Google is blocking autohotkey.com

Discussion about the AutoHotkey Foundation and this website
User avatar
DrReflex
Posts: 14
Joined: 25 May 2015, 02:57

Google is blocking autohotkey.com

27 Jun 2018, 22:38

Google is blocking access to autohotkey.com.

Linking to the download page for version 1.0 (https://autohotkey.com/download/1.0) and linking to the download page for version 2.0 (https://autohotkey.com/download/2.0/) using Chrome generates a Security error tab that labels the page as Dangerous and displays the following Red Screen:

*******************************************************************************************************

"The site ahead contains harmful programs

Attackers on autohotkey.com might attempt to trick you into installing programs that harm your browsing experience (for example, by changing your homepage or showing extra ads on sites you visit). Learn more.

Google Safe Browsing recently found harmful programs on autohotkey.com.

If you understand the risks to your security, you may visit this site before the harmful programs have been removed."

Linking to "found harmful programs" provides the following information:

"Safe Browsing site status

Google’s Safe Browsing technology examines billions of URLs per day looking for unsafe websites. Every day, we discover thousands of new unsafe sites, many of which are legitimate websites that have been compromised. When we detect unsafe sites, we show warnings on Google Search and in web browsers. You can search to see whether a website is currently dangerous to visit.

Check site status

https://autohotkey.com/download/1.0/

Current status

This site is unsafe

The site https://autohotkey.com/download/1.0/ contains harmful content, including pages that:

Install unwanted or malicious software on visitors’ computers

What you should do
Don't panic.
Chrome and other Google products have built-in safety features to protect you while you browse. Learn more.

Protect yourself.
For info on how to protect yourself from harmful sites, visit the Google Safety Center.

Get help.
Learn how to clean up your site and protect it from future attacks in the Safe Browsing Webmaster help articles.

Site info
This info was last updated on Jun 28, 2018.

Site safety can change over time. Check back for updates"

*****************************************************************************************************
What's up? Has the site been hijackied again?
User avatar
DrReflex
Posts: 14
Joined: 25 May 2015, 02:57

Re: Google is blocking autohotkey.com

27 Jun 2018, 22:40

Addendum:
The same behavior is exhibited by Firefox
User avatar
joedf
Posts: 6434
Joined: 29 Sep 2013, 17:08
Facebook: J0EDF
Google: +joedf
GitHub: joedf
Location: Canada, Quebec
Contact:

Re: Google is blocking autohotkey.com

28 Jun 2018, 05:53

Thanks for sharing gregster. Didn’t see that topic. I have to say that this false positive fiasco is getting a little annoying... but like what Lexikos said it’s futile. We could try to report this but then eventually this will come back again... *sigh* :(
User avatar
tank
Posts: 2326
Joined: 28 Sep 2013, 22:15
Facebook: charlie.simmons.7334
Google: ttnnkkrr
GitHub: ttnnkkrr
Location: Louisville KY
Contact:

Re: Google is blocking autohotkey.com

28 Jun 2018, 11:06

we should report it. I am traveling this week for work so i may not have time to get into it.
We are troubled on every side‚ yet not distressed; we are perplexed‚
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
https://www.facebook.com/ahkscript.org
If you have forum suggestions please submit a pull request
User avatar
tank
Posts: 2326
Joined: 28 Sep 2013, 22:15
Facebook: charlie.simmons.7334
Google: ttnnkkrr
GitHub: ttnnkkrr
Location: Louisville KY
Contact:

Re: Google is blocking autohotkey.com

28 Jun 2018, 11:30

Nevermind i did report it we shall see what we can see
We are troubled on every side‚ yet not distressed; we are perplexed‚
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
https://www.facebook.com/ahkscript.org
If you have forum suggestions please submit a pull request
User avatar
DrReflex
Posts: 14
Joined: 25 May 2015, 02:57

Re: Google is blocking autohotkey.com

29 Jun 2018, 01:24

Thanks tank,

Whatever you did worked. The "Security" blocks that were preventing easy access to the version 1.0 and 2.0 download sites are gone from both Chrome and from Firefox.
User avatar
tank
Posts: 2326
Joined: 28 Sep 2013, 22:15
Facebook: charlie.simmons.7334
Google: ttnnkkrr
GitHub: ttnnkkrr
Location: Louisville KY
Contact:

