their ads. Attempting to block FunWebProducts ads by blocking their known domain names is futile. They register new domains every week. So, why doesn't Norton software find FunWebProducts offensive? In my experience of repairing computers I have found it has ruined more computers than I care to count. Yet Norton seems to have no problems with it. If ever there were a "fraudulent Web site" FunWebProducts is it.
It's OK if you want to be a blind Norton fan, but it's not OK to ridicule and and laugh at other people who enjoy our site and we're shocked to see it called "Fraudulent" due to yet another Norton flaw.
Blind fanaticism for a flawed product does not make that product less flawed nor make it a better product. Norton seems to have a continual stream of flaws. One only has to browse through this forum to see the many flaws that it has - or has had.
Before this thread gets too heated…has the problem been resolved? Is anyone seeing this as a phishing site still? I see that Altara33606 is no longer seeing it as phishing. Any updates on this one is appreciated. Thanks!
Tony_Weiss wrote:
Before this thread gets too heated...has the problem been resolved? Is anyone seeing this as a phishing site still? I see that Altara33606 is no longer seeing it as phishing. Any updates on this one is appreciated. Thanks!
Hey Tony;
I filed via the formal false positives check and I have yet to receive a response.
To reference the original complaint, we (Cubics) are showing ads for Lookery in some instances. So the advertising iframe contains another iframe with our ad code inside it. I have had this error reported from publishers using only our iframe (no Lookery involved). So the problem isn't just some nested iframes wackiness.
Again I filed the complaint yesterday along with my first posting, so we're pushing 24+ hours here and there has not been any response.
Hi Tony, My problems have all been solved and thank you for the quick action. I've also posted on my webpage some additional things for other users to do, because they were still having the problem. Since following the additional instructions I gave them, they are now able to browse NotOverTheHill without receiving the Fraudulent Web Page Phishing Alert and are extremely happy.
So you'll know what I told them to do on their end, here's what I said: I would suggest that you empty your cache of the Temporary files, do a LiveUpdate to make sure you have the latest codes and definitions for your Norton Antivirus program, restart/reboot your computer and then run a complete virus scan on your computer. Then visit your HILL page and keep your fingers crossed that you get no more Fraudulent Phishing Alerts.
Final note, after the users who were still having trouble did the above, they reported back to me that everything was working okay. Sometimes it takes more than one cook to stir the pot. Have a great day!
OK,I went to http://notoverthehill.com/ and notiing happens.
OS=Vista SP1 all updates
Browser 1=IE7 with antiphishing (NIS 2008 v15.5...)
Browser 2=Opera 9.51 with antiphishing option on (not monitored by Norton,not supported browser)
Location= Macedonia (Europe)
ISP= Macedonian Telecomunications www.t-home.mk