Welcome!

Please read this important information about MX sources lists.
News
  • MX Linux on social media: here
  • Mepis support still here
Current releases
  • MX-17 beta 1 release info here
  • MX-16.1 release info here
  • antiX-17 release info here
    New users
    • Please read this first, and don't forget to add system and hardware information to posts!
    • Read Forum Rules

Firefox highjacked!

Here users can ask questions about security and tutorials about security can be posted to help others, too.
Message
Author
User avatar
TenderFoot
Forum Regular
Forum Regular
Posts: 584
Joined: Sun May 03, 2009 2:34 pm

Re: Firefox highjacked!

#21 Postby TenderFoot » Tue Feb 11, 2014 10:15 am

Just burned to CD and ran it. Guess what - same issue!

So I would suggest that it is not an infected card.

Clearly, since none of you guys can replicate the problem, it is in some way local to my environment. But why only Mepis and only then until I can get past it the first btime?

A couple of additional observations -

The Mozilla page includes a yellow rectangle containg a message begins

You are currently using a snapshot taken April 26 2008...


which I assume is generated by the connection to Mozilla site?

Subsequently, one of the persistently bombarding pop-ups is headed


User avatar
uncle mark
Forum Veteran
Forum Veteran
Posts: 4871
Age: 2016
Joined: Sat Nov 11, 2006 10:42 pm

Re: Firefox highjacked!

#22 Postby uncle mark » Tue Feb 11, 2014 10:27 am

Would you be willing to humor me and change DNS servers?
Desktop: Custom build Asus/AMD/nVidia -- MEPIS 11
Laptop: Acer Aspire 5250 -- MX-15
Assorted junk: assorted Linuxes

User avatar
GuiGuy
Forum Guide
Forum Guide
Posts: 1280
Joined: Sun Dec 16, 2007 6:29 pm

Re: Firefox highjacked!

#23 Postby GuiGuy » Tue Feb 11, 2014 11:42 am

Could be his ISP is routing him through an infected proxy server?

User avatar
uncle mark
Forum Veteran
Forum Veteran
Posts: 4871
Age: 2016
Joined: Sat Nov 11, 2006 10:42 pm

Re: Firefox highjacked!

#24 Postby uncle mark » Tue Feb 11, 2014 11:47 am

GuiGuy wrote:Could be his ISP is routing him through an infected proxy server?


That or something of that nature has been my thinking all along.
Desktop: Custom build Asus/AMD/nVidia -- MEPIS 11
Laptop: Acer Aspire 5250 -- MX-15
Assorted junk: assorted Linuxes

User avatar
GuiGuy
Forum Guide
Forum Guide
Posts: 1280
Joined: Sun Dec 16, 2007 6:29 pm

Re: Firefox highjacked!

#25 Postby GuiGuy » Tue Feb 11, 2014 12:03 pm

uncle mark wrote:
GuiGuy wrote:Could be his ISP is routing him through an infected proxy server?


That or something of that nature has been my thinking all along.

Whatever the cause is, IMO this is worth investigating.

TenderFoot: when you come back, please let us know who your ISP is and whether they are routeing you throgh a proxy.

fbt
Forum Regular
Forum Regular
Posts: 767
Joined: Fri Jul 14, 2006 6:09 pm

Re: Firefox highjacked!

#26 Postby fbt » Tue Feb 11, 2014 12:09 pm

When you say it's only Mepis, you mean it's only Mepis 8.5 or are other versions affected? Instead of starting with FF try Konqueror and see what it loads. Can you start FF without being connected to the internet and tell what page it tries to open? What is your home page set to? Is this a laptop? If so take it somewhere else where you can open it using another ISP.

User avatar
uncle mark
Forum Veteran
Forum Veteran
Posts: 4871
Age: 2016
Joined: Sat Nov 11, 2006 10:42 pm

Re: Firefox highjacked!

#27 Postby uncle mark » Tue Feb 11, 2014 12:47 pm

GuiGuy wrote:
uncle mark wrote:
GuiGuy wrote:Could be his ISP is routing him through an infected proxy server?


That or something of that nature has been my thinking all along.

Whatever the cause is, IMO this is worth investigating.

TenderFoot: when you come back, please let us know who your ISP is and whether they are routeing you throgh a proxy.


My guess is the initial startup URL used by the old Fx 3.6 in M8 is unique in some respect, and that there's a bogus DNS referral going on. Using a different DNS server could determine that one way or the other.
Desktop: Custom build Asus/AMD/nVidia -- MEPIS 11
Laptop: Acer Aspire 5250 -- MX-15
Assorted junk: assorted Linuxes

User avatar
GuiGuy
Forum Guide
Forum Guide
Posts: 1280
Joined: Sun Dec 16, 2007 6:29 pm

Re: Firefox highjacked!

#28 Postby GuiGuy » Tue Feb 11, 2014 4:37 pm

uncle mark wrote:.........
My guess is the initial startup URL used by the old Fx 3.6 in M8 is unique in some respect, and that there's a bogus DNS referral going on. Using a different DNS server could determine that one way or the other.

Yes, sounds like a good guess. If anybody has a CD or thumbdrive with the same ISO (8.0.15 64bit I believe) they could try it.

User avatar
lucky9
Forum Veteran
Forum Veteran
Posts: 11380
Joined: Wed Jul 12, 2006 5:54 am

Re: Firefox highjacked!

#29 Postby lucky9 » Tue Feb 11, 2014 4:54 pm

I'm hunting for my disk. I have it somewhere. But a VB installation doesn't have problems with Firefox starting or using the default start page. FF 3.5.6
Yes, even I am dishonest. Not in many ways, but in some. Forty-one, I think it is.
--Mark Twain

User avatar
uncle mark
Forum Veteran
Forum Veteran
Posts: 4871
Age: 2016
Joined: Sat Nov 11, 2006 10:42 pm

Re: Firefox highjacked!

#30 Postby uncle mark » Tue Feb 11, 2014 5:08 pm

GuiGuy wrote:
uncle mark wrote:.........
My guess is the initial startup URL used by the old Fx 3.6 in M8 is unique in some respect, and that there's a bogus DNS referral going on. Using a different DNS server could determine that one way or the other.

Yes, sounds like a good guess. If anybody has a CD or thumbdrive with the same ISO (8.0.15 64bit I believe) they could try it.


A couple people have said they can't duplicate what's described. My guess is based on Occam's Razor as well as what I know about Linux and networking. It's unique to his network, and the chances of a poisoned DNS referral of an old obsolete browser startup URL are much more likely (IMO) than him having anything amiss in his local Linux file system.
Desktop: Custom build Asus/AMD/nVidia -- MEPIS 11
Laptop: Acer Aspire 5250 -- MX-15
Assorted junk: assorted Linuxes


Return to “Security”

Who is online

Users browsing this forum: No registered users and 1 guest