Isolated Malware Incident: Incident Report for AWeber

After receiving a number of reports from folks who received the Tuesday HTTS newsletter and reported that it was showing warnings that the links connected to malware, I received the following email from Aweber that applies a BROAD stroke of overcompensation on Google’s part:

AWeber Network Status July 28, 2015 1:50 PM
To: Holly Lisle

[AWeber status] Resolved : Isolated Malware Incident

Isolated Malware Incident

Incident Report for AWeber

New Incident Status: Resolved

Google has removed the malware alert from all emails sent through the AWeber service. Emails should no longer be flagged as containing possible malware. Thank you for your patience as we’ve worked to resolve this incident.
Jul 28, 13:50 EDT

PREVIOUS UPDATES
Update
We have disabled all links redirecting to problematic URLs, and we are actively engaged in conversations with Google to have the alerts removed from emails sent through our service.
Jul 28, 09:37 EDT

Identified
We have identified an isolated incident of a website that uses AWeber has been infected by malware. As a response, Google has marked all links from AWeber customers using click tracking (redirecting through clicks.aweber.com) as potential malware. We are working with Google to clear the misapplied alert as well as the AWeber customer to resolve the isolated malware incident. Please know that the AWeber system has not been infected by malware. We apologize for any concern or inconvenience this has caused. Thank you for your patience.
Jul 28, 09:11 EDT

I put the HTTS newsletter on hold following these reports. I have now reset it to be delivered on Tuesdays again.

Thank you to all the folks who reported the problem.

image_pdfDownload as PDFimage_printPrint Page

By Holly

Novelist, writing teacher, on a mission to reprint my out-of-print books and indie-publish my new ones.

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

2 Comments
Inline Feedbacks
View all comments
Rez
Rez
7 years ago

Speaking of aweber.com, remember that “connection refused” problem I was having with the HTTS email links?

Finally occurred to me to look in my HOSTS file, and sure enough, aweber.com was blocked.

Now, my HOSTS file came from the Microsoft professionals network, meaning it’s fairly well-vetted and not just arbitrary hatin’ on some types of sites. But domains with no real function other than adserving or redirecting do get listed. And that’s probably how it came to be.

Actually, there were two:

127.0.0.1 analytics.aweber.com
127.0.0.1 clicks.aweber.com

I would bet every call to the latter also calls the former, but not where you can see it. What happens to that data??

Me, I’d consider hosting that includes fullblown mailing list abilities and run it off my own domain.

2
0
Would love your thoughts, please comment.x
()
x