How safe is Sourceforge, Mediafire, Bitbucket, Github, etc.?

If it's not ZDoom, it goes here.
Casualfan
Posts: 65
Joined: Fri Jan 14, 2022 8:31 pm

How safe is Sourceforge, Mediafire, Bitbucket, Github, etc.?

Post by Casualfan »

Maybe it's just my overactive antivirus or aversion to obvious-looking download buttons, but file-hosting sites like Mediafire and Sourceforge make me nervous. They just seem sketchy, and occasionally I get popups from Mediafire so unless a mod is linked from here I generally try to avoid it. But some more popular sourceports like Quakespasm and Hammer of Thyrion are only hosted on Sourceforge, and I'm not tech-savvy enough to compile the source code from GitHub. I recently saw an article saying that Sourceforge downloads include files that can harm computers one way or another, which has made me even more nervous.

So, in y'alls experience, is there anything unsafe about file hosting sites? Well, besides directly downloading malicious code. I'm mostly talking about unintentional and unintended extra files downloaded, popups, malware, viruses, etc. The main sites I'm wondering about are Mediafire, Sourceforge, Bitbucket, and Github, but if you know any others to stay away from, please list them here.

Thanks guys!
User avatar
Graf Zahl
Lead GZDoom+Raze Developer
Lead GZDoom+Raze Developer
Posts: 48519
Joined: Sat Jul 19, 2003 10:19 am
Location: Germany

Re: How safe is Sourceforge, Mediafire, Bitbucket, Github, etc.?

Post by Graf Zahl »

Sourceforge is a cesspool. The binary packages you download from Sourceforge should be safe - unless the software itself is not. Aside from that someone really needs to tell these people to host their stuff somewhere else. I don't understand why some developers still stick to it.

Bitbucket and Github are both professional hosting sites - I wouldn't worry there. Their entire business model is for providing a nice place to host open source projects and offering the service to paying customers as well.
User avatar
KynikossDragonn
Posts: 255
Joined: Sat Dec 12, 2020 10:59 am
Preferred Pronouns: He/Him
Operating System Version (Optional): Void Linux
Graphics Processor: Intel (Modern GZDoom)
Location: Independence, KS, USA

Re: How safe is Sourceforge, Mediafire, Bitbucket, Github, etc.?

Post by KynikossDragonn »

Yeah, Sourceforge has had a lot of bad history. Well documented bad history too if you know where to look. Just look up the cases of projects being hijacked to host malware and the "DevShare" program.

Gitlab, Github, Bitbucket, etc are probably the best place to get anything but it might end up on you having to compile it from source manually sometimes, depends if someone is building Windows binaries. (or if it's setup to be automatically built)
User avatar
Pandut
Posts: 231
Joined: Tue Mar 23, 2010 4:47 pm
Graphics Processor: nVidia with Vulkan support
Location: existential dread

Re: How safe is Sourceforge, Mediafire, Bitbucket, Github, etc.?

Post by Pandut »

I'd stay far away from mediafire and sourceforge. As the others have already said, sourgeforge has a pretty nasty reputation as with mediafire. Any file-sharing site that bombards you with invasive border-line malware popups and fake download buttons should stay in a perma-blacklist. Honestly I kinda wish the zdoom forums had a "no mediafire/sourceforge links" rule because every time you download from either site you're basically playing russian roulette with your PC. Last time I used mediafire I got one of those "This is Bill Microsoft and your PC is infected pls update!!!" popups that I couldn't close without nuking my browser. The fact that it bypassed uBlock Origin with tons of custom filters is damning imo. Ad blockers are your umbrella but that doesn't mean the hose spraying shit-water into the air is suddenly safe to be around.

GitHub is generally quite reliable, I've never had a single issue in all the years I've used it.
User avatar
Kappes Buur
 
 
Posts: 4062
Joined: Thu Jul 17, 2003 12:19 am
Location: British Columbia, Canada

Re: How safe is Sourceforge, Mediafire, Bitbucket, Github, etc.?

Post by Kappes Buur »

To download a file from Mediafire I do not leftclick on the download button, which would open a page full of ads.

To avoid being bombarded with ads, simply rightclick the download button and select
Save linked content as ...
User avatar
Redneckerz
Spotlight Team
Posts: 994
Joined: Mon Nov 25, 2019 8:54 am
Graphics Processor: Intel (Modern GZDoom)

Re: How safe is Sourceforge, Mediafire, Bitbucket, Github, etc.?

Post by Redneckerz »

Pandut wrote: Thu Sep 01, 2022 1:21 am Honestly I kinda wish the zdoom forums had a "no mediafire/sourceforge links" rule because every time you download from either site you're basically playing russian roulette with your PC.
This is some angsty content. Mediafire i agree is pretty strenuous when it comes to takeovers and ads, but thats where Ghostery/Noscript comes in.

Sourceforge is far less so, but maybe that's more due to Adblock being active.
User avatar
generic name guy
Posts: 90
Joined: Wed Nov 11, 2020 3:25 pm
Graphics Processor: nVidia with Vulkan support
Location: Brazil

Re: How safe is Sourceforge, Mediafire, Bitbucket, Github, etc.?

