Have you detected any unusual activity lately?

For discussions about security.
Post Reply
Message
Author
Antipodal
Posts: 253
Joined: Thu 26 Mar 2009, 16:52
Location: The other side of the world

Have you detected any unusual activity lately?

#1 Post by Antipodal »

I have

I'm currently a bit tense but I will probably give some more information about this question in my next post or in my next edition once I have checked some details.

Thank you

tlchost
Posts: 2057
Joined: Sun 05 Aug 2007, 23:26
Location: Baltimore, Maryland USA
Contact:

Re: Have you detected any unusual activity lately?

#2 Post by tlchost »

Antipodal wrote:I have

I'm currently a bit tense but I will probably give some more information about this question in my next post or in my next edition once I have checked some details.

Thank you
Wow....aside from email offering to enlarge my breasts, or joining forces with the aliens to take over the planet, it all seems normal. Perhaps if you told us more we might be able to better answer.

User avatar
bigpup
Posts: 13886
Joined: Sun 11 Oct 2009, 18:15
Location: S.C. USA

#3 Post by bigpup »

There always watching me :shock: :!:
Attachments
bulldog.jpg
(10.92 KiB) Downloaded 499 times
The things they do not tell you, are usually the clue to solving the problem.
When I was a kid I wanted to be older.... This is not what I expected :shock:
YaPI(any iso installer)

musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

#4 Post by musher0 »

Hello Antipodal.

Not in this forum, and not in my email, no.

But Spring has arrived a bit earlier in these parts! Some birds, some Canadian
geese are already back. That's unusual, overall!

BFN. ;)
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

User avatar
greengeek
Posts: 5789
Joined: Tue 20 Jul 2010, 09:34
Location: Republic of Novo Zelande

Re: Have you detected any unusual activity lately?

#5 Post by greengeek »

Antipodal wrote:Re: Have you detected any unusual activity lately?
I have
At this forum or at your email related account since Apr 3 2017?

I'm currently a bit tense but I will probably give some more information about this question in my next post or in my next edition once I have checked some details.
Yes - I find that I get bursts of interference from time to time. Sometimes it seems to follow visiting certain websites and sometimes it comes out of the blue. With regard to email I sometimes find that I get a lot of "false emails" for a few days - emails that look as if they come from friends or websites I subscribe to, but there are clues that they are just spam or clickbait - things like email address not matching domains I know, or failing to match the senders nick.

Sometimes these intrusion attempts via email are quite clever - mimicking people I know, but triggering my fastmail phishing alarm as the actual domain does not match the visible domain.

I suspect that some of these could be malware infections in my friends computers, but occasionally it appears to be spam generated by Facebook etc in "the name of" one of my friends. To be fair, facebook assumes the right to contact "friends" and send emails on their behalf (as part of their terms and conditions) so you have to be careful who you blame.

Other than that I have recently been getting a lot of circumstances where my router appears to kick me off the internet but i still see the Tx counter increment and see the wifi icon flash green intermittently. How can the TX counter increase if you are not on the internet? There's no one else on my home network when it happens. Disconnecting from the network and reconnecting brings things back to normal. Could just be a router fault but it's been stable until a couple of weeks ago...

musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

#6 Post by musher0 »

Joke aside, do you mean solar activity amd cosmic rays emitted by the Sun,
which can disrupt satellite transmissions and electrical networks?

You can go have a look at http://spaceweather.com.
Last edited by musher0 on Mon 10 Apr 2017, 15:20, edited 1 time in total.
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

Sailor Enceladus
Posts: 1543
Joined: Mon 22 Feb 2016, 19:43

#7 Post by Sailor Enceladus »

@Antipodal: Are you using FIrefox 52? If you get weird security message on login with it, check out this post:
http://www.murga-linux.com/puppy/viewto ... 918#949918

User avatar
perdido
Posts: 1528
Joined: Mon 09 Dec 2013, 16:29
Location: ¿Altair IV , Just north of Eeyore Junction.?

#8 Post by perdido »

bigpup wrote:There always watching me :shock: :!:

Antipodal
Posts: 253
Joined: Thu 26 Mar 2009, 16:52
Location: The other side of the world

#9 Post by Antipodal »

Hello members of the kennel!
Some of your comments were really funny and made me laugh a lot!!
I have read greengeeks post and I think that what happened to me is related in some way with what he describes as "false emails" in his first and second paragraph.
Regarding Sailor Enceladus' comment, before reading his link I will have to check which version I was using at the time the abnormalities emerged because as you will deduct from my message I have used many browsers and versions in these last 3 months.

I would have liked to be concise but I couldn't avoid going into details while I was recovering from the most unusual experience I had ever lived in this forum before.
This is what I wrote during my recovery hours (you can always skip the details):

I think the abnormalities I detected are - in some way - related to my research about teaming up my Puppies with PGP/GPG,
I have been twice interested in this subject.
The first time occurred when I wrote this post and after reading the whole thread vainly tried to use the tools that were mentioned there. Fortunately I solved that problem with another tool and tagged the thread as "solved".

The second time was on last December when I thought it would be nice to download a program for schools and learning environments whose download guide recommended a signature verification of the ISO image file using GPG.

At that time I thought that if I could use GPG to encrypt and decrypt I would also be able to verify the ISO image file. And because more than 2 years ago I had failed with my previous attempt, I jumped into a related thread and with the data provided by rockedge I resumed my attempts but failed once more.

That's why almost three months later I began this thread.But as you can see my request wasn't very successful.

I wasn't sure if I should ask the community why the reaction to it had been so far from what I had expected.

While I was thinking that up, I resumed my lonely research.

On Saturday 8 April 03:00 UTC after having failed in launching the Enigmail Wizard as recommended by Step 2A of this guide and after a IRC-Freenode-GPG channel talk with someone there, I saw a "New Private Message" notification on my "Inbox" tab on Thunderbird. Though I was very tired and really thought I needed some sleep I decided to click on the link that was written on that email as I usually do in those circumstances. I was hoping to find some help regarding the Tahrpup-PGP teaming issue.

I was not surprised when a little window announced it was impossible to access Murga’s forum because Firefox had collapsed, since the same thing had happened in other circumstances, when leaving the email client to get into the browser. In those cases I had solved the problem closing and/or killing all the opened windows and accessing the browser through its icon in the desktop or in the left corner of the tray.

So I carried on with that process and solved the problem. But when I tried to log into the forum I received another advice saying (I cant' remember exactly) I couldn't (or I shouldn't) log into the forum. I solved that by shutting down Tahr and restoring it from the original tahr-6.0.5-PAE.iso CD I had burned on March 2016 and trying to log in again.

I succeeded, and using PailMoon as a browser I loged directly into the PM section but to my surprise there wasn't a new message there. I then went to the thread that is obsessing me but nothing had changed there either.

I was puzzled (and as I said before, tired) but before login out I decided to take a look at the index. A new message had entered the House Training - Beginners Help (Start here) subforum precisely at that time and I couldn't understand its title so I clicked on it and saw the most extensive and compact original post I have ever seen in my life... but it was full of incoherent and disconnected sentences. The original poster had a username that I think began with Andrew and ended with some other 10 letters I can't recall now. To my surprise I discovered the three following subforums (Users[For the regulars], HOWTO[Solutions] and BUGS[Submit bugs]) had received almost at the same time, posts with the same signature and of the same sort.

But the biggest surprise took place when after checking the content of the post that had arrived to the BUGS[Submit bugs] subforum I discovered that new abnormal posts were arriving at the same four subforums with the only difference that the signature now belonged to someone whose username began with something like "jake"

The bottom right corner of my screen said it was Saturday 8 April and the time was about 03:UTC and while I was shutting down my computer and disconnecting my modem and router from the Internet the only thing I could think about was that Flash, Ian and JohnMurga would have a lot of unusual work to do that Saturday.

I will come back with more strange things I discovered in the forum and in my email related account after sleeping for at least 6 hours.

Goodbye and thank you for your time.
Posting from a P4 3Ghz_ASUS P5G41T-M LX3_2G RAM_DVD Write desktop with no internal HDD
Saving my stuff on flash sticks and in external USB HDD

User avatar
Semme
Posts: 8399
Joined: Sun 07 Aug 2011, 20:07
Location: World_Hub

#10 Post by Semme »

Look familiar?
You have received a new private message to your account on "Puppy Linux Discussion Forum" and you have requested that you be notified on this event. You can view your new message by clicking on the following link:

http://www.murga-linux.com/puppy/privms ... lder=inbox
There's nothing to read if the sender deletes their "outbox" copy before you reach your inbox.

Make sense? Perfect. It's how this boards phpBB works.
>>> Living with the immediacy of death helps you sort out your priorities. It helps you live a life less trivial <<<

User avatar
Makoto
Posts: 1665
Joined: Fri 04 Sep 2009, 01:30
Location: Out wandering... maybe.

#11 Post by Makoto »

Antipodal wrote: I was puzzled (and as I said before, tired) but before login out I decided to take a look at the index. A new message had entered the House Training - Beginners Help (Start here) subforum precisely at that time and I couldn't understand its title so I clicked on it and saw the most extensive and compact original post I have ever seen in my life... but it was full of incoherent and disconnected sentences. The original poster had a username that I think began with Andrew and ended with some other 10 letters I can't recall now. To my surprise I discovered the three following subforums (Users[For the regulars], HOWTO[Solutions] and BUGS[Submit bugs]) had received almost at the same time, posts with the same signature and of the same sort.

But the biggest surprise took place when after checking the content of the post that had arrived to the BUGS[Submit bugs] subforum I discovered that new abnormal posts were arriving at the same four subforums with the only difference that the signature now belonged to someone whose username began with something like "jake"
Those were spam posts - four from "Andrewfarrell," and four from "jakediekman", in a short period of time, most likely the same spambot using two different aliases. The posts were removed.
[ Puppy 4.3.1 JP, Frugal install ] * [ XenialPup 7.5, Frugal install ] * [XenialPup 64 7.5, Frugal install] * [ 4GB RAM | 512MB swap ]
In memory of our beloved American Eskimo puppy (1995-2010) and black Lab puppy (1997-2011).

Antipodal
Posts: 253
Joined: Thu 26 Mar 2009, 16:52
Location: The other side of the world

#12 Post by Antipodal »

Thank you for these two last posts!
Semme's post makes sense and points out a possibility (that due to my lack of knowledge about these things) I hadn't thought about.
Makoto's post reveals accurately the aliases that were used and confirms what I saw.

Knowing who removed those posts would help in understanding what happened that Saturday 08 April 2017 ±03:00 UTC

Is anyone else willing to help?


-----------------------
Posting from a P4 3Ghz_ASUS P5G41T-M LX3_2G RAM_DVD Write desktop with no internal HDD
Saving my stuff on small flash sticks and in external USB HDD

musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

#13 Post by musher0 »

Antipodal wrote:(...)
Knowing who removed those posts would help in understanding what
happened that Saturday 08 April 2017 ±03:00 UTC

(...)
Hello Antipodal.

The forum moderators (John_Murga, Flash, and a couple of others) have
the level of permission necessary to remove such posts.

You or I can't do anything on them directly, except report them in the
Spam Section of the forum. When the moderator sees your post there and
your report is justified, it usually doesn't take long before the offensive
message gets removed.

BTW, why do you ask? You're completely new to forums, eh?

IHTH.
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

Antipodal
Posts: 253
Joined: Thu 26 Mar 2009, 16:52
Location: The other side of the world

#14 Post by Antipodal »

Hello musher0
During these last days I have been extremely busy or extremely sleepy.
But I always kept in mind I should answer your friendly message as soon as I could and I'm now here to thank you for it.
You wrote:The forum moderators (John_Murga, Flash, and a couple of others) have
the level of permission necessary to remove such posts.
I always thought John Murga, Flash and Ian were the only ones with the necessary level of permission necessary to remove posts.
I don't recall having heard that someone else had those permissions too.
You wrote:You or I can't do anything on them directly, except report them in the
Spam Section of the forum. When the moderator sees your post there and
your report is justified, it usually doesn't take long before the offensive
message gets removed.
Yes. I was aware of that.
You wrote:BTW, why do you ask?
Probably for the same reasons that you do. We both seem to have inquisitive minds and like to know why things happen.
Before Semme and Makoto's messages my reasoning was that there were good chances I would have received a phishing email and I would have entered into a fake forum.
Semme's message made me slightly reduce the phishing chances.
Makoto's message significantly reduced the fake forum chances.
Currently I think the chances of a fake forum would be completely ruled out if those who have permissions for removing posts acknowledge having removed the posts Makoto and I saw.
If they don't, I believe there are still small chances that Makoto and I were phished into a fake forum.
Right?
Please, keep in mind that what precedes were/are the thoughts of a digital illiterate who welcomes critics and comments.
You wrote:You're completely new to forums, eh?
This is the forum where I have been more active in my whole life.
I must have distributed much less than the same number of messages I have posted here among no more than ten other forums.

I also HTH

Long live Puppy lovers! :)

User avatar
Makoto
Posts: 1665
Joined: Fri 04 Sep 2009, 01:30
Location: Out wandering... maybe.

#15 Post by Makoto »

I'm not sure, offhand, how you would come to the conclusion you were at risk of being phished, or on a fake forum, from a small handful of fake posts from two specific "users." The posts were among standard spambot fare; their only purpose is to get the links out there for the search engines to index, so to that end, it doesn't matter to the spammers/bots if they're buried in quotes taken from actual posts on the forum, pure gibberish, foreign languages, etc.
[ Puppy 4.3.1 JP, Frugal install ] * [ XenialPup 7.5, Frugal install ] * [XenialPup 64 7.5, Frugal install] * [ 4GB RAM | 512MB swap ]
In memory of our beloved American Eskimo puppy (1995-2010) and black Lab puppy (1997-2011).

Antipodal
Posts: 253
Joined: Thu 26 Mar 2009, 16:52
Location: The other side of the world

#16 Post by Antipodal »

Makoto:
Thank you very much for your comment.
I am not in a position to question your doubts because I am aware of my limited computing skills which are surely light years beneath yours.
For the time being I'll continue taking notes of the unusual things I see and perhaps eventually I will add a new post here or I'll begin a new thread.
Thank you again.

PS:Aproximately 24 hours after your post, when I was about to post the preceeding words, I witnessed another attack on the forum that compromised almost all subforums, so I decided to pospone this message.
I posted about this in "THE" alternative forum and I have received some feedback about the attack.
Currently I can still see the aftermath signed by xushengda0415 in the "Taking the Puppy out for a walk" → "Suggestions" subforum.

User avatar
Makoto
Posts: 1665
Joined: Fri 04 Sep 2009, 01:30
Location: Out wandering... maybe.

#17 Post by Makoto »

It was a spambot - the Korean gambling site spambots think it's necessary to absolutely flood a site in short order with their spam posts for their sites, for some reason.
[ Puppy 4.3.1 JP, Frugal install ] * [ XenialPup 7.5, Frugal install ] * [XenialPup 64 7.5, Frugal install] * [ 4GB RAM | 512MB swap ]
In memory of our beloved American Eskimo puppy (1995-2010) and black Lab puppy (1997-2011).

Post Reply