LiChess.com squatters

It looks like there are squatters on LiChess.com that are redirecting users to fake virus reports and trying to trick them into downloading trojans. Anything we can do about that?

There are some options available. But as far as we know the costs are too high and the chance of success too low.

Ok. I reported it here: safebrowsing.google.com/safebrowsing/report_badware/

Maybe there are a few other places we can report it as well so that fewer users will blindly stumble on the fake site.

were you asked to click a link?

also, virustotal.com to scan links and downloads

It's random. It looks like lichess.com is a short lived DNS entry that points to IPs hosted by various hosting providers. Each site seems to be configured to redirect to http://survey-winner.com if you visit it by IP (e.g. 37.48.65.143 or 81.171.22.7).
If you visit it by DNS name, it redirects to a random JS page (e.g. http://lichess.com/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqcyI6MX0.fADWc9hUOlh58R9UzufQBROmie3I7c7vE835oE6YmU4&uuid=6ffd845a-225c-11e8-9099-00969300407b),

... which redirects you at random to another URL like: http://ww1.lichess.com/?subid1=d3d5ffb6-225c-11e8-9904-009694000a3c
which redirects to random fake antivirus (banner saying you have a virus and you should download their product) or random surveys, or "content winner" announcements.

Ah, gotcha. Most importantly, add "NoScript" plugin to your browser.

You should be fine with just that, but I'll include a few more if you're one of those "serious" people like me.

Additional plugins:

Modify Headers
addons.mozilla.org/en-US/firefox/addon/modify-headers/

RequestPolicy
addons.mozilla.org/en-us/firefox/addon/requestpolicy/

Certificate Patrol
addons.mozilla.org/en-us/firefox/addon/certificate-patrol/

Mafiaa redirector
addons.mozilla.org/en-US/firefox/addon/mafiaafire-redirector/

User Agent switcher
addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/

A jumpstart to a more private and safer means of web browsing.

If you're a privacy nut and want to refrain from using Tor you can tweak your browser with these custom settings:

Type in Firefox/Iceweasel/etc web address bar:
about:config

Change settings to these:
browser.safebrowsing.enabled= false
browser.privatebrowsing.autostart=true
browser.safebrowsing.malware.enabled=false
datareporting.healthreport.uploadEnabled=false
dom.event.clipboardevents.enabled=false
dom.storage.enabled=false
geo.wifi.uri=127.0.0.1
network.cookie.cookieBehavior=1
network.cookie.lifetimePolicy=2
network.dns.disablePrefetch=false
network.http.sendSecureXSiteReferrer=false
network.prefetch-next=false
privacy.donottrackheader.enabled=true
privacy.donottrackheader.value=1
toolkit.telemetry.enabled=false
media.peerconnection.enabled=false
network.proxy.socks_remote_dns = true
browser.search.suggest.enabled = false
layout.css.visited_links_enabled = false
network.http.sendRefererHeader = 0
geo.enabled = false
browser.display.use_document_fonts = 0
agent = change to w/e you want it to appear as
You'll be better off with these settings ^

I've been using these settings for many years now, I've encountered No problems.

You must be using an old version of Firefox. browser.safebrowsing.enabled has been split into sub keys now:

browser.safebrowsing.downloads.enabled
browser.safebrowsing.blockedURIs.enabled
browser.safebrowsing.remote.enabled
browser.safebrowsing.malware.enabled
browser.safebrowsing.passwords.enabled
browser.safebrowsing.phishing.enabled

... and enabled should be "true" if you want the protection turned on.

lichess.com gives 'not found' in Chrome. Dont know if it is Google or uBlock.

Just like terms and agreements that noone takes time to read through, gotta know exactly what you're agreeing to when you select true.

All were carefully placed with reason.

Perhaps we should just inform users about the dangerous links, make sure that they are informed about the dangers of clicking on them.