Re: Google is blocking autohotkey.com

29 Jun 2018, 08:42

To: Webmaster of https://autohotkey.com/,

Google has received and processed your security review request. Google systems indicate that https://autohotkey.com/ no longer contains links to harmful sites or downloads. The warnings visible to users are being removed from your site. This may take a few hours to happen.
We are troubled on every side‚ yet not distressed; we are perplexed‚
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
https://www.facebook.com/ahkscript.org
If you have forum suggestions please submit a pull request
User avatar
nnnik
Posts: 3188
Joined: 30 Sep 2013, 01:01
Location: Germany

Re: Google is blocking autohotkey.com

02 Jul 2018, 00:39

Guess what - it's back again
Recommends AHK Studio
User avatar
joedf
Posts: 6434
Joined: 29 Sep 2013, 17:08
Facebook: J0EDF
Google: +joedf
GitHub: joedf
Location: Canada, Quebec
Contact:

Re: Google is blocking autohotkey.com

03 Jul 2018, 09:01

Ofc :facepalm:
User avatar
Gio
Posts: 449
Joined: 30 Sep 2013, 10:54
Location: Brazil

Re: Google is blocking autohotkey.com

03 Jul 2018, 11:30

I can confirm Firefox is exhibiting the red screen at the moment of this post.
"What is suitable automation? Whatever saves your day for the greater matters."
Barcoder - Create QR Codes and other Barcodes using only Autohotkey !!
User avatar
joedf
Posts: 6434
Joined: 29 Sep 2013, 17:08
Facebook: J0EDF
Google: +joedf
GitHub: joedf
Location: Canada, Quebec
Contact:

Re: Google is blocking autohotkey.com

03 Jul 2018, 23:17

Could be the antivirus companies auto reporting...
User avatar
DrReflex
Posts: 14
Joined: 25 May 2015, 02:57

Re: Google is blocking autohotkey.com

05 Jul 2018, 22:57

The issue here is the Google Safe Browsing (GSB) browing engine(s) or algorhythm. I checked multiple files labeled by GSB as "infected" against scans done by virustotal.com. IN EVERY CASE, almost all of the 55+ engines used to test the files said the files were CLEAN. In addition everyone of the major engines (AhnLab, Avira, Bitdefenter, Comodo, Kapersky, McAffe, Symantec, TrendMicro, and Vipre) said the files were CLEAN.

I, as a firefox user, I tried to address the issue with Mozilla. https://support.mozilla.org/en-US/quest ... er-1130104 The Mozilla moderator never addressed the issue of how poor the GSB process performs compared to industry standards.

I, as a Google user, tried to address the issue with Google. They say they allow users to report URLs that are currently on their malware list but shouldn't be. https://developers.google.com/safe-brow ... /reporting The reporting is not done through Google. Instead GSB sends you to https://www.stopbadware.org/request-review

I tried to request a review of both

https://autohotkey.com/download/1.0/Aut ... 104805.zip AND
https://autohotkey.com/download/1.0/

Both are flagged by GSB. The review process begins with a search of stopbadware.org's clearinghouse for the GSB flagged URLs. In both cases I received the following reply from stopbadware.org:

"Your search for (URLs below) returned no results."

( https://autohotkey.com/download/1.0/Aut ... 104805.zip
https://autohotkey.com/download/1.0/ )

Followed by:

"Please try a different search or check back later. There can be a delay between the time our data providers blacklist a URL and when that URL is searchable in our Clearinghouse. Usually, this delay is no more than a few hours."

The pages and this file had been black listed by Google Safe Browsing for several days and should have been in the Clearinghouse. Since they were not in the Clearinghouse database, I assume that Google never reported the listings to the Clearinghouse. This prevents the me as a user from requesting a review.

Yet another flaw in GSB.

I hope this information may help with your communications to get theses issues fixed.
User avatar
DrReflex
Posts: 14
Joined: 25 May 2015, 02:57

Re: Google is blocking autohotkey.com

06 Jul 2018, 00:34

1. Using firefox I screened https://autohotkey.com/download/1.1/ and every file I checked was passed by GSB.
1a. I checked all of the Ahk2Exe...zip files,
plus all of the AutoHotkey112207..., ...112300..., ...112400..., ...1.1.25.00..., ...1.1.26.00...,
...1.1.27.00..., ...1.1.28.00..., ...1.1.29.00..., and 1.1.29.01... files

2. I next checked all of the https://autohotkey.com/download/2.0/ files. All are blocked except:
AutoHotkey 2.0-a078-31+g72dc326.zip
AutoHotkey v2.0-a074.zip
I have no idea why those 2 *.zip files were passed by GSB and all of the others are flagged as containing "a virus or malware".

