Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Mon 22 Dec 2014, 01:04
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Paranoia for Beginners
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 14 of 17 Posts_count   Goto page: Previous 1, 2, 3, ..., 12, 13, 14, 15, 16, 17 Next
Author Message
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Tue 20 Sep 2011, 03:40    Post_subject:  

Was it McAfee or some other security firm that told eager reporters on IDG News? PCWorld maybe? Or on BBC World Service or ...

Recently them admitted that the current way of using anti virus does not work in a good way.

the better way has to be intelligent programs that watch for peculiar activity that could be something odd going on.

That is not what them wrote but my crude retranslatio from them translating from English to Swedish and me back to English. Whoah

So instead of having AV that look for "Signatures" and us updating the Signatures that are always some hours or days too late.

the next versions of AV will be programs that watch for activity that would be not normal for the person using the computer.

May I predict it will not be easy? I mean when one use such programs them warn and warn and warn and one get tired of all the warnings one have no idea what them try to say and one shut it all down getting too annoyed by all the noise it produces?

So what to do?

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send_private_message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15122
Location: Paradox Realm

PostPosted: Tue 20 Sep 2011, 04:12    Post_subject:  

nooby wrote:
So what to do?


Panic!
Run for the hills!
. . . well maybe not

Note the enclosed pic
This is my root - it looks different for no reason Confused
As far as I know I have not installed 'Puppy File Sharing'
I am using Transmission and Slacko beta 3

Have I been hacked by a non existent Puppy Black Ops
file sharing team?

Please advise by post or encrypted carrier pigeon Shocked



Quote:
**********************Puppy File Sharing******************

This script uses Curlftpfs, Mpscan, Pure-ftpd, and Rox to setup a file sharing system, that is similar to Samba (windows) file sharing to the user. The intent is that this will be used between two computers running Puppy linux. However, another operating system (Windows), can connect to the server using a web browser. Just type in the IP address in the address field (eg. ftp://192.168.254.2).

Before doing anything, you must be connected to your network

Inside of the File-Sharing folder you will find a Rox application named Setup-Sharing. Clicking on Setup-Sharing will open a series of windows. The first menu will ask you if you want to connect to a folder on another computer (Client) or share a folder on your computer (server).

If you select to share a folder on your computer, so that another computer can connect to it, you will be presented with two options:

* Anonymous No password required for others to connect.

This will allow others to connect to your computer without a user name or password. However, they will only be able to connect to /root/ftpd. So place any items you want to share in that folder.

* Password A user name and password will be required for others to connect.

This will require others to use a user name and password to connect to your computer. In Puppy you normally run as a user named root, your home folder is /root, and the default password is woofwoof. If you choose this option you should change your root password. To do this open a terminal (The console icon on the desktop) and type:

# passwd

You'll be prompted to enter a new password. User root is the superuser (he can do anything), so you may not want others logging in as root. So if you want, you can add new users. If you wanted to add a new user named doug and give doug a home directory of /mnt/home/doug, you can do this by opening a terminal and typing:

# adduser doug -h /mnt/home/doug

You'll be prompted for a new password for doug and the folder /mnt/home/doug will be created. Now someone can connect to your computer by using the user name doug and whatever password you entered. When they login as doug, they will see whatever is in /mnt/home/doug. You can use just about any user name you like and the home folder doesn't have to be /mnt/home/doug, use whatever you like.


Next, you will be asked if you want to start the sever for just this session or if you want it to start on every boot. If you choose to start it on every boot an entry will made in /etc/rc.d/rc.local.






If you choose to connect to another computer, you will be presented with two options:

* Scan Search your local network for a connection.

This will scan your local network (subnet) and list any ftp servers it finds. You will then be asked if you want to create a connection. If the connection requires a user name and password you will be asked for it.


* Manual Enter an IP address. (Optional username and password)

This will let you enter a user name, password and a IP address to create a new connection.

After selecting one of the above options a new connection will be created in the File-Sharing folder. By clicking on one of the newly created Shared-xxx icons, a window will open for that network connection and you can drag and drop files to and from it.


Limitations:

* Permissions are not allways preserved, so ROX reports errors. Copied files are created with a umask of 022.
* Symlinks don't copy.
* When scanning for servers, somtimes your server may not be found, try again.
* If your computers are on a DHCP network (IP address are automaticly assigned), The the connection short-cuts (rox apps) may not work the next time you boot because of IP address changes. In this case you'll have to scan and create a new connection.
h1.jpg
 Description   
 Filesize   30.85 KB
 Viewed   1203 Time(s)

h1.jpg


_________________
Puppy WIKI
Back to top
View user's profile Send_private_message Visit_website 
Dave_G


Joined: 21 Jul 2011
Posts: 459

PostPosted: Tue 20 Sep 2011, 05:20    Post_subject:  

Watch a lot of American movies Lobster?
Back to top
View user's profile Send_private_message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15122
Location: Paradox Realm

PostPosted: Fri 23 Sep 2011, 05:30    Post_subject:  

Quote:
Watch a lot of American movies Lobster?


Yes indeed and European. Why do you ask? Smile

I am not aware of downloading or setting up the file sharing program in the picture.
I use Transmission.
Does anyone recognise the program? Where it comes from etc?

I am preparing a new version of GROWL
look in the 'cutting edge' section for Slacko Growl. Smile

_________________
Puppy WIKI
Back to top
View user's profile Send_private_message Visit_website 
Dave_G


Joined: 21 Jul 2011
Posts: 459

PostPosted: Fri 23 Sep 2011, 06:02    Post_subject:  

Because you have a directory called NTSC. Wink
Back to top
View user's profile Send_private_message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15122
Location: Paradox Realm

PostPosted: Fri 23 Sep 2011, 06:17    Post_subject:  

NTSC = National Television System Committee?

Smile I did not create that directory
or 'Go' or 'Let' or 'Me' and a few others (all empty)

So I should imagine I might actually have been hacked Rolling Eyes
The program was also added which would be a real first, creating directories not so much so.

Am I quacking in fear? Sadly no my paranoia is not developed sufficiently Rolling Eyes

What I think is far more likely is I inadvertently installed a pet that is expected to do this. Maybe unloaded it in the wrong place or it could be part of another package . . .
Should I be installing forensics? Honeypots? Separate firewall server?

_________________
Puppy WIKI
Back to top
View user's profile Send_private_message Visit_website 
Dave_G


Joined: 21 Jul 2011
Posts: 459

PostPosted: Fri 23 Sep 2011, 08:33    Post_subject:  

Lobster,

That is exactly why I asked you jokingly about watching American movies.
NTSC is the TV standard of the USA (amongst others) whilst that of
most of Western Europe is PAL with France being the exception using SECAM.
Ex-soviet states of eastern Europe also still use SECAM (I think).

You say you didn't create the NTSC directory, so unless you installed a pet
that was for video editing/recording/transcoding/watching and created that dir, what other
explanation is there for it?
Back to top
View user's profile Send_private_message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15122
Location: Paradox Realm

PostPosted: Fri 23 Sep 2011, 23:44    Post_subject:  

Quote:
what other
explanation is there for it?


tsk tsk
Have you lost all sense of fear and potential interference from 'them'? Rolling Eyes
(Govt, hackers from other dimensions, script kiddies, puppy's with rabies, commercial scan bots, the penguin viruses etc . . .) Wink
Talking of viruses
installed and running this avast virus scanner in Slacko beta 4
http://bkhome.org/blog/?viewDetailed=02494
That should keep the CPU and paranoia ticking over nicely
opted for thorough scan of e v e r y t h i n g

_________________
Puppy WIKI

Edited_time_total
Back to top
View user's profile Send_private_message Visit_website 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15122
Location: Paradox Realm

PostPosted: Sat 24 Sep 2011, 03:25    Post_subject:  

It must be worse than I thought . . . Shocked

Avast found several PHP viruses on my HD (used as a backup)
These were specific to Wordpress and have to run on a server I shouuld imagine.
The viri were PHP Agent-BD -[TH]

Then Avast locked up my computer. Could it have been attacked by a virus?
Enclosed is my frozen screen. Rolling Eyes

Given Avast another HD to feed its virus hunting skills.
2011-09-24 06.23.38.jpg
 Description   
 Filesize   77.73 KB
 Viewed   1159 Time(s)

2011-09-24 06.23.38.jpg


_________________
Puppy WIKI
Back to top
View user's profile Send_private_message Visit_website 
Dave_G


Joined: 21 Jul 2011
Posts: 459

PostPosted: Sat 24 Sep 2011, 05:02    Post_subject:  

Lobster,

Are you sure that those php scripts really are "nasties"?
Avast and others often report false positives.

Dave.

Remember, just because you can't see them, it don't mean they aren't after you. Wink
Back to top
View user's profile Send_private_message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Sat 24 Sep 2011, 07:07    Post_subject:  

Lobster, Dave are right. Some or all AV software has at least one or two "false positives" them point out snippets of code that may be examples that somebody has put in to make a point or something. Some joke even.

But I wonder about this one:
Quote:
Talking of viruses
installed and running this avast virus scanner in Slacko beta 4
http://bkhome.org/blog/?viewDetailed=02494

So is that one then better than the xf-prot that also can be run from Lupu-528?

I mean if I now install Barry's version of Avast would that one not find the build in signatures for Xf-prot and bark loud and even lock the computer or destroy the xf-prot?

Should I uninstall the xf-prot first?

8-bit says
Quote:
I had read a review of linux antivirus packages and fprot failed to find viruses that Avast found so I installed Avast.


Lobster Barry gave you advice to cut out /sys however one do such things.

I wonder if not all of this is way over my poor head?

So first I uninstall xf-prot and then I install the pet that Barry made.
Then change things like he describe there from that facebook thing?
Hm I barely get what he write.

Should we not have a simple to follow thing on this.
Avast wants my email address for to give a code so it start working?

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send_private_message 
Dave_G


Joined: 21 Jul 2011
Posts: 459

PostPosted: Sat 24 Sep 2011, 09:12    Post_subject:  

Lobster,

Keep in mind that AV pgms are not perfect.
Often they see code that could be a risk and flag it.
The fact that ir could be a risk does not mean that it is.

A few years back I made a wget type app for win machines
and many AV pgms marked my pgm as a trojan downloader
simply because I was statically linking to the API call URLDownloadToFileA
which of course is very often used in real trojans.

All I had to do is first get the ProcAdress of the function in the DLL
then load it using LoadLibraryA and it got right past the AV pgm.

I know this is for win32, put the point I'm trying to make is that AV pgms
often flag code as a threat which is not always the case and at the same time
don't properly check for workarounds and stuff can get thru if that
was the writers intention.
The same will apply to Linux.

Dave.
Back to top
View user's profile Send_private_message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15122
Location: Paradox Realm

PostPosted: Sat 24 Sep 2011, 10:12    Post_subject:  

Guys,
Yes I should think the PHP really are viruses/trojans/malware scripts because this is a backup of server material that I know has been compromised.

Some false positives - yes, there is one
EICAR Standard AntiVirus Test File that is in an f-prot file - that is a 'pretend virus' - again a back up . . .

In the preferences of Avast
you just add /sys and /proc
as exclusions - OK done that, running again . . .

I have Nandows 7 (or some such jinx food operating system) on a partition and that is probably infected Crying or Very sad
- barely used Nandows 7. Will now just delete.
You know how I think MS Nandows became infected?
Downloaded bit torrents were saved to an NTFS drive
by Puppy - included in the download were malware products designed to go into Windows directories. Oh boy.

So basically the php could run on a linux server and those backups were already compromised - I know that. The eicar is a test. The Windows partition is infected, either that or it slowed down and started behaving strangely just for fun . . .

As a side issue . . . my sister brought her new
Windows 7 powered Asus laptop along.
Somehow Norton virus checker was on there, offering to scan
She hates Norton as it created a year of problems for her
Like a virus it had installed itself and aggressively demanded to scan
Removing it was an exercise in getting her not to strangle the computer
How was it, this had appeared on the desktop without warning or agreement . . . (it was probably a 'free' offer)?
http://puppylinux.org/wikka/VirusScam
Slowly people begin to understand why we use Linux . . .

Puppy is fine. Virus checking continues. Still not scared. What am I doing wrong? Cool

_________________
Puppy WIKI

Edited_time_total
Back to top
View user's profile Send_private_message Visit_website 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15122
Location: Paradox Realm

PostPosted: Tue 27 Sep 2011, 01:00    Post_subject:  

OK guys

Deleted the Winedows 7 contagion - removed from its partition
Did a 'standard' rather than 'thorough' Avast scan (Avast did not crash this time).
Need something new to worry about?
How about a neutrino powered virus from an entangled parallel universe? Perhaps based on the public domain descendant of Stuxnet type viruses?
However hacking computers is so yesterday. How do we influence the machine we are?

Does not bear thinking about? Rolling Eyes

_________________
Puppy WIKI
Back to top
View user's profile Send_private_message Visit_website 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15122
Location: Paradox Realm

PostPosted: Mon 03 Oct 2011, 06:24    Post_subject:  

How much does it cost to be an elite cracker? $600 for a wifi cracking drone . . .

Look to the skies Rolling Eyes
http://www.dailytech.com/Flying+Drones+Dubbed+SkyNET+Break+into+Wireless+Networks/article22701.htm

_________________
Puppy WIKI
Back to top
View user's profile Send_private_message Visit_website 
Display_posts:   Sort by:   
Page 14 of 17 Posts_count   Goto page: Previous 1, 2, 3, ..., 12, 13, 14, 15, 16, 17 Next
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1097s ][ Queries: 13 (0.0167s) ][ GZIP on ]