Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Thu 18 Dec 2014, 13:34
All times are UTC - 4
 Forum index » Off-Topic Area » Security
mysterious files appeared... computer "seemed" to run slow
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [9 Posts]  
Author Message
mcewanw

Joined: 16 Aug 2007
Posts: 2350
Location: New Zealand

PostPosted: Wed 30 Dec 2009, 03:29    Post subject:  mysterious files appeared... computer "seemed" to run slow  

mysterious files appeared... computer "seemed" to run slow

On Puppy 4.3.1, had been browsing with Seamonkey 1.1.18

May be nothing, but I discovered the following strange folder in /tmp

/tmp/plugtmp

which contained two files:

1. plugin-crossdomain

and

2. plugin-policy

File 1 contained:

Code:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
  SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
  <allow-access-from domain="*.amazon.com" />
  <allow-access-from domain="amazon.com" />
  <allow-access-from domain="www.amazon.com" />
  <allow-access-from domain="pre-prod.amazon.com" />
  <allow-access-from domain="devo.amazon.com" />
  <allow-access-from domain="anon.amazon.speedera.net" />
  <allow-access-from domain="*.images-amazon.com" />
  <allow-access-from domain="*.ssl-images-amazon.com" />

  <allow-access-from domain="*.amazon.ca" />
  <allow-access-from domain="*.amazon.de" />
  <allow-access-from domain="*.amazon.fr" />
  <allow-access-from domain="*.amazon.jp" />
  <allow-access-from domain="*.amazon.co.jp" />
  <allow-access-from domain="*.amazon.uk" />
  <allow-access-from domain="*.amazon.co.uk" />
</cross-domain-policy>


and File 2:
Code:

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy>
  <allow-access-from domain="*" to-ports="*" />
</cross-domain-policy>


I don't like the look of the: access-from "*" and to-ports="*"...

Perhaps it is nothing, but if it is... If only I weren't so tired I'd set about catching the bastards and seeing if I could throw back some of their own medicine. But please tell me these are well known file, and nothing of concern! :-)

I erased the folder (rebooted actually) and all seems fine, though I will spend ten minutes or so soon re-placing the existing pupsave file with my original backup. Not much time lost, but always a waste when trying to develop apps.

_________________
Non enim propter gloriam, diuicias aut honores pugnamus set propter libertatem solummodo quam Nemo bonus nisi simul cum vita amittit.
Back to top
View user's profile Send private message Visit poster's website 
WhoDo


Joined: 11 Jul 2006
Posts: 4441
Location: Lake Macquarie NSW Australia

PostPosted: Wed 30 Dec 2009, 04:44    Post subject: Re: mysterious files appeared... computer "seemed" to run slow  

mcewanw wrote:
I don't like the look of the: access-from "*" and to-ports="*"...

Perhaps it is nothing, but if it is... If only I weren't so tired I'd set about catching the bastards and seeing if I could throw back some of their own medicine. But please tell me these are well known file, and nothing of concern! Smile

Part of a global DDoS attack on Amazon. For more information see the following story:
Amazon hit with DDoS attack

_________________
Actions speak louder than words ... and they usually work when words don't!
SIP:whodo@proxy01.sipphone.com; whodo@realsip.com
Back to top
View user's profile Send private message 
mcewanw

Joined: 16 Aug 2007
Posts: 2350
Location: New Zealand

PostPosted: Wed 30 Dec 2009, 05:55    Post subject:  

Well..., I doubt that my slow dialup account connection provided them with much ammunition...
_________________
Non enim propter gloriam, diuicias aut honores pugnamus set propter libertatem solummodo quam Nemo bonus nisi simul cum vita amittit.
Back to top
View user's profile Send private message Visit poster's website 
amigo

Joined: 02 Apr 2007
Posts: 2288

PostPosted: Wed 30 Dec 2009, 07:09    Post subject:  

Nice example of how running as root and being online comprises real security risks. Just because you can reboot and not have those things carried over into the reboot, doesn't mean that you aren't contributing to some spambots' shenannigins while up and running.... Usually overlooked in the discussions on security here.
Back to top
View user's profile Send private message 
WhoDo


Joined: 11 Jul 2006
Posts: 4441
Location: Lake Macquarie NSW Australia

PostPosted: Wed 30 Dec 2009, 19:13    Post subject:  

amigo wrote:
Nice example of how running as root and being online comprises real security risks.

The question for me is whether or not mcewanw had his firewall enabled. It's a small but important step that can prevent such things from happening without compromising speed for a dialup connection. Just a thought.

_________________
Actions speak louder than words ... and they usually work when words don't!
SIP:whodo@proxy01.sipphone.com; whodo@realsip.com
Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 9013

PostPosted: Wed 30 Dec 2009, 20:52    Post subject:  

Quote:
1. plugin-crossdomain

and

2. plugin-policy

these are both normal files from flashplayer usage...they allow flashplayer to use data from a site different to the one it is hosted on and they reside in the root of the webserver. I use them for a chatroom myself

So they are harmless.....

mike
Back to top
View user's profile Send private message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15122
Location: Paradox Realm

PostPosted: Wed 30 Dec 2009, 22:05    Post subject:  

Could we have been saved from these harmless files by:

This message will self destruct (or be forgotten) in two years

[cue Mission Impossible Music]

. . . meanwhile Stay safe - Happy New World Order - oops
I mean Happy New Year Wink

Cool

_________________
Puppy WIKI
Back to top
View user's profile Send private message Visit poster's website 
mcewanw

Joined: 16 Aug 2007
Posts: 2350
Location: New Zealand

PostPosted: Fri 01 Jan 2010, 18:00    Post subject: Solved? (this time round anyway).  

mcewanw wrote:
But please tell me these are well known file, and nothing of concern! :-)


mikeb wrote:
these are both normal files from flashplayer usage...
. . .
So they are harmless.....

mike


Thank you Mike. :-)

Of course, had they been other than that, they could and would have been a good example of the dangers to overall system security of running as root whilst online, so your point amigo is well-taken regardless of the outcome here. And firewall settings can help, at least to some extent, against that danger, though not eradicate it.

Indeed, though my worries regarding these two files have been eradicated, it remains a concern to me that my system did indeed become insanely sluggish, and though it may very well be a complete coincidence, that sluggishness did appear to coincide with the timing of the amazon DoS attack described. The way computers are, however, I do put that down to likely coincidence...

_________________
Non enim propter gloriam, diuicias aut honores pugnamus set propter libertatem solummodo quam Nemo bonus nisi simul cum vita amittit.
Back to top
View user's profile Send private message Visit poster's website 
mikeb


Joined: 23 Nov 2006
Posts: 9013

PostPosted: Fri 01 Jan 2010, 18:53    Post subject:  

Well perhaps the sluggishness simply came from heavy flash activity..I find flashbock a godsend....some pages have invisible flash running for whatever purposes...you see them with flash block installed . Some pages go from 100%cpu to ticking over just with the flash disabled.
Not so much a security issue , more an annoyance.
mike
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [9 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0687s ][ Queries: 12 (0.0034s) ][ GZIP on ]