3. Finally I screened the https://autohotkey.com/download/1.0/ files.
3a. All of the downloads from AutoHotkey1000.exe throught AutoHotkey104311 Install.exe are blocked under firefox except:
AutoHotkey1000.exe
AutoHotkey1016.exe
AutoHotkey1023.exe
AutoHotkey102514.exe AND
AutHotkey102701.exe

3b. All of the *.zip files on the page. All are blocked except:
AutohotKey104500.zip

3c. I checked all of the AutoHotkey104404..., ...104500..., ...104600..., ...104700..., ...104800..., and ...104805... files. All are blocked except:
AutoHotkey104404 sc bin min size.zip AND
AutohotKey104500.zip (as noted above)

3d. In addition AHK-binaries.zip is not blocked.

4. I next checked the following URLs with virustotal.com

4a. URL https://autohotkey.com/download/1.1/
Host autohotkey.com
No engines detected this URL
Last analysis 2018-06-15 02:35:37 UTC

4b. URL https://autohotkey.com/download/1.0/
One engine of 67 engines detected this URL.
Google Safebrowsing: "Malicious".
DNS8: "Suspicious".
65 other engines (including the industry standards): CLEAN!!!
Last analysis 2018-06-15 02:35:09 UTC

4c. URL https://autohotkey.com/download/2.0/
Host autohotkey.com
On April 17, 2019 no engines detected this URL including Google Safe Browsing.
Last analysis 2018-04-17 09:43:06 UTC
That is not the case today (as noted above).

4e. URL https://autohotkey.com/download/2.0/Aut ... 0f26de.zip (CURRENT VERSION OF AHK 2.0)
Host autohotkey.com
2 engines out of 68 detected this URL.
ADMINUSLabs: Malicious
Google Safebrowsing: Malicious
DNS8: Suspicious.
65 other engines (including the industry standards): CLEAN!!!
Last analysis 2018-06-27 09:13:39 UTC

WHAT DOES THIS SAY ABOUT GOOGLE SAFE BROWSING?
User avatar
joedf
Posts: 6434
Joined: 29 Sep 2013, 17:08
Facebook: J0EDF
Google: +joedf
GitHub: joedf
Location: Canada, Quebec
Contact:

Re: Google is blocking autohotkey.com

06 Jul 2018, 09:24

¯\_(ツ)_/¯
User avatar
DrReflex
Posts: 14
Joined: 25 May 2015, 02:57

Re: Google is blocking autohotkey.com

14 Jul 2018, 20:55

Here is the response from the StopBadware Team:

"Jul 10 (4 days ago)

Hi there,

It looks like Google is specifically blacklisting your downloads. Unfortunately, StopBadware does not work with Google on blacklisted downloads. We have no expertise in evaluating software, and we are unable to effectively analyze executables or other files. You will have to follow these directions, if you have not already done so: https://support.google.com/webmasters/a ... 8328?hl=en (for software owners only)

We also recommend you post your issue in one of Google's forums, such as:
https://productforums.google.com/forum/#!forum/chrome (waiting for a reply)
https://productforums.google.com/forum/ ... webmasters (they failed to answer my post and then removed it)

We're sorry we are not able to offer more assistance. Unfortunately, we only work with Google when sites are on their general malware blacklist (Safe Browsing). Their blacklist of software downloads is completely separate, and we have never worked with them on this process!

Regards,
The StopBadware Team"

I find it interesting that a site that is supposed to review malware listings to determine if they are false positives states "We have no expertise in evaluating software, and we are unable to effectively analyze executables or other files."

What does not make sense is, if the AHK site is in question, then why aren't all of the URLs and downloads blocked. Only a few pages, primarily the AHK 1.0 and AHK 2.0 download pages, are blocked. The AHK 1.1 download page and downloads are for the most part not blocked.

If a site is not blocked, then only files that are likely to contain malware should be blocked. In this case, most of the AHK website is not blocked by GSB. Downloads from the blocked version 1.0 and version 2.0 download pages are inconsistently blocked and are labeled as containing "a virus or malware". When these blocked downloads are vetted using an array of virus/malware engines, they appear to be CLEAN although GSB claims they are MALICIOUS.

