(old)Puppy Linux Discussion Forum

While Barry's experience with Servage furnishes grounds for dismissing these attacks as the result of sheer incompetence there is evidence of similar attacks against a harder target. http://www.theregister.co.uk/2008/03/13 ... _infected/

To quote an understatement of the late mathematician, Paul Erdos, "This is not a trivial problem."

prehistoric

Small Claims Courts cost peanuts and in the unlikely event you lose, there are no costs against you. If you have sworn (notorised) statements from experts in support, the 'little man' invariably wins on 'balance of probability'. Winning is not so much a warm feeling for the individual but helps those that come after and helps to close down the business of bad companies by the adverse publicity. In the UK, you can file online - it's easy. I have been successful against such diverse companies as Ebuyer, Indesit and Parcel Force. In the latter case, it got as far as the bailiffs arriving to remove the CEO's computer - I let him off for a cash alternative. These bullying traders need to be taught a lesson - it's the only way their behaviour can be moderated. These days, when buying goods and asked if I would like an extended warranty (for a vast extra premium). I always decline and tell the salesman "No thank you, I always sue if there's a problem" and insist on him giving me the address of the registered office, to make sure the message gets home.

Bad News!
I wasn't going to post on this forum any longer because of the lack of securties set by the admin but With fireswalls up!
Here is the log I just got from firestarter when I went to Barry's blog
Time: Mar 16 22:54:49 Source: 77-232-84-168.static.servage.net Destination: mke-216-54-***.***.******.com In IF: ppp0 Out IF: Port: 2600 Length: 44 ToS: 0x00 Protocol: TCP Service: Zebrasrv

Bye! and clearing system again!!!!!

BUMP
due to an SQL error when I posted the above.

test

Just came across this:

Posted by: vec7 on 03/10/2008 09:18 PM
Friends, this is the beginning of the new VectorLinux website. This site will be under construction for awhile to rebuild our content. We are pretty much starting from scratch since our database was severely compromised by a hacking group a few days ago. So bear with us content will be added on an ongoing basis.
cheers,
Vec

Maybe Puppy isn't the only one being messed with?

I've been looking at this site:
http://www.webhostingjury.com/
It is customer reviews of web hosts.

I am of course looking at where to move puppylinux.com. One thing, they must accept PayPal, which rules out Netfirms. The reason for PayPal is that it gives you more control, and they can't do an automatic renew. I was with Netfirms and they required that I telephone them in the US to cancel the account -- not at all satisfactory.

Hostgator looks interesting:
http://www.hostgator.com/
...they include SSH, I missed that with Servage.

Godaddy was recommended to me by one person, but the customer reviews are awful.

So, what do you reckon, does Hostgator look good? I want this for my own sites. I have puppylinux.com, goosee.com, plus a couple other small private domains.
For puppylinux.org and some other Puppy domains, there is a separate effort going on to find a better home than Servage.

I think having two separate homes is a good thing. Of course this forum is hosted at yet another place ( -- does John mind if the host is known?)

We need to avoid "all the eggs in one basket".

Hi Barry,

I looked at http://drupal.org/.
There is lots of recommended hosts on the forum there.

May be of use to you.

I didn't need any phone calls about PayPal here....but I'm on .ca not Netfirms.com...maybe a difference..dunno.

Best,
Eric

Don't assume puppylinux.org is safe. See this thread. http://www.murga-linux.com/puppy/viewtopic.php?t=27374

Yes, oblivious, you could say others are being messed with, hardly a secret. Here's a report on media reaction to one current wave of attacks. Danchev on PR storm

Even if exploits do not apply to us, a redirect through a search engine can bring others to an infected page. Puppy's page rank makes it a reasonable target for rank manipulation on search engines.

Yes, oblivious, you could say others are being messed with

The whole thing just makes me feel sick.

oblivious wrote:The whole thing just makes me feel sick.

You aren't the first. Now start thinking about how to do something about it. If enough Puppy enthusiasts take action attackers may learn the meaning of this ancient warning: Cave Canem.

Hope that BK is going to appraise us of today's events. Early this morning (GMT), his static blog appeared with a couple of new items about Abiword. Now, it's been replaced by his old interactive blog which stopped with his Feb27 item on XDiff. Presume he's got all this under control?

Now start thinking about how to do something about it.

I can't even get Puppy to work properly, I wouldn't have a clue

Return of the Blog!

@oblivious,

Thinking these problems are only solved by wizardry is part of trouble people generally have in combating them. When you happen across an infected page you can use a right click and "show source" to get the html source which you can submit that to a group which tracks spamming or malware and works to get the culprits shut down. (N.B.: I am not talking about the visible page - which may have distracting pictures. You want to report the URL, the time and the page source.)
@ anyone: I would like to hear suggestions from others about their favorite reporting sites. before I make recommendations.

You don't need much expertise to report a problem to the webmaster if a page on their site takes you someplace you don't want to go. If there is a chance posting a report on a forum could create problems by luring people into a trap you can report directly via PM or email.

By using Puppy you are already reducing your chances of spreading an infection. By restricting the scripts your browser runs you can reduce risk still further. By reporting you can limit damage to others.

The one thing I want to emphasize is that there is no "silver bullet" which destroys all risk! Puppy is not magic, it requires intelligent users - as does any computer system.

prehistoric

Running win on the net is a lost cause.

Sage wrote:Hope that BK is going to appraise us of today's events. Early this morning (GMT), his static blog appeared with a couple of new items about Abiword. Now, it's been replaced by his old interactive blog which stopped with his Feb27 item on XDiff. Presume he's got all this under control?

Yes, it was back for a few hours. I wanted to extract everything from it and create static html pages, and the only way that I knew how to do that is manually, copy-paste.

When you happen across an infected page

Well, that's just it - other than being told that I have by people on here, I've never observed any infection/being redirected anywhere/having the virus thingy tell me anything is dodgy.

I asked about reporting the redirection thing on Barry's page on the forum for my (windows) internet security, but got no answer to that.

By using Puppy you are already reducing your chances of spreading an infection.

How? I do not understand how an infection is spread by looking at a web-page. I don't understand how using Puppy would stop something getting onto the Windows partition.

I don't understand why people are looking at source code on webpages (what did the page do?). I don't understand why the trojan downloader didn't work on my computer (a good thing) I don't understand what all of those drug things are doing on puppylinux.org (getting a higher position on google?)

I don't think anybody buys replica cartier watches or standing tall so I don't see the point of spam email.

I really don't belong on the internet. I think I'll go back to knitting and listening to the wireless.

These are two little applications that may be of some use to track down the hackers currports:http://www.nirsoft.net/utils/cports.html
and IPNetInfo:http://www.nirsoft.net/utils/ipnetinfo.html
That way maybe we can find out who the hacker is and kick him in the nuts.
lol, pch

pch.shot wrote:

That way maybe we can find out who the hacker is and kick him in th nuts.
lol, pch

That is an interesting thought? Maybe have the server have a forced redirect back to itself.
And internal DDOS attack. Interesting thought