Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Thu 18 Sep 2014, 14:12
All times are UTC - 4
 Forum index » Taking the Puppy out for a walk » Misc
Virus warning from www.puppylinux.com/manuals.htm
Moderators: Flash, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 9 of 10 [138 Posts]   Goto page: Previous 1, 2, 3, ..., 7, 8, 9, 10 Next
Author Message
prehistoric


Joined: 23 Oct 2007
Posts: 1271

PostPosted: Sat 22 Mar 2008, 10:27    Post subject: fighting back  

@wingruntled,

That one seems too easy to counter. How about sending spammers to other spammers? Make them blacklist each other.

Anyone, if you have a favorite place to report spamming, malware, etc. please post in this thread. I've had good luck with CastleCops in the past, but want alternatives. At the moment they are overloaded and I can't even login.

(N.B.: I do not endorse political or religious opinions debated on the site. I do not use the Windows operating systems they concentrate on. I do notice results from things reported to their response teams. Also, the FBI gets an RSS feed from them. At least one attacker is very sorry he picked them as a target.)

Update: We have found a motive! Hijacked PC goldrush
Back to top
View user's profile Send private message 
wingruntled

Joined: 20 Feb 2007
Posts: 287
Location: Great Lakes

PostPosted: Sat 22 Mar 2008, 14:18    Post subject:  

@prehistoric
Quote:
How about sending spammers to other spammers? Make them blacklist each other.

The only problem with that is, if they start getting really PO'ed at each other it could turn into an underground war and I could see some of those folks taking out primary routers just to prove a point.
Them we all would be f%&ed.
Quote:
I do not endorse political or religious opinions debated on the site.

I hear that! Even back in my old bar days it was common knowledge that those two subjects are better left alone. This is not a bar but it's not an open Internet chatroom where anything goes either. This is a primary help forum for a small Linux distro.
Back to top
View user's profile Send private message 
Pizzasgood


Joined: 04 May 2005
Posts: 6270
Location: Knoxville, TN, USA

PostPosted: Sat 22 Mar 2008, 14:38    Post subject:  

Quote:
How? I do not understand how an infection is spread by looking at a web-page. I don't understand how using Puppy would stop something getting onto the Windows partition.
Biggest culprits: Internet Explorer and ActiveX. Most windows users still use Internet Explorer (some think IE actually is the internet...). If you put the right code on a page, you can trick IE into installing things. Other browsers and scripting languages and "plugin things" can also be tricked, but naturally IE is worst. Using a non-IE browser with no ActiveX support on a non-Windows OS makes a good number of the attacks ineffective.

An infection can't spread onto a Windows partition just because that partition exists. It needs to somehow be put there. Since most malicious code won't even run in Linux, most infections can't actively spread on a Linux system, even if they reside in a Windows partition (which is pretty much irrelevant). They can still be passively spread though. For example, I could download an infected file while running Puppy and save it to my drive. It contains malicious code for Windows that fails to run in Puppy, so I I don't even notice it. Later though, I boot up Windows to play a game and happen to click that particular file. Just because that file was passed through Linux doesn't mean it was somehow cleansed. It's still just as malicious, and proceeds to infect my Windows system. Hopefully I didn't also forward the email that had that file to a bunch of other people while I was still in Linux, because my using Linux didn't protect those people either.

Quote:
I don't understand why people are looking at source code on webpages (what did the page do?).
Looking at the first post in the thread, it seems that somebody was running some sort of virus protection program that noticed something fishy when they visited the manuals page. That sent up red flags, so people started checking the sources of pages to see what was going on.
_________________
Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

Back to top
View user's profile Send private message Visit poster's website 
prehistoric


Joined: 23 Oct 2007
Posts: 1271

PostPosted: Sat 22 Mar 2008, 20:10    Post subject: search engine rankings  

With all the effort we've seen to manipulate search engine rankings, (as in the thread I referenced above,) we might take a look at how this connects to money. This week El Reg did a special feature on the subject. Interesting, and this is legal.

Now, how are they going to stop abuse without losing money?
Back to top
View user's profile Send private message 
Aitch


Joined: 04 Apr 2007
Posts: 6825
Location: Chatham, Kent, UK

PostPosted: Tue 25 Mar 2008, 16:51    Post subject:  

@BarryK

I support a demand for a refund & compensation, if you look for it there's plenty of evidence which indicates it may go further than cluster 39,
e.g.

http://www.web-hosting-top.com/web-hosting/web-hosting-top.servage.net-reviews

and here

http://www.webhostingtalk.com/showthread.php?t=588462&highlight=servage+problems

Quote:
iframe from .cn, loading ie6/7 exploit


nuff said??

Aitch
Back to top
View user's profile Send private message 
raffy

Joined: 25 May 2005
Posts: 4765
Location: Manila

PostPosted: Tue 25 Mar 2008, 19:19    Post subject: security  

I have an adjective for servage security: horrific!

Hosts should be able to identify where in their system the vulnerability comes from. Servage can't, and meantime puppylinux.org's pages get cracked almost daily.

_________________
Puppy user since Oct 2004. Want FreeOffice? Get the sfs (English only).
Back to top
View user's profile Send private message 
Sage

Joined: 04 Oct 2005
Posts: 4784
Location: GB

PostPosted: Wed 26 Mar 2008, 13:58    Post subject:  

This:
http://www.lavasoft.com/company/blog/
confirms that folks should put their trust in the FBI, The Met and Finland's best. Robert Bentley will have a great opportunity to attest to their efficiency.
Back to top
View user's profile Send private message 
Aitch


Joined: 04 Apr 2007
Posts: 6825
Location: Chatham, Kent, UK

PostPosted: Wed 26 Mar 2008, 14:24    Post subject:  

It looks as though servage/puppy are linked with a variant of this botnet

http://www.securecomputing.net.au/news/69328,megad-botnet-stronger-than-storm-promotes-male-sexual-pills.aspx

Aitch
Back to top
View user's profile Send private message 
prehistoric


Joined: 23 Oct 2007
Posts: 1271

PostPosted: Wed 26 Mar 2008, 19:32    Post subject: paranoia anyone?  

Now, this is the best material for freestyle paranoia I've seen since the days when my telephone clicked three times every time I picked up the receiver.

CastleCops has experienced the beginning of a DDoS attack. Is it coincidence I suggested reporting web spam like we've been getting to them last Saturday? (Is this what happens when they try to shut down some of those sites referenced in the crap from our site?) Anyone see IP addresses in their list which look familiar?
Back to top
View user's profile Send private message 
Aitch


Joined: 04 Apr 2007
Posts: 6825
Location: Chatham, Kent, UK

PostPosted: Wed 26 Mar 2008, 22:20    Post subject:  

@prehistoric

Castle cops not the only ones

http://www.theregister.co.uk/2008/03/19/dslreports_under_ddos_attack/

Though unfortunately the US Govt. readiness team are focused on Microsoft/Apple/Sun/Realplayer/VMWare vulnerabilities

http://www.us-cert.gov/nav/t01/

Maybe someone should tell them that they could be looking at the symptoms rather than the source?

Still, there's light at the end of the tunnel

Now the spambots are attacking each other

http://asert.arbornetworks.com/2007/07/when-spambots-attack-each-other/

Laughing

Aitch
Back to top
View user's profile Send private message 
Aitch


Joined: 04 Apr 2007
Posts: 6825
Location: Chatham, Kent, UK

PostPosted: Wed 26 Mar 2008, 23:00    Post subject:  

Hey look guys

I'm not the FBI, but hey, this crap's real easy to find

http://www.milw0rm.com/

http://www.metasploit.com/

http://hi.baidu.com/mytips/blog/item/7ea7caf9eea8be5d242df24b.html

http://wifi.airdump.net/

http://heapoverflow.com/f0rums/public/4753-phpbb-module-xs-mod-2-3-1-local-file-inclusion-vulnerability.html

took me all of 15 minutes!!!

No use to me though

Aitch
Back to top
View user's profile Send private message 
yellowdog


Joined: 25 Mar 2008
Posts: 9

PostPosted: Thu 27 Mar 2008, 01:03    Post subject: trojans etc...
Subject description: just my 2 cents
 

When you can get onto the Castlecops forums, lookup the old BlueFrog stuff. When BlueFrog tried to shut down the spammers they got nailed so hard they had to shut down instead. Spamcops and castlecops get hit all the time with all sorts of attacks, you may want to post there and get some of their savvy security masters input on how to build a stronger website. They seem to specialize in security and anti-spam.
My last severe infection was while using f-prot several years ago. That was when I found castlecops and then figured out how to find/repair what was wrong via their website. 3 computer repair places here couldn't find the issue, said my computer had no problems. I found 3 rootkits and hundreds of trojans/worms/viruses and this was back when nobody even had heard of rootkits. The f-prot scanner didn't see any of them, but neither did several other av scanners. f-prot changed their name since then but I still don't use them anymore. I foolishly thought that computer repair shops would have the latest scanning/repair tools, ha! they're mostly just people like us with a bit more practice and a room full of parts, doesn't make them extra-smart or magical.

The best way to keep bad stuff out is too scan before it can get to your computer. Jump-line does this for their web-hosting and Postini I think does this as a service for isp's and possibly for certain types of websites.
Back to top
View user's profile Send private message 
yellowdog


Joined: 25 Mar 2008
Posts: 9

PostPosted: Thu 27 Mar 2008, 01:10    Post subject: trojans etc...
Subject description: just my 2 cents
 

When you can get onto the Castlecops forums, lookup the old BlueFrog stuff. When BlueFrog tried to shut down the spammers they got nailed so hard they had to shut down instead. Spamcops and castlecops get hit all the time with all sorts of attacks, you may want to post there and get some of their savvy security masters input on how to build a stronger website. They seem to specialize in security and anti-spam.
My last severe infection was while using f-prot several years ago. That was when I found castlecops and then figured out how to find/repair what was wrong via their website. 3 computer repair places here couldn't find the issue, said my computer had no problems. I found 3 rootkits and hundreds of trojans/worms/viruses and this was back when nobody even had heard of rootkits. The f-prot scanner didn't see any of them, but neither did several other av scanners. f-prot changed their name since then but I still don't use them anymore. I foolishly thought that computer repair shops would have the latest scanning/repair tools, ha! they're mostly just people like us with a bit more practice and a room full of parts, doesn't make them extra-smart or magical.

The best way to keep bad stuff out is too scan before it can get to your computer. Jump-line does this for their web-hosting and Postini I think does this as a service for isp's and possibly for certain types of websites. There are also several types of gateways that can be built and installed inexpensively for personal use. Check out Untangle.
Back to top
View user's profile Send private message 
Aitch


Joined: 04 Apr 2007
Posts: 6825
Location: Chatham, Kent, UK

PostPosted: Thu 27 Mar 2008, 02:11    Post subject:  

Ha, Yellowdog

You must have a double! Laughing







Quote:
3 computer repair places here couldn't find the issue


Where's here?

Aitch
cheers.gif
 Description   
 Filesize   4.75 KB
 Viewed   712 Time(s)

cheers.gif

Back to top
View user's profile Send private message 
yellowdog


Joined: 25 Mar 2008
Posts: 9

PostPosted: Thu 27 Mar 2008, 02:48    Post subject: virus's
Subject description: Where's here
 

Southwest coast, Oregon. (the loggers on the history channel, that really is what it looks like around here) I knew something wasn't right because the modem indicators were busier than normal and system seemed slower. I couldn't find the problem, just had a hunch. I took it to one shop, he scanned it, couldn't find anything wrong. I bought a couple av programs there including norton, tried them, nothing found. Took it to another place, they ran their scans and reported nothing found and then I took it to a third place different town, still nothing. By this time I was thinking maybe I'm just imagining there's something wrong. Brought it home, modem seemed to be even busier. Discovered castlecops, read about rootkits on their site, downloaded the necessary tools (hjt and a boot version of housecall) and then discovered over 400 infections, happily hiding from the f-prot and other av scanners, rootkits included. This machine had never been online without an av scanner with latest updates. f-prot had been the av of choice for about three years till then. While all of this had been going on, I made a mirror of the drive for backup. After finding all the problems I then started looking for an av scanner that would find them, now that I knew what the problem was. At the time the only scanner I found that seemed to actually work was pccillin, it was the one I hadn't tried yet and it too was recommended by the castlecops! It's been about 3 years or more, haven't had any known infections since. I'm also using routers and untangle as I don't want to have to go through the above again.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 9 of 10 [138 Posts]   Goto page: Previous 1, 2, 3, ..., 7, 8, 9, 10 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Taking the Puppy out for a walk » Misc
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1055s ][ Queries: 12 (0.0134s) ][ GZIP on ]