Virus warning from www.puppylinux.com/manuals.htm

Puppy related raves and general interest that doesn't fit anywhere else
Message
Author
oblivious
Posts: 303
Joined: Sat 14 Apr 2007, 05:59
Location: Western Australia

#106 Post by oblivious »

Just came across this:
Posted by: vec7 on 03/10/2008 09:18 PM
Friends, this is the beginning of the new VectorLinux website. This site will be under construction for awhile to rebuild our content. We are pretty much starting from scratch since our database was severely compromised by a hacking group a few days ago. So bear with us content will be added on an ongoing basis.
cheers,
Vec
Maybe Puppy isn't the only one being messed with?

User avatar
BarryK
Puppy Master
Posts: 9392
Joined: Mon 09 May 2005, 09:23
Location: Perth, Western Australia
Contact:

#107 Post by BarryK »

I've been looking at this site:
http://www.webhostingjury.com/
It is customer reviews of web hosts.

I am of course looking at where to move puppylinux.com. One thing, they must accept PayPal, which rules out Netfirms. The reason for PayPal is that it gives you more control, and they can't do an automatic renew. I was with Netfirms and they required that I telephone them in the US to cancel the account -- not at all satisfactory.

Hostgator looks interesting:
http://www.hostgator.com/
...they include SSH, I missed that with Servage.

Godaddy was recommended to me by one person, but the customer reviews are awful.

So, what do you reckon, does Hostgator look good? I want this for my own sites. I have puppylinux.com, goosee.com, plus a couple other small private domains.
For puppylinux.org and some other Puppy domains, there is a separate effort going on to find a better home than Servage.

I think having two separate homes is a good thing. Of course this forum is hosted at yet another place ( -- does John mind if the host is known?)

We need to avoid "all the eggs in one basket".
[url]https://bkhome.org/news/[/url]

Caneri
Posts: 1513
Joined: Tue 04 Sep 2007, 13:23
Location: Canada

#108 Post by Caneri »

Hi Barry,

I looked at http://drupal.org/.
There is lots of recommended hosts on the forum there.

May be of use to you.

I didn't need any phone calls about PayPal here....but I'm on .ca not Netfirms.com...maybe a difference..dunno.

Best,
Eric
[color=darkred][i]Be not afraid to grow slowly, only be afraid of standing still.[/i]
Chinese Proverb[/color]

User avatar
prehistoric
Posts: 1744
Joined: Tue 23 Oct 2007, 17:34

puppylinux.org

#109 Post by prehistoric »

Don't assume puppylinux.org is safe. See this thread. http://www.murga-linux.com/puppy/viewtopic.php?t=27374

Yes, oblivious, you could say others are being messed with, hardly a secret. Here's a report on media reaction to one current wave of attacks. Danchev on PR storm

Even if exploits do not apply to us, a redirect through a search engine can bring others to an infected page. Puppy's page rank makes it a reasonable target for rank manipulation on search engines.

oblivious
Posts: 303
Joined: Sat 14 Apr 2007, 05:59
Location: Western Australia

#110 Post by oblivious »

Yes, oblivious, you could say others are being messed with
The whole thing just makes me feel sick. :cry:

User avatar
prehistoric
Posts: 1744
Joined: Tue 23 Oct 2007, 17:34

feeling ill

#111 Post by prehistoric »

oblivious wrote:The whole thing just makes me feel sick. :cry:
You aren't the first. Now start thinking about how to do something about it. If enough Puppy enthusiasts take action attackers may learn the meaning of this ancient warning: Cave Canem. :!:

Sage
Posts: 5536
Joined: Tue 04 Oct 2005, 08:34
Location: GB

#112 Post by Sage »

Hope that BK is going to appraise us of today's events. Early this morning (GMT), his static blog appeared with a couple of new items about Abiword. Now, it's been replaced by his old interactive blog which stopped with his Feb27 item on XDiff. Presume he's got all this under control?

oblivious
Posts: 303
Joined: Sat 14 Apr 2007, 05:59
Location: Western Australia

#113 Post by oblivious »

Now start thinking about how to do something about it.
I can't even get Puppy to work properly, I wouldn't have a clue :cry:

Sage
Posts: 5536
Joined: Tue 04 Oct 2005, 08:34
Location: GB

#114 Post by Sage »

Return of the Blog!

