• Skip to primary navigation
  • Skip to main content

Free Speech Defense

Securing the Right to Online Free Speech

  • About
  • Security
  • Services
    • Web Design
    • Support
  • Blog
  • Contact

False security warning on a PNG file at FaceBook

January 16, 2016 by FSD 2 Comments

This morning I had an email warning from from facebook due to an autopost failure from a WordPress blog:

Array ( [0] => Array ( [date] => 2016-01-16 12:18:48 [act] => Error [msg] => -=ERROR=- Array ( [Warning] => [Error] => Your message couldn’t be sent because it includes content that other people on Facebook have reported as abusive. ) [extInfo] => | PostID: xxxx – Iran: “American sailors started crying after arrest” |im [type] => E [nt] => Facebook – BlogName ) )

Very odd as this blogger is very cautious on the content of posts, as they are often targeted for mass reporting, to leverage FaceBook’s automated blocking/banning feature, where they act on the reports if there are enough of them without manually checking if their valid. But this post really was benign, so I went to share the post manually, and I was surprised to see this warning.

 

FB-share-post-warningYou can’t post this because it has a blocked link

The content you’re trying to share includes a link that our security systems detected to be unsafe:

http://jihadwatch.org/wp-content/uploads/2016/01/us-sailors-held-by-iran.png

Please remove this link to continue. If you think you’re seeing this by mistake, please let us know.

Unsafe? how? well it’s true that a PNG can carry malware, incredibly rare but doable,  of course if this is the case this concerned me doubly, how did the anti-virus software on the bloggers machine not pick it up as any AV software should, and secondly, how could the firewall have missed it, as even from a whitelisted IP, it should never allow that.

So I looked at the raw code in the PNG, malware sticks out like a sore thumb, tagged onto the end of the file, being pretty much the only clear text when you open in a text editor. Nothing there, so possible that some unusual combinations of characters in the PNG code match some part of a known virii signature, so I scanned here which checks 66 AV databases. 

BBB-MacD1So whats going on, for sure the files is clean, and there is no reason for a “false positive”, I see them a lot where security is so tight, stuff gets blocked that shouldn’t be.

So I made a report to FaceBook, and luckily within a couple of hours the block was lifted. 

Posting this now incase we start to see more of this, while this may not be an attempt at censorship, this can’t be due to mass reporting, as there is just no option to report an image as having malware on facebook, many other options, but not that, the simple reason being, it would be so simple for them to scan the image on upload, which I have confirmed they do.

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)

Filed Under: censorship, Virus

Reader Interactions

Comments

  1. Ray McKee says

    July 2, 2016 at 8:56 pm

    I have been trying to log in to your site for 2 days and as soon as I click on the login button it opens a blank page and nothing happens. I left it on that page for at lest 20 min. Please let me know if the log in is working. If it is working, others my not like what I have to say and they are blocking me. My email is
    I do get to your web site with no problem.
    Thanks

    Reply
    • FSD says

      July 2, 2016 at 10:50 pm

      We’re not blocking you,

      Try clearing your cache and checking you have javascript enabled, more details here

      https://freespeechdefense.net/2015/05/browser-issues-with-javascript-ddos-protection/

      Please let me know how you get on?

      Reply

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Copyright © 2023 · Genesis Sample on Genesis Framework · WordPress · Log in