Just a short post to warn Delphi community members that when I tried to visit long standing community code site Delphi3000.com I received a warning from Google Chrome that the site apparently contains a significant load of Malware:
The Dialog Chrome gives me when I visit Delphi3000.com
The more advanced description of what Google claims to have found can be viewed on their Advisory page but the short version is that it seems that the site could’ve been hacked 3 days ago (when Google first detected it) and a whole host of nasties implanted. Here’s what they say they found:
Malicious software includes 12 scripting exploit(s), 1 exploit(s). Successful infection resulted in an average of 5 new process(es) on the target machine.
Malicious software is hosted on 20 domain(s), including [redacted], [redacted] and [redacted].
Hopefully the guys at Delphi3000.com will notice this soon and will clear up their server (if anyone knows the maintainers then please let them know). In the meantime I would advise that anyone browsing avoid this particular site until it’s cleared, especially if you’re using earlier versions of Internet Explorer which might be more susceptible to exploitation.
On a separate note: I’ve been pretty busy of late and will be a guest on the next episode of the Podcast at Delphi.org with Jim, marc hoffman and Steve Kamradt which is due to appear on the site in the next 24 hours talking about a new project. I don’t think I said very much, mostly because we discovered my microphone has an uncanny habit of picking up background noise! oops. None-the-less, it was great fun to be on the podcast finally and I enjoyed taking part and contributing. I’ll be posting in greater detail about the subject of the podcast when it becomes available.
I am a Delphi Developer, .NET and Web Developer and General Geek. I am an enthusiastic advocate of hobbyist development and in particular tools which allow for hobbyist development. Please have a good look around and enjoy anything that you find useful on this site. 
That site has not really had been updated for years. Why anyone would want to visit it is beyond me. I also like the counter on how many people are currently connected. It’s always between 490 to 500.
@Brett Graffin: True; That it hasn’t really been updated for years may have contributed to it’s hacking (if it was indeed hacked). I can’t say I visit it regularly but I was Googling for something and it lead me to an article on there so I guess many will end up there for that reason.
I visited Delphi 3000 and I don’t think it is compromised. Some of the code samples on there might be considered malicious, but I don’t think there is any risk of them being executed within your browser unless Chrome can execute Delphi / Object Pascal code now too!
Although I was looking closer at the analysis and it may be safer to just avoid it after all. I guess someone could have uploaded an exploit. I didn’t think about the fact that users may still be uploading code. . . . . Bummer.
But was said, it hasn’t been updated in a long time anyway.
BTW, thanks for being on the podcast!
Sorry about my grammar in the first post. I had changed thoughts in the middle of the sentence, and did not go back to proof it. Yes, the site has been in a suspended state for years. Postings have been the same for a long time. I used to be a pretty regular visitor to the site. There are article postings that are defined as “current” and have been there for a “L O N G” time. Finding good Delphi sites is a hobby. Unfortunately, they are rare and few. That’s why I am alway critical of Torry’s when he goes down. I don’t want them to turn in a 3000.
Equiped with ADBlack and ScriptBlock for Firefox, i juste went to Delphi 3000 to read and download MathParser code.
No advice from AdBlock; a general advice from scriptblock telling that the site is suspicious. Delphi source code at Delphi 3000 is clean. May be few of the ads seen on the pages are malware prone? Don’t accept any cookies from the site.
@Jim: I didn’t mean to give the impression that the Delphi code samples might have been hacked (although I hadn’t looked at any of them). It’s more likely that there is alteration to the html code on some pages (Google says 4 out of 435) to include some Javascript or an invisible iFrame that tries various browser exploits. I’m fairly certain it’s this kind of exploit that Google is highlighting in it’s report.
It could just be one of their advertiser’s Javascript files that has fallen into the spyware/malware category on Google. It may not even be that serious an exploit but if Chrome and Firefox are warning me against it on security reasons then that’s still a serious problem for them.
@Brett Griffin: That’s ok – I’ll forgive your grammar in your first post if you’ll any I may make!
It’s very sad indeed when we see great community resources sliding into inactivity and irrelevance, particularly those with the volume of content that D3K had on it. However, as one site exits, it leaves room for another in it’s place.
@richard populin: Did FireFox give you a red and warn you that it was a suspicious site too? Mine gave me the following notice, similar to the one shown by Chrome and linking to the same report:
http://jamie.op-i.net/blog/wp-content/uploads/2009/03/windowclipping-5.png
As you said, maybe one of the adverts has become classified as using Javascript too similar to malware/spyware. I’m sure you would be fine visiting the site and certainly using the code samples (unless you truly don’t read what you compile!
) but there is something not quite right some of their pages and the browser warning will put many people off.
Chrome, Firefox say exactly as this article told. IE 8 64 bit, Opera, Safari just open the page.
I use NoScript in FireFox.
Years ago, viruses spread through diskettes.
When this JavaScript lark started, I couldn’t believe people would be naive enough to install something that can run unknown code on their PC.
Well, whaddaya know.
@Hok: Thanks for confirming, I thought I might be going mad if I was the only one that was seeing this problem.
@Ken Knopfli: True, it sounds ridiculously foolish when put like that. From a web developer point of view I find Javascript extremely useful for providing smoother interfaces and executing visual effects. Without some ability to execute something on the client side you couldn’t have Rich Interface Apps (whether they be in Flash, Javascript or Silverlight) and that would be a step backwards. Sometimes this concept is definitely a step too far (think of ActiveX) but properly controlled it’s essential for the web.
What would help is if the browser makers sand-boxed executing javascript properly…