If AHK has been blacklisted, to the best of my knowledge it should not be. There is nothing that I can do with AHK that I could not do with C++ and internal Windows calls. ANY programming language can be abused. You don't block the sale of fertilizer because it can be used to build a bomb. In stead you use the fertilizer for what it was intended and you search out those who misuse the fertilizer. In this case you block the "malware" and you block those who create it, not the programming language it is written in.
drpost

Re: Google is blocking autohotkey.com

15 Jul 2018, 18:43

joedf wrote:¯\_(ツ)_/¯


joedf,

Lexicos suggested I communicate with you regarding Google Safe Browsing (GSB) blocking version 1.0 and version 2.0 downloads from the website.

I believe that all of the data suggests that Google Safe Browsing has blacklisted AutoHotkey software.

I have taken time while watching the Tour de France to see what downloads are blocked. I tried to have the blocks reviewed and failed (more below). Running the URLs past virustotal.com suggests that most (if not all) of these download files do not contain viruses or malware (see below and prior posts). GSB has labeled ALL of the version 2.0 and most of the version 1.0 downloads as "MALICIOUS". Eliminating GSB, only 3 of these 40 version 2.0 files were flagged by virustotal.com (see below). Only 1 engine other than GSB flagged each of those files. This suggests that either Google's engine(s) and algorithm(s) are producing numerous false positives with 2 out of 3 version of AutoHotkey or Google is labeling the files as "MALICIOUS" using another standard.

My concern that the AutoHotkey software has been blacklisted by Google. My concern is supported by the reply I received from the StopBadware Team. They stated "Google is specifically blacklisting your downloads." StopBadware "only works with Google when sites are on their general malware blacklist (Safe Browsing). Their blacklist of software downloads is completely separate."

StopBadware seems to be stating that Google has blacklisted AutoHotkey version 1.0 and version 2.0. This would explain why none of the URLs can be found in the StopBadware Clearinghouse and why virustotal.com suggests the files are CLEAN.

*****************************
Here is some more data regarding the downloads:

I took the time while watching the Tour de France to check the 2.0 downloads against virustotal.com. As you can see GSB Labeled every file as "MALICIOUS". Only 3 files were marked by an engine other than GSB as containing malicious software (see below). I also tried to download each file using Chrome. My up to date version of Bitdefender labeled 2 files as containing Gen.Variant.Ursu.199440 even though the virustotal.com Bitdefender engine passed those files. I did not try to download them. I attempted to download the remaining 38 files. All were blocked by GSB.

[GSB DNS8] AutoHotkey_2.0-a076-aace005.zip 2016-10-20 17:51 3.0M
[GSB] AutoHotkey_2.0-a077-c2bb552.zip 2016-11-26 01:19 3.0M
[GSB] AutoHotkey_2.0-a078-1+g72dc326.zip 2017-03-23 20:47 1.8M
[GSB] AutoHotkey_2.0-a078-19+gcfbf0a0.zip 2017-03-25 23:36 1.8M
[GSB] AutoHotkey_2.0-a078-31+g4fb1ab7.zip 2017-04-05 03:58 1.8M
[GSB] AutoHotkey_2.0-a078-69+gde353c8.zip 2017-04-25 00:34 1.8M
[GSB] AutoHotkey_2.0-a078-106+gf5d8211.zip 2017-05-13 00:18 1.8M
NOTE: My Home Bitdefender states "contains Gen.Variant.Ursu.199440
[ADMINUSLabs GSB] AutoHotkey_2.0-a078-107+gaea90d6.zip 2017-05-28 02:53 1.8M
NOTE: My Home Bitdefender states "contains Gen.Variant.Ursu.199440
[GSB] AutoHotkey_2.0-a078-e25d96b.zip 2017-03-19 05:05 3.0M
[GSB] AutoHotkey_2.0-a079-be5df98.zip 2017-06-10 22:50 3.0M
[GSB] AutoHotkey_2.0-a080-d1c5ddf.zip 2017-06-11 18:07 2.9M
[GSB] AutoHotkey_2.0-a081-cad307c.zip 2017-07-15 22:08 2.9M
[GSB] AutoHotkey_2.0-a082-fffc60d.zip 2017-12-24 19:13 3.1M
[GSB] AutoHotkey_2.0-a083-97803ae.zip 2018-01-06 22:12 3.1M
[GSB] AutoHotkey_2.0-a084-72186a7.zip 2018-01-21 16:52 3.1M
[GSB] AutoHotkey_2.0-a085-996f0b5.zip 2018-01-23 17:02 3.1M
[GSB] AutoHotkey_2.0-a086-80cc1eb.zip 2018-01-24 05:29 3.1M
[GSB] AutoHotkey_2.0-a087-e4a5493.zip 2018-01-27 20:38 3.1M
[GSB] AutoHotkey_2.0-a088-338ed55.zip 2018-01-29 02:40 3.1M
[GSB] AutoHotkey_2.0-a089-3de22ab.zip 2018-02-18 06:00 3.1M
[GSB] AutoHotkey_2.0-a090-ae96c4a.zip 2018-03-26 06:06 3.1M
[GSB] AutoHotkey_2.0-a091-9baa9fa.zip 2018-03-31 00:29 3.1M
[GSB] AutoHotkey_2.0-a092-840a364.zip 2018-04-01 00:37 3.1M
[GSB] AutoHotkey_2.0-a093-f7548e0.zip 2018-04-07 05:01 3.1M
[GSB] AutoHotkey_2.0-a094-29bbc64.zip 2018-04-22 07:11 3.1M
[GSB] AutoHotkey_2.0-a095-9f724c5.zip 2018-04-29 06:18 3.2M
[GSB] AutoHotkey_2.0-a096-2ad11cb.zip 2018-05-07 06:39 3.2M
[ADMINUSLabs GSB] AutoHotkey_2.0-a097-60f26de.zip 2018-06-12 23:33 3.2M
[GSB] AutoHotkey_v2.0-a069.zip 2015-10-24 22:43 405K
[GSB] AutoHotkey_v2.0-a069_x64.zip 2015-10-24 22:43 510K
[GSB] AutoHotkey_v2.0-a070.zip 2015-11-09 16:59 405K
[GSB] AutoHotkey_v2.0-a070_x64.zip 2015-11-09 16:59 510K
[GSB] AutoHotkey_v2.0-a071.zip 2015-12-25 20:28 405K
[GSB] AutoHotkey_v2.0-a071_x64.zip 2015-12-25 20:28 510K
[GSB] AutoHotkey_v2.0-a072.zip 2015-12-25 20:40 405K
[GSB] AutoHotkey_v2.0-a072_x64.zip 2015-12-25 20:40 510K
[GSB] AutoHotkey_v2.0-a073.zip 2016-02-05 19:05 406K
[GSB] AutoHotkey_v2.0-a073_x64.zip 2016-02-05 19:05 510K
[GSB] AutoHotkey_v2.0-a074.zip 2016-03-11 22:03 406K
[GSB] AutoHotkey_v2.0-a074_x64.zip 2016-03-11 22:03 532K
[GSB] AutoHotkey_v2.0-a075.zip 2016-06-03 23:56 407K
[GSB] AutoHotkey_v2.0-a075_x64.zip 2016-06-03 23:56 533K

[] = Detected. "Malicious" unless in () then "Suspicious"

I don't know if this information will help but at least you did not have to take the time to gather it yourself.

Thanks to you and Tank for maintaining the website. Special thanks to Lexicos for this great software.
User avatar
joedf
Posts: 6434
Joined: 29 Sep 2013, 17:08
Facebook: J0EDF
Google: +joedf
GitHub: joedf
Location: Canada, Quebec
Contact:

Re: Google is blocking autohotkey.com

16 Jul 2018, 08:35

Thank you. I appreciate you taking the time with this. I will try to contact google on this. These are false positives.
In your list, it seems even some of the newer builds are being flagged. All of the source code is available on GitHub.
AutoHotkey has been used many times in the past to make malicious software, but AHK itself is not malicious.
It's like if I decided to use python to write a virus, but they people think python is a virus. None the less, with some internet communities, they believe AHK == Virus... :/
User avatar
joedf
Posts: 6434
Joined: 29 Sep 2013, 17:08
Facebook: J0EDF
Google: +joedf
GitHub: joedf
Location: Canada, Quebec
Contact:

Re: Google is blocking autohotkey.com

16 Jul 2018, 08:40

Interesting read... on Google Safe Browsing
https://security.stackexchange.com/a/98179/43849
User avatar
tank
Posts: 2326
Joined: 28 Sep 2013, 22:15
Facebook: charlie.simmons.7334
Google: ttnnkkrr
GitHub: ttnnkkrr
Location: Louisville KY
Contact:

Re: Google is blocking autohotkey.com

18 Jul 2018, 08:40

Lets see how much of this we can apply
https://www.google.com/about/unwanted-s ... olicy.html
We are troubled on every side‚ yet not distressed; we are perplexed‚
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
https://www.facebook.com/ahkscript.org
If you have forum suggestions please submit a pull request

Return to “About This Community”

Who is online

Users browsing this forum: No registered users and 18 guests