(old)Puppy Linux Discussion Forum

Just came across this:

Posted by: vec7 on 03/10/2008 09:18 PM
Friends, this is the beginning of the new VectorLinux website. This site will be under construction for awhile to rebuild our content. We are pretty much starting from scratch since our database was severely compromised by a hacking group a few days ago. So bear with us content will be added on an ongoing basis.
cheers,
Vec

Maybe Puppy isn't the only one being messed with?

I've been looking at this site:
http://www.webhostingjury.com/
It is customer reviews of web hosts.

I am of course looking at where to move puppylinux.com. One thing, they must accept PayPal, which rules out Netfirms. The reason for PayPal is that it gives you more control, and they can't do an automatic renew. I was with Netfirms and they required that I telephone them in the US to cancel the account -- not at all satisfactory.

Hostgator looks interesting:
http://www.hostgator.com/
...they include SSH, I missed that with Servage.

Godaddy was recommended to me by one person, but the customer reviews are awful.

So, what do you reckon, does Hostgator look good? I want this for my own sites. I have puppylinux.com, goosee.com, plus a couple other small private domains.
For puppylinux.org and some other Puppy domains, there is a separate effort going on to find a better home than Servage.

I think having two separate homes is a good thing. Of course this forum is hosted at yet another place ( -- does John mind if the host is known?)

We need to avoid "all the eggs in one basket".

Hi Barry,

I looked at http://drupal.org/.
There is lots of recommended hosts on the forum there.

May be of use to you.

I didn't need any phone calls about PayPal here....but I'm on .ca not Netfirms.com...maybe a difference..dunno.

Best,
Eric

Don't assume puppylinux.org is safe. See this thread. http://www.murga-linux.com/puppy/viewtopic.php?t=27374

Yes, oblivious, you could say others are being messed with, hardly a secret. Here's a report on media reaction to one current wave of attacks. Danchev on PR storm

Even if exploits do not apply to us, a redirect through a search engine can bring others to an infected page. Puppy's page rank makes it a reasonable target for rank manipulation on search engines.

Yes, oblivious, you could say others are being messed with

The whole thing just makes me feel sick.

oblivious wrote:The whole thing just makes me feel sick.

You aren't the first. Now start thinking about how to do something about it. If enough Puppy enthusiasts take action attackers may learn the meaning of this ancient warning: Cave Canem.

Hope that BK is going to appraise us of today's events. Early this morning (GMT), his static blog appeared with a couple of new items about Abiword. Now, it's been replaced by his old interactive blog which stopped with his Feb27 item on XDiff. Presume he's got all this under control?

Now start thinking about how to do something about it.

I can't even get Puppy to work properly, I wouldn't have a clue

Return of the Blog!

@oblivious,

Thinking these problems are only solved by wizardry is part of trouble people generally have in combating them. When you happen across an infected page you can use a right click and "show source" to get the html source which you can submit that to a group which tracks spamming or malware and works to get the culprits shut down. (N.B.: I am not talking about the visible page - which may have distracting pictures. You want to report the URL, the time and the page source.)
@ anyone: I would like to hear suggestions from others about their favorite reporting sites. before I make recommendations.

You don't need much expertise to report a problem to the webmaster if a page on their site takes you someplace you don't want to go. If there is a chance posting a report on a forum could create problems by luring people into a trap you can report directly via PM or email.

By using Puppy you are already reducing your chances of spreading an infection. By restricting the scripts your browser runs you can reduce risk still further. By reporting you can limit damage to others.

The one thing I want to emphasize is that there is no "silver bullet" which destroys all risk! Puppy is not magic, it requires intelligent users - as does any computer system.

prehistoric

Running win on the net is a lost cause.

Sage wrote:Hope that BK is going to appraise us of today's events. Early this morning (GMT), his static blog appeared with a couple of new items about Abiword. Now, it's been replaced by his old interactive blog which stopped with his Feb27 item on XDiff. Presume he's got all this under control?

Yes, it was back for a few hours. I wanted to extract everything from it and create static html pages, and the only way that I knew how to do that is manually, copy-paste.

When you happen across an infected page

Well, that's just it - other than being told that I have by people on here, I've never observed any infection/being redirected anywhere/having the virus thingy tell me anything is dodgy.

I asked about reporting the redirection thing on Barry's page on the forum for my (windows) internet security, but got no answer to that.

By using Puppy you are already reducing your chances of spreading an infection.

How? I do not understand how an infection is spread by looking at a web-page. I don't understand how using Puppy would stop something getting onto the Windows partition.

I don't understand why people are looking at source code on webpages (what did the page do?). I don't understand why the trojan downloader didn't work on my computer (a good thing) I don't understand what all of those drug things are doing on puppylinux.org (getting a higher position on google?)

I don't think anybody buys replica cartier watches or standing tall so I don't see the point of spam email.

I really don't belong on the internet. I think I'll go back to knitting and listening to the wireless.

These are two little applications that may be of some use to track down the hackers currports:http://www.nirsoft.net/utils/cports.html
and IPNetInfo:http://www.nirsoft.net/utils/ipnetinfo.html
That way maybe we can find out who the hacker is and kick him in the nuts.
lol, pch

pch.shot wrote:

That way maybe we can find out who the hacker is and kick him in th nuts.
lol, pch

That is an interesting thought? Maybe have the server have a forced redirect back to itself.
And internal DDOS attack. Interesting thought

@wingruntled,

That one seems too easy to counter. How about sending spammers to other spammers? Make them blacklist each other.

Anyone, if you have a favorite place to report spamming, malware, etc. please post in this thread. I've had good luck with CastleCops in the past, but want alternatives. At the moment they are overloaded and I can't even login.

(N.B.: I do not endorse political or religious opinions debated on the site. I do not use the Windows operating systems they concentrate on. I do notice results from things reported to their response teams. Also, the FBI gets an RSS feed from them. At least one attacker is very sorry he picked them as a target.)

Update: We have found a motive! Hijacked PC goldrush

@prehistoric

How about sending spammers to other spammers? Make them blacklist each other.

The only problem with that is, if they start getting really PO'ed at each other it could turn into an underground war and I could see some of those folks taking out primary routers just to prove a point.
Them we all would be f%&ed.

I do not endorse political or religious opinions debated on the site.

I hear that! Even back in my old bar days it was common knowledge that those two subjects are better left alone. This is not a bar but it's not an open Internet chatroom where anything goes either. This is a primary help forum for a small Linux distro.

How? I do not understand how an infection is spread by looking at a web-page. I don't understand how using Puppy would stop something getting onto the Windows partition.

Biggest culprits: Internet Explorer and ActiveX. Most windows users still use Internet Explorer (some think IE actually is the internet...). If you put the right code on a page, you can trick IE into installing things. Other browsers and scripting languages and "plugin things" can also be tricked, but naturally IE is worst. Using a non-IE browser with no ActiveX support on a non-Windows OS makes a good number of the attacks ineffective.

An infection can't spread onto a Windows partition just because that partition exists. It needs to somehow be put there. Since most malicious code won't even run in Linux, most infections can't actively spread on a Linux system, even if they reside in a Windows partition (which is pretty much irrelevant). They can still be passively spread though. For example, I could download an infected file while running Puppy and save it to my drive. It contains malicious code for Windows that fails to run in Puppy, so I I don't even notice it. Later though, I boot up Windows to play a game and happen to click that particular file. Just because that file was passed through Linux doesn't mean it was somehow cleansed. It's still just as malicious, and proceeds to infect my Windows system. Hopefully I didn't also forward the email that had that file to a bunch of other people while I was still in Linux, because my using Linux didn't protect those people either.

I don't understand why people are looking at source code on webpages (what did the page do?).

Looking at the first post in the thread, it seems that somebody was running some sort of virus protection program that noticed something fishy when they visited the manuals page. That sent up red flags, so people started checking the sources of pages to see what was going on.

With all the effort we've seen to manipulate search engine rankings, (as in the thread I referenced above,) we might take a look at how this connects to money. This week El Reg did a special feature on the subject. Interesting, and this is legal.

Now, how are they going to stop abuse without losing money?

@BarryK

I support a demand for a refund & compensation, if you look for it there's plenty of evidence which indicates it may go further than cluster 39,
e.g.

http://www.web-hosting-top.com/web-host ... et-reviews

and here

http://www.webhostingtalk.com/showthrea ... e+problems

iframe from .cn, loading ie6/7 exploit

nuff said??

Aitch