Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 30 Jul 2014, 23:45
All times are UTC - 4
 Forum index » Taking the Puppy out for a walk » Misc
Virus warning from www.puppylinux.com/manuals.htm
Moderators: Flash, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 4 of 10 [138 Posts]   Goto page: Previous 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 Next
Author Message
wingruntled

Joined: 20 Feb 2007
Posts: 287
Location: Great Lakes

PostPosted: Thu 06 Mar 2008, 19:53    Post subject:  

Sure enough Sad
And I just got done from a complete reinstall of of everything, so this isn't a cache or worm issue.
Not yet anyway :/
Back to top
View user's profile Send private message 
BarryK
Puppy Master


Joined: 09 May 2005
Posts: 7047
Location: Perth, Western Australia

PostPosted: Fri 07 Mar 2008, 05:14    Post subject:  

alienjeff wrote:
Clearly neither Servage nor anyone else is doing anything about this. Confused

See my latest blog post.
If Servage doesn't fix it soon, I'm moving. Unfortunately I paid for a year and have only been there a few months.

I can reupload everything again, which is what I have been doing, but I am leaving it as-is for now so that Servage can see its condition.

I'll wait a bit longer, not much longer, then reupload everything again.

_________________
http://bkhome.org/news/
Back to top
View user's profile Send private message Visit poster's website 
wingruntled

Joined: 20 Feb 2007
Posts: 287
Location: Great Lakes

PostPosted: Fri 07 Mar 2008, 05:20    Post subject:  

Quote:
but I am leaving it as-is for now so that Servage can see its condition.

Not smart!
In the mean time all Windows vistitors inquirering about Puppy gets blasted with a trojan.
Back to top
View user's profile Send private message 
muggins

Joined: 20 Jan 2006
Posts: 6673
Location: lisbon

PostPosted: Fri 07 Mar 2008, 05:48    Post subject:  

Quote:
In the mean time all Windows vistitors inquirering about Puppy gets blasted with a trojan.


It's definitely not good if any puppy sites are hosting any malware. But, if it's true that these things are specifically targetting ActiveX vulnerabilities in IE, how come we haven't seen any response from Microsoft support? I mean, Bill does post regularly to the forum, doesn't he?
Back to top
View user's profile Send private message 
alienjeff


Joined: 08 Jul 2006
Posts: 2291
Location: Winsted, CT - USA

PostPosted: Fri 07 Mar 2008, 13:43    Post subject:  

@Barry
Thanks for the update. To leave the iframe exploit online is as much as supporting the black hats. Instead of passively waiting for the techs at Servage to check the pages live, if and when they ever get around to it, please consider:

1) copying and saving the the HTML from both the index and links pages,
2) upload clean index and links pages, and
3) attach appropriate excerpts of HTML to correspondence with Servage.

I noted that several of your puppylinux(dot)com pages were generated using IBM WebSphere Studio Homepage Builder V6.0.0 for Windows. Assuming you use Windows from time to time, it's conceivable that your own Windows box may be compromised and the reinfection could be taking place quite close to home. Anyone else with admin privies to puppylinux(dot)com should check their systems for infection, too.

It would be sad if at the end of the day it turned out to be a case of either tail or ghost chasing ...

@Community
Going by this thread, two of "our own" have been infected, though there may be more and we haven't heard from them. They may be a tad embarrassed to display soiled laundry.

Regardless of how some of us feel about the monster of Redmond that is Microsoft, it's important to remember that a many of us may very well may have been introduced to Puppy while still using IE.

Also remember the old saw about Linux being inherently safe from virii, trojans and such. Puppy could take a devastating publicity hit should the wrong person innocently visit puppylinux(dot)com and click "links" in the menu bar. When I say devastating, I mean a publicity hit that would make the infamous Mark South Distrowatch Dramarama barely a blip on the radar screen.

Please don't ask me to spell it out any further. Use your own imagination.

Think about it.

_________________
hangout: ##b0rked on irc.freenode.net
diversion: http://alienjeff.net - visit The Fringe
quote: "The foundation of authority is based upon the consent of the people." - Thomas Hooker

Back to top
View user's profile Send private message 
wingruntled

Joined: 20 Feb 2007
Posts: 287
Location: Great Lakes

PostPosted: Fri 07 Mar 2008, 14:22    Post subject:  

Warning for all forum users:
Turn off :display email address: in your user profile. I didn’t realize till yesterday that this phpBB version doesn’t use an internal mail server for sending emails to other users.
Your email address is displayed with as little as a mouse-over. This makes it so easy for anyone to gather ALL emails, from everybody registered on this rather old and buggy version of phpBB.
There is a script out there that can gather all your email addresses in just a minute or two.
Email spam is as bad as that crap in a can. LOL
Back to top
View user's profile Send private message 
prehistoric


Joined: 23 Oct 2007
Posts: 1255

PostPosted: Fri 07 Mar 2008, 15:54    Post subject: email address  

@wingruntled,

I was embarrassed to find that out some time before the changeover, while using a friend's machine to view the forum. Makes me wonder what else we haven't noticed.
Back to top
View user's profile Send private message 
wingruntled

Joined: 20 Feb 2007
Posts: 287
Location: Great Lakes

PostPosted: Fri 07 Mar 2008, 17:02    Post subject:  

@prehistoric
I just can’t help but wonder why somebody got so hacked off at the Puppy community to launch such an intensive cross site attack. These are not some random attacks.
Thanks for having some others look into this problem. Smile
Back to top
View user's profile Send private message 
alienjeff


Joined: 08 Jul 2006
Posts: 2291
Location: Winsted, CT - USA

PostPosted: Fri 07 Mar 2008, 17:09    Post subject:  


_________________
hangout: ##b0rked on irc.freenode.net
diversion: http://alienjeff.net - visit The Fringe
quote: "The foundation of authority is based upon the consent of the people." - Thomas Hooker

Back to top
View user's profile Send private message 
wingruntled

Joined: 20 Feb 2007
Posts: 287
Location: Great Lakes

PostPosted: Fri 07 Mar 2008, 17:18    Post subject:  

If I told you once I told you a thousand times!
Get your hands off that, aj. You know you don’t know nothin’ bout machinery.
ROFLMAO
Back to top
View user's profile Send private message 
prehistoric


Joined: 23 Oct 2007
Posts: 1255

PostPosted: Fri 07 Mar 2008, 17:39    Post subject: I've got the answer!  

After checking Barry's (now static) blog, I just had a brilliant insight.
Quote:
And here is the response from Servage:

Hello Barry

We are sorry to hear about your hacking issue. Kindly remove all the file contents in your account, change all the passwords, reupload all the contents. Make sure that you are not using any insecure script in your account and also try to avoid the 777 file permissions as they make the files world writable and hence vulnerable.

Thank you! Smile

Kind regards,
Scott, Support
Servage Hosting

'Scott' is telling me to do what I have just told him that I have already done!

Quick! Pick up the telephone and warn Servage. Their customer service department is currently staffed with 'bots.

prehistoric
Back to top
View user's profile Send private message 
wingruntled

Joined: 20 Feb 2007
Posts: 287
Location: Great Lakes

PostPosted: Fri 07 Mar 2008, 18:07    Post subject:  

Servage doesn’t have phone support. They are as useless as OO’s on a bull.
Back to top
View user's profile Send private message 
BarryK
Puppy Master


Joined: 09 May 2005
Posts: 7047
Location: Perth, Western Australia

PostPosted: Fri 07 Mar 2008, 19:57    Post subject:  

You need to see their second reply, at puppylinux.com/blog.

Note, I have cleaned up my site, yet again.

_________________
http://bkhome.org/news/
Back to top
View user's profile Send private message Visit poster's website 
BarryK
Puppy Master


Joined: 09 May 2005
Posts: 7047
Location: Perth, Western Australia

PostPosted: Fri 07 Mar 2008, 20:48    Post subject:  

I also changed my passwords again. So, we wait and see if my site gets compromised again....
I dunno, maybe the previous time I changed my password wasn't enough and it was somehow discovered. Well, right now my site seems to be clean and I have brand spanking new passwords, so we shall see.

_________________
http://bkhome.org/news/
Back to top
View user's profile Send private message Visit poster's website 
prehistoric


Joined: 23 Oct 2007
Posts: 1255

PostPosted: Fri 07 Mar 2008, 21:15    Post subject: the Servage 'botnet  

O.K., Barry, my first hypothesis was too conservative. Servage is staffed entirely by 'bots.

This is a pity, If there were any humans available I would send them a link to this article. computerworld article
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 4 of 10 [138 Posts]   Goto page: Previous 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Taking the Puppy out for a walk » Misc
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0819s ][ Queries: 12 (0.0088s) ][ GZIP on ]