Virus warning from www.puppylinux.com/manuals.htm
- BarryK
- Puppy Master
- Posts: 9392
- Joined: Mon 09 May 2005, 09:23
- Location: Perth, Western Australia
- Contact:
See my latest blog post.alienjeff wrote:Clearly neither Servage nor anyone else is doing anything about this.
If Servage doesn't fix it soon, I'm moving. Unfortunately I paid for a year and have only been there a few months.
I can reupload everything again, which is what I have been doing, but I am leaving it as-is for now so that Servage can see its condition.
I'll wait a bit longer, not much longer, then reupload everything again.
[url]https://bkhome.org/news/[/url]
It's definitely not good if any puppy sites are hosting any malware. But, if it's true that these things are specifically targetting ActiveX vulnerabilities in IE, how come we haven't seen any response from Microsoft support? I mean, Bill does post regularly to the forum, doesn't he?In the mean time all Windows vistitors inquirering about Puppy gets blasted with a trojan.
@Barry
Thanks for the update. To leave the iframe exploit online is as much as supporting the black hats. Instead of passively waiting for the techs at Servage to check the pages live, if and when they ever get around to it, please consider:
1) copying and saving the the HTML from both the index and links pages,
2) upload clean index and links pages, and
3) attach appropriate excerpts of HTML to correspondence with Servage.
I noted that several of your puppylinux(dot)com pages were generated using IBM WebSphere Studio Homepage Builder V6.0.0 for Windows. Assuming you use Windows from time to time, it's conceivable that your own Windows box may be compromised and the reinfection could be taking place quite close to home. Anyone else with admin privies to puppylinux(dot)com should check their systems for infection, too.
It would be sad if at the end of the day it turned out to be a case of either tail or ghost chasing ...
@Community
Going by this thread, two of "our own" have been infected, though there may be more and we haven't heard from them. They may be a tad embarrassed to display soiled laundry.
Regardless of how some of us feel about the monster of Redmond that is Microsoft, it's important to remember that a many of us may very well may have been introduced to Puppy while still using IE.
Also remember the old saw about Linux being inherently safe from virii, trojans and such. Puppy could take a devastating publicity hit should the wrong person innocently visit puppylinux(dot)com and click "links" in the menu bar. When I say devastating, I mean a publicity hit that would make the infamous Mark South Distrowatch Dramarama barely a blip on the radar screen.
Please don't ask me to spell it out any further. Use your own imagination.
Think about it.
Thanks for the update. To leave the iframe exploit online is as much as supporting the black hats. Instead of passively waiting for the techs at Servage to check the pages live, if and when they ever get around to it, please consider:
1) copying and saving the the HTML from both the index and links pages,
2) upload clean index and links pages, and
3) attach appropriate excerpts of HTML to correspondence with Servage.
I noted that several of your puppylinux(dot)com pages were generated using IBM WebSphere Studio Homepage Builder V6.0.0 for Windows. Assuming you use Windows from time to time, it's conceivable that your own Windows box may be compromised and the reinfection could be taking place quite close to home. Anyone else with admin privies to puppylinux(dot)com should check their systems for infection, too.
It would be sad if at the end of the day it turned out to be a case of either tail or ghost chasing ...
@Community
Going by this thread, two of "our own" have been infected, though there may be more and we haven't heard from them. They may be a tad embarrassed to display soiled laundry.
Regardless of how some of us feel about the monster of Redmond that is Microsoft, it's important to remember that a many of us may very well may have been introduced to Puppy while still using IE.
Also remember the old saw about Linux being inherently safe from virii, trojans and such. Puppy could take a devastating publicity hit should the wrong person innocently visit puppylinux(dot)com and click "links" in the menu bar. When I say devastating, I mean a publicity hit that would make the infamous Mark South Distrowatch Dramarama barely a blip on the radar screen.
Please don't ask me to spell it out any further. Use your own imagination.
Think about it.
[size=84][i]hangout:[/i] ##b0rked on irc.freenode.net
[i]diversion:[/i] [url]http://alienjeff.net[/url] - visit The Fringe
[i]quote:[/i] "The foundation of authority is based upon the consent of the people." - Thomas Hooker[/size]
[i]diversion:[/i] [url]http://alienjeff.net[/url] - visit The Fringe
[i]quote:[/i] "The foundation of authority is based upon the consent of the people." - Thomas Hooker[/size]
Warning for all forum users:
Turn off :display email address: in your user profile. I didn’t realize till yesterday that this phpBB version doesn’t use an internal mail server for sending emails to other users.
Your email address is displayed with as little as a mouse-over. This makes it so easy for anyone to gather ALL emails, from everybody registered on this rather old and buggy version of phpBB.
There is a script out there that can gather all your email addresses in just a minute or two.
Email spam is as bad as that crap in a can. LOL
Turn off :display email address: in your user profile. I didn’t realize till yesterday that this phpBB version doesn’t use an internal mail server for sending emails to other users.
Your email address is displayed with as little as a mouse-over. This makes it so easy for anyone to gather ALL emails, from everybody registered on this rather old and buggy version of phpBB.
There is a script out there that can gather all your email addresses in just a minute or two.
Email spam is as bad as that crap in a can. LOL
- prehistoric
- Posts: 1744
- Joined: Tue 23 Oct 2007, 17:34
email address
@wingruntled,
I was embarrassed to find that out some time before the changeover, while using a friend's machine to view the forum. Makes me wonder what else we haven't noticed.
I was embarrassed to find that out some time before the changeover, while using a friend's machine to view the forum. Makes me wonder what else we haven't noticed.
- prehistoric
- Posts: 1744
- Joined: Tue 23 Oct 2007, 17:34
I've got the answer!
After checking Barry's (now static) blog, I just had a brilliant insight.
prehistoric
Quick! Pick up the telephone and warn Servage. Their customer service department is currently staffed with 'bots.And here is the response from Servage:
Hello Barry
We are sorry to hear about your hacking issue. Kindly remove all the file contents in your account, change all the passwords, reupload all the contents. Make sure that you are not using any insecure script in your account and also try to avoid the 777 file permissions as they make the files world writable and hence vulnerable.
Thank you!
Kind regards,
Scott, Support
Servage Hosting
'Scott' is telling me to do what I have just told him that I have already done!
prehistoric
- BarryK
- Puppy Master
- Posts: 9392
- Joined: Mon 09 May 2005, 09:23
- Location: Perth, Western Australia
- Contact:
I also changed my passwords again. So, we wait and see if my site gets compromised again....
I dunno, maybe the previous time I changed my password wasn't enough and it was somehow discovered. Well, right now my site seems to be clean and I have brand spanking new passwords, so we shall see.
I dunno, maybe the previous time I changed my password wasn't enough and it was somehow discovered. Well, right now my site seems to be clean and I have brand spanking new passwords, so we shall see.
[url]https://bkhome.org/news/[/url]
- prehistoric
- Posts: 1744
- Joined: Tue 23 Oct 2007, 17:34
the Servage 'botnet
O.K., Barry, my first hypothesis was too conservative. Servage is staffed entirely by 'bots.
This is a pity, If there were any humans available I would send them a link to this article. computerworld article
This is a pity, If there were any humans available I would send them a link to this article. computerworld article
If the infection were coming from the machines of those creating the site content - can the puppy files themselves (ie the ibiblio downloads) be infected? Would infection be detected by virus scanners?alienjeff wrote:@Barry
Assuming you use Windows from time to time, it's conceivable that your own Windows box may be compromised and the reinfection could be taking place quite close to home. Anyone else with admin privies to puppylinux(dot)com should check their systems for infection, too.
For anyone who wants to help monitor the main pageBarryK wrote: Note, I have cleaned up my site, yet again.
a nice tool to keep an eye on things
name of the plug-in is called firebug
https://addons.mozilla.org/en-US/firefox/addon/1843
dillo shows hidden txt for a quick view
ftp://ibiblio.org/pub/linux/distributio ... eki-mu.pet
A positive note many people will be looking for changes made on the main page
I made a copy of the clean site so I can check if something else gets added
more eyes watching
more whistle blowers
we all use puppy and want it safer
I use the main page frequently and it
is annoying to try to use all the links and avoid a very
important source of information
I am happy that the main page is clean now
big_bass
Last edited by big_bass on Sat 08 Mar 2008, 21:06, edited 1 time in total.
^ Ditto my big_bass brother, aka "what he said."
And thanks for the follow-up work, Barry!
And thanks for the follow-up work, Barry!
[size=84][i]hangout:[/i] ##b0rked on irc.freenode.net
[i]diversion:[/i] [url]http://alienjeff.net[/url] - visit The Fringe
[i]quote:[/i] "The foundation of authority is based upon the consent of the people." - Thomas Hooker[/size]
[i]diversion:[/i] [url]http://alienjeff.net[/url] - visit The Fringe
[i]quote:[/i] "The foundation of authority is based upon the consent of the people." - Thomas Hooker[/size]
One is massively impressed by those who have contributed wisdom to this very serious matter that affects us all. Can one of them please get together with John (or Barry) in order to describe in a separate thread, or preferably another section, all the minute details as to what those of us without an IT background should do with our systems, including 'doze. That might include what files/statements/w.h.y. to search for, which utilities to use and where to obtain them such that they aren't themselves compromised, what to do if/when trojan, worm, whatever malware is found, etc. That is to say, not just the bland advice on virus and malware scanners. In the circumstances, this might be one of the best public services that such competent practitioners can offer.
As for Barry and Servage, it would appear that they might have violated the terms of their contract (or the contract is invalid?). That being the case, Australian Law is every bit as good as that in Europe or the USA and he should have absolutely no difficulty in recouping his unused subscription, possibly damages and certainly costs. If he is less than sure about the way hosting companies operate, there doesn't seem to be any shortage of folks here who could provide a notarised statement as evidence - last time I was in the USA this cost $1 for signature, $5 for the full package, £3 in the UK; money well spent, especially when it counts as costs.
As for Barry and Servage, it would appear that they might have violated the terms of their contract (or the contract is invalid?). That being the case, Australian Law is every bit as good as that in Europe or the USA and he should have absolutely no difficulty in recouping his unused subscription, possibly damages and certainly costs. If he is less than sure about the way hosting companies operate, there doesn't seem to be any shortage of folks here who could provide a notarised statement as evidence - last time I was in the USA this cost $1 for signature, $5 for the full package, £3 in the UK; money well spent, especially when it counts as costs.
Alien Update: Just checked the homepage and all pages accessed through the horizontal menu bar. Clean for now. Will continue to keep an eye on these. -aj
Last edited by alienjeff on Sun 09 Mar 2008, 03:37, edited 2 times in total.
[size=84][i]hangout:[/i] ##b0rked on irc.freenode.net
[i]diversion:[/i] [url]http://alienjeff.net[/url] - visit The Fringe
[i]quote:[/i] "The foundation of authority is based upon the consent of the people." - Thomas Hooker[/size]
[i]diversion:[/i] [url]http://alienjeff.net[/url] - visit The Fringe
[i]quote:[/i] "The foundation of authority is based upon the consent of the people." - Thomas Hooker[/size]