PDA

View Full Version : [SOLVED] I thought Linux was immune to this junk



4Orbs
May 13th, 2010, 11:20 PM
Just did a new install of Ubuntu 10.04 on my daughter's Macbook Pro. Opened Firefox and used the searchbar to look for something, and when the google results page loaded... I clicked on the first result and was immediately redirected to a garbage webpage selling shoes... not at all the page that I was supposed to go to.

Now this is a new install of Ubuntu on a newly created partition. Also this was the very first time to use the search bar in firefox. Also the only pages I had visited prior to using the search bar were these ubuntu forums and yahoo.com

I thought Linux was immune to this sort of attack. I have searched for ways to clean this out of the computer. I get lots of results from the search engines but whenever I click on a link the only thing that happens is I get redirected to another garbage webpage. Please help.

doorknob60
May 13th, 2010, 11:21 PM
Probably not an issue with your computer then, somethings screwed up in your network. Do you have wireless? Is it secured? With WEP or WPA?

4Orbs
May 13th, 2010, 11:27 PM
I installed Ubuntu while connected by wire to the router. This problem first happened while still using the wired connection. I'm now connected with wireless and WPA... google search results still just get redirected to junk... same thing regardless of search engine used

lisati
May 13th, 2010, 11:29 PM
It might be worth clearing your cache and installing something like "adblock"

oldsoundguy
May 13th, 2010, 11:35 PM
Ad Block Plus and Script Blocker will help with your BROWSER problem. Linux has nothing to do with it, and the sooner people realize that the better. IF you are having browser issues, they are browser issues and not operating system issues. The crap you encounter on line may be aggravating, but there is nothing the operating system can do about it EXCEPT keep the crud from GETTING INSTALLED with a single click. Which is the big difference between Windows and other operating systems.

4Orbs
May 13th, 2010, 11:37 PM
I had already installed Adblock Plus, NoScript and only visited two webpages before using the searchbar. I've since cleared the cache and removed all cookies, browsing history, etc. Still the same lousy results.

EDIT: Correction. NoScript had not been installed yet.

oldsoundguy
May 13th, 2010, 11:42 PM
Then. most likely, the re-direct is ON the site you are visiting and there will be NOTHING you can do about it but wait for the administrator of the site to realize that they have been hacked!

BUT .. install World Of Trust to Firefox .. then when you do ANY search, if the page is not to be trusted, it will halt your entrance to the page unless you grant permission.

sydbat
May 13th, 2010, 11:42 PM
You say it is on a Macbook Pro? Is it a dual boot? If so, are you somehow using a shared browser profile?

I would delete the Firefox profile and let it rebuild. Obviously there is some file in there that is compromised.

EssexEagle
May 13th, 2010, 11:46 PM
Just did a new install of Ubuntu 10.04 on my daughter's Macbook Pro. Opened Firefox and used the searchbar to look for something, and when the google results page loaded... I clicked on the first result and was immediately redirected to a garbage webpage selling shoes... not at all the page that I was supposed to go to.

Now this is a new install of Ubuntu on a newly created partition. Also this was the very first time to use the search bar in firefox. Also the only pages I had visited prior to using the search bar were these ubuntu forums and yahoo.com

I thought Linux was immune to this sort of attack. I have searched for ways to clean this out of the computer. I get lots of results from the search engines but whenever I click on a link the only thing that happens is I get redirected to another garbage webpage. Please help.

Are you sure you're not just trying to look at a page which itself automatically redirects? Have you tried clicking on different search results or searching for different things, to see if the problem exists for all sites?

Edit: oldsoundguy kinda beat me to it...

4Orbs
May 14th, 2010, 12:02 AM
oldsoundguy, I appreciate your scolding me... I'm not criticizing Linux, I'm just completely baffled that this happened to me. I've been using various Linux distros for three years now and never had anything like this occur before.

To clarify things. Ubuntu 10.04 is installed on an older Macbook Pro that has had the hdd wiped and reformatted. It is now dual-booting Windows XP Pro and Ubuntu. Using broadband connecting through a Netgear wired/wireless router to the broadband dsl modem. Only other computer on the router is my 8 year old desktop which currently is dual-booting Win XP and Xubuntu 10.04

Old *ix Geek
May 14th, 2010, 12:03 AM
How about trying these simple tests?

1) Try using a different browser.

2) Try searching directly from a search engine's site instead of a browser's search box.

3) Give us some search terms you've used, results they produced, and where you ended up when clicking on them so we can try them, too.

4Orbs
May 14th, 2010, 12:17 AM
OK. Just opened Opera browser for the first time. Went to the yahoo home page and entered this into the yahoo search bar "google search results redirect to ads". Got hundreds of results... clicked on the second result on the first pagefull. Immediately was redirected to a searchclick7.com garbage site.

Now I'm not very computer saavy, but seeing as how this was the very first thing I've attempted on a newly installed Opera, and I'm not sharing a profile (I think not, anyway)... the only two possibilities are that it's some sort of virus passing through the router or something in the flash or java plugin that IS shared with firefox.

