Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sat 30 Aug 2014, 16:37
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Possible virus in Puppy iso? (sorted)
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 1 of 2 Posts_count   Goto page: 1, 2 Next
Author Message
Stripe

Joined: 23 Jun 2010
Posts: 658
Location: In a field. England

PostPosted: Wed 05 Jan 2011, 18:25    Post_subject:  Possible virus in Puppy iso? (sorted)  

Hi all

I may have discovered a virus

Have just booted from an unaltered 053 spup iso (totally in ram) checked ip info and my computer was connected to an unknown ip address 174.143.142.58

ran it through domain dossier and it came back as lvs-vip.mhtx.net
which it traced to godaddy.com

Has anyone else seen this? and how would I find the program which instigated the connection?

cheers

stripe

tried it with a 511 lucid cd (again in ram) and got the same results

Edited_time_total
Back to top
View user's profile Send_private_message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Wed 05 Jan 2011, 19:20    Post_subject:  

We have many threads about this phenomena.

Try this in a regular google search box.

puppy 174.143.

the reason I don't search the whole number is due to him changing it a bit now and then. You get more threads if you are more general in the search keywords.

I don't know what it is either but those who do know seems not concerned about it and some even tease us who where concerned.

My wild guess is that some script use it to check that the internet really are working and one way of doing it is to ping a known server that one trust are 100% up.

His server maybe is one of several such used for that purpose.

Some maybe use a google server or his is a google server. I only guess.

Read those threads and tell me if I should be concerned or relaxed about it.

I have given up on it.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send_private_message 
01micko


Joined: 11 Oct 2008
Posts: 7794
Location: qld

PostPosted: Wed 05 Jan 2011, 19:30    Post_subject:  

Stripe

This thread may be of interest.

Cheers

_________________
Woof Mailing List | keep the faith Cool |
Back to top
View user's profile Send_private_message Visit_website 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Wed 05 Jan 2011, 19:44    Post_subject:  

Thanks Micko, even I had a fearful outburst on that thread.

But I still fail to get it. Hopefully our OP get what it is about.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send_private_message 
Stripe

Joined: 23 Jun 2010
Posts: 658
Location: In a field. England

PostPosted: Wed 05 Jan 2011, 20:10    Post_subject:  

Thanks nooby and mick

I tend to border on the paranoid as well Laughing Laughing

cheers

stripe
Back to top
View user's profile Send_private_message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Thu 06 Jan 2011, 01:34    Post_subject:  

As the saying goes: "Better Safe than Sorrow!"

So we should be cautious. I just wonder what my Bank says about me being Root when logging into them? Okay I use a little Gadget they sent me that is for security but still the Ubuntu fans tells us all the time that one need to be a restricted user.

Yes but I fail to be one- Have tried many times but Ubuntu fails to see the HDD it only see what the User are allowed to see.

And when I tell the Ubuntu or Mint folks that I want to use it in frugal install they tell me to go to Puppy Forum and ask here instead, they don't do frugal installs.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send_private_message 
MagicZaurus

Joined: 05 Jan 2009
Posts: 88

PostPosted: Thu 06 Jan 2011, 04:16    Post_subject: It's not a virus it's a feature  

Hi Stripe,

take a look at /usr/sbin/ipinfo. Inside the script is the following line.
Code:
var0="`wget -O - -q icanhazip.com`"

This makes the connection to the IP 174.143.142.58. This URL is supposed to reply with your external IP which is shown in the IP-INFO dialog on the 1st tab.

If you delete this line then the connection is gone when you open IP-INFO.

Hope that helps to get you in a more relaxed state.

MZ
Back to top
View user's profile Send_private_message 
Stripe

Joined: 23 Jun 2010
Posts: 658
Location: In a field. England

PostPosted: Thu 06 Jan 2011, 05:58    Post_subject:  

Thanks MZ

you have saved me a lot of time and worry, (thats if I ever would have found it Laughing)

now I know what it is and what it does I am not worried Laughing

Thanks again

Stripe
Back to top
View user's profile Send_private_message 
nubc


Joined: 23 Jan 2007
Posts: 1034
Location: USA

PostPosted: Thu 06 Jan 2011, 14:22    Post_subject:  

Typically, the problem lies in the browser, which virus writers know is the weakest point in the system. You can probably prevent infection by using the add-on AdBlockPlus on your (mozilla) browser.
Back to top
View user's profile Send_private_message 
nubc


Joined: 23 Jan 2007
Posts: 1034
Location: USA

PostPosted: Thu 06 Jan 2011, 14:24    Post_subject:  

Error: SQL requests not achieved

please delete

Edited_times_total
Back to top
View user's profile Send_private_message 
nubc


Joined: 23 Jan 2007
Posts: 1034
Location: USA

PostPosted: Thu 06 Jan 2011, 14:24    Post_subject:  

please delete
Edited_times_total
Back to top
View user's profile Send_private_message 
nubc


Joined: 23 Jan 2007
Posts: 1034
Location: USA

PostPosted: Thu 06 Jan 2011, 14:25    Post_subject:  

please delete
Edited_time_total
Back to top
View user's profile Send_private_message 
nubc


Joined: 23 Jan 2007
Posts: 1034
Location: USA

PostPosted: Thu 06 Jan 2011, 14:25    Post_subject:  

please delete
Edited_time_total
Back to top
View user's profile Send_private_message 
drongo


Joined: 10 Dec 2005
Posts: 353
Location: UK

PostPosted: Thu 06 Jan 2011, 15:28    Post_subject: WiFi utility  

One of the WiFi utilities in Puppy pings Google to test for connection to the Internet.

Barry's original and Dougal's utility did not do this. Is this the source of the problem?

The point about icanhazip is that it reports your external address to the internet, not the address of your PC. So if you are going through a router/NAT box etc you may not know what your external address is.
Back to top
View user's profile Send_private_message 
Aitch


Joined: 04 Apr 2007
Posts: 6825
Location: Chatham, Kent, UK

PostPosted: Sat 08 Jan 2011, 08:29    Post_subject:  

stripe/everyone

I've seen this before

icanhazip is an IP utility

simply check it yourself, it gives your outfacing IP address

http://icanhazip.com/

created by rackerhacker

http://rackerhacker.com/2009/07/31/get-the-public-facing-ip-for-any-server-with-icanhazip-com/

now widely used

Aitch Smile
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 1 of 2 Posts_count   Goto page: 1, 2 Next
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0651s ][ Queries: 11 (0.0032s) ][ GZIP on ]