Bubble websites being flagged by AVG

Bugs
1

Hey guys,

Woke up this morning to see that my Bubble website, Bubble.io and a number of other Bubble websites are being flagged by AVG for being infected with either URL:CardStealer or HTML:Script-inf [Susp] (see below)

image
image859×845 77.4 KB

image
image882×938 147 KB

I’ve tested this on multiple devices and browsers - can anyone else replicate this?

(Submitted to bug team who are currently investigating)

2

It looks like at least one other person can.

1 Like
3

Updates here: https://status.bubble.io/incidents/dqx17g92r240

4

Yep! Just found the same issue on my app.
For now, only the dev version, but I suspect if I push any updates it will hit the live version as well.
It seems we are back with the issue form August…

Can anyone in bubble team please take a look at this quickly?!?!?!!!

5

Bubble are aware - got this email notification …

Screenshot 2022-12-17 at 16.01.20
Screenshot 2022-12-17 at 16.01.201294×1172 68.8 KB

6

Working again!
Thank you!!!

7

I know that this has happened in the past and it looks like this time it was with the domain used to upload hosted files.

I’m curious to see what long-term solution is going to be put in place @josh would love to hear your thoughts!

Is it possible to put host files in a domain connected to the Bubble app? For example, example.bubbleapps.io or for a custom domain, the user can add a custom subdomain so the files are hosted at files.example.com? Because right now all hosted files are on the same domain and if there’s one malicious actor it affects all Bubble apps? (Correct me if I’m wrong :sweat_smile:— that’s how I’m understanding it as)

8

@johnny Yeah, so there are multiple domains that are shared between Bubble apps. After the last round of issues, we fixed some of them to make them different per-app; we fixed more of them today, and we are working on fixing the rest of them so that this class of problem can’t happen any more. Following the last incident, we should have been faster to phase out the remaining shared domains, but we thought that the ones we did fix were the ones most likely to have a problem like this so put it a little lower on our priority list than in retrospect we should have.

6 Likes
9

Thanks for taking charge!

1 Like
10

Gotcha, thanks Josh!

11

Glad to hear - thanks for sorting! :slight_smile:

12

also comes up with the issue

image
image1717×942 52.1 KB

13

@omengeorge, per the statuspage:

We believe most user apps are fully restored. If you are still seeing issues:

  • If you are on dedicated, please upgrade your box to the latest version
  • Please make a small modification to your app and deploy it to live
  • If neither of those steps resolve, please open a bug report with us at https://bubble.io/support/report
14

This topic was automatically closed after 14 days. New replies are no longer allowed.