User avatar
prehistoric
Posts: 1744
Joined: Tue 23 Oct 2007, 17:34

what to do

#115 Post by prehistoric »

@oblivious,

Thinking these problems are only solved by wizardry is part of trouble people generally have in combating them. When you happen across an infected page you can use a right click and "show source" to get the html source which you can submit that to a group which tracks spamming or malware and works to get the culprits shut down. (N.B.: I am not talking about the visible page - which may have distracting pictures. You want to report the URL, the time and the page source.)
@ anyone: I would like to hear suggestions from others about their favorite reporting sites. before I make recommendations.

You don't need much expertise to report a problem to the webmaster if a page on their site takes you someplace you don't want to go. If there is a chance posting a report on a forum could create problems by luring people into a trap you can report directly via PM or email.

By using Puppy you are already reducing your chances of spreading an infection. By restricting the scripts your browser runs you can reduce risk still further. By reporting you can limit damage to others.

The one thing I want to emphasize is that there is no "silver bullet" which destroys all risk! Puppy is not magic, it requires intelligent users - as does any computer system.

prehistoric

jonyo

Re: what to do

#116 Post by jonyo »

Running win on the net is a lost cause.

User avatar
BarryK
Puppy Master
Posts: 9392
Joined: Mon 09 May 2005, 09:23
Location: Perth, Western Australia
Contact:

#117 Post by BarryK »

Sage wrote:Hope that BK is going to appraise us of today's events. Early this morning (GMT), his static blog appeared with a couple of new items about Abiword. Now, it's been replaced by his old interactive blog which stopped with his Feb27 item on XDiff. Presume he's got all this under control?
Yes, it was back for a few hours. I wanted to extract everything from it and create static html pages, and the only way that I knew how to do that is manually, copy-paste.
[url]https://bkhome.org/news/[/url]

oblivious
Posts: 303
Joined: Sat 14 Apr 2007, 05:59
Location: Western Australia

#118 Post by oblivious »

When you happen across an infected page
Well, that's just it - other than being told that I have by people on here, I've never observed any infection/being redirected anywhere/having the virus thingy tell me anything is dodgy.

I asked about reporting the redirection thing on Barry's page on the forum for my (windows) internet security, but got no answer to that.
By using Puppy you are already reducing your chances of spreading an infection.
How? I do not understand how an infection is spread by looking at a web-page. I don't understand how using Puppy would stop something getting onto the Windows partition.

I don't understand why people are looking at source code on webpages (what did the page do?). I don't understand why the trojan downloader didn't work on my computer (a good thing) I don't understand what all of those drug things are doing on puppylinux.org (getting a higher position on google?)

I don't think anybody buys replica cartier watches or standing tall so I don't see the point of spam email.

I really don't belong on the internet. :cry: I think I'll go back to knitting and listening to the wireless.

User avatar
pch.shot
Posts: 24
Joined: Fri 21 Mar 2008, 20:35
Location: Chippawa, Ontario, Canada Puppy 3.01

A few Ideas

#119 Post by pch.shot »

These are two little applications that may be of some use to track down the hackers currports:http://www.nirsoft.net/utils/cports.html
and IPNetInfo:http://www.nirsoft.net/utils/ipnetinfo.html
That way maybe we can find out who the hacker is and kick him in the nuts.
lol, pch
Last edited by pch.shot on Sat 22 Mar 2008, 15:32, edited 1 time in total.

wingruntled

#120 Post by wingruntled »

pch.shot wrote:
That way maybe we can find out who the hacker is and kick him in th nuts.
lol, pch
That is an interesting thought? Maybe have the server have a forced redirect back to itself.
And internal DDOS attack. Interesting thought :roll:

User avatar
prehistoric
Posts: 1744
Joined: Tue 23 Oct 2007, 17:34

fighting back

#121 Post by prehistoric »

@wingruntled,

That one seems too easy to counter. How about sending spammers to other spammers? Make them blacklist each other.

