[SOLVED] what did my browser eat? | Bitcointalksearch.org

groggin

legendary

Activity: 1894

Merit: 1001

Quote from: OnkelPaul

What address was in the host file?

here's a copy-paste from it

bitcoinmegastore.com
bitcoinsgenerator.net
bitcointalk.org
bitcointipbot.com
bitcointips.net
bitdoctor.ru
bitdoctors.ru
bitdownload.biz
bitenova.nl

Quote from: bitpop

Why do you use that?

i like the way it blocks many ads + unfriendly sites - another layer of protection

OnkelPaul

legendary

Activity: 1039

Merit: 1005

Quote from: groggin on February 04, 2014, 12:12:23 PM

Well, thanks OnkelPaul for mentioning the hosts file! had a look at it and sho'nuff bitcointalk was there.

You're welcome! What address was in the host file? Although it was probably a compromised host, it might give a hint about the source of this attack.
Regarding hostsman: Don't let such tools mess around with your networking setup! A computer being used with bitcoins or other crypto stuff should have as few modifications relative to a secure baseline as possible.

Onkel Paul

bitpop

legendary

Activity: 2912

Merit: 1060

Quote from: groggin on February 04, 2014, 12:12:23 PM

Well, thanks OnkelPaul for mentioning the hosts file! had a look at it and sho'nuff bitcointalk was there. a simple # and it's working fine again. (so far Roll Eyes

)
i use hostsman, and use all the available update sources, so i guess someone has our forum listed in there, incase staff wants to do something about it.
changing the dns server was not helpful
thanks again all

Why do you use that?

groggin

legendary

Activity: 1894

Merit: 1001

Well, thanks OnkelPaul for mentioning the hosts file! had a look at it and sho'nuff bitcointalk was there. a simple # and it's working fine again. (so far Roll Eyes

)
i use hostsman, and use all the available update sources, so i guess someone has our forum listed in there, incase staff wants to do something about it.
changing the dns server was not helpful
thanks again all

msc

sr. member

Activity: 284

Merit: 250

Quote from: drakoin on January 27, 2014, 03:18:51 PM

That is not an infected OS.
Is that an infected search engine?

Well no, that's not an attack, it's just that the search engine has indexed a URL using the IP address instead of the domain name. If you click that link, then on the error page change https to http, it'll redirect you to the real forum.

But, without knowing the domain name, the browser can't tell if it's legit or not.

It's actually an error on the forum's part, I think. If you access the IP address using http, it redirects you to the domain name. But using https, it doesn't. Not that the forum must do a redirect, but it's nice when possible.

drakoin

hero member

Activity: 826

Merit: 1000

see my profile

the same sometimes happens with google results.

searching for something here on bitcointalk with google
(because there I am allowed to search more often per time)

I sometimes get results with an IP address instead of btct

... [some trying] ...

yes, here's an example:
https://duckduckgo.com/?q=ann+altcoin+giveaway+g!

scroll down 7 hits to "flushcoin"

and click.

same procedure.

That is not an infected OS.
Is that an infected search engine?

groggin

legendary

Activity: 1894

Merit: 1001

Quote from: rme on January 27, 2014, 10:58:49 AM

Quote from: groggin on January 26, 2014, 04:13:29 PM

he used to have a stupid button underneath him that said "I understand the risks" and you could click it and proceed, but that option seems to have vanished, wtf..

Thanks to my suggestion, they implemented HSTS.
That tells the browser that a secure connection is required always.

That is why there is no button, you must have a secure connection.

thanks to you good sir

rme

hero member

Activity: 756

Merit: 504

Quote from: groggin on January 26, 2014, 04:13:29 PM

he used to have a stupid button underneath him that said "I understand the risks" and you could click it and proceed, but that option seems to have vanished, wtf..

Thanks to my suggestion, they implemented HSTS.
That tells the browser that a secure connection is required always.

That is why there is no button, you must have a secure connection.

groggin

legendary

Activity: 1894

Merit: 1001

thanks for the responses, i'm glad to say i use mostly linuxmint! i'll try changing the dns server next reboot, (it'll prolly not stay changed tho, i think) then maybe scan from win xp ...

tho most likely i'll end up reformatting, then repairing grub. glad i keep my OS partitions small, and data elsewhere

thanks again!

bitpop

legendary

Activity: 2912

Merit: 1060

Lol look at the domain in the page

OnkelPaul

legendary

Activity: 1039

Merit: 1005

You should certainly not enter your bitcointalk password on that site. It's a man-in-the-middle attack, and any passwords you enter there will be used by hackers.

One can only guess what's been compromised on your win7 installation - probably the hosts file or some DNS settings. In any case, you should not use this windows system for anything moderately valuable before you've found and removed all compromised files.
(which probably means it's safest to do a complete reinstall)

Onkel Paul

U1TRA_L0RD

full member

Activity: 126

Merit: 100

CAUTION: Angry Man with Attitude.

Quote from: bitpop on January 27, 2014, 03:03:21 AM

Wipe hdd immediately

lol, Without backing up bitcoin wallets? Cheesy

What is it anyway, I sometimes get those too. Shocked

bitpop

legendary

Activity: 2912

Merit: 1060

Wipe hdd immediately

msc

sr. member

Activity: 284

Merit: 250

Quote from: groggin on January 26, 2014, 04:13:29 PM

he used to have a stupid button underneath him that said "I understand the risks" and you could click it and proceed, but that option seems to have vanished, wtf..

I noticed that on Firefox a while back, but you don't want to proceed in this case. You've got a DNS problem or malware.

Kenshin

sr. member

Activity: 280

Merit: 250

Quote from: tanalith on January 26, 2014, 04:58:27 PM

I think there maybe some cache poisoning going around, try to use the google dns servers and see if you still get a certificate for an unregistered domain...

BTW, that is 8.8.8.8 and 8.8.4.4

tanalith

newbie

Activity: 36

Merit: 0

I think there maybe some cache poisoning going around, try to use the google dns servers and see if you still get a certificate for an unregistered domain...

groggin

legendary

Activity: 1894

Merit: 1001

something not very good, i fear - where did that stupid cop come from anyway? (scroll down please)

he used to have a stupid button underneath him that said "I understand the risks" and you could click it and proceed, but that option seems to have vanished, wtf..

is it a b.h.o.? malware? idk but its gotta go, it's in firefox and chrome on my tower pc running win7 (multi-boot w/linuxmint and win xp, the problem only exists in win 7)
recently, i've just been uninstalling and re-installing browsers, gets me around for a day or two, but it creeps back in somehow, can anyone help? thanks!

Topic: [SOLVED] what did my browser eat? (Read 839 times)