Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 26 Nov 2014, 08:55
All times are UTC - 4
 Forum index » Off-Topic Area » Security
mysterious files appeared... computer "seemed" to run slow
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 1 of 1 Posts_count  
Author Message
mcewanw

Joined: 16 Aug 2007
Posts: 2349
Location: New Zealand

PostPosted: Wed 30 Dec 2009, 03:29    Post_subject:  mysterious files appeared... computer "seemed" to run slow  

mysterious files appeared... computer "seemed" to run slow

On Puppy 4.3.1, had been browsing with Seamonkey 1.1.18

May be nothing, but I discovered the following strange folder in /tmp

/tmp/plugtmp

which contained two files:

1. plugin-crossdomain

and

2. plugin-policy

File 1 contained:

Code:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
  SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
  <allow-access-from domain="*.amazon.com" />
  <allow-access-from domain="amazon.com" />
  <allow-access-from domain="www.amazon.com" />
  <allow-access-from domain="pre-prod.amazon.com" />
  <allow-access-from domain="devo.amazon.com" />
  <allow-access-from domain="anon.amazon.speedera.net" />
  <allow-access-from domain="*.images-amazon.com" />
  <allow-access-from domain="*.ssl-images-amazon.com" />

  <allow-access-from domain="*.amazon.ca" />
  <allow-access-from domain="*.amazon.de" />
  <allow-access-from domain="*.amazon.fr" />
  <allow-access-from domain="*.amazon.jp" />
  <allow-access-from domain="*.amazon.co.jp" />
  <allow-access-from domain="*.amazon.uk" />
  <allow-access-from domain="*.amazon.co.uk" />
</cross-domain-policy>


and File 2:
Code:

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy>
  <allow-access-from domain="*" to-ports="*" />
</cross-domain-policy>


I don't like the look of the: access-from "*" and to-ports="*"...

Perhaps it is nothing, but if it is... If only I weren't so tired I'd set about catching the bastards and seeing if I could throw back some of their own medicine. But please tell me these are well known file, and nothing of concern! :-)

I erased the folder (rebooted actually) and all seems fine, though I will spend ten minutes or so soon re-placing the existing pupsave file with my original backup. Not much time lost, but always a waste when trying to develop apps.

_________________
Non enim propter gloriam, diuicias aut honores pugnamus set propter libertatem solummodo quam Nemo bonus nisi simul cum vita amittit.
Back to top
View user's profile Send_private_message Visit_website 
WhoDo


Joined: 11 Jul 2006
Posts: 4441
Location: Lake Macquarie NSW Australia

PostPosted: Wed 30 Dec 2009, 04:44    Post_subject: Re: mysterious files appeared... computer "seemed" to run slow  

mcewanw wrote:
I don't like the look of the: access-from "*" and to-ports="*"...

Perhaps it is nothing, but if it is... If only I weren't so tired I'd set about catching the bastards and seeing if I could throw back some of their own medicine. But please tell me these are well known file, and nothing of concern! Smile

Part of a global DDoS attack on Amazon. For more information see the following story:
Amazon hit with DDoS attack

_________________
Actions speak louder than words ... and they usually work when words don't!
SIP:whodo@proxy01.sipphone.com; whodo@realsip.com
Back to top
View user's profile Send_private_message 
mcewanw

Joined: 16 Aug 2007
Posts: 2349
Location: New Zealand

PostPosted: Wed 30 Dec 2009, 05:55    Post_subject:  

Well..., I doubt that my slow dialup account connection provided them with much ammunition...
_________________
Non enim propter gloriam, diuicias aut honores pugnamus set propter libertatem solummodo quam Nemo bonus nisi simul cum vita amittit.
Back to top
View user's profile Send_private_message Visit_website 
amigo

Joined: 02 Apr 2007
Posts: 2278

PostPosted: Wed 30 Dec 2009, 07:09    Post_subject:  

Nice example of how running as root and being online comprises real security risks. Just because you can reboot and not have those things carried over into the reboot, doesn't mean that you aren't contributing to some spambots' shenannigins while up and running.... Usually overlooked in the discussions on security here.
Back to top
View user's profile Send_private_message 
WhoDo


Joined: 11 Jul 2006
Posts: 4441
Location: Lake Macquarie NSW Australia

PostPosted: Wed 30 Dec 2009, 19:13    Post_subject:  

amigo wrote:
Nice example of how running as root and being online comprises real security risks.

The question for me is whether or not mcewanw had his firewall enabled. It's a small but important step that can prevent such things from happening without compromising speed for a dialup connection. Just a thought.

_________________
Actions speak louder than words ... and they usually work when words don't!
SIP:whodo@proxy01.sipphone.com; whodo@realsip.com
Back to top
View user's profile Send_private_message 
mikeb


Joined: 23 Nov 2006
Posts: 8693

PostPosted: Wed 30 Dec 2009, 20:52    Post_subject:  

Quote:
1. plugin-crossdomain

and

2. plugin-policy

these are both normal files from flashplayer usage...they allow flashplayer to use data from a site different to the one it is hosted on and they reside in the root of the webserver. I use them for a chatroom myself

So they are harmless.....

mike
Back to top
View user's profile Send_private_message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Wed 30 Dec 2009, 22:05    Post_subject:  

Could we have been saved from these harmless files by:

This message will self destruct (or be forgotten) in two years

[cue Mission Impossible Music]

. . . meanwhile Stay safe - Happy New World Order - oops
I mean Happy New Year Wink

Cool

_________________
Puppy WIKI
Back to top
View user's profile Send_private_message Visit_website 
mcewanw

Joined: 16 Aug 2007
Posts: 2349
Location: New Zealand

PostPosted: Fri 01 Jan 2010, 18:00    Post_subject: Solved? (this time round anyway).  

mcewanw wrote:
But please tell me these are well known file, and nothing of concern! :-)


mikeb wrote:
these are both normal files from flashplayer usage...
. . .
So they are harmless.....

mike


Thank you Mike. :-)

Of course, had they been other than that, they could and would have been a good example of the dangers to overall system security of running as root whilst online, so your point amigo is well-taken regardless of the outcome here. And firewall settings can help, at least to some extent, against that danger, though not eradicate it.

Indeed, though my worries regarding these two files have been eradicated, it remains a concern to me that my system did indeed become insanely sluggish, and though it may very well be a complete coincidence, that sluggishness did appear to coincide with the timing of the amazon DoS attack described. The way computers are, however, I do put that down to likely coincidence...

_________________
Non enim propter gloriam, diuicias aut honores pugnamus set propter libertatem solummodo quam Nemo bonus nisi simul cum vita amittit.
Back to top
View user's profile Send_private_message Visit_website 
mikeb


Joined: 23 Nov 2006
Posts: 8693

PostPosted: Fri 01 Jan 2010, 18:53    Post_subject:  

Well perhaps the sluggishness simply came from heavy flash activity..I find flashbock a godsend....some pages have invisible flash running for whatever purposes...you see them with flash block installed . Some pages go from 100%cpu to ticking over just with the flash disabled.
Not so much a security issue , more an annoyance.
mike
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 1 of 1 Posts_count  
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0696s ][ Queries: 12 (0.0039s) ][ GZIP on ]