Ubuntu Security :: Anitivirus Blocked The Suspicious Web Pages While Browsing
Dec 8, 2010
I come to Ubuntu with the notion that it is much more secure than Windows. In XP I had an anti-virus, third-party firewall and sundry softwares against spybots, rootkits etc. The anitivirus blocked the suspicious web pages while browsing. I generally avoided public networks, carrying a portable internet device Do I need similar stuff with Ubuntu.
View 9 Replies
ADVERTISEMENT
Mar 11, 2010
I have installed MoBlock as instructed here: [URL]
After installation I created my own list file in /etc/blockcontrol/custom-blocklist.p2p and have the following uncommented at the bottom of /etc/blockcontrol/blocklists.list:
Code:
locallist /etc/blockcontrol/custom-blocklist.p2p
The list contains the following 2 entries:
Code:
Yahoo:98.137.149.56
Google:74.125.47.147
When I do:
[Code].....
Recently I just noticed that the locallist rules seem to have no effect. I will always get "destination port unreachable" even if the locallist entry in blocklists.list is commented out.
However, whenever I try to browse to that IP, even when blockcontrol is on, even by typing the IP into Konqueror (not the domain name), it lets me go there every time. How can I know that my other applications will not to do the same thing? How can I lock this down and test it empirically to be sure?
View 1 Replies
View Related
Apr 1, 2010
I have been running rkhunter but how do i view the /var/log/rkhunter.log? I have tried using: sudo /var/log/rkhunter.log but all i got was "Command not found?
View 6 Replies
View Related
Mar 18, 2010
What the most harmful thing can malware program started as separate limited user account do if it has access to the X server? Network and filesystem things are already considered by chroot and netfilter.
It obviously can lock the screen and I will need to switch to other vt and kill it manually. Can it for example disrupt other GUI programs on the same X server (access a root terminal in nearby window)?
I know that it is safer to run it in separate X server, for example, in Xtightvnc or even some virtual machine, but how dangerous is to just run it like other programs?
View 3 Replies
View Related
Aug 10, 2010
I got this warning in the log of rkhunter:Quote:
Checking /dev for suspicious file types [ Warning ]
[13:37:16] Warning: Suspicious file types found in /dev:
[13:37:16] /dev/shm/pulse-shm-43136623: data
[code]....
View 2 Replies
View Related
Mar 15, 2011
I know this post isn't strictly linux based, but since the system in question appears to be using Linux and I am as well I decided to post this here. In doing other network playing with Ubuntu Sever 10.10 I noticed that on all traceroutes I did to any IP the second hop from my house jumped through a connection on IP 24.96.153.61 which I think should only be another dynamic IP Knology.net customer...
In scanning the IP I now know that its a Juniper Junos Router 9.2R1.10 (Probably running on some VMware based on googling?) Open ports show: 22 ssh openSSH 4.4 v. 1.99 23 telnet Openwall GNU/*/Linux telnetd
At first I thought this was just a legit Knology.net DNS server or something, but using such outdated versions and freeware... I feel suspiciously like this is something else. Also, why in the world would knology allow remote access to their mainframe equipment? Seems that if it were ever breached it would be beyond terrible for the ISP...
Finally, why can't people not SSH into my box from the outside if I have MAC address filtering on? Anyone know anything about this or am I just being paranoid? I'm a noob, so knowing too little about all this is probably more the problem?
View 5 Replies
View Related
Feb 2, 2010
I am trying to download the contents from [URL] to my local system for off-line browsing but am having little to no success. I have tried using wget and httrack, although I can download the directory structure there does not seem to me any sfw files.
View 7 Replies
View Related
Aug 1, 2010
I ran a chkrootkit scan and found this: The following suspicious files and directories were found: /usr/lib/pymodules/python2.6/.path /usr/lib/xulrunner-1.9.2.8/.autoreg /usr/lib/firefox 3.6.8/.autoreg /usr/lib/jvm/.java-6-openjdk.jinfo
How do I get rid of this suspicious file?
View 4 Replies
View Related
Apr 12, 2011
I have suspicious requests in my haproxy logs from multiple sources to the same target. I could deny them in /etc/hosts.deny, but there are too many to keep track of. Is there a way to deny all requests to a specific target either in haproxy or through iptables?
Here's an example of the request: Apr 12 15:11:37 127.0.0.1 haproxy[28672]: 41.105.42.150:27072 [12/Apr/2011:15:11:37.315] web_servers frontend_farm/######## 3/0/1/1/169 404 1073 - - --NI 3/3/2/1/0 0/0 "GET /images/comment_icon.gif HTTP/1.1"
I've commented out my amazon instance id for security purposes. The request is for comment_icon.gif which does not exist. All requests go to that. The source IPs are from different countries as well. Blocking a certain country won't work either. Basically, if there was a way to send all requests for comment_icon.gif to /dev/null or something it would work.
View 2 Replies
View Related
Apr 17, 2009
I' have FC10,firefox3.0.4it take ages to load any page.the d/l speed is good .but while loading pages it takes a lot of time!while on XP everything works fine even though the the firefox version being an earlier one than FC10
View 4 Replies
View Related
Jan 3, 2011
My server is probaly hacked and sending spam emails. I see them randomly in maillog (/usr/local/psa/var/log/maillog, server has a plesk panel), sometimes a few in a long time, sometimes a lot of them.Here is a sample of it:
Jan 4 00:47:08 acv360 qmail-remote-handlers[17662]: Handlers Filter before-remote for qmail started ...
Jan 4 00:47:08 acv360 qmail-remote-handlers[17662]: from=root@acv360.com
[code].....
View 7 Replies
View Related
Sep 21, 2010
Is there anything suspicious about this auth.log? I find the many CRON outputs and the part with gconftool weird. Also, why don't I have the permission to view "/var/log/btmp1". It has never happened before.
I'm using GNOME's log viewer.
[Code]...
View 2 Replies
View Related
Mar 3, 2011
i updated both browsers i have and lost my secure log-in pages (no padlocks showing ) concerning different Web mail accounts.Just before i did these updates i checked an unrelated thing on-line regarding my sound card of which i kept a copy of and got this message below :
!!ALSA/HDA dmesg
!!------------------
[ 12.762633] cfg80211: Calling CRDA for country: AM
[code]....
View 2 Replies
View Related
Jun 7, 2011
I've setup the Uncomplicated Firewall (UFW) on Ubuntu 10.04 LTS and blocked an IP address. UFW status shows that the firewall is active and the IP in question is denied. The issue is that I'm seeing the blocked IP address in my Apache logs.
View 1 Replies
View Related
Sep 21, 2010
Is there anyway i can ssh/rdp/telnet into my server from the outside bypassing comcast ALL blocked ports
View 1 Replies
View Related
Jun 18, 2009
If I use my current iptables firewall settings my php includes from my own site get blocked by the firewall. If I use accept all tcp and udp it still does not work. If I use a default policy of accept all, then the php includes work which is not safe. I am running a drupal 6 site on a centos 5.3 vps with apache 2.2.0 and php 5.2.6 w/ safe mode on. He is my current iptable configuration.
Quote:
Chain VZ_FORWARD (1 references)
target prot opt source destination
Chain VZ_INPUT (1 references)
target prot opt source destination
[code]....
View 2 Replies
View Related
Nov 18, 2010
We have a spam in our network and we installed antivirus in all our systems and cleaned the virus from all pc's after that i had removed my ip from the database of blocked ip's but still my ip is blocked for sending spam i don't know from which pc the spam is going on the internet.
so i have a question that my proxy server is redhat linux and as a newbie i don't know the command's to find out which pc is creating large bandwidth to the internet. If you tell the command how to see which pc is sending spam then i will discard that pc. Also i want a strong firewall to stop spam activities.
View 6 Replies
View Related
Mar 17, 2010
On April 10, 2010, I upgraded some packages on my Ubuntu 9.04 server. This included an upgrade to "ufw 0.27-0ubuntu2". I rebooted the server, and all appeared to be fine.
Now I've noticed that UFW is not logging blocked packets since that reboot. It used to do this. It is still logging the allowed packets that I've configured it to log.
Here's what a "ufw status verbose" says code...
View 2 Replies
View Related
Sep 17, 2010
I don't know is this the right place to ask, but i must ask some questions Here's my problem.I'm a student in highscool,and here we use Linux(ubuntu) OS .Every classroom has like 30 PC's connected with the main computer(the teacher's one) so....3 days ago we were forbidden access to some websites it says This domain is Blocked.By the way the Linux version installed is 7.04(feisty Fawn) i tried disable cookies that did not worked,also tried to whitelist some website,that also didn't worked out
View 7 Replies
View Related
Jan 9, 2010
What are all the ways you could think of that someone could view your browsing history, upstream from your machine? They don't have physical access, there's nothing on the computer itself and the person trying to hack has skill so I'm thinking like monitoring a proxy somehow, using the ip address somehow, compromising the modem in some way, possibly having access to google account etc. I am new to ubuntu and have really dug it so far but I want to figure how this is/was being done
View 9 Replies
View Related
Feb 23, 2011
Linux Mint 9 Fluxbox
Firefox 3.6.8
Even when I don't disturb anything while browsing, random sites start
launching (one at a time)!!
>Example:
bash.com
gifts.com
<LQ member username>.com
sex.com
I usually browse Lq, and all this happens while browsing Lq threads,
and sometimes other websites too!
View 14 Replies
View Related
Nov 5, 2010
What methods exits to restrict which directories a user may browse on the filesystem. I want to prevent php scripts from being able to view system files. I've seen two solutions, but neither are satisfactory:Chrooting a directory that the script is in, but this requires that all the necessary php libraries/files are moved/copied into the right place relative to the chroot directory. I don't feel that I have the technical ability to achieve this.Putting php into safe mode and disabling *nasty* php functions. But this is ineffective if just one obscure *bad* php function is missed.
