Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 01 Aug 2014, 19:11
All times are UTC - 4
 Forum index » Taking the Puppy out for a walk » Misc
Virus warning from www.puppylinux.com/manuals.htm
Moderators: Flash, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 5 of 10 [138 Posts]   Goto page: Previous 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 Next
Author Message
oblivious

Joined: 14 Apr 2007
Posts: 304
Location: Western Australia

PostPosted: Fri 07 Mar 2008, 21:21    Post subject:  

alienjeff wrote:
@Barry
Assuming you use Windows from time to time, it's conceivable that your own Windows box may be compromised and the reinfection could be taking place quite close to home. Anyone else with admin privies to puppylinux(dot)com should check their systems for infection, too.

If the infection were coming from the machines of those creating the site content - can the puppy files themselves (ie the ibiblio downloads) be infected? Would infection be detected by virus scanners?
Back to top
View user's profile Send private message 
big_bass

Joined: 13 Aug 2007
Posts: 1747

PostPosted: Fri 07 Mar 2008, 23:11    Post subject:  

BarryK wrote:

Note, I have cleaned up my site, yet again.


For anyone who wants to help monitor the main page
a nice tool to keep an eye on things
name of the plug-in is called firebug
https://addons.mozilla.org/en-US/firefox/addon/1843

dillo shows hidden txt for a quick view
ftp://ibiblio.org/pub/linux/distributions/puppylinux/pet_packages-3/dillo-0.8.6teki-mu.pet

A positive note many people will be looking for changes made on the main page
I made a copy of the clean site so I can check if something else gets added

more eyes watching
more whistle blowers
we all use puppy and want it safer

I use the main page frequently and it
is annoying to try to use all the links and avoid a very
important source of information

I am happy that the main page is clean now

big_bass

Last edited by big_bass on Sat 08 Mar 2008, 17:06; edited 1 time in total
Back to top
View user's profile Send private message 
alienjeff


Joined: 08 Jul 2006
Posts: 2291
Location: Winsted, CT - USA

PostPosted: Fri 07 Mar 2008, 23:28    Post subject:  

^ Ditto my big_bass brother, aka "what he said." Wink

And thanks for the follow-up work, Barry!

_________________
hangout: ##b0rked on irc.freenode.net
diversion: http://alienjeff.net - visit The Fringe
quote: "The foundation of authority is based upon the consent of the people." - Thomas Hooker

Back to top
View user's profile Send private message 
Sage

Joined: 04 Oct 2005
Posts: 4777
Location: GB

PostPosted: Sat 08 Mar 2008, 05:35    Post subject:  

One is massively impressed by those who have contributed wisdom to this very serious matter that affects us all. Can one of them please get together with John (or Barry) in order to describe in a separate thread, or preferably another section, all the minute details as to what those of us without an IT background should do with our systems, including 'doze. That might include what files/statements/w.h.y. to search for, which utilities to use and where to obtain them such that they aren't themselves compromised, what to do if/when trojan, worm, whatever malware is found, etc. That is to say, not just the bland advice on virus and malware scanners. In the circumstances, this might be one of the best public services that such competent practitioners can offer.

As for Barry and Servage, it would appear that they might have violated the terms of their contract (or the contract is invalid?). That being the case, Australian Law is every bit as good as that in Europe or the USA and he should have absolutely no difficulty in recouping his unused subscription, possibly damages and certainly costs. If he is less than sure about the way hosting companies operate, there doesn't seem to be any shortage of folks here who could provide a notarised statement as evidence - last time I was in the USA this cost $1 for signature, $5 for the full package, £3 in the UK; money well spent, especially when it counts as costs.
Back to top
View user's profile Send private message 
alienjeff


Joined: 08 Jul 2006
Posts: 2291
Location: Winsted, CT - USA

PostPosted: Sat 08 Mar 2008, 15:19    Post subject:  

Alien Update: Just checked the homepage and all pages accessed through the horizontal menu bar. Clean for now. Will continue to keep an eye on these. -aj
_________________
hangout: ##b0rked on irc.freenode.net
diversion: http://alienjeff.net - visit The Fringe
quote: "The foundation of authority is based upon the consent of the people." - Thomas Hooker


Last edited by alienjeff on Sat 08 Mar 2008, 23:37; edited 2 times in total
Back to top
View user's profile Send private message 
prehistoric


Joined: 23 Oct 2007
Posts: 1255

PostPosted: Sat 08 Mar 2008, 16:37    Post subject: advice on protection  

@Sage,
Quote:
One is massively impressed by those who have contributed wisdom to this very serious matter that affects us all. Can one of them please get together with John (or Barry) in order to describe in a separate thread, or preferably another section, all the minute details as to what those of us without an IT background should do with our systems, including 'doze.

Since the impressive people are silent at the moment, I'll take a shot at this. That's a very reasonable thing to ask. However, if the server is in the hands of the opposition, there isn't a whole lot that is safe to do. I don't have a great deal of specific experience with Windoze malware, yet, even so, I can tell you that a single banner ad on a legitimate Italian newspaper site clobbered a friend's system, even though he had up-to-date protection and didn't click on the banner. That's only one of the exploits the Trojan at the end of the redirects was designed to try. Best advice: don't go into dark territory running Windoze and, definitely not running IE, and do use a Firewall. If you detect unreasonable activity, kill the browser immediately, and maybe even hit the power switch. Booting Puppy from a CD with "pfix=ram" makes this option pretty safe.

Recent updates for Firefox and Opera have fixes for some kinds of cross-site scripting. There are also extensions, like noscript for Firefox, that give you more control over the scripts your browser runs. Even so, I don't recommend using a browser to explore an infected site, unless you want to see what the infection does on a test machine. Some of this malware is of professional caliber, and it is really asking too much of ordinary users to have them deal with it.

First, we need to make sure the server is clean and it's vulnerabilities fixed. Second, we need to track down the malefactors. Some of the lack of detailed specifics here is because of this effort. When this episode is wrapped up we should have a much better idea of what to tell people. I can't promise full disclosure, of things I don't know, but I can promise to be part of the chorus requiring explanations.

Now back to alien and his regular sedition. Over to you, Jeff.

prehistoric
Back to top
View user's profile Send private message 
wingruntled

Joined: 20 Feb 2007
Posts: 287
Location: Great Lakes

PostPosted: Sat 08 Mar 2008, 21:08    Post subject:  

Prehistoric
Well the names not Jeff but,Your advice was right on target. The Firefox & Seamonkey plugin, NoScript, adds a very high level of protection for surfing the net. There is no need to allow scripts in Most! Web pages, including this forum & puppylinux.com. In conjunction with NoScript, AdBlock Plus stops most un-needed advertising garbage from even coming through and then NoScript helps to stop the rest of the garbage. These two are a must in Windows & Linux.
A good firewall is also a must. Don’t rely on your broadband modem/router alone. I prefer a firewall that I can monitor traffic on the fly and block any connection instantly if I find a need. Unfortunately the only Linux firewall that I have found (Firestarter) that has real-time monitoring is not available for Puppy.
Now my advice for Windows users only. If you have a whole slew of programs loading on startup.
Get rid of them! Windows programs have a very bad habit of opening network ports for one reason or the other and leaving great big wholes for the flies to enter. In example: Instant Messengers, Any program that auto updates (Norton for one), Windows itself, Any program that checks for a songs title name & author, ANY P2P software,etc, etc, etc. A very good way to check and see if your system is a wide-open window is to go to Gibson Research and have your system scanned with their Shields Up port scan. If you are anything but “stealth” on the net you are open for intrusions.
Click on Shields Up:
http://www.grc.com/intro.htm
This is for all OS users including but not limited to windows(all), Linux(all), UNIX, Mac….
The use of a well configured “hosts” file can cut down on a lot of known sites that infect systems with malware, trojans, spyware, backdoors!!!! Etc, etc, etc. A hosts file is part of your OS. In Puppy it is located in /ETC and has a lower case file name, unlike in windows which is upper case. (very important). A hosts file loads into memory upon boot. It takes no user intervention for it to load. If it exists, the OS Windows,Linux,etc will load it and it becomes part of the OS. Although Puppy has a hosts file it is not configured for blocking much of anything. Windows by default has a barebones HOSTS file also so this is not a Puppy shortcoming. There is one thing that must be understood here. A hosts file loads into ram and stays there, so if you have a low memory machine having a large hosts file can greatly slow your system down and any Internet travels. I prefer to have a very well configured hosts file regardless. Mine is upwards of 690+ Kb. Ouch!! LOL
A good place to get a current basic hosts file that will block most known malicious sites and can be plugged directly into puppy with only one change and that is. Change the first DNS line from:
127.0.0.1 localhost to 127.0.0.1 localhost puppypc
Then save it with read-only permissions.
For more info and location of this hosts file is @:
http://www.mvps.org/winhelp2002/hosts.htm

Sorry about being so long winded, but you asked for it sage.!
Back to top
View user's profile Send private message 
BarryK
Puppy Master


Joined: 09 May 2005
Posts: 7047
Location: Perth, Western Australia

PostPosted: Sat 08 Mar 2008, 21:23    Post subject:  

For the record, to avoid unnecessary speculation, I haven't used Windows for a couple of years. I have only fired up Windows when I wanted to compare some hardware compatibility or something.

My web pages that have "IBM Websphere Homepage Builder" in the source were created about 3 years ago. If I ever need to update those old pages, I use SeaMonkey Composer.

I'm pretty sure my Linux boxes are clean, and I'm not uploading any files with viruses (etc) already in them!

_________________
http://bkhome.org/news/
Back to top
View user's profile Send private message Visit poster's website 
alienjeff


Joined: 08 Jul 2006
Posts: 2291
Location: Winsted, CT - USA

PostPosted: Sat 08 Mar 2008, 22:09    Post subject:  

BarryK wrote:
I'm pretty sure my Linux boxes are clean ...

Making f-prot your ally and cron your servant can change the "pretty" to "99%" ... Wink

_________________
hangout: ##b0rked on irc.freenode.net
diversion: http://alienjeff.net - visit The Fringe
quote: "The foundation of authority is based upon the consent of the people." - Thomas Hooker


Last edited by alienjeff on Sat 08 Mar 2008, 23:38; edited 1 time in total
Back to top
View user's profile Send private message 
Th3_uN1Qu3

Joined: 27 May 2007
Posts: 142
Location: Bucharest, Romania

PostPosted: Sat 08 Mar 2008, 23:09    Post subject:  

Adding to what wingruntled said about securing windoze:

Use Opera as your browser.

I have yet to see an exploit that works in Opera. Even those sites which get you full of trojans, like those IM (yahoo, msn etc) viruses which send spam links to everyone in your messenger list, just won't work in Opera. I tried navigating on one of those sites on my main computer with Opera after cleaning a friend's machine of that virus (and damn, it was pretty nasty!), and the script on the server gave an error. Very Happy Also, Opera has content blocking too, and there is an ini file available for download which blocks over 95% of the ad servers.

Keep your antivirus updated (and for God's sake, DON'T USE NORTON), also have some antispyware software installed. I found the best to be Ad-Aware SE Personal 1.06r1, the old version. It's nice and fast, just that now you have to update the definitions file manually coz official support has been discontinued. But you can find the updated defs on any major software download site.

If you got infected, then HijackThis is the best and quickest way to get rid of it. My friend had that IM virus, and it was that bad that it closed the task manager and registry editor if you tried to open them, even in safe mode. But i could disable it from running at startup by using HJT, and then removing it was easy. If you don't know how to use HJT, you can find help on many forums. Or PM me your log and i'll handle it for you.

That'd be about it for those of you still running doze, this is a Linux forum anyway. Razz

_________________
Toshi Portege 4010 | PIII Tualatin 933MHz | 512MB RAM | Cyberblade 16MB | 30GB | WiFi, IrDA | ~5 hrs runtime | WinMe Sad |


Back to top
View user's profile Send private message 
Sage

Joined: 04 Oct 2005
Posts: 4777
Location: GB

PostPosted: Sun 09 Mar 2008, 03:02    Post subject:  

That's some very helpful advice; thanks a bundle. As most will know, I've been an advocate of Opera for a long while, not just because it's small, fast and competent. Indeed, Opera in BSD is probably as safe as it gets simply because the cross-product of effort required with number of punters makes such a minority player very unattractive to the criminal fraternity.

At one time, the CIA/FBI asked for all instances of cybercrime to be reported to them. I had very useful feedback on one occasion from them. Highly improbable that GCHQ/Carnivore/Echelon has not been monitoring this thread, but it might be worth (a US citizen?) making a formal complaint. Those fellas outperform any other government department I've encountered anywhere in the world. There's a website somewhere for reporting incidents.

[http://www.lavasoft.com/support/securitycenter/blog/ provides defs.ref update files for manually updating Ad-aware v.1.06r1. Look on the far t.r.h.s ; scrolling may be necessary.]
'doze users could also avail themselves of the most excellent (Aussie) 98lite and have done with IE forever.

Last edited by Sage on Sun 09 Mar 2008, 06:10; edited 1 time in total
Back to top
View user's profile Send private message 
oblivious

Joined: 14 Apr 2007
Posts: 304
Location: Western Australia

PostPosted: Sun 09 Mar 2008, 05:28    Post subject:  

Sage wrote:
I've been an advocate of Opera for a long while

I didn't know that. I like Opera but I've only recently discovered it and have used Firefox mostly. The thing is, I got no virus warning, no nothing, using Firefox (which is why I asked about it affecting only IE). (I'm sure I visited the site several times in the days leading up to this thread being posted, and I downloaded things.) The whole virus thing just creeps me out Crying or Very sad
Back to top
View user's profile Send private message 
Th3_uN1Qu3

Joined: 27 May 2007
Posts: 142
Location: Bucharest, Romania

PostPosted: Sun 09 Mar 2008, 09:13    Post subject:  

oblivious wrote:
Sage wrote:
I've been an advocate of Opera for a long while

I didn't know that. I like Opera but I've only recently discovered it and have used Firefox mostly. The thing is, I got no virus warning, no nothing, using Firefox (which is why I asked about it affecting only IE). (I'm sure I visited the site several times in the days leading up to this thread being posted, and I downloaded things.) The whole virus thing just creeps me out Crying or Very sad


It only affects IE as far as i know.

I used Firefox in the past too, but about 3 years ago my cousin told me about Opera, and i've been using it ever since. It's faster than Firefox and doesn't need any plugins for ad blocking and stuff, it just works out of the box. I've seen that there are many widgets available for Opera - i have yet to need to use one.

Btw, Opera Mini is the best thing that ever happened to my cellphone. Very Happy

_________________
Toshi Portege 4010 | PIII Tualatin 933MHz | 512MB RAM | Cyberblade 16MB | 30GB | WiFi, IrDA | ~5 hrs runtime | WinMe Sad |


Back to top
View user's profile Send private message 
prehistoric


Joined: 23 Oct 2007
Posts: 1255

PostPosted: Sun 09 Mar 2008, 10:17    Post subject: The Feds  

@Sage,

Here's an example of FBI work. botnet barons
The CastleCops site mentioned is also a good place for users of personal computers to get advice and help in dealing with spam and malware. They have forums devoted to specific security applications, such as, Hijack This and Zone Alarm. There are also places to upload examples of spam and malware. As you can see, the Feds do pay attention to them.

The U.S. has no monopoly on reliable law enforcement. Here's an example of the RCMP getting their man. Canadian hacking ring
(Brings back childhood memories of "Sgt. Preston". And, just why was "King" a "wonder dog", anyway?)

prehistoric
Back to top
View user's profile Send private message 
jrb


Joined: 11 Dec 2007
Posts: 1030
Location: Smithers, BC, Canada

PostPosted: Sun 09 Mar 2008, 12:07    Post subject:  

The following is a Windows intrustion, Pure Puppians please ignore:

In all the years I used Windows, and I still use it to run my scanner, I found the best safeguard to be Norton Ghost, now Acronis True Image. Partition your harddrive and store all your personal files on a seperate partition, you can reset My Documents to this new partition. If you're sure your C: drive is clean build an image. If you add new software build a new image. I always keep the 1st and the last. If you have ANY kind of software trouble copy the image back to the C: drive, update your antivirus and spyware files immediately, scan your personal files, and your good to go. As well this eliminates the need for System Restore. You can turn it off and delete the Restore files. This has gotten rid of virus infections for me on several occasions. Once, even before I realized I had one, and before McAfee came out with the data file.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 5 of 10 [138 Posts]   Goto page: Previous 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Taking the Puppy out for a walk » Misc
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1099s ][ Queries: 12 (0.0055s) ][ GZIP on ]