Puppy Linux Discussion Forum

Bruce B · Posted: Mon 20 Jun 2011, 14:22 Post subject:

When I start Firefox from the CLI I get this error frequently. The site blocked in hosts.

The point is why is Firefox trying to make a secure connection to a text file?

Let alone any connection at all on startup.

FAIL download from https://s3.amazonaws.com/fvd-suite/ad_signs.txt
FAIL DOWNLOAD FROM https://s3.amazonaws.com/fvd-suite/sites.txt

I'll keep this updated as I learn more.

UPDATE

This is the content of one file it is trying get from the secure connection:

speed.pointroll.com
ad-g.doubleclick.net
naked.com
exoclick.com
pointroll.com
edgesuite.net
mtvnservices.com
gfrevenge.com
71i.de
contentabc.com
telemetryverification.net
nbcuni.com
2mdn.net
filesonic.com
pop6.com
daredorm.com
adrocketmedia.com
moviebox.com
amateurmatch.com

UPDATE

If I block s3.amazonaws.com I get the error message

If I don't - no error message.

127.0.0.1 s3.amazonaws.com

SOLVED

A Firefox extension is getting the (2) files.

I discovered the site was being contacted earlier by reviewing the log files, but didn't know why it was being contacted, so I blocked it, that's why the error message later.

~

Makoto · Posted: Mon 20 Jun 2011, 15:19 Post subject:

Create a new user (profile) in Firefox (you can delete the additional user later, if you want). Don't add any extensions. Do the problems persist?

Which version of Firefox are you using? I've heard that's what one or more of the new security/anti-phishing options in Firefox 3 and up does - connect to a remote (non-Mozilla) server to download a list of sites to act upon. You might try turning off the anti-phishing/secure browsing/secure site/whatever options (sorry, I'm not at one of my systems with FF3.6 or 4.01 installed, so I don't remember offhand what all of the options you might want to disable are Embarassed

) and see if the behavior continues.

Bruce B · Posted: Mon 20 Jun 2011, 15:54 Post subject:

Makoto,

I'll leave the troubleshooting notes up. At first something didn't appear right. Then after running it down, I found it was OK.

Using Hiawatha I made a duplicate directory and put the files in it. Now Hiawatha will serve the files and give an error code of 200, which means success.

The idea here is pay attention.

For example, how many people pull the urls out of the proprietary flash plugin and block them?

How many people are told not to click on hyperlinks in the flash media?

How many people shut down suspicious pages and popup with Ctrl+F4 or Ctrl+W rather than click the mouse?

There is a lot the user can do to keep his browsing clean.

Bruce

~

Makoto · Posted: Mon 20 Jun 2011, 16:07 Post subject:

Some of those 'fake antivirus' popups/windows that installed malware on Windows were also designed to trap close attempts (the X button, Alt-F4, etc.) and install the malware anyway. The malware may not have as much of an impact for a Linux system, but it's still a good idea to know that they can, in fact, trap keystrokes like that, if they really want.
Under Puppy, if I get a suspicious window, it's easier just to choose to 'kill' the window, just to be safe. Smile

(IMHO, of course.)

nooby · Joined: 29 Jun 2008 Posts: 9385 Location: SwedenEurope

Bruce wrote

Makoto · Posted: Tue 21 Jun 2011, 04:40 Post subject:

I was mainly just saying that in my opinion, it's safer (no matter which OS I'm using) to kill a browser window with a suspicious page from the outside, rather than try to quit it using keypresses from "within" the browser window.

Originally, when the 'fake antivirus' popups began to appear, they frustrated a lot of people - until someone realized you could just click on the 'close' button at the top of the window, as you would any other program.
So, the malware writers corrected that oversight. Now, either the close button wouldn't work, or, just like clicking on the window, it would also install the malware. Often, they'd use javascript to spoof the Windows titlebar at the top for that.
But then, someone announced that you could just use Alt-F4 (etc.) to kill the window. The malware writers tried fixing that, too. Not every bit of malware out there does it, but you may encounter one that does trap whatever keys you try to use, and try to install its garbage, anyway.

Of course, some try to install merely when infected ad code is run, alone. So something could hit just by visiting a 'safe' page, too.

Can any of this run on, or affect Linux? I don't know. However, as with the trojan programs that used to spread through email like crazy, it can pile up on your hard drives, even if you don't have to worry about it running or spreading. On one of my non-Windows systems, earlier this decade, I had to run a simple anti-virus setup just to automatically clean out my email attachments folder, so the stupid trojans wouldn't eat up my HD space in no time. Rolling Eyes

Bruce B · Posted: Tue 21 Jun 2011, 09:22 Post subject:

Bruce B · Posted: Tue 21 Jun 2011, 09:32 Post subject:

nooby · Joined: 29 Jun 2008 Posts: 9385 Location: SwedenEurope

I trust it is my ADHD. So much to read through.

sig15 is not something I shall do that info belongs to a kind of background info on what happens when one go

Menu > System > System status > Htop

or if one go Menu > System > System status > Pprocess viewer.

Which am I supposed to use? I am not 100 sure but I think the I did the latter and that it did kill the process but also killed me being able to use the computer so had to reboot.

How one can use Htop to kill something that I have no idea how to do.

Anyway I try to reconstruct to see if it happens again.
So I post this above and then read it and then kill this tab with htop first and if that fails I do the Pprocess and then I read your kind description after this post.

Edit

Haha, I am a true Noob. I've looked and looked on that Htop so many times and not noticed the lowest text there.

It was super simple when one knew what to look for.

One highlight Firefox and then do F9 and then Enter.

And when one klick on browser again then I am right back here again being able to edit without having to log in even.

So that is odd. it did not really killed it then? Only suspended or something

Thanks Bruce you wrote that while I was composing this text. Smile

Arrow I used the Mouse. Would that make a difference?

Bruce B · Posted: Tue 21 Jun 2011, 11:11 Post subject:

htop destructions

use arrow key to highlight application to kill
hit f9 key
then enter

~

nooby · Joined: 29 Jun 2008 Posts: 9385 Location: SwedenEurope

But how does one know which to mark.

Now when I look again and do the arrow scrolling then I have some 16FF and 2 Flashplayer or so instances of Firefox despite me only have one tab and only htop running.

I try to attach a pic showing the htop

amigo · Joined: 02 Apr 2007 Posts: 1757

"https://s3.amazonaws.com/fvd-suite/sites.txt"
The protocol (https) has nothing to do with the file type -in fact the '.txt' filename extension also has nothing to do with the file type. The 's' in https means secure. Sometimes you can use the same URL except for changing the protocol to simply 'hhtp'.

gcmartin · Joined: 14 Oct 2005 Posts: 2625 Location: Earth

gcmartin · Joined: 14 Oct 2005 Posts: 2625 Location: Earth