Nice find, arch.
Ripping.org is The World Overclocking Database. Something like hwbot but on a different level taking a whole new approach.
That is the place where
Brian y. hosts his signature. I mean, its dynamically generated based on his latest achievements, scores, team statistics, and all that.
Now there are two solutions, one is contacting Brian and explaining him the situation. He couldn't possible know this or be aware of. Removing that signature (or hosting it another place or chaging or anything else) part will alleviate this situation. This a quick fix and the warning will disappear right away because the member's (Brian y.) signature won't get queried anymore.
The another solution might be contacting the Ripping.org's domain administer - making the admin aware of the situation. S/he might not know what the hell happened. The site might have been attacked and using code injections, iframes, and other malicious techniques, it could have been easily used for 'hosting malware.' And then it might have been reported, Google sticked the 'warned' note and be done with it. That's all. Once its source is located, the problem can be cleared up.
Of course, it takes a while until Google's web crawlers/spider bots revisit the problematic site (ripping.org), but then that warning should disappear. Google's Team can also be emailed asking for a speedy revisit of their bot, explaining the situation, its cause and solution. Things like this can happen - no one is responsible for this and it's pretty sensitive.
Domain Name:RIPPING.ORG
Created On:17-Oct-2001 12:45:20 UTC
Last Updated On:30-Aug-2008 10:40:06 UTC
Expiration Date:17-Oct-2010 12:45:20 UTC
Sponsoring Registrar:CSL Computer Service Langenbach GmbH d/b/a joker.com a German GmbH (R25-LROR)
Registrant Name:Gianni Kraettli
Registrant Street1:Bueelstrasse 82
Registrant Phone:+055.4403587
Registrant Email:gianni@ripping.org
A while ago we did report such an attack at a Romanian premier business magazine's website. While we recognized the code injection early, reported, and the person in charge fixed the problem, it did not got seen by the spiders of search industries such as Google's or anti-malware business such as WOT. Once a site gets marked as 'dangerous' if it's not cleared out fast, it can affect its popularity, and therefore its view-count, hits, PR, and overall income takes a huge hit. So they were pretty thankful of our speedy approach. I've posted the full disclosure of this on TLTE back then.
EDIT: Oh, and by the way; all of this can be a child's play if you contact
PrimeRanks. We alleviate defamation and improve rankings, hehe.
EDIT2: Brian y.'s signature is hosted at: http://colardyn-it.be/storage/signature_u5693.png - that domain seems alright.
The "dangerously" marked page that is apparently queried and used as part of DevH Forums is the following:
http://www.ripping.org/signature.php%3Fusername%3DBrian%2520y. -- which seems like a signature query via ripping.org - therein lies my assumption. But it doesn't exist; it's not a valid link. But it leads to Brian's name. Something is wrong with his signature. Perhaps that colardyn hosting place queries the hwbot results via ripping.org - I have no idea. To figure out I'd need to know the exact line that appear in Brian's signature.
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
