Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 21 Oct 2014, 05:24
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Was I hacked?
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [12 Posts]  
Author Message
Sylvander

Joined: 15 Dec 2008
Posts: 3455
Location: West Lothian, Scotland, UK

PostPosted: Wed 26 Jun 2013, 15:40    Post subject:  Was I hacked?
Subject description: Malicious email?
 

1. I use "SaveMyModem" [smm] to check all my incoming emails whilst they are still on the Blueyonder POP3 server.

2. Saw an email that pretended to be [or WAS?] from "Love Film" with whom I have an account.
It looked legitimate, so I downloaded it using Thunderbird.
Thunderbird blocks links to stuff out on the web.
Cant remember if I allowed those links.

3. The email was saying that I needed to change my login details for Love Film, so as to use my Amazon login details.
I was suspicous of this and decided to do nothing, but didn't delete the email.

4. Next Time I booted the Puppy [Precise-5.6.1 frugal install on a partition on an internal HDD] and ran Thunderbird [its files are held at /mnt/home and can be used by all copies of TB on various Puppies], it fetched an email [using my existing/unchanged username & password], and reported that the server was unable to use the provided username & password [obviously false, since smm and Thunderbird were both successfully accessing the POP3 server and downloading stuff].
I deleted the LoveFilm email!

5. I booted my Slacko [frugal install] held on a Flash Drive and ran Thunderbird.
This TB doesn't use the TB files held at /mnt/home, but instead uses its own files held within the pupsave file.
It reported no problem accessing the POP3 server, even though using the same username & password as all other Thunderbird copies.
I deduced that either the TB program files had been messed with, or else the email files [default & profiles].

6. I used Slacko to delete the precisesave file and replace it with a HotBackup copy made about 2wks ago.
Having booted back into Precise, and ran Thunderbird, there was no longer any report of a problem.
A good email fetched OK, both in smm and Thunderbird.

Does anyone understand what happened? Confused
Back to top
View user's profile Send private message 
Jasper


Joined: 25 Apr 2010
Posts: 1144
Location: England

PostPosted: Wed 26 Jun 2013, 18:16    Post subject:  

google
phishing love film
Back to top
View user's profile Send private message 
Sylvander

Joined: 15 Dec 2008
Posts: 3455
Location: West Lothian, Scotland, UK

PostPosted: Wed 26 Jun 2013, 21:30    Post subject:  

Jasper wrote:
google
phishing love film

Done.
If I ever again get such an email, I hope to remember this, go again to the webpage found, and apply the advice given by LoveFilm.
At least I didn't get badly bitten this time around. Very Happy
Back to top
View user's profile Send private message 
Jasper


Joined: 25 Apr 2010
Posts: 1144
Location: England

PostPosted: Thu 27 Jun 2013, 13:07    Post subject:
Subject description: phishing
 

If some phishing protection is desired:

(1) google the demo site - internetbadguys

(2) google - sc0ttman internet security helper
(that's scZero)

(3) download and install the pet from the 1st post (or read the entire thread if more than phishing protection is sought).

(4) Click Setup DNS, use the arrow and choose OpenDNS - then OK out.

(5) now repeat item (1) and the site should now be blocked (as per screen shot).
image.png
Description 
png

 Download 
Filename  image.png 
Filesize  110.52 KB 
Downloaded  267 Time(s) 
Back to top
View user's profile Send private message 
Sylvander

Joined: 15 Dec 2008
Posts: 3455
Location: West Lothian, Scotland, UK

PostPosted: Thu 27 Jun 2013, 15:02    Post subject:  

1. All above steps completed successfully, and the site was blocked. Very Happy

2. I installed:
[Linked at THIS thread]
netsecurity_all-0.1-i486.pet [all buttons available]
NOT
netsecurity-0.1-noarch.pet [only 2 were not grayed]

3. How does this prevent me being subject to phishing scams?
Back to top
View user's profile Send private message 
Jasper


Joined: 25 Apr 2010
Posts: 1144
Location: England

PostPosted: Thu 27 Jun 2013, 15:33    Post subject:  

PM Nooby - doubtless he could make one of his wild guesses along the lines of - those that can not get near the fire cannot have a finger burnt nor have their life destroyed by financial fraud.

It's "some" protection from our human frailty, but not total protection all the time.
Back to top
View user's profile Send private message 
Sylvander

Joined: 15 Dec 2008
Posts: 3455
Location: West Lothian, Scotland, UK

PostPosted: Thu 27 Jun 2013, 17:51    Post subject:  

After reboot, nothing I tried could connect to the internet...

So I deleted the precisesave file and replaced it with my most recent backup copy.
So I can now once again connect to the web.
Back to top
View user's profile Send private message 
RetroTechGuy


Joined: 15 Dec 2009
Posts: 2668
Location: USA

PostPosted: Thu 27 Jun 2013, 19:18    Post subject:  

Sylvander wrote:
After reboot, nothing I tried could connect to the internet...