Post by generic name guy »

I do agree that MediaFire is sketchy as hell, but Bitbucket and GitHub should be completely safe, i just wish the forums had a rule to only allow GitHub, MEGA and Google Drive download links.
User avatar
wildweasel
Moderator Team Lead
Posts: 21582
Joined: Tue Jul 15, 2003 7:33 pm
Preferred Pronouns: He/Him
Operating System Version (Optional): Win10 22H2, Win11 22H2, macOS 11.7
Graphics Processor: nVidia with Vulkan support

Re: How safe is Sourceforge, Mediafire, Bitbucket, Github, etc.?

Post by wildweasel »

generic name guy wrote: Thu Sep 01, 2022 6:53 pm I do agree that MediaFire is sketchy as hell, but Bitbucket and GitHub should be completely safe, i just wish the forums had a rule to only allow GitHub, MEGA and Google Drive download links.
Which would require anybody hosting files on, say, their own personal webspaces, or on storefronts like Steam and Itch, to go upload their file to a whitelisted site. No. I'm not going to institute a rule like that. We can certainly discourage uploads to Mediafire, but there's enough variation and special cases to worry about that forbidding all external downloads outside of a handful of specific sites is just going to be more trouble than it's worth.
User avatar
Kappes Buur
 
 
Posts: 4062
Joined: Thu Jul 17, 2003 12:19 am
Location: British Columbia, Canada

Re: How safe is Sourceforge, Mediafire, Bitbucket, Github, etc.?

Post by Kappes Buur »

I have a free account for Mediafire for a number of years now, and never had any trouble.
So far Mediafire has kept all my Doom files safe.

So I'm wondering ...
Who here has downloaded a pwad file from Mediafire which turned out to be malicious?
User avatar
wildweasel
Moderator Team Lead
Posts: 21582
Joined: Tue Jul 15, 2003 7:33 pm
Preferred Pronouns: He/Him
Operating System Version (Optional): Win10 22H2, Win11 22H2, macOS 11.7
Graphics Processor: nVidia with Vulkan support

Re: How safe is Sourceforge, Mediafire, Bitbucket, Github, etc.?

Post by wildweasel »

The problem isn't with the files themselves - it's what the download link does in addition to downloading said files that bothers me.
Casualfan
Posts: 65
Joined: Fri Jan 14, 2022 8:31 pm

Re: How safe is Sourceforge, Mediafire, Bitbucket, Github, etc.?

Post by Casualfan »

wildweasel wrote: Thu Sep 01, 2022 10:18 pm The problem isn't with the files themselves - it's what the download link does in addition to downloading said files that bothers me.
Ya. My antivirus blocked something that got downloaded with a mediafire file, which is what initially made me weary of using them in the first place. The pwads and mods I've gotten from mediafire have been safe and not scams, but the site itself has given me popups and potential malware.
User avatar
Hexereticdoom
Posts: 618
Joined: Thu Aug 08, 2013 1:30 pm
Graphics Processor: nVidia with Vulkan support
Location: Spain

Re: How safe is Sourceforge, Mediafire, Bitbucket, Github, etc.?

Post by Hexereticdoom »

With a good and updated adblock addon (like wBlock Origin) for your browser and/or getting used to right-clicking the Mediafire/SourceForge links should block most nagging or malicious elements.

And if you still have doubts with the downloaded file, uploading it to a site like VirusTotal can be really helpful and revealing... :wink:
User avatar
sinisterseed
Posts: 1349
Joined: Tue Nov 05, 2019 6:48 am
Preferred Pronouns: He/Him
Graphics Processor: nVidia with Vulkan support

Re: How safe is Sourceforge, Mediafire, Bitbucket, Github, etc.?

Post by sinisterseed »

Kappes Buur wrote: Thu Sep 01, 2022 9:56 pm I have a free account for Mediafire for a number of years now, and never had any trouble.
So far Mediafire has kept all my Doom files safe.

So I'm wondering ...
Who here has downloaded a pwad file from Mediafire which turned out to be malicious?
Not so much the files themselves as much as the website itself...

Like others said above, the main issue here is the way Mediafire is designed. Something so obnoxious and full of intrusive ads and tricky download buttons should absolutely be blacklisted forever, never to resurface again. I've not touched a MF link in ages but last I did nothing changed about the experience. Nor did it after I stopped, by the looks of it. I've been lucky as to not get infected with anything, but that shouldn't be a concern to begin with unless you're looking for sketchy content. At worst I got bombarded by popups. And it being so aggressive as to pass uBlock is worrying to say the least.

So regarding ZDF and MF links, blacklisting MF as a whole is something that would have my full support as well, along with any other similar platform. Easier said than done though, for content that creators already decided to host there...
User avatar
Kinsie
Posts: 7352
Joined: Fri Oct 22, 2004 9:22 am
Graphics Processor: nVidia with Vulkan support
Location: MAP33

Re: How safe is Sourceforge, Mediafire, Bitbucket, Github, etc.?

Post by Kinsie »

When it comes to hosting, you ultimately get what you pay for. Or what the guy who uploaded the file paid for. You get what I mean.
User avatar
generic name guy
Posts: 90
Joined: Wed Nov 11, 2020 3:25 pm
Graphics Processor: nVidia with Vulkan support
Location: Brazil

Re: How safe is Sourceforge, Mediafire, Bitbucket, Github, etc.?

Post by generic name guy »

Kappes Buur wrote: Thu Sep 01, 2022 9:56 pm I have a free account for Mediafire for a number of years now, and never had any trouble.
So far Mediafire has kept all my Doom files safe.
You should switch to MEGA, it's free and gives you like 20 gigs

Return to “Off-Topic”