totalcmd.net

Discuss and announce Total Commander plugins, addons and other useful tools here, both their usage and their development.

Moderators: white, Hacker, petermad, Stefan2

Post Reply
User avatar
Usher
Power Member
Power Member
Posts: 1675
Joined: 2011-03-11, 10:11 UTC

Re: totalcmd.net

Post by *Usher »

Flint wrote: 2018-08-02, 22:01 UTCHere they are.
Let's see:
* TC_FavMenu2 - It is provided with sources so it can be reviewed and recompiled.
* BootScreenView - It seems to dig in system files so it may be hard to make replacement or some workarounds.
* TCPlayer - It is currently maintained on Github so it should be replaced with the newest version. You can also remove plugin file and make clickable link to github.
* SVI_Eliminator -It patches or deletes system files (digitally signed) and folders, so it will be always marked as potentially malicious tool. It was written for Windows XP and may crash newer systems. "Deletion Delay Eliminator", another tool made by the same author http://totalcmd.net/authors/4373853.html may be marked as malicious for the same reasons. Note that both of them are NOT TC plugins – they are independent hacking tools.
Andrzej P. Wozniak
Polish subforum moderator
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Re: totalcmd.net

Post by *ghisler(Author) »

2Flint
Could you please at least consider a temporary solution? People complain that they can't download plugins any more. :(
Author of Total Commander
https://www.ghisler.com
User avatar
Flint
Power Member
Power Member
Posts: 3487
Joined: 2003-10-27, 09:25 UTC
Location: Antalya, Turkey
Contact:

Re: totalcmd.net

Post by *Flint »

2ghisler(Author)
I've already been doing this for several days, but each time I remove the files and ask it to revalidate it complains at something else. Yesterday I launched another iteration, waiting for the results now.

Why, oh why did you have to remove "Don't be evil", Google!
Flint's Homepage: Full TC Russification Package, VirtualDisk, NTFS Links, NoClose Replacer, and other stuff!
 
Using TC 10.52 / Win10 x64
User avatar
Usher
Power Member
Power Member
Posts: 1675
Joined: 2011-03-11, 10:11 UTC

Re: totalcmd.net

Post by *Usher »

You have removed files, but you haven't removed download links. In many cases you can use such links to download files from archive.org.
For tests remove "a href=link" tags and change active links into text. It may be enough for Google.
Andrzej P. Wozniak
Polish subforum moderator
User avatar
Flint
Power Member
Power Member
Posts: 3487
Joined: 2003-10-27, 09:25 UTC
Location: Antalya, Turkey
Contact:

Re: totalcmd.net

Post by *Flint »

2Usher
I don't think presence of anything on archive.org affects its decision, it would be too stupid even for Google. Nobody can directly affect what appears on archive.org.

The actual fact is, now you cannot download any of those files either directly, or via download.php, because the file is physically not there. The links now load the error page instead of the file, it should be enough to mark it as non-malicious. Besides, on each validation Google did remove from the report those links which I broke by deleting the files. At least, most of them. Some of them remained, and only disappeared after one more validation request (without any changes). The main problem was, it added more "malicious" links which were not there on previous reports, so I had to iterate over and over again. And the last time, the one and only download link reported as malicious was in fact Total7zip which is absolutely, 100% clean on VirusTotal. I have no idea what the heck is going on with their detect engine…
Flint's Homepage: Full TC Russification Package, VirtualDisk, NTFS Links, NoClose Replacer, and other stuff!
 
Using TC 10.52 / Win10 x64
User avatar
Usher
Power Member
Power Member
Posts: 1675
Joined: 2011-03-11, 10:11 UTC

Re: totalcmd.net

Post by *Usher »

One thing for sure:
Total7zip contains old 7-zip version with known security holes, just google "7-zip security vulnerabilities" or "7-zip CVE". Replace old 7-zip files with the newest ones (version 18.05 now).

You can use similar keywords for other blocked software.

