ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Cocerning about ClamWin's hosting projects safety.
AppMiner


Joined: 25 Dec 2013
Posts: 8
Location: App Mine
Reply with quote
Hello, I've observing sourceforge very long I just want to say that
Beware of "sourceforge hostile takeover". Right now you're 1 of the 95% survivalist
developers that sourceforge didn't aware of your existence.
Your original account name is still there which means you still have ownership to edit/delete you projects.
But once your original account turn into "sfeditor1" than mean your project has already robbed.

You still have time to move your project safely to other project hosting sites.
Some many of dev starts to move their source code & their release at www.github.org
Some of them host at www.fosshub.com. Also microsoft has their own project site called www.codeplex.com
Some of them host directly on their site rather than any 3rd party sites.

There was recently a big fight with GIMP devs & sourceforge website.
http://www.gimp.org/
https://sourceforge.net/blog/gimp-win-project-wasnt-hijacked-just-abandoned/

From very long ago in 2013 sourceforge start to make a bundle of SF installers on some softwares.
Users start discover first software at Filezilla, Ares Galaxy that being change into sfinstaller from the original installer.
Which cause a rumor spread a real quick into "Sourceforge start to wrap installer like download.com, softonic against Developers will."
http://www.ghacks.net/2013/07/17/sourceforges-new-installer-bundles-program-downloads-with-adware/

The truth behind is... some software dev that just made a partnership with sourceforge. But the rumors when overboard than a truth.
There was a blame from users about SF Installer. FileZilla developer seems admit on purpose rather than unware from the rumors.
https://forum.filezilla-project.org/viewtopic.php?f=2&t=30240

GIMP heard this from FileZilla & start to fear so they announce about SF installer framing developer's real installer.
From GIMP announce cause many developers start to fear sourceforge & vote there feet to host somewhere else.
This cause sourceforge team very angry specially GIMP. Since they cannot clarify the truth so they start to play a real villian
by turn all those fled developer accounts into "sfeditor1" which cause to loose their ownerships to login to edit/delete their own projects.
Which the victim accounts will get framed by their original installers turn into SF installer which bundle a dangerous
potentially unwanted program harming naive End-Users get infect by these malwares.
You can check that some well-known softwares has been change into "sfeditor1" user account against their will.
Such as: GIMP, VLC, Audacity
While some of them made a partnership on purpose. Their original useraccount still remain.
Such as: FileZilla, Ares Galaxy


I'll leave this one to your considerations for whom is right:
1. GIMP & many open source developers believe that sourceforge force SF installer against their will.
If GIMP was right you should move your project ASAP & don't forget to delete from sourcforge before they rob.
2. While from my viewpoint is I think that sourceforge was getting angry with overtruth rumors spreading.
As long you don't paranoid leave sourceforge they won't harm anything. I've still seen 95% still remain original name.
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 555
Location: **UNKNOWN**
Reply with quote
Thanks for the warning. Yes sourceforge appears to be going more commercial lately, not really a open-source hoster anymore.

Fosshub looks good, but it looks like they post any free project, not just open-source.

Codeplex looks good. It is Microsoft's open-source hosting site. That one is probably the best alternative, in my opinion.
View user's profileSend private message
AppMiner


Joined: 25 Dec 2013
Posts: 8
Location: App Mine
Reply with quote
Now sourceforge website is offline too long.
I think you should prepare some extra mirrors on codeplex.
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 555
Location: **UNKNOWN**
Reply with quote
That would be up to Alch if he is willing to transfer ClamWin off Sourceforge to Codeplex. My guess is that he probably won't. No one seems to be able to contact Alch to let him know. I'll see if I can get his attention when the next ClamWin beta is released.
View user's profileSend private message
AppMiner


Joined: 25 Dec 2013
Posts: 8
Location: App Mine
Reply with quote
Very Happy Thank you, I'm looking forward behind.
BTW I've found some backup over here.

http://en.osdn.jp/projects/clamwin/
It's used to be Japanese SF site but they're different provider & more safer.
There're many English mix with Japanese open source projects here.
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 555
Location: **UNKNOWN**
Reply with quote
I have more of a concern why Alch hasn't post an updated sourcecode in a long time then I do of the site he is hosting it on.
View user's profileSend private message
Jef_uk


Joined: 01 Oct 2015
Posts: 6
Location: UK
Reply with quote
I'm inclined to agree : http://forums.clamwin.com/viewtopic.php?t=4330
My snort was tripped, I assumed this was false positive but in light of no check-sums to verify the code I'm going to assume the source forge download is compromised.

Yes it is all gone tin foil hat over here... Sad


snort is tripping on 5.10.152.194
5.10.152.194 ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile - 10/03/15-22:06:07

It's sig 1:2009080 which is a candidate for false positive so I guess I now have to put it on a honey pot and find out what is packaged with it.
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 555
Location: **UNKNOWN**
Reply with quote
For future reference, can you please your questions in a new thread and not ask it on 2 different threads. This makes it hard for us to keep up with you.
View user's profileSend private message
lewakalex


Joined: 16 Nov 2015
Posts: 1
Location: USA
Reply with quote
ROCKNROLLKID Thanks you very much, I had the same problem like author...
Regards.
View user's profileSend private message
Cocerning about ClamWin's hosting projects safety.
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic