Re: [CentOS] Firefox Issue
On 17/09/18 21:54, Chris Olson via CentOS wrote: We have several small networks, some of which have only four systems that are usually a mix of Windows 7 and CentOS 6 and CentOS 7 machines. All of these systems are Internet connected and updated regularly when yum finds packages available. Information about one of the CentOS 6 machines is included below. This system experienced a Firefox issue. [user@computer]$ uname -a Linux computer 2.6.32-754.3.5.el6.x86_64 #1 SMP Tue Aug 14 20:46:41 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux [user@computer]$ Several weeks ago, one of the Firefox updates did something unusual. It changed the browser-stored home page to https://www.centos.org/ from the original home page file:///usr/share/doc/HTML/index.html. This original home page had been in place since 2014, and had survived all Firefox updates for a little over four years. Last week, someone left one browser running and the system went into power save mode. To wake the system up we used the standard method of a quick push of the power button on the front of the Dell tower system. Although the system seemed to be running, the monitor and mouse never came to life. We also could not ssh into the system from any other computer on the network. We decided to use a steady push on the power button to shut the system down. After powering up again, the system seemed to run normally, but the browser home page was back to file:///usr/share/doc/HTML/index.html. Has anyone else experienced such an issue with Firefox recently? I note each time there is a firefox yum update that the next time I start firefox from closed, that it brings up a tab with the centos homepage and another tab has my start page. The page on display (active tab) is the centos one next start is back to normal. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Firefox Issue
We have several small networks, some of which have only four systems that are usually a mix of Windows 7 and CentOS 6 and CentOS 7 machines. All of these systems are Internet connected and updated regularly when yum finds packages available. Information about one of the CentOS 6 machines is included below. This system experienced a Firefox issue. [user@computer]$ uname -a Linux computer 2.6.32-754.3.5.el6.x86_64 #1 SMP Tue Aug 14 20:46:41 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux [user@computer]$ Several weeks ago, one of the Firefox updates did something unusual. It changed the browser-stored home page to https://www.centos.org/ from the original home page file:///usr/share/doc/HTML/index.html. This original home page had been in place since 2014, and had survived all Firefox updates for a little over four years. Last week, someone left one browser running and the system went into power save mode. To wake the system up we used the standard method of a quick push of the power button on the front of the Dell tower system. Although the system seemed to be running, the monitor and mouse never came to life. We also could not ssh into the system from any other computer on the network. We decided to use a steady push on the power button to shut the system down. After powering up again, the system seemed to run normally, but the browser home page was back to file:///usr/share/doc/HTML/index.html. Has anyone else experienced such an issue with Firefox recently? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox Issue
Hi Paul, On Wed, 2017-01-11 at 12:43 +, Always Learning wrote: > Goeiemiddag Leonard, Heh :) . I was just thinking yesterday, "lekker ananas" :-) . > One could say the host name, 4-3-2-1-static.friendly-ip.com, is > not absolutely required in the 1.2.3.4 virtual host file. > > Not knowing whether all access attempts to the IP host name will always > be directed to the 1.2.3.4 virtual host file, I included the host name. After replying to your mail I realized that I've been using a fallback on my server for quite while now. Not a redirect to localhost, but a fallback page. The fact that all this stuff just works makes you forget the details. So I looked it up, and indeed, you do *not* need to specify the specific host name(s). I use a catch all virtual host ServerName 176.9.136.165 which catches web access to a.o. mail.ottolander.nl and kelapa.ottolander.nl (coconuts not pineapples these days ;) ) without having to specify each domain name individually. Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox Issue
On 01/09/2017 01:51 PM, m.r...@5-cent.us wrote: Always Learning wrote: On Fri, 2017-01-06 at 12:54 -0500, m.r...@5-cent.us wrote: James B. Byrne wrote: On Thu, January 5, 2017 17:23, Always Learning wrote: Cyber attacks are gradually replacing armed conflicts. Better fight with bits than blood. Yes, but... attacks on the friggin' IoT could result in lots of blood. Or, less so, what do you mean all the rail lines have been knocked out of commission for a week, and we can't get food to the eastern half of the country? Or power? Query: How did the Reds get into the Democrats computer systems ? Hope it wasn't a Redhat/Centos system but an 'open Windoze' set-up. In at least one of the several, it was a phishing attack. Though not being a professional cyber spy, still I don't see how it's possible at all to determine the source of the hack. Once someone's machine succumbs to a phish, the attacker could install something like tor which would conceal all hacker traffic with the hacked machine. Indeed, a professional could, further, set up a chain or web of such compromised machines, each connected to the other via tor to further hide the hacker's home... if that would even be necessary (?). Moreover, https://www.youtube.com/watch?v=C2jD4SF9gFE and others also provide enlightening expert details about the software allegedly used in the hack, maintaining it was a couple years old, not even the latest versions available "off the shelf" on the dark web, hardly software which would be used by a state agent. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox Issue
Goeiemiddag Leonard, > On Tue, 2017-01-10 at 12:00 +, Always Learning wrote: > > (4) The 'extra' Apache Virtual Host file contains > > > > > > Why do you add dummy.domain.com:80 here as the match is done on the > ServerName? > > > DocumentRoot /prod/web/domains/dummy/ > > ServerName 1.2.3.4 > > CustomLog > > ErrorLog ... > > HostnameLookups Off (5) IP addresses hosting multiple web sites will have a host name. That host name is unlikely to be the name of one of the hosted web sites. For example 1.2.3.4 4-3-2-1-static.friendly-ip.com Thus, if an attempt is made to connect to "a web site" with a domain name of "4-3-2-1-static.friendly-ip.com", it will not be a genuine access attempt, by a genuine web user, to a genuine web site. It is likely an access attempt to a non-hosted web site name on 1.2.3.4 will automatically be redirected by Apache to the 1.2.3.4 virtual domain. One could say the host name, 4-3-2-1-static.friendly-ip.com, is not absolutely required in the 1.2.3.4 virtual host file. Not knowing whether all access attempts to the IP host name will always be directed to the 1.2.3.4 virtual host file, I included the host name. (6) Another example is a Virtual Private Server (VPS) hosting multiple web sites and a mail server (Mail Transfer Agent = MTA) on a single IP address. The web sites could be:- sunshine-in-winter.com centos-is-wonderful.eu ilovelinux.uk ikhouvanmijbuurvrouw.nl etc. The mail server (MTA) could be:- mail3.example.com When someone attempts to access web site "mail3.example.com", having that "web site name" in the Apache virtual host file, results in the request instantly being redirected to 127.0.0.1 One can have several "web site names" in the virtual host file, in addition to the IP address. Similarly, if someone attempts to send emails to .@mail3.example.com the mail server should reject it because that "domain name" is not a genuine email address domain name for the MTA. (7) I developed an Apache error processing system. It consists of several PHP routines. It does not work for status codes of 400 or 500 (I do not know why) but it does for 403 and 404. That system, shared by all hosted web sites, examines the requested web page name and compares it to two lists, one starting with /... and the other with keywords in any position. If a match is found, the IP address is placed in a monthly table (in IPtables) and blocked (sudo command in a PHP routine). This means after the first conspicuously wrong (deliberately wrong) attempt to access a non-existent web page, the IP address is instantly blocked. I'm a self-taught Linux user who chose Centos years ago. I am glad I did. I am continually learning new things almost every day. -- Regards, Paul. England, EU. England's place is in the European Union. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox Issue
Hello Paul, On Tue, 2017-01-10 at 12:00 +, Always Learning wrote: > (4) The 'extra' Apache Virtual Host file contains > > Why do you add dummy.domain.com:80 here as the match is done on the ServerName? > DocumentRoot /prod/web/domains/dummy/ > ServerName 1.2.3.4 > CustomLog > ErrorLog ... > HostnameLookups Off Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox Issue
On Mon, 2017-01-09 at 11:06 -0600, John R. Dennison wrote: > On Mon, Jan 09, 2017 at 04:23:05PM +, Always Learning wrote: > > > > Agreed. One of my Apache defences is to redirect probes/hacks to > > 127.0.0.1 :-) > > Would you be willing to share this rewrite rule with the list, please? > Some may find it useful. Thank you. (1) Hosting several web sites on a single IPv4 address. (2) Create Apache Virtual Hosts for each web site plus one extra. (3) Assuming the IP address is 1.2.3.4 and that IP address has a host name of dummy.domain.com *and* no web site is hosted with the name dummy.domain.com (4) The 'extra' Apache Virtual Host file contains DocumentRoot /prod/web/domains/dummy/ ServerName 1.2.3.4 CustomLog ErrorLog ... HostnameLookups Off Header set Access-Control-Allow-Methods "GET" Order Deny,Allow Allow from all RedirectMatch permanent ^/(.*)$ http://127.0.0.1/ (5) Any attempt to access:- * using the IP address as a web site host name, or * the host name of the IP address as a web site host name, is diverted to 127.0.0.1 -- Regards, Paul. England, EU. England's place is in the European Union. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox Issue
Always Learning wrote: > On Fri, 2017-01-06 at 12:54 -0500, m.r...@5-cent.us wrote: >> James B. Byrne wrote: >> > On Thu, January 5, 2017 17:23, Always Learning wrote: >> >> >> >> Cyber attacks are gradually replacing armed conflicts. >> > >> > Better fight with bits than blood. >> >> Yes, but... attacks on the friggin' IoT could result in lots of blood. Or, less so, what do you mean all the rail lines have been knocked out of commission for a week, and we can't get food to the eastern half of the country? Or power? > Query: How did the Reds get into the Democrats computer systems ? Hope it wasn't a Redhat/Centos system but an 'open Windoze' set-up. In at least one of the several, it was a phishing attack. In another case, someone responded slowly to a query... and had a typo saying the *reverse* of what they meant to say. mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox Issue
> -Original Message- > From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Valeri > Galtsev > Sent: Monday, January 09, 2017 12:26 PM > To: CentOS mailing list <centos@centos.org> > Subject: Re: [CentOS] Firefox Issue > > One large list that cut the number of attacks was > > blocking ALL Amazon AWS services. That reduced attacks by at least half. > > Clousflare would be another one worth mentioning. They are much nastier, > BTW, IMHO: > > https://wordtothewise.com/2012/07/cloudflare-and-spamhaus/ Yeah, thanks, I added them too. -- My computer was sold to me by Mad Man Muntz. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox Issue
On Mon, January 9, 2017 11:16 am, Albert McCann wrote: >> -Original Message- >> From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Always >> Learning >> Sent: Monday, January 09, 2017 11:23 AM >> To: Centos <centos@centos.org> >> Subject: Re: [CentOS] Firefox Issue > >> > On Thu, January 5, 2017 17:23, Always Learning wrote: >> > > >> > > >> > > Cyber attacks are gradually replacing armed conflicts. > >> > Better fight with bits than blood. >> >> Agreed. One of my Apache defenses is to redirect probes/hacks to >> 127.0.0.1 :-) > > I'm redirecting some things to www.fbi.gov as well as 127.0.0.1 here, > plus using mod_geoip, ipset, and the mother of all network level > blacklists in ipset. One large list that cut the number of attacks was > blocking ALL Amazon AWS services. That reduced attacks by at least half. Clousflare would be another one worth mentioning. They are much nastier, BTW, IMHO: https://wordtothewise.com/2012/07/cloudflare-and-spamhaus/ Valeri > > -- > Cinderella works for the CIA. > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox Issue
> -Original Message- > From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Always > Learning > Sent: Monday, January 09, 2017 11:23 AM > To: Centos <centos@centos.org> > Subject: Re: [CentOS] Firefox Issue > > On Thu, January 5, 2017 17:23, Always Learning wrote: > > > > > > > > > Cyber attacks are gradually replacing armed conflicts. > > Better fight with bits than blood. > > Agreed. One of my Apache defenses is to redirect probes/hacks to > 127.0.0.1 :-) I'm redirecting some things to www.fbi.gov as well as 127.0.0.1 here, plus using mod_geoip, ipset, and the mother of all network level blacklists in ipset. One large list that cut the number of attacks was blocking ALL Amazon AWS services. That reduced attacks by at least half. -- Cinderella works for the CIA. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox Issue
On Mon, Jan 09, 2017 at 04:23:05PM +, Always Learning wrote: > > Agreed. One of my Apache defences is to redirect probes/hacks to > 127.0.0.1 :-) Would you be willing to share this rewrite rule with the list, please? Some may find it useful. Thank you. John -- It's a hurtful place, the world, in and of itself. We don't need to add to it. And we're in a place now where we all need one another, and it's going to get rougher. -- Prince Rogers Nelson (7 June 1958 - 21 April 2016), funk/rock/pop/R singer, songwriter, and actor, Tavis Smiley Show, PBS (27 April 2009) signature.asc Description: PGP signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox Issue
On 1/9/2017 8:33 AM, Always Learning wrote: Query: How did the Reds get into the Democrats computer systems ? Hope it wasn't a Redhat/Centos system but an 'open Windoze' set-up. primary attack was cracking a too easy password on Podesta's webmail account, quite probably via phishing/human engineering. doesn't matter what the OS is. -- john r pierce, recycling bits in santa cruz ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox Issue
On Mon, Jan 09, 2017 at 04:33:01PM +, Always Learning wrote: > recognise vulnerabilities and how to block them; too many self-declared > "komputar xperts" haven't a clue about robust security. Thank you SO very much for this. I am still laughing at the irony after 5 whole minutes. This made my entire Monday. John >-- Pessimists just can't win: the damned glass is half full of air. -- Logos01, #rhel signature.asc Description: PGP signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox Issue
On Fri, 2017-01-06 at 12:54 -0500, m.r...@5-cent.us wrote: > James B. Byrne wrote: > > > > On Thu, January 5, 2017 17:23, Always Learning wrote: > >> > >> Cyber attacks are gradually replacing armed conflicts. > > > > Better fight with bits than blood. > > Yes, but... attacks on the friggin' IoT could result in lots of blood. Or, > less so, what do you mean all the rail lines have been knocked out of > commission for a week, and we can't get food to the eastern half of the > country? Or power? (1) For national infrastructures, a "parallel" Internet-type communications network, totally isolated from the real Internet. (2) Governments should educate their country's computer people to recognise vulnerabilities and how to block them; too many self-declared "komputar xperts" haven't a clue about robust security. Query: How did the Reds get into the Democrats computer systems ? Hope it wasn't a Redhat/Centos system but an 'open Windoze' set-up. -- Regards, Paul. England, EU. England's place is in the European Union. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox Issue
On Fri, 2017-01-06 at 11:08 -0500, James B. Byrne wrote: > On Thu, January 5, 2017 17:23, Always Learning wrote: > > > > > > Cyber attacks are gradually replacing armed conflicts. > > > > Better fight with bits than blood. Agreed. One of my Apache defences is to redirect probes/hacks to 127.0.0.1 :-) Another is to use sudo to block their IPs. -- Regards, Paul. England, EU. England's place is in the European Union. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox Issue
James B. Byrne wrote: > > On Thu, January 5, 2017 17:23, Always Learning wrote: >> >> Cyber attacks are gradually replacing armed conflicts. > > Better fight with bits than blood. Yes, but... attacks on the friggin' IoT could result in lots of blood. Or, less so, what do you mean all the rail lines have been knocked out of commission for a week, and we can't get food to the eastern half of the country? Or power? mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox Issue
On Thu, January 5, 2017 17:23, Always Learning wrote: > > > Cyber attacks are gradually replacing armed conflicts. > Better fight with bits than blood. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox Issue
On Thu, Jan 05, 2017 at 10:23:18PM +, Always Learning wrote: > [...] The > only method of preventing it compromising a site is to test the > acceptable maximum length of the parameter (in this example '12345') and > if exceeded block the IP address in iptables. I'm honestly interested in what you mean by this. -- Jonathan Billings___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox Issue
On 1/5/2017 2:23 PM, Always Learning wrote: SQL injection attempts, made by suffixing usually very long strings of SQL coding to valid parameters such as domain.com/info.php?=12345, has been popular with the Russians for at least the last few years. SQL Injection is a server side issue, not a browser issue. The only method of preventing it compromising a site is to test the acceptable maximum length of the parameter (in this example '12345') and if exceeded block the IP address in iptables. no, the proper method of preventing it is not checking the length of the parameter, rather, its ensuring you don't construct SQL queries out of arbitrary URL input without proper parameter substitution techniques such as passing parameters by value rather than string substitution, or using the appropriate string escaping techniques for your database API.. -- john r pierce, recycling bits in santa cruz ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox Issue
On Wed, 2017-01-04 at 21:33 +, Chris Olson wrote: > .. A Firefox browser on one system . > Instead, a site located at the link https://gaibacoupontec.com > was displayed with a message indicating that there was an urgent > Firefox update required. Firefox, like other web browsers, usually displays text in HTML mode. Seeing a "link" for https://gaibacoupontec.com does not guarantee the hidden 'A HREF' code is actually for that site. > Is it possible that a new Firefox flaw has been detected and is > being exploited for malicious purposes? Yes. Alertness and improving security are continuous tasks. SQL injection attempts, made by suffixing usually very long strings of SQL coding to valid parameters such as domain.com/info.php?=12345, has been popular with the Russians for at least the last few years. The only method of preventing it compromising a site is to test the acceptable maximum length of the parameter (in this example '12345') and if exceeded block the IP address in iptables. Cyber attacks are gradually replacing armed conflicts. -- Regards, Paul. England, EU. England's place is in the European Union. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox Issue
Maybe is was an ad redirect. I get this a lot on my phone where people are putting malicious js in ads that redirects me to advertisements for rock hard erections whilst I'm reading articles. Its very noisome! On 4 January 2017 at 22:33, Chris Olsonwrote: > Everyone is back at work and starting to use computers on our > smallest network which has Internet access through a rather old > Linksys router. Two systems were left on and screen-locked over > the extra long weekend. There does not appear to have been any > Internet access interruption in our absence. > > A Firefox browser on one system was left pointing to a commonly > used web site: https://www.yahoo.com/. This Yahoo web page was > not displayed when the user unlocked the screen and brought up > the browser from the task bar. > > Instead, a site located at the link https://gaibacoupontec.com > was displayed with a message indicating that there was an urgent > Firefox update required. There was a button to download and to > install the update. I killed the Firefox browser rather than > getting rid of it with the X in the upper right hand corner. > > This event has the aroma of an unwanted cyber intrusion, which > is why I killed the browser. I have also copied and stored the > full URL displayed in the browser, but have only included the > first part "https://gaibacoupontec.com; here so as not to tempt > anyone to risk access. > > Is it possible that a new Firefox flaw has been detected and is > being exploited for malicious purposes? > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox Issue
> Instead, a site located at the link https://gaibacoupontec.com > was displayed with a message indicating that there was an urgent > Firefox update required. Have you checked the user's Firefox profile for any unusual extensions? That would be my first suspicion. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Firefox Issue
Everyone is back at work and starting to use computers on our smallest network which has Internet access through a rather old Linksys router. Two systems were left on and screen-locked over the extra long weekend. There does not appear to have been any Internet access interruption in our absence. A Firefox browser on one system was left pointing to a commonly used web site: https://www.yahoo.com/. This Yahoo web page was not displayed when the user unlocked the screen and brought up the browser from the task bar. Instead, a site located at the link https://gaibacoupontec.com was displayed with a message indicating that there was an urgent Firefox update required. There was a button to download and to install the update. I killed the Firefox browser rather than getting rid of it with the X in the upper right hand corner. This event has the aroma of an unwanted cyber intrusion, which is why I killed the browser. I have also copied and stored the full URL displayed in the browser, but have only included the first part "https://gaibacoupontec.com; here so as not to tempt anyone to risk access. Is it possible that a new Firefox flaw has been detected and is being exploited for malicious purposes? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos