[SOLVED] what did my browser eat?

[groggin]

 something not very good, i fear - where did that stupid cop come from anyway?  (scroll down please)


      

 he used to have a stupid button underneath him that said "I understand the risks" and you could click it and proceed, but that option seems to have vanished, wtf..

 is it a b.h.o.? malware? idk but its gotta go, it's in firefox and chrome on my tower pc running win7 (multi-boot w/linuxmint and win xp, the problem only exists in win 7)
 recently, i've just been uninstalling and re-installing browsers, gets me around for a day or two, but it creeps back in somehow, can anyone help? thanks!

[tanalith]

I think there maybe some cache poisoning going around, try to use the google dns servers and see if you still get a certificate for an unregistered domain...

[Kenshin]

I think there maybe some cache poisoning going around, try to use the google dns servers and see if you still get a certificate for an unregistered domain...

BTW, that is 8.8.8.8 and 8.8.4.4

[msc]

he used to have a stupid button underneath him that said "I understand the risks" and you could click it and proceed, but that option seems to have vanished, wtf..

I noticed that on Firefox a while back, but you don't want to proceed in this case.  You've got a DNS problem or malware.

[bitpop]

Wipe hdd immediately

[U1TRA_L0RD]

Wipe hdd immediately

lol, Without backing up bitcoin wallets? 

What is it anyway, I sometimes get those too. 

[OnkelPaul]

You should certainly not enter your bitcointalk password on that site. It's a man-in-the-middle attack, and any passwords you enter there will be used by hackers.

One can only guess what's been compromised on your win7 installation - probably the hosts file or some DNS settings. In any case, you should not use this windows system for anything moderately valuable before you've found and removed all compromised files.
(which probably means it's safest to do a complete reinstall)

Onkel Paul

[bitpop]

Lol look at the domain in the page

[groggin]

 thanks for the responses, i'm glad to say i use mostly linuxmint! i'll try changing the dns server next reboot, (it'll prolly not stay changed tho, i think) then maybe scan from win xp ...

tho most likely i'll end up reformatting, then repairing grub. glad i keep my OS partitions small, and data elsewhere       thanks again!

[rme]

 he used to have a stupid button underneath him that said "I understand the risks" and you could click it and proceed, but that option seems to have vanished, wtf..

Thanks to my suggestion, they implemented HSTS.
That tells the browser that a secure connection is required always.

That is why there is no button, you must have a secure connection.

[groggin]

 he used to have a stupid button underneath him that said "I understand the risks" and you could click it and proceed, but that option seems to have vanished, wtf..

Thanks to my suggestion, they implemented HSTS.
That tells the browser that a secure connection is required always.

That is why there is no button, you must have a secure connection.

thanks to you good sir 

[drakoin]

the same sometimes happens with google results.

searching for something here on bitcointalk with google
(because there I am allowed to search more often per time)

I sometimes get results with an IP address instead of btct

... [some trying] ...


yes, here's an example:
https://duckduckgo.com/?q=ann+altcoin+giveaway+g!

scroll down 7 hits to "flushcoin"

and click.



same procedure.

That is not an infected OS.
Is that an infected search engine?

[msc]

That is not an infected OS.
Is that an infected search engine?

Well no, that's not an attack, it's just that the search engine has indexed a URL using the IP address instead of the domain name.  If you click that link, then on the error page change https to http, it'll redirect you to the real forum.

But, without knowing the domain name, the browser can't tell if it's legit or not.  

It's actually an error on the forum's part, I think.  If you access the IP address using http, it redirects you to the domain name.  But using https, it doesn't.  Not that the forum must do a redirect, but it's nice when possible.

[groggin]

  Well, thanks OnkelPaul for mentioning the hosts file! had a look at it and sho'nuff bitcointalk was there. a simple # and it's working fine again. (so far  )
i use hostsman, and use all the available update sources, so i guess someone has our forum listed in there, incase staff wants to do something about it.
changing the dns server was not helpful
thanks again all

[bitpop]

  Well, thanks OnkelPaul for mentioning the hosts file! had a look at it and sho'nuff bitcointalk was there. a simple # and it's working fine again. (so far  )
i use hostsman, and use all the available update sources, so i guess someone has our forum listed in there, incase staff wants to do something about it.
changing the dns server was not helpful
thanks again all

Why do you use that?

[OnkelPaul]

  Well, thanks OnkelPaul for mentioning the hosts file! had a look at it and sho'nuff bitcointalk was there.

You're welcome! What address was in the host file? Although it was probably a compromised host, it might give a hint about the source of this attack.
Regarding hostsman: Don't let such tools mess around with your networking setup! A computer being used with bitcoins or other crypto stuff should have as few modifications relative to a secure baseline as possible.

Onkel Paul

[groggin]

What address was in the host file?

here's a copy-paste from it

bitcoinmegastore.com
bitcoinsgenerator.net
bitcointalk.org
bitcointipbot.com
bitcointips.net
bitdoctor.ru
bitdoctors.ru
bitdownload.biz
bitenova.nl

Why do you use that?

  i like the way it blocks many ads + unfriendly sites - another layer of protection