Author Topic: Potential Malicious content when viewing geocache pages at Geocaching.com  (Read 2256 times)

0 Members and 1 Guest are viewing this topic.

kirok

  • Administrator
  • Big Time Cacher
  • *****
  • Posts: 690
  • "To boldly find what no cacher has logged before!"
    • Binthair Challenge
Woody06 brought up an interesting point this evening regarding a cache page he was viewing that generated a warning message in his browser.  That message indicated that the webpage he was viewing was potentially harmful (i.e. could contain a virus or malware of some sort).  
He was unsure of which cache he was viewing, but was sure it was a cache placed by Valpin.

The issue here is that it looked, to the anti-virus/anti-spyware software within his browser, that the Geocaching.com website itself was the cause. While this is not totally impossible, it is highly unlikely.  The most common reason for such warnings when visiting geocaching.com, is something within the HTML of the cache page itself that the cache OWNER has placed there, which has now been flagged by the various security companies out there as being potentially harmful.

When creating cache page listings, especially puzzle caches, cache owners like to have special content on their cache pages.  This could be in the form of a video that you need to watch, a sound file you need to listen to, or even something as simple as a link to some geocaching club that they are a member of.  Since Geocaching.com does not host videos or sound files, cache owners must host these files somewhere else on the internet, and create a link on the cache page for you to click on and go there to see the content.

The issue with using any "external to geocaching.com" content on your cache page, is that inevitably that website will change. Nobody "owns" a domain name.  Even Geocaching.com doesn't OWN the domain, they actually LEASE it.  If you don't pay your annual renewal fee, the domain can be put back "on the market" and anyone else can buy it up and host something new at that old address.

Unfortunately, there are groups of people in the world who like to take advantage of this, and purposely purchase previously used websites that may have been popular at one time, and use them to host malicious or offensive content.  This can happen at any time, likely without the cache owner who used the old website service, ever knowing it occurred.

This is precisely what has happened to several of Valpin's cache pages.   Valpin, being a cacher in Québec who primarily published his caches in French, used a service that verified the spelling and grammar of cache listings, and proudly displayed their logo on his cache pages.  That service has since been shut down, and the people that took over that old domain name are hosting something that is being flagged by the security services on our computers as being potentially harmful.

The caches in question are:

Valpin #15 - Jean de Bréboeuf - GCVH5N
Valpin #16 - La borne milliaire - GCVM6E
Valpin #26 - Le Patator - GCW2KD
Valpin #28 - Élémentaire mon cher Watson! - GCW8F6
Valpin #50 - La 50 - GCY6YQ

There may be others.  

It is important to note that viewing the cache pages themselves at Geocaching.com is NOT an issue.  What is the issue, is the link he has placed on the cache page.  You will see the light blue logo with the "Fleurs De Lis  - cache certifiée 100% français sans faute" at the bottom of his pages.  Simply DO NOT click on this link and you'll be fine.

I will be marking a needs maintenance on these cache pages to notify the cache owner, and inform the local reviewer.  Better to play it safe and warn people.

As always, never follow links to external sites that you do not know or trust, even if they are in a cache page.  Geocaching.com cannot be responsible for every link a cache owner places on their pages, so play safe!

« Last Edit: June 06, 2013, 20:01:42 by kirok »

bluelamb03

  • Administrator
  • Big Time Cacher
  • *****
  • Posts: 1637
  • Good hunting everyone!
Excellent follow up Kirok!
Thanks,

Blue -
Without shared stories we are strangers.
- Sheila Mendonça


Woody06

  • Guest
Thanks, Kirok, for the explanation.

The red-haired witch

  • Guest
I see that Valpin has already removed the evil link!  Thanks ;D

And thanks to kirok for finding and investigating the issue, as well as using the Needs maintenance needed as it is meant to be used! :)

hidnseek

  • Administrator
  • Sr. Cacher
  • *****
  • Posts: 419
Thanks for your quickness.  It sounds like it has been followed up on as well.

Thanks.


"I have to go. I'm conducting a seminar in multiple personality disorders, and it takes me forever to fill out the nametags."
— Niles Crane (David Hyde Pierce)