Open in app

Sign in

Write

Sign in

PostMortem: Safe Browsing Warning

Aaron O'Mullan
GitBook
Published in
3 min readJul 24, 2018

In short: the warning was a false-positive, no user-data compromised, no end-users impacted to our knowledge.

What happened ?

Last Wednesday (18th of July 2018), for 9 hours (8am to 6pm PST), users visiting www.gitbook.com may have seen this scary warning:

Google’s Safe Browsing Warning

Our team received a few emails about a warning displayed when trying to access GitBook from Chrome (and other browsers).
We immediately started to investigate and found the origin of the issue less than 30 minutes later… It took another 8h or so for Google to jump in and process our review.

Why did it happen ?

Google’s Safe Browsing listed all of www.gitbook.com and legacy.gitbook.com as “unsafe” because some old projects on legacy.gitbook.com contained content that linked to malicious websites.

Unfortunately, all platforms hosting user-generated content are at risk of abuse by spammers. We’re no exception.

We do have automated anti-spam measures in place, but they didn’t catch these specific projects.

Am I at Risk ?

No, even if you have saw this message, you are not at risk, unless you visited one of the few suspicious v1 books with unsafe links.

For a user to be affected by the malicious links, they would have had to:

  1. Visit an unsafe project on legacy.gitbook.com (GitBook v1)
  2. Click one of the malicious links in the project’s content
  3. Which redirects them to a 3rd-party website
  4. Where the attacker’s website would try to trick them into downloading some malicious software.

Our data indicates that a majority of those links were for “software cracks” and other “warez”, such content violates our terms of service.

How was it resolved ?

As soon as we were alerted of the issue, we reached out to Google via our Google Search Console and requested a security review.

In the meantime, we carried out bulk reviews of v1 content to detect the projects Google detected as “unsafe” and stopped showing all user-generated links on the main GitBook v1 domain (legacy.gitbook.com).

Current status ?

As of now (and since Wednesday evening), all users should be able to access GitBook without seeing any in-browser warnings.

GitBook.com

Thanks to security and anti-spam measures we’ve taken in the v2, there are no malicious links on www.gitbook.com (see Google’s report)

GitBook.com’s safe browsing status

Legacy.GitBook.com

On the v1 (also known as legacy GitBook), you should not see warnings on most pages. However Chrome & Firefox should (correctly) show warnings on some of those unsafe pages (see Google’s report)

Legacy.GitBook.com’s safe browsing status

Safety measures moving forward

  1. Batch reviews of v1 content, to block malicious users and their content
  2. Improving our automated anti-spam systems, to better detect suspicious content/users whilst minimizing impact on real-users (on v2)
  3. Make it easier for users to report suspicious users / content (on v2)

Closing notes

We take the security of our users and their data very seriously. We’ll continue to share transparent postmortems on all major security incidents to help you understand what happened, why it happened and how it affects you.

If you have any questions on this specific topic or others, please reach us at support@gitbook.com

PostMortem
Security
Gitbook

--

--

Aaron O'Mullan
GitBook

Written by Aaron O'Mullan

134 Followers
Editor for

GitBook Co-Founder

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams