SiteTruth - the blog

Our AdRater system accumulates information on web advertisers. We are using this to evaluate the quality of advertisers accepted by different advertising services.

A rather high fraction of Google AdSense advertisers are rated as “site ownership unknown or questionable, or significant negative information about the business was found.” These are the ones for which we could not find the business behind the web site. We suggest dealing with such sites with caution. Users with AdRater installed will see the icon displayed atop ads for such sites.

Today, SiteTruth introduces AdRater, an entirely new class of tool for consumers. AdRater looks at the ads on each page you visit and rates the advertiser. SiteTruth rating icons appear next to most text ads. Click on any rating icon to get the dirt on who’s behind the ad. Know who you’re dealing with before you click on the ad.

AdRater is free. No strings attached.

This is an alpha test; any problems, please report them here, on this blog.

Google recently fixed their “open redirector” in Google Maps, used by “phishing” sites to make attack URLs appear to be Google URLs.

PhishTank then marked the exploits formerly using it as “off line”, and SiteTruth automatically upgraded Google’s rating from to to .

The number of major sites with security vulnerabilities exploited by phishing attacks has dropped from 171 problem domains in early December 2007 to only 54 domains today. We’ve been talking to PhishTank, the Anti-Phishing Working Group, the press, and some of the vulnerable sites to focus attention on this problem. It’s on its way to being solved.

The Register has published an article about SiteTruth with the dramatic headline, “Cybercrooks lurk in shadows of big-name websites”. It’s about our list of innocent but vulnerable sites exploited by phishing scams.

SiteTruth is partially available due to network problems at an APlus.net colocation facility in Phoenix, AZ. Servers are being moved and we expect to be operational by Monday.

Update, December 4, 2007: The APlus.net outage continues.

Update, December 5, 2007: SiteTruth is back up for now, but the APlus problems have not been fully resolved.

After we discovered that a few major domains were being exploited by phishing scams, we added a new feature to SiteTruth - a continuously updated list of problem domains:

List of major domains being exploited by phishing scams

Each domain listed here is a well known domain in the Open Directory providing, perhaps unwittingly, a service for a phishing scam reported to PhishTank. The service provided may be hosting, URL redirection, or Internet connectivity. The owners of the domains listed are generally innocent of direct involvement with the scam. Domains listed typically have a security vulnerability which is being exploited.

There are only 164 such domains today. It’s not a problem that can’t be fixed, and it’s not a problem common to most web sites. A few major sites just need to clean up their act.

Domains on this list are down-rated by SiteTruth.

SiteTruth is currently rating Google as “Site ownership unknown or questionable. — Negative Info”

“google.com” has a negative report in PhishTank this week. A hostile site is exploiting a security hole in Google Maps, an “open redirector”, to give themselves a phony “google.com” web address. This assists the hostile site in evading spam filters and web filters.

Once Google plugs this security hole, PhishTank should notice within a day, and SiteTruth will pick up that information and rerate automatically.

We’ve seen this with a few other major sites. “rds.yahoo.com” is an open redirector, but, confined to a separate domain used only for redirection, it doesn’t open a hole through spam filters and so we don’t downgrade the whole “yahoo.com” domain. AOL uses “r.aol.com” in a similar way, but they also have an exploitable hole in AOLsearch that’s been reported to PhishTank.

Click on any SiteTruth rating icon for a detailed report about how the rating was computed.  If “Negative Info” is reported, click on “Show Details” for a link to the data source which reported trouble.

SiteTruth is an “editor’s pick” today in Yahoo’s Applications Gallery.

SiteTruth now recognizes addresses and postal codes for

• Australia (AU)
• Canada (CA)
• United Kingdom (UK)
• United States (US)

More countries will be added over time.

One of the data sources used by SiteTruth is PhishTank, which distributes an XML feed of hostile URLs. Since 1800 PDT 2007-10-10, PhishTank’s file has had no phishing entries. As a result, SiteTruth is not correctly rating phishing sites at this time. The operators of PhishTank have been notified.

Update: Problem fixed 1040 PDT 2007-10-12