View 5 Replies
View Related
Dec 28, 2010
I have been investigating some security precautions over the past several months. I use Ubuntu now instead of windows and FIrefox browser also. I have installed BetterPrivacy, WOT, NoSCript and a few other add ons. I have SELinux, ClamAV, AIDE, and chkrootkit installed for Ubuntu.
When we browse certain web sites, we get an error about the server being reset. However, when I put the Ubuntu install cd in and browse with Firefox, obviously with no add ons or settings changed, we can browse to the site with no problems. We are trying to be secure on the internet and I don't want to lower or get rid of any of the settings / add ons we added. What would cause servers to reset when using Firefox / Ubuntu with browser add ons / OS addons?
View 2 Replies
View Related
May 29, 2011
IMDB gives me a "recently viewed" list of pages I viewed recently (and a few of them were months ago, since I don't go there too often) at the bottom of every page I view. My cookies are enabled for session-only, have adblock plus, my ip changes every day, how are they doing that? How can I prevent it? What other websites are using the same trick? At this page [URL] there's a link there that says "Clear entire history", but I want to disable them from being able to track me like that, if they can track me, so can others.
View 3 Replies
View Related
Feb 9, 2011
In the past week or so I've noticed some weird network behaviour. I find accessing some sites such as Amazon, Paypal, and Bigstockphoto really slow. Sometimes the page will not load at all. Other sites are fine. The problem sites are not a problem for others on my LAN at home. When I try to open the problem sites, I can see in Firestarter blocked connections coming from 2.1(8/9).xxx.xxx on various ports such as 36007. This only happens for the problem sites. I attached a typical output from firestarter.
This happens with Firfeox or Chrome. Using Ubuntu 10.10
View 4 Replies
View Related
Jul 27, 2011
I was using Transmission BitTorrent the other night, when I noticed that I was getting heavily spammed by one particular IP. I then stopped the torrents and disabled the network.I wanted to add my own block-list, containing this IP, to $HOME/.config/transmission/blocklists, but could not get it working. Transmission is supposed to parse this text file into binary format upon startup. I tried both allowed formats, but Transmission kept on creating an empty binary file (this was version 1.93 in the official repo, I have since upgraded to 2.33 by adding a PPA, and it now works correctly).
I then blocked this IP in the firewall outbound traffic policy, allowing Transmission, on the port number that I forwarded on the router, on the inbound policy. After a restart, I watched the torrents picking up speed as more peers connected, and then saw this IP getting blocked. However, the same IP immediately also appeared as a peer in one of my torrents.I then double checked all settings and log files, to ensure that there is no typo. The same IP that was shown as blocked in the log files, also successfully made a connection to Transmission. After a while I gave up, and shut down.The IP was an incoming connection, but was explicitly nominated to be blocked in outgoing traffic. The firewall was supposed to silently ignore this IP, not making a connection possible.
ICMP filtering was enabled, with the following not allowed:
- Address Masking
- Redirection
- Source Quenching
Now surely this is not normal?Is this a bug in ip-tables?Isn't this a serious security breach?
View 2 Replies
View Related
Feb 19, 2010
I have a Cent OS 5.4 32 bit final installed in my dedicated server.
I used to run lighttpd with php in my server until now and all was fine.But yesterday I changed my website which needs apache to run. So installed apache using yum install httpd command.
Then I added the virtual host name of my domain in webmin panel but when i try to run my php script in browser then its not opening php pages.
Instead it downloads php files like index.php when i open in browser.So I guess apache is not able to compile and run php pages. Only html pages are opening right now..
View 2 Replies
View Related
Sep 9, 2009
when i input man <cmd>.....it's saying formatting pages....n then it is displaying blank page.
View 6 Replies
View Related
Oct 17, 2010
I've just installed Slackware 13.1 in two different laptops for first time. I have some strange internet browsing behaviour in one of the laptops. I've installed 2 internet browsers(firefox,opera) using the directions from Slackbuilds.org and there is also konqueror pre-installed. Moreover I installed Wicd network manager.
I can browse some pages e.g. ..... with firefox very slowly but NEVER facebook. I can browse almost any page, even facebook, with OPERA but very very slowly. The same goes with konqueror... Wicd shows that i am always connected with my WPA wireless network
Laptop details:
Quote:
Toshiba sattellite a100-209
//-----------------------------------------------
Processor Intel Celeron M 370 / 1.5 GHz
Databus-Speed 400 MHz
//-----------------------------------------------
Installed RAM 512 MB
Technology DDR2 SDRAM - 533 MHz
[code]....
View 7 Replies
View Related
Oct 26, 2010
My Firestarter logs show periodic outgoing connection attempts to IP addresses in countries such as Malaysia, China, Russian Federation etc... Fortunately, Firestarter appears to be blocking them. I suspect these are not good and want to find out exactly what process is initiating these outgoing connections.
View 6 Replies
View Related