So I deleted the precisesave file and replaced it with my most recent backup copy.
So I can now once again connect to the web.


I'm still a little puzzled (and concerned)...

It would seem that merely downloading this email was sufficient to break Thunderbird, and/or the internet connection...

That reminds me, it's probably time to make another copy of my save file...

_________________
Add swapfile
Back to top
View user's profile Send private message 
Jasper


Joined: 25 Apr 2010
Posts: 1144
Location: England

PostPosted: Thu 27 Jun 2013, 20:50    Post subject:  

Hi Sylvander,

sc0ttman wrote about the pet you installed:
"...... but here's one that might not work in your pup! "
which is why I wrote:
"...... (or read the entire thread if more than phishing protection is sought)."

Please, for the sake of others, try the smaller pet that you linked to and just try the OpenDNS option again - and please report in sc0ttman's thread if your problem is repeated.
Back to top
View user's profile Send private message 
Sylvander

Joined: 15 Dec 2008
Posts: 3455
Location: West Lothian, Scotland, UK

PostPosted: Fri 28 Jun 2013, 00:50    Post subject:  

1. Used smm to look at emails on the POP3 server.
All was well, only one email = notification of your post above.
So...

2. Used Thunderbird to fetch the email.

3. The "Alert" has returned, which says:
"Sending of username did not succeed. Mail server pop3.blueyonder.co.uk responded: Protocol error."
When I close the Alert, the following window tries to get me to specify [reset to] another password.
Didn't do that.
Emails are being fetched OK.

4. Last night...
For the 1st time ever...
When working within Slacko-5.3.3.1 frugal install running from a Flash Drive [I try to keep this strictly for banking]...
This is capable of not saving session changes...
When I copied and pasted the usual webpage address for my banking website account login page...
From within my encrypted "Acerose Password Vault"...
I got "page not found". Sad Confused
Phoned my bank's help desk...
She told me the address for the bank's home webpage...
Then to click the login button to be taken to the login page.
The address was [slightly] different to the address saved inside my "Acerose Password Vault", that I've use successfully for years, [to prevent me being sent to a false/spoofed webpage].
She wouldn't [couldn't] either confirm or deny that the new login page address was correct.
Or whether the change of address was/is legitimate.
I had little alternative but to login there.
Did so, and all looked/seemed OK.
I'm worried that something malicious may be happening! Sad

5. I'll intall "netsecurity-0.1-noarch.pet" once again, but I think SetupDNS will be one of the grayed buttons.
All's well, it is there.
I've once again enabled OpenDNS, and internetbadguys.com is being blocked.
Should this block the "Alert" mentioned in 3 above?
Or else, what to do about it?
Is it genuine or malicious?
I'll click "Save..." on the desktop to manually save the changes [installed program].

6. I need a good screen capture utility [to show you the "Alert"] that can capture a chosen region of screen.
I've used one in the past that I liked, but cannot remember it's name.
Not keen on those I have now = Pupsnap, Screeny, mtPaint.

--------------------------------------------------------------------------------------------------------

7. Having rebooted...
Used smm to check for new emails, and there were none.
Ran Thunderbird.
All seemed OK...
No emails fetched...
No "Alert" displayed; does that have any significance?
Able to connect OK to the internet using the usual programs [smm, Nightly].
Back to top
View user's profile Send private message 
Jasper


Joined: 25 Apr 2010
Posts: 1144
Location: England

PostPosted: Fri 28 Jun 2013, 04:59    Post subject:  

Sylvander,

Please let us know if you get any new email or banking peculiarities.

Hopefully others can analyse your experience and proffer advice.
Back to top
View user's profile Send private message 
Sylvander

Joined: 15 Dec 2008
Posts: 3455
Location: West Lothian, Scotland, UK

PostPosted: Sun 30 Jun 2013, 02:58    Post subject:  

I notice there is only an "Alert" when I fetch emails during the session that follows a reboot from a session during which a "session save" was completed.
If no save...then no alert.
Normally I never save, so there is normally no alert.

Last time I tried a fetch and got the "Alert", the mails didn't fetch.
But they did then fetch when I did it manually using the menu entry.

I think the malicious email must have made change[s] to the Thunderbird files [default and profiles] held in /mnt/home [sda5].

The only copy I have of those files were when I made a backup [using Xfe] of the sda5 folder/file partition contents [to backup the emails+] way back in January.
I'd like to avoid losing recent emails.
Might it be possible to copy the up-to-date emails over to a restored copy of the old backup?

I can make unmetered calls 24/7 to any landline phone in the UK, so...
If you were happy for us to speak by landline phone, and gave my your number by PM....
I could call you.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [12 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0750s ][ Queries: 13 (0.0053s) ][ GZIP on ]