Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 24 Oct 2014, 14:24
All times are UTC - 4
 Forum index » Taking the Puppy out for a walk » Misc
Virus warning from www.puppylinux.com/manuals.htm
Moderators: Flash, JohnMurga
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 4 of 10 Posts_count   Goto page: Previous 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 Next
Author Message
wingruntled

Joined: 20 Feb 2007
Posts: 287
Location: Great Lakes

PostPosted: Thu 06 Mar 2008, 19:53    Post_subject:  

Sure enough Sad
And I just got done from a complete reinstall of of everything, so this isn't a cache or worm issue.
Not yet anyway :/
Back to top
View user's profile Send_private_message 
BarryK
Puppy Master


Joined: 09 May 2005
Posts: 7047
Location: Perth, Western Australia

PostPosted: Fri 07 Mar 2008, 05:14    Post_subject:  

alienjeff wrote:
Clearly neither Servage nor anyone else is doing anything about this. Confused

See my latest blog post.
If Servage doesn't fix it soon, I'm moving. Unfortunately I paid for a year and have only been there a few months.

I can reupload everything again, which is what I have been doing, but I am leaving it as-is for now so that Servage can see its condition.

I'll wait a bit longer, not much longer, then reupload everything again.

_________________
http://bkhome.org/news/
Back to top
View user's profile Send_private_message Visit_website 
wingruntled

Joined: 20 Feb 2007
Posts: 287
Location: Great Lakes

PostPosted: Fri 07 Mar 2008, 05:20    Post_subject:  

Quote:
but I am leaving it as-is for now so that Servage can see its condition.

Not smart!
In the mean time all Windows vistitors inquirering about Puppy gets blasted with a trojan.
Back to top
View user's profile Send_private_message 
muggins

Joined: 20 Jan 2006
Posts: 6688
Location: lisbon

PostPosted: Fri 07 Mar 2008, 05:48    Post_subject:  

Quote:
In the mean time all Windows vistitors inquirering about Puppy gets blasted with a trojan.


It's definitely not good if any puppy sites are hosting any malware. But, if it's true that these things are specifically targetting ActiveX vulnerabilities in IE, how come we haven't seen any response from Microsoft support? I mean, Bill does post regularly to the forum, doesn't he?
Back to top
View user's profile Send_private_message 
alienjeff


Joined: 08 Jul 2006
Posts: 2291
Location: Winsted, CT - USA

PostPosted: Fri 07 Mar 2008, 13:43    Post_subject:  

@Barry
Thanks for the update. To leave the iframe exploit online is as much as supporting the black hats. Instead of passively waiting for the techs at Servage to check the pages live, if and when they ever get around to it, please consider:

1) copying and saving the the HTML from both the index and links pages,
2) upload clean index and links pages, and
3) attach appropriate excerpts of HTML to correspondence with Servage.

I noted that several of your puppylinux(dot)com pages were generated using IBM WebSphere Studio Homepage Builder V6.0.0 for Windows. Assuming you use Windows from time to time, it's conceivable that your own Windows box may be compromised and the reinfection could be taking place quite close to home. Anyone else with admin privies to puppylinux(dot)com should check their systems for infection, too.

It would be sad if at the end of the day it turned out to be a case of either tail or ghost chasing ...

@Community
Going by this thread, two of "our own" have been infected, though there may be more and we haven't heard from them. They may be a tad embarrassed to display soiled laundry.

Regardless of how some of us feel about the monster of Redmond that is Microsoft, it's important to remember that a many of us may very well may have been introduced to Puppy while still using IE.

Also remember the old saw about Linux being inherently safe from virii, trojans and such. Puppy could take a devastating publicity hit should the wrong person innocently visit puppylinux(dot)com and click "links" in the menu bar. When I say devastating, I mean a publicity hit that would make the infamous Mark South Distrowatch Dramarama barely a blip on the radar screen.

Please don't ask me to spell it out any further. Use your own imagination.

Think about it.

_________________
hangout: ##b0rked on irc.freenode.net
diversion: http://alienjeff.net - visit The Fringe
quote: "The foundation of authority is based upon the consent of the people." - Thomas Hooker

Back to top
View user's profile Send_private_message 
wingruntled

Joined: 20 Feb 2007
Posts: 287
Location: Great Lakes

PostPosted: Fri 07 Mar 2008, 14:22    Post_subject:  

Warning for all forum users:
Turn off :display email address: in your user profile. I didn’t realize till yesterday that this phpBB version doesn’t use an internal mail server for sending emails to other users.
Your email address is displayed with as little as a mouse-over. This makes it so easy for anyone to gather ALL emails, from everybody registered on this rather old and buggy version of phpBB.
There is a script out there that can gather all your email addresses in just a minute or two.
Email spam is as bad as that crap in a can. LOL
Back to top
View user's profile Send_private_message 
prehistoric


Joined: 23 Oct 2007
Posts: 1301

PostPosted: Fri 07 Mar 2008, 15:54    Post_subject: email address  

@wingruntled,

I was embarrassed to find that out some time before the changeover, while using a friend's machine to view the forum. Makes me wonder what else we haven't noticed.
Back to top
View user's profile Send_private_message 
wingruntled

Joined: 20 Feb 2007
Posts: 287
Location: Great Lakes

PostPosted: Fri 07 Mar 2008, 17:02    Post_subject:  

@prehistoric
I just can’t help but wonder why somebody got so hacked off at the Puppy community to launch such an intensive cross site attack. These are not some random attacks.
Thanks for having some others look into this problem. Smile
Back to top
View user's profile Send_private_message 
alienjeff


Joined: 08 Jul 2006
Posts: 2291
Location: Winsted, CT - USA

PostPosted: Fri 07 Mar 2008, 17:09    Post_subject:  


_________________
hangout: ##b0rked on irc.freenode.net
diversion: http://alienjeff.net - visit The Fringe
quote: "The foundation of authority is based upon the consent of the people." - Thomas Hooker

Back to top
View user's profile Send_private_message 
wingruntled

Joined: 20 Feb 2007
Posts: 287
Location: Great Lakes

PostPosted: Fri 07 Mar 2008, 17:18    Post_subject:  

If I told you once I told you a thousand times!
Get your hands off that, aj. You know you don’t know nothin’ bout machinery.
ROFLMAO
Back to top
View user's profile Send_private_message 
prehistoric


Joined: 23 Oct 2007
Posts: 1301

PostPosted: Fri 07 Mar 2008, 17:39    Post_subject: I've got the answer!  

After checking Barry's (now static) blog, I just had a brilliant insight.
Quote:
And here is the response from Servage:

Hello Barry

We are sorry to hear about your hacking issue. Kindly remove all the file contents in your account, change all the passwords, reupload all the contents. Make sure that you are not using any insecure script in your account and also try to avoid the 777 file permissions as they make the files world writable and hence vulnerable.

Thank you! Smile

Kind regards,
Scott, Support
Servage Hosting

'Scott' is telling me to do what I have just told him that I have already done!

Quick! Pick up the telephone and warn Servage. Their customer service department is currently staffed with 'bots.

prehistoric
Back to top
View user's profile Send_private_message 
wingruntled

Joined: 20 Feb 2007
Posts: 287
Location: Great Lakes

PostPosted: Fri 07 Mar 2008, 18:07    Post_subject:  

Servage doesn’t have phone support. They are as useless as OO’s on a bull.
Back to top
View user's profile Send_private_message 
BarryK
Puppy Master


Joined: 09 May 2005
Posts: 7047
Location: Perth, Western Australia

PostPosted: Fri 07 Mar 2008, 19:57    Post_subject:  

You need to see their second reply, at puppylinux.com/blog.

Note, I have cleaned up my site, yet again.

_________________
http://bkhome.org/news/
Back to top
View user's profile Send_private_message Visit_website 
BarryK
Puppy Master


Joined: 09 May 2005
Posts: 7047
Location: Perth, Western Australia

PostPosted: Fri 07 Mar 2008, 20:48    Post_subject:  

I also changed my passwords again. So, we wait and see if my site gets compromised again....
I dunno, maybe the previous time I changed my password wasn't enough and it was somehow discovered. Well, right now my site seems to be clean and I have brand spanking new passwords, so we shall see.

_________________
http://bkhome.org/news/
Back to top
View user's profile Send_private_message Visit_website 
prehistoric


Joined: 23 Oct 2007
Posts: 1301

PostPosted: Fri 07 Mar 2008, 21:15    Post_subject: the Servage 'botnet  

O.K., Barry, my first hypothesis was too conservative. Servage is staffed entirely by 'bots.

This is a pity, If there were any humans available I would send them a link to this article. computerworld article
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 4 of 10 Posts_count   Goto page: Previous 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 Next
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Taking the Puppy out for a walk » Misc
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0916s ][ Queries: 12 (0.0119s) ][ GZIP on ]