EssexEagle
May 14th, 2010, 12:21 AM
OK. Just opened Opera browser for the first time. Went to the yahoo home page and entered this into the yahoo search bar "google search results redirect to ads". Got hundreds of results... clicked on the second result on the first pagefull. Immediately was redirected to a searchclick7.com garbage site.

Now I'm not very computer saavy, but seeing as how this was the very first thing I've attempted on a newly installed Opera, and I'm not sharing a profile (I think not, anyway)... the only two possibilities are that it's some sort of virus passing through the router or something in the flash or java plugin that IS shared with firefox.

So to clarify, this happens no matter what search results you're trying to go to? So if you searched "ubuntu forums" and tried to follow the first result here, you still get the problem? And this happens for all search engines? What if you try following links from other websites (not search engines)? e.g. if you click this link here: http://ubuntuforums.org

I am outlaw
May 14th, 2010, 12:22 AM
I would definitely check out your router, try power cycling it. Then double check any settings.

nerdy_kid
May 14th, 2010, 12:23 AM
does the issue occur with the windows xp you have installed?

4Orbs
May 14th, 2010, 12:26 AM
Scroogle.org search results work as expected. Ubuntu forums search works as expected. Google.com and yahoo search results do not work correctly.

EDIT: Same results on the Win XP. Now I know where the problem originated.

Legendary_Bibo
May 14th, 2010, 12:27 AM
Do you pay for your own internet?

Old_Grey_Wolf
May 14th, 2010, 12:30 AM
Does this happen on both of your computers?

What ISP do you have?

4Orbs
May 14th, 2010, 12:32 AM
Do ISP's pull this sort of dirty trick?

EDIT: Yes, I pay dearly for an att broadband dsl connection.

Rasa1111
May 14th, 2010, 12:34 AM
Scroogle.org search results work as expected. Ubuntu forums search works as expected. Google.com and yahoo search results do not work correctly.

EDIT: Same results on the Win XP. Now I know where the problem originated.

Indeed.

Though I cant quite figure out why whatever it is, is switching over and still happening in Ubuntu.. :confused:

new to me....

Old_Grey_Wolf
May 14th, 2010, 12:35 AM
Do ISP's pull this sort of dirty trick?

Read this http://www.dslreports.com/shownews/Another-ISP-Caught-Hijacking-Firefox-Toolbar-Results-108155?nocomment=1.

MCVenom
May 14th, 2010, 12:35 AM
I would definitely check out your router, try power cycling it. Then double check any settings.
+1. Router viruses are rare I should think, but they happen. Simply turning the router off and then on again should get rid of any such virus, luckily. So do that and see if you're still having issues.

CharlesA
May 14th, 2010, 12:39 AM
If you want to rule out the computer, boot off a livecd and see if the same thing happens.

Sounds like a DNS redirect or some such thing. I know Cox does that when it doesn't understand what you are looking for.

nerdy_kid
May 14th, 2010, 12:52 AM
+1. Router viruses are rare I should think, but they happen. Simply turning the router off and then on again should get rid of any such virus, luckily. So do that and see if you're still having issues.

ow didnt know routers _could_ get viruses. is to be expected i guess. There actually should be a reset button in the back, thats what you need to hit. press and hold for around 30secs should do the trick, but it depends on the model. good luck :)

dominiquec
May 14th, 2010, 12:54 AM
Like CharlesA, I also suspect a DNS problem.

Check the contents of /etc/resolv.conf and verify the IP addresses there. It may be pointing someplace dodgy.

At home, I set my router to use the Google public DNS servers (8.8.8.8 and 8.8.4.4) I know, I know, privacy issues, and whatnot but I find them more trustworthy and reliable than other services.

4Orbs
May 14th, 2010, 01:13 AM
OK. I restarted the router and modem. Then ran the Ubuntu live cd on my old desktop. Search results using firefox on the live cd still redirect me to the searchclick7.com garbage sites. I presume this means my ISP (at&t who contracts out locally to whitehorse communications) is hijacking my google and yahoo search results. Is it normal for the master (at&t in this case) to accept the servant (whitehorse comm. in this case) hijacking it's customers for whatever meager profit they might reap?

EDIT: Thank you all for your help and replies. I now have a deeper understanding of the internet and human nature. More jerks in the world than you can shake a stick at.

CharlesA
May 14th, 2010, 01:57 AM
That sucks big time. You can probably set your router to assign a different DNS server when it gives out DHCP leases to get around the problem.

MooPi
May 14th, 2010, 01:59 AM
How about a link to the site you were visiting. Could it be the site that is the issue and not your browser ?

4Orbs
May 14th, 2010, 02:36 AM
I think, because this happens even when using the live cd, that it is obviously a case of my internet provider hijacking my google and yahoo search results and sending me to bogus websites that pay my ISP a fraction of a penny every time I am redirected to those sites. This sort of profiteering is going to cost at&t the loss of one long-time customer (me). I'm sure they don't really care about losing me as a customer, so as a parting shot: "Dear AT&T Broadband, please, EAT MY SHORTS."