Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sun 19 Aug 2018, 03:30
All times are UTC - 4
 Forum index » House Training » Bugs ( Submit bugs )
cupsd connection to 000dom.revenuedirect.com ??? [SOLVED]
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [11 Posts]  
Author Message
musher0


Joined: 04 Jan 2009
Posts: 12574
Location: Gatineau (Qc), Canada

PostPosted: Wed 18 Jul 2018, 08:51    Post subject:  cupsd connection to 000dom.revenuedirect.com ??? [SOLVED]
Subject description: Is this a legit site?
 

Hi.

I just noticed this morning, typing
Code:
lsof -i
as I do once and a while, that my cups demon was connected to
000dom.revenuedirect.com??? Result:
Code:
COMMAND     PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
cupsd      8383 root    8u  IPv4   8578      0t0  TCP 000dom.revenuedirect.com:631 (LISTEN)
(...)
Is that a legit site? I don't like it... A name like that has to be fishy.
Usually, cupsd does not connect to that site.

When I tried to go to the revenuedirect site with SeaMonkey, I got an error
message. (The connection is refused?)

A search through ask.com on "revenue direct" comes up with this
among other material. Although I find what they do unpleasant, the
Direct_Revenue company from NYC seems to be a legitimate concern.

The main question I have is: Can the cups connection on your Pup be used
for malware, spying, and the like?

Any info on this subject will be appreciated. TIA.

_________________
musher0
~~~~~~~~~~
Siempre será canción nueva... (V. Jara, Manifiesto)

Last edited by musher0 on Wed 18 Jul 2018, 22:27; edited 1 time in total
Back to top
View user's profile Send private message 
rcrsn51


Joined: 05 Sep 2006
Posts: 12274
Location: Stratford, Ontario

PostPosted: Wed 18 Jul 2018, 11:01    Post subject:  

CUPS is a server. Its default configuration is to only listen on its own computer (localhost) for apps that are requesting print services.

But if you have enabled printer sharing, it will also listen on the LAN for requests.

But supposedly your LAN is behind a router, and you are NOT allowing clients from the WAN.

You need to check the settings on the CUPS admin page and your /etc/cups/cupsd.conf

Is there a host somewhere on your network named 000dom.revenuedirect.com?
Back to top
View user's profile Send private message 
perdido


Joined: 09 Dec 2013
Posts: 898
Location: ¿Altair IV , Just north of Eeyore Junction.?

PostPosted: Wed 18 Jul 2018, 12:10    Post subject:  

Its an adserver run by sedo

I see it mentioned a lot on suggested hosts file entries.

.

_________________
Giving with an expectation for return brings misery.
Back to top
View user's profile Send private message 
musher0


Joined: 04 Jan 2009
Posts: 12574
Location: Gatineau (Qc), Canada

PostPosted: Wed 18 Jul 2018, 18:28    Post subject:  

Thanks rcrsn51 and perdido.

I do not have a printer connected to this xenialPup-7.0.6 and never even
tried to configure one on it.

I do not usually need a printer. For my very minimal printing needs, I print a
document to PDF, copy the PDF file to a thumb-drive, go to the public library
and pay 25¢ a page to get the print out from their printer.

BFN.

_________________
musher0
~~~~~~~~~~
Siempre será canción nueva... (V. Jara, Manifiesto)
Back to top
View user's profile Send private message 
dancytron

Joined: 18 Jul 2012
Posts: 1102

PostPosted: Wed 18 Jul 2018, 18:51    Post subject:  

FWIW, my ublock origin blocks it


Quote:

uBlock Origin has prevented the following page from loading:

http://000dom.revenuedirect.com/

Because of the following filter

||revenuedirect.com^
Found in: Malvertising filter list by Disconnect • Peter Lowe’s Ad and tracking server list
Back to top
View user's profile Send private message 
Galbi


Joined: 21 Sep 2011
Posts: 1047
Location: Bs.As. - Argentina.

