(old)Puppy Linux Discussion Forum

Sure enough
And I just got done from a complete reinstall of of everything, so this isn't a cache or worm issue.
Not yet anyway :/

alienjeff wrote:Clearly neither Servage nor anyone else is doing anything about this.

See my latest blog post.
If Servage doesn't fix it soon, I'm moving. Unfortunately I paid for a year and have only been there a few months.

I can reupload everything again, which is what I have been doing, but I am leaving it as-is for now so that Servage can see its condition.

I'll wait a bit longer, not much longer, then reupload everything again.

but I am leaving it as-is for now so that Servage can see its condition.

Not smart!
In the mean time all Windows vistitors inquirering about Puppy gets blasted with a trojan.

In the mean time all Windows vistitors inquirering about Puppy gets blasted with a trojan.

It's definitely not good if any puppy sites are hosting any malware. But, if it's true that these things are specifically targetting ActiveX vulnerabilities in IE, how come we haven't seen any response from Microsoft support? I mean, Bill does post regularly to the forum, doesn't he?

@Barry
Thanks for the update. To leave the iframe exploit online is as much as supporting the black hats. Instead of passively waiting for the techs at Servage to check the pages live, if and when they ever get around to it, please consider:

1) copying and saving the the HTML from both the index and links pages,
2) upload clean index and links pages, and
3) attach appropriate excerpts of HTML to correspondence with Servage.

I noted that several of your puppylinux(dot)com pages were generated using IBM WebSphere Studio Homepage Builder V6.0.0 for Windows. Assuming you use Windows from time to time, it's conceivable that your own Windows box may be compromised and the reinfection could be taking place quite close to home. Anyone else with admin privies to puppylinux(dot)com should check their systems for infection, too.

It would be sad if at the end of the day it turned out to be a case of either tail or ghost chasing ...

@Community
Going by this thread, two of "our own" have been infected, though there may be more and we haven't heard from them. They may be a tad embarrassed to display soiled laundry.

Regardless of how some of us feel about the monster of Redmond that is Microsoft, it's important to remember that a many of us may very well may have been introduced to Puppy while still using IE.

Also remember the old saw about Linux being inherently safe from virii, trojans and such. Puppy could take a devastating publicity hit should the wrong person innocently visit puppylinux(dot)com and click "links" in the menu bar. When I say devastating, I mean a publicity hit that would make the infamous Mark South Distrowatch Dramarama barely a blip on the radar screen.

Please don't ask me to spell it out any further. Use your own imagination.

Think about it.

Warning for all forum users:
Turn off :display email address: in your user profile. I didn’t realize till yesterday that this phpBB version doesn’t use an internal mail server for sending emails to other users.
Your email address is displayed with as little as a mouse-over. This makes it so easy for anyone to gather ALL emails, from everybody registered on this rather old and buggy version of phpBB.
There is a script out there that can gather all your email addresses in just a minute or two.
Email spam is as bad as that crap in a can. LOL

@wingruntled,

I was embarrassed to find that out some time before the changeover, while using a friend's machine to view the forum. Makes me wonder what else we haven't noticed.

@prehistoric
I just can’t help but wonder why somebody got so hacked off at the Puppy community to launch such an intensive cross site attack. These are not some random attacks.
Thanks for having some others look into this problem.

If I told you once I told you a thousand times!
Get your hands off that, aj. You know you don’t know nothin’ bout machinery.
ROFLMAO

After checking Barry's (now static) blog, I just had a brilliant insight.

And here is the response from Servage:

Hello Barry

We are sorry to hear about your hacking issue. Kindly remove all the file contents in your account, change all the passwords, reupload all the contents. Make sure that you are not using any insecure script in your account and also try to avoid the 777 file permissions as they make the files world writable and hence vulnerable.

Thank you!

Kind regards,
Scott, Support
Servage Hosting

'Scott' is telling me to do what I have just told him that I have already done!

Quick! Pick up the telephone and warn Servage. Their customer service department is currently staffed with 'bots.

prehistoric

Servage doesn’t have phone support. They are as useless as OO’s on a bull.

You need to see their second reply, at puppylinux.com/blog.

Note, I have cleaned up my site, yet again.

I also changed my passwords again. So, we wait and see if my site gets compromised again....
I dunno, maybe the previous time I changed my password wasn't enough and it was somehow discovered. Well, right now my site seems to be clean and I have brand spanking new passwords, so we shall see.

O.K., Barry, my first hypothesis was too conservative. Servage is staffed entirely by 'bots.

This is a pity, If there were any humans available I would send them a link to this article. computerworld article

alienjeff wrote:@Barry
Assuming you use Windows from time to time, it's conceivable that your own Windows box may be compromised and the reinfection could be taking place quite close to home. Anyone else with admin privies to puppylinux(dot)com should check their systems for infection, too.

If the infection were coming from the machines of those creating the site content - can the puppy files themselves (ie the ibiblio downloads) be infected? Would infection be detected by virus scanners?

BarryK wrote: Note, I have cleaned up my site, yet again.

For anyone who wants to help monitor the main page
a nice tool to keep an eye on things
name of the plug-in is called firebug
https://addons.mozilla.org/en-US/firefox/addon/1843

dillo shows hidden txt for a quick view
ftp://ibiblio.org/pub/linux/distributio ... eki-mu.pet

A positive note many people will be looking for changes made on the main page
I made a copy of the clean site so I can check if something else gets added

more eyes watching
more whistle blowers
we all use puppy and want it safer

I use the main page frequently and it
is annoying to try to use all the links and avoid a very
important source of information

I am happy that the main page is clean now

big_bass

^ Ditto my big_bass brother, aka "what he said."

And thanks for the follow-up work, Barry!

One is massively impressed by those who have contributed wisdom to this very serious matter that affects us all. Can one of them please get together with John (or Barry) in order to describe in a separate thread, or preferably another section, all the minute details as to what those of us without an IT background should do with our systems, including 'doze. That might include what files/statements/w.h.y. to search for, which utilities to use and where to obtain them such that they aren't themselves compromised, what to do if/when trojan, worm, whatever malware is found, etc. That is to say, not just the bland advice on virus and malware scanners. In the circumstances, this might be one of the best public services that such competent practitioners can offer.

As for Barry and Servage, it would appear that they might have violated the terms of their contract (or the contract is invalid?). That being the case, Australian Law is every bit as good as that in Europe or the USA and he should have absolutely no difficulty in recouping his unused subscription, possibly damages and certainly costs. If he is less than sure about the way hosting companies operate, there doesn't seem to be any shortage of folks here who could provide a notarised statement as evidence - last time I was in the USA this cost $1 for signature, $5 for the full package, £3 in the UK; money well spent, especially when it counts as costs.

Alien Update: Just checked the homepage and all pages accessed through the horizontal menu bar. Clean for now. Will continue to keep an eye on these. -aj