And now some guesses:
1. I think that Google just keeps blocked download links and will block web pages if you don't change those links. Archive.org is just a sample than allows to understand such Google actions.
2. When you force validation of some pages more than once, Google just start with validation of those pages, but after that it starts to validate all the site, I suppose.
3. Blocking more and more pages may be also some kind of "joe job"or (D)DoS attack - they may be reported as malicious by some people manually or by some bots automatically.
Andrzej P. Wozniak
Polish subforum moderator
User avatar
Flint
Power Member
Power Member
Posts: 3487
Joined: 2003-10-27, 09:25 UTC
Location: Antalya, Turkey
Contact:

Re: totalcmd.net

Post by *Flint »

Usher wrote: 2018-08-09, 19:18 UTC One thing for sure:
Total7zip contains old 7-zip version with known security holes, just google "7-zip security vulnerabilities" or "7-zip CVE". Replace old 7-zip files with the newest ones (version 18.05 now).
Having security issues is not the same as being a malicious software.
1. I think that Google just keeps blocked download links and will block web pages if you don't change those links. Archive.org is just a sample than allows to understand such Google actions.
I still don't unsderstand your reasoning. The link no longer poses a threat, why would it still be considered malicious?
Anyway, whatever the reasoning, it doesn't look like it works that way. wincmd.ru has been marked as clean already. If what you said were true it would have remained marked as tainted.
3. Blocking more and more pages may be also some kind of "joe job"or (D)DoS attack - they may be reported as malicious by some people manually or by some bots automatically.
If that's the case I probably won't be able to do anything, the attackers would just keep reporting other, completely legitimate files and pages. However, I don't think that's what's happening, because up until now all the downloads listed in the Google Console were actually detected by some antiviruses as malicious (putting aside the question of how reasonable those detects actually were), apart from Total7zip which has already been "cleared" and is no longer displayed as problematic.

I think in the end the current course will have the site removed from the malicious list, but I really, really, really don't like the way it's going. Some stupid known-by-nobody antivirus yells completely invalid claims, and 99% of your web-site gets virtually blocked, just because most users stick to Chrome or other browsers that stick to that Google detector. I'm not even sure it's wise to do what I'm doing, in the long term; it makes people think "he removed those files, so they really were malicious, precious Google saved us all!" instead of "hey, Google, what the heck, there's nothing wrong there, we'll be better off with another browser which is not so paranoid".


Added:
Minutes after I posted this, the final check on totalcmd.net was reported as success, the site is marked clean. I'm not sure how this works, might take a bit of time for the browsers to catch up, but in my Firefox it is now opened without warnings.

Still, the question what to do with the problematic files remains open. I don't want to lose useful plugins just because of false positives from some vague unknown AVs…
Flint's Homepage: Full TC Russification Package, VirtualDisk, NTFS Links, NoClose Replacer, and other stuff!
 
Using TC 10.52 / Win10 x64
User avatar
Usher
Power Member
Power Member
Posts: 1675
Joined: 2011-03-11, 10:11 UTC

Re: totalcmd.net

Post by *Usher »

Flint wrote: 2018-08-09, 22:50 UTCHaving security issues is not the same as being a malicious software.
Outdated software with security holes may be abused by malware - like Flash Player or Adobe Reader.
Flint wrote: 2018-08-09, 22:50 UTCAnyway, whatever the reasoning, it doesn't look like it works that way. wincmd.ru has been marked as clean already. If what you said were true it would have remained marked as tainted.
It was just a guess, as I clearly stated earlier. Indexing/checking is a time consuming operation, so web spiders read time stamps of web pages and may NOT reindex/recheck pages if the timestamps are unchanged. They may also keep and compare checksums - if the webpage has newer timestamp, but the same size and the same checksum, it won't be reindexed/rechecked.
Flint wrote: 2018-08-09, 22:50 UTCAdded:
Minutes after I posted this, the final check on totalcmd.net was reported as success, the site is marked clean. I'm not sure how this works, might take a bit of time for the browsers to catch up, but in my Firefox it is now opened without warnings.
Glad to read it. Now it's OK also from my Firefox. So it's probably been just another type of Google dance, depended on time needed to propagate changes to all Google servers and to download updates by web browsers.
Flint wrote: 2018-08-09, 22:50 UTCStill, the question what to do with the problematic files remains open. I don't want to lose useful plugins just because of false positives from some vague unknown AVs…
Save the copies of problematic files to Google Drive, link them on your site and wait a month. The files are small, so every download will force AV check. If Google Drive and Google don't issue any warning in this time, re-upload the files to your site (but don't delete copies from Google Drive).
You can also look at the download statistics - are those files still downloaded?
Andrzej P. Wozniak
Polish subforum moderator
User avatar
ts4242
Power Member
Power Member
Posts: 2081
Joined: 2004-02-02, 20:08 UTC
Contact:

