|
Title: [SOLVED] what did my browser eat? Post by: groggin on January 26, 2014, 09:13:29 PM something not very good, i fear - where did that stupid cop come from anyway? (scroll down please)
https://i.imgur.com/p9RnnaP.png he used to have a stupid button underneath him that said "I understand the risks" and you could click it and proceed, but that option seems to have vanished, wtf.. is it a b.h.o.? malware? idk but its gotta go, it's in firefox and chrome on my tower pc running win7 (multi-boot w/linuxmint and win xp, the problem only exists in win 7) recently, i've just been uninstalling and re-installing browsers, gets me around for a day or two, but it creeps back in somehow, can anyone help? thanks! Title: Re: what did my browser eat? Post by: tanalith on January 26, 2014, 09:58:27 PM I think there maybe some cache poisoning going around, try to use the google dns servers and see if you still get a certificate for an unregistered domain...
Title: Re: what did my browser eat? Post by: Kenshin on January 26, 2014, 10:01:21 PM I think there maybe some cache poisoning going around, try to use the google dns servers and see if you still get a certificate for an unregistered domain... BTW, that is 8.8.8.8 and 8.8.4.4 Title: Re: what did my browser eat? Post by: msc on January 26, 2014, 10:05:43 PM he used to have a stupid button underneath him that said "I understand the risks" and you could click it and proceed, but that option seems to have vanished, wtf.. I noticed that on Firefox a while back, but you don't want to proceed in this case. You've got a DNS problem or malware.Title: Re: what did my browser eat? Post by: bitpop on January 27, 2014, 08:03:21 AM Wipe hdd immediately
Title: Re: what did my browser eat? Post by: U1TRA_L0RD on January 27, 2014, 03:16:20 PM Wipe hdd immediately lol, Without backing up bitcoin wallets? :DWhat is it anyway, I sometimes get those too. :o Title: Re: what did my browser eat? Post by: OnkelPaul on January 27, 2014, 03:23:45 PM You should certainly not enter your bitcointalk password on that site. It's a man-in-the-middle attack, and any passwords you enter there will be used by hackers.
One can only guess what's been compromised on your win7 installation - probably the hosts file or some DNS settings. In any case, you should not use this windows system for anything moderately valuable before you've found and removed all compromised files. (which probably means it's safest to do a complete reinstall) Onkel Paul Title: Re: what did my browser eat? Post by: bitpop on January 27, 2014, 03:25:02 PM Lol look at the domain in the page
Title: Re: what did my browser eat? Post by: groggin on January 27, 2014, 03:56:38 PM thanks for the responses, i'm glad to say i use mostly linuxmint! i'll try changing the dns server next reboot, (it'll prolly not stay changed tho, i think) then maybe scan from win xp ... tho most likely i'll end up reformatting, then repairing grub. glad i keep my OS partitions small, and data elsewhere :) thanks again! Title: Re: what did my browser eat? Post by: rme on January 27, 2014, 03:58:49 PM he used to have a stupid button underneath him that said "I understand the risks" and you could click it and proceed, but that option seems to have vanished, wtf.. Thanks to my suggestion, they implemented HSTS. That tells the browser that a secure connection is required always. That is why there is no button, you must have a secure connection. Title: Re: what did my browser eat? Post by: groggin on January 27, 2014, 04:34:37 PM he used to have a stupid button underneath him that said "I understand the risks" and you could click it and proceed, but that option seems to have vanished, wtf.. Thanks to my suggestion, they implemented HSTS. That tells the browser that a secure connection is required always. That is why there is no button, you must have a secure connection. thanks to you good sir Title: Re: what did my browser eat? Post by: drakoin on January 27, 2014, 08:18:51 PM the same sometimes happens with google results.
searching for something here on bitcointalk with google (because there I am allowed to search more often per time) I sometimes get results with an IP address instead of btct ... [some trying] ... yes, here's an example: https://duckduckgo.com/?q=ann+altcoin+giveaway+g! (https://duckduckgo.com/?q=ann+altcoin+giveaway+g!) scroll down 7 hits to "flushcoin" and click. same procedure. That is not an infected OS. Is that an infected search engine? Title: Re: what did my browser eat? Post by: msc on January 27, 2014, 08:36:30 PM That is not an infected OS. Well no, that's not an attack, it's just that the search engine has indexed a URL using the IP address instead of the domain name. If you click that link, then on the error page change https to http, it'll redirect you to the real forum.Is that an infected search engine? But, without knowing the domain name, the browser can't tell if it's legit or not. It's actually an error on the forum's part, I think. If you access the IP address using http, it redirects you to the domain name. But using https, it doesn't. Not that the forum must do a redirect, but it's nice when possible. Title: Re: what did my browser eat? Post by: groggin on February 04, 2014, 05:12:23 PM Well, thanks OnkelPaul for mentioning the hosts file! had a look at it and sho'nuff bitcointalk was there. a simple # and it's working fine again. (so far ::)) i use hostsman, and use all the available update sources, so i guess someone has our forum listed in there, incase staff wants to do something about it. changing the dns server was not helpful thanks again all Title: Re: [SOLVED] what did my browser eat? Post by: bitpop on February 04, 2014, 05:26:52 PM Well, thanks OnkelPaul for mentioning the hosts file! had a look at it and sho'nuff bitcointalk was there. a simple # and it's working fine again. (so far ::)) i use hostsman, and use all the available update sources, so i guess someone has our forum listed in there, incase staff wants to do something about it. changing the dns server was not helpful thanks again all Why do you use that? Title: Re: what did my browser eat? Post by: OnkelPaul on February 04, 2014, 07:18:42 PM Well, thanks OnkelPaul for mentioning the hosts file! had a look at it and sho'nuff bitcointalk was there. You're welcome! What address was in the host file? Although it was probably a compromised host, it might give a hint about the source of this attack. Regarding hostsman: Don't let such tools mess around with your networking setup! A computer being used with bitcoins or other crypto stuff should have as few modifications relative to a secure baseline as possible. Onkel Paul Title: Re: [SOLVED] what did my browser eat? Post by: groggin on February 04, 2014, 07:45:27 PM Quote from: OnkelPaul What address was in the host file? here's a copy-paste from it bitcoinmegastore.com bitcoinsgenerator.net bitcointalk.org bitcointipbot.com bitcointips.net bitdoctor.ru bitdoctors.ru bitdownload.biz bitenova.nl Quote from: bitpop Why do you use that? i like the way it blocks many ads + unfriendly sites - another layer of protection :) |
