I saw the Domain Name News article about Sedo and the apparent malware warning some users are encountering when they visit the site, and I want to reiterate that you should use caution if you need to visit Sedo’s website today until it’s cleared up.
I am not sure what the issue is, but there is an error message in Google results when you search for Sedo that says “This site may harm your computer.”
I reached out to several people at Sedo a moment ago, and I will provide an update as soon as I have one. For now, I’d avoid visiting the website until you get the all clear. Hopefully the issue is resolved ASAP.
*** UPDATED – 8/24/12 – 12:52PM EDT ***
Sedo just issued a statement:
“Sedo has been made aware that visitors attempting to access the Sedo.com or Sedo.co.uk websites using either the Firefox or Chrome web browsers have been receiving security alerts preventing entry. While the Sedo website is still accessible without warning on both Internet Explorer and Safari, we immediately began investigating the root cause of these warnings to ensure there was in fact no risk to our users or visitors to the site. At this time we can report that no threats have been detected and our technical teams are currently working with Google and others to ensure these false warnings are immediately removed.“
Hopefully they will also turn the PPC pipes back to ON.
Website is now forwarding to the .de site.
It is forwarding to the .de site, but when I tried to login I received the malware warning again. And another funny thing happened. At 1:26pm today I received an email from Sedo saying I received an offer for one of my domains…1 minute later at 1:27pm I get
“Thank you for listing your domain “******” for sale with Sedo. Unfortunately we have been forced to cancel the recent bid thread as the buyer’s Sedo account has been closed.”
Could this have something to do with Sedo being compromised?
Heard about this earlier, hopefully it’s nothing too serious although I don’t use Sedo.
Just a word of caution, someone I know said that they got a lot of offers for their domains today and knew something was going on – so maybe it’s a good idea to not get your hopes up if you’ve reviewed a few offers today 🙁
Interesting. I knew something was up. I didn’t see any warning, but the site wouldn’t let me log on. I was certain I typed in the correct password (repeatedly), but I had to change it – twice – before I was able to log on.
*
I think I’ll stay off until we get the all clear.
Somebody might have hacked the site– perhaps someone not happy with the results of the Great Sedo auction?
Anyway, this is serious, and I hope Sedo solves the problem soon.
*
Something strange is happening or just happened at Sedo, where I have been a customer for 6 or 7 years. By chance about 12 hours ago (6 hours before this blog post) I was having a routine check for optimization purposes of my highest traffic domain which is parked there.
I actually typed the domain in (to Safari) to look at the type of ads served, but instead of the usual Sedo parked page the browser bar went through several strange redirects, too fast to read, then settled on a completely unrelated ad, for a telco actually. Not a Sedo parking page, no message saying “this domain may be for sale by the owner” etc.
I was totally baffled and was going to contact a tech friend today until I read this blog. But also today, the domain now resolves to the correct Sedo parked page so the problem may have been fixed. I’m not a tech person, but I guess someone may have temporarily accessed the DNS (ns1.sedoparking.com etc) to take temporary control of Sedo domains to earn some affiliate money.
I tried two other domains at random, one went to a Sedo parked page as normal, the other went through the same fast maze of redirects, this domain was BeautyProgram.com (a low traffic name). I just took a look at yesterday’s browser history, and typing in that domain redirected (via several other redirect addresses) to: (can’t guarantee it’s safe to open it!)
http://freesearchquick.com/search.php?q=Beauty&sid=567343397&sa=8&p=1&s=79064&cskey=blz62&qt=1345798508&q=Beauty&rf=&enc=&enk=prHmmYaZZsnm4wfjJuPmyQaxhuMmmYap5skHqQbBj4k%3D&xsc=&xsp=&xsm=&xuc=&xcf=&xai=&qxcli=08d239ef12f9ca62d80696f84517c239&qxsi=8a47c49af8f8779c&mk=1&pls_flag=&ScreenX=1024&ScreenY=768&BrowserX=1022&BrowserY=652&MouseX=0&MouseY=0&is_iframe=0&ifmref=0&script_start_time=1345849802.07&xtr_new_end_time=1345849802.22&ol=08d239ef12f9ca62b720b6b36b6b68f6
This page contains affiliate beauty ads, and I suspect an unknown person took all the revenue. (I’m not complaining here about the revenue, I may have lost about five cents!) Maybe some tech person can see something in this code.
I have absolutely no evidence or belief that “FreeSearchQuick” is involved in this situation.
Today, BeautyProgram correctly opens a Sedo parking page.
So in my opinion, Sedo security was compromised and Google’s warning was clever and appropriate, not “false”, and someone took control of an unknown number of Sedo domains for a period of time. I hope this information is useful to Sedo, who I have always found to be a good company. By chance, I currently have a sale in progress and everything in my Sedo account is working perfectly. I have accessed it twice in the last 12 hours.
Sedo is welcome to contact me. Using my browser history, I was just now able to recreate the series of redirects exactly as they happened, though the perpetrator may act to remove the domain codes and links.
Following my recent comment about Sedo parked domains being redirected, I had a second look at my Safari browser history, since the redirects are retained. I clicked on the record for BeautyProgram.com and managed to get a screenshot during the fast redirects, uploaded here:
http://www.facuum.com/redirect.html
…So the domain temporarily redirected to bumbalee.com, 79064.bestjiffysearch.com and then freesearchquick.com
I didn’t get any warning message when I went to Sedo today. Re: receiving offers, I usually check with my manager if I want to know if it’s legitimate, esp. when it’s a minimum 4-figure first offer.
The warning in Google appears to be gone now.