Re: totalcmd.net

Post by *ts4242 »

Today http://www.totalcmd.net is down, I cannot access it neither via web browser nor FTP!
User avatar
tbeu
Power Member
Power Member
Posts: 1336
Joined: 2003-07-04, 07:52 UTC
Location: Germany
Contact:

Re: totalcmd.net

Post by *tbeu »

ts4242 wrote: 2019-01-07, 21:34 UTC Today http://www.totalcmd.net is down, I cannot access it neither via web browser nor FTP!
Yep, same here. :cry:
TC plugins: Autodesk 3ds Max / Inventor / Revit Preview, FileInDir, ImageMetaData (JPG Comment/EXIF/IPTC/XMP), MATLAB MAT-file Viewer, Mover, SetFolderDate, Solid Edge Preview, Zip2Zero and more
User avatar
Horst.Epp
Power Member
Power Member
Posts: 6450
Joined: 2003-02-06, 17:36 UTC
Location: Germany

Re: totalcmd.net

Post by *Horst.Epp »

:( Still down
Windows 11 Home x64 Version 23H2 (OS Build 22631.3374)
TC 11.03 x64 / x86
Everything 1.5.0.1371a (x64), Everything Toolbar 1.3.2, Listary Pro 6.3.0.69
QAP 11.6.3.2 x64
User avatar
Flint
Power Member
Power Member
Posts: 3487
Joined: 2003-10-27, 09:25 UTC
Location: Antalya, Turkey
Contact:

Re: totalcmd.net

Post by *Flint »

Probably, the owner forgot to pay for the hosting, again. :( Or maybe bank delayed the payment due to holidays. We'll have to wait; it should be back up in a couple of days.
Flint's Homepage: Full TC Russification Package, VirtualDisk, NTFS Links, NoClose Replacer, and other stuff!
 
Using TC 10.52 / Win10 x64
User avatar
ts4242
Power Member
Power Member
Posts: 2081
Joined: 2004-02-02, 20:08 UTC
Contact:

Re: totalcmd.net

Post by *ts4242 »

It is down again!
User avatar
Flint
Power Member
Power Member
Posts: 3487
Joined: 2003-10-27, 09:25 UTC
Location: Antalya, Turkey
Contact:

Re: totalcmd.net

Post by *Flint »

Missed the payment again. The owner has been reminded hours ago; waiting… :(
Flint's Homepage: Full TC Russification Package, VirtualDisk, NTFS Links, NoClose Replacer, and other stuff!
 
Using TC 10.52 / Win10 x64
User avatar
tbeu
Power Member
Power Member
Posts: 1336
Joined: 2003-07-04, 07:52 UTC
Location: Germany
Contact:

Re: totalcmd.net

Post by *tbeu »

Anything we can do to improve the reliability/availability of totalcmd.net service?
TC plugins: Autodesk 3ds Max / Inventor / Revit Preview, FileInDir, ImageMetaData (JPG Comment/EXIF/IPTC/XMP), MATLAB MAT-file Viewer, Mover, SetFolderDate, Solid Edge Preview, Zip2Zero and more
Post Reply