Anyone, if you have a favorite place to report spamming, malware, etc. please post in this thread. I've had good luck with CastleCops in the past, but want alternatives. At the moment they are overloaded and I can't even login.

(N.B.: I do not endorse political or religious opinions debated on the site. I do not use the Windows operating systems they concentrate on. I do notice results from things reported to their response teams. Also, the FBI gets an RSS feed from them. At least one attacker is very sorry he picked them as a target.)

Update: We have found a motive! Hijacked PC goldrush

wingruntled

#122 Post by wingruntled »

@prehistoric
How about sending spammers to other spammers? Make them blacklist each other.
The only problem with that is, if they start getting really PO'ed at each other it could turn into an underground war and I could see some of those folks taking out primary routers just to prove a point.
Them we all would be f%&ed.
I do not endorse political or religious opinions debated on the site.
I hear that! Even back in my old bar days it was common knowledge that those two subjects are better left alone. This is not a bar but it's not an open Internet chatroom where anything goes either. This is a primary help forum for a small Linux distro.

User avatar
Pizzasgood
Posts: 6183
Joined: Wed 04 May 2005, 20:28
Location: Knoxville, TN, USA

#123 Post by Pizzasgood »

How? I do not understand how an infection is spread by looking at a web-page. I don't understand how using Puppy would stop something getting onto the Windows partition.
Biggest culprits: Internet Explorer and ActiveX. Most windows users still use Internet Explorer (some think IE actually is the internet...). If you put the right code on a page, you can trick IE into installing things. Other browsers and scripting languages and "plugin things" can also be tricked, but naturally IE is worst. Using a non-IE browser with no ActiveX support on a non-Windows OS makes a good number of the attacks ineffective.

An infection can't spread onto a Windows partition just because that partition exists. It needs to somehow be put there. Since most malicious code won't even run in Linux, most infections can't actively spread on a Linux system, even if they reside in a Windows partition (which is pretty much irrelevant). They can still be passively spread though. For example, I could download an infected file while running Puppy and save it to my drive. It contains malicious code for Windows that fails to run in Puppy, so I I don't even notice it. Later though, I boot up Windows to play a game and happen to click that particular file. Just because that file was passed through Linux doesn't mean it was somehow cleansed. It's still just as malicious, and proceeds to infect my Windows system. Hopefully I didn't also forward the email that had that file to a bunch of other people while I was still in Linux, because my using Linux didn't protect those people either.
I don't understand why people are looking at source code on webpages (what did the page do?).
Looking at the first post in the thread, it seems that somebody was running some sort of virus protection program that noticed something fishy when they visited the manuals page. That sent up red flags, so people started checking the sources of pages to see what was going on.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]

User avatar
prehistoric
Posts: 1744
Joined: Tue 23 Oct 2007, 17:34

search engine rankings

#124 Post by prehistoric »

With all the effort we've seen to manipulate search engine rankings, (as in the thread I referenced above,) we might take a look at how this connects to money. This week El Reg did a special feature on the subject. Interesting, and this is legal.

Now, how are they going to stop abuse without losing money?

User avatar
Aitch
Posts: 6518
Joined: Wed 04 Apr 2007, 15:57
Location: Chatham, Kent, UK

#125 Post by Aitch »

@BarryK

I support a demand for a refund & compensation, if you look for it there's plenty of evidence which indicates it may go further than cluster 39,
e.g.

http://www.web-hosting-top.com/web-host ... et-reviews

and here

http://www.webhostingtalk.com/showthrea ... e+problems
iframe from .cn, loading ie6/7 exploit
nuff said??

Aitch

Post Reply