PostPosted: Wed 18 Jul 2018, 19:43    Post subject:  

@musher0: do you have a hosts file like this? http://winhelp2002.mvps.org/hosts.htm
there are others, but I use that in all my machines, real - virtual - linux - windows.

This brings me a question: using such hosts file, blocks connections for all kind of software or just for the browser?

I guess is the 1st choice, but not sure...

Thanks.

_________________
Remember: "pecunia pecuniam parere non potest"
Back to top
View user's profile Send private message 
rcrsn51


Joined: 05 Sep 2006
Posts: 12274
Location: Stratford, Ontario

PostPosted: Wed 18 Jul 2018, 20:08    Post subject:  

musher0 wrote:
I do not have a printer connected to this xenialPup-7.0.6 and never even tried to configure one on it.

Then you should disable the cupsd service at bootup.
Back to top
View user's profile Send private message 
musher0


Joined: 04 Jan 2009
Posts: 12574
Location: Gatineau (Qc), Canada

PostPosted: Wed 18 Jul 2018, 22:26    Post subject:  

Good idea! Many thanks, rcrsn51! Smile Problem solved.
No_cupsd!.jpg
 Description   
 Filesize   60.53 KB
 Viewed   117 Time(s)

No_cupsd!.jpg


_________________
musher0
~~~~~~~~~~
Siempre será canción nueva... (V. Jara, Manifiesto)
Back to top
View user's profile Send private message 
musher0


Joined: 04 Jan 2009
Posts: 12574
Location: Gatineau (Qc), Canada

PostPosted: Wed 18 Jul 2018, 22:35    Post subject:  

Galbi wrote:
@musher0: do you have a hosts file like this? http://winhelp2002.mvps.org/hosts.htm
there are others, but I use that in all my machines, real - virtual - linux - windows.

This brings me a question: using such hosts file, blocks connections for all kind of software or just for the browser?

I guess is the 1st choice, but not sure...

Thanks.

Hi galbi.

Thanks for your reply.

Yes, I am using a < hosts > file populated by the < pup-advert-blocker >
utility.

Concerning your second question, I do not know if a cupsd connection
to a malware site (theoretically) can infect one's Internet connection.
The two appears to be in separate "channels", though.

That is what had me worried, initially. But reasoning rcrsn51's
suggestion, if the cups demon is not connected, it cannot transmit any
infection, can it? Smile

BFN.

_________________
musher0
~~~~~~~~~~
Siempre será canción nueva... (V. Jara, Manifiesto)

Last edited by musher0 on Thu 19 Jul 2018, 12:32; edited 1 time in total
Back to top
View user's profile Send private message 
rcrsn51


Joined: 05 Sep 2006
Posts: 12274
Location: Stratford, Ontario

PostPosted: Thu 19 Jul 2018, 06:58    Post subject:  

When you originally ran the lsof command, did you have a browser open? Or had one been previously open?

I suspect that cupsd saw the 000dom.revenuedirect.com process running somewhere on localhost (or maybe associated with a tcp port) and decided to listen to it for print requests.

Since 000dom.revenuedirect.com isn't interested in printing, I doubt if anything malicious could happen.

But it's certainly interesting that CUPS would do that.
Back to top
View user's profile Send private message 
musher0


Joined: 04 Jan 2009
Posts: 12574
Location: Gatineau (Qc), Canada

PostPosted: Thu 19 Jul 2018, 12:42    Post subject:  

Hello rcrsn51.

I have now un-ticked the setting for cupsd and rebooted, so I'm afraid
we'll never know.

That said, what you suggest is not impossible. I do routinely leave a
browser running in the background, and I enable anti-adware on all of
them.

But I think not. < lsof -i > picks up and shows any connection to my
ISP with a running browser. And there is none shown in the description
in my OP.

Again, thanks. BFN.

_________________
musher0
~~~~~~~~~~
Siempre será canción nueva... (V. Jara, Manifiesto)
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [11 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » House Training » Bugs ( Submit bugs )
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1093s ][ Queries: 13 (0.0353s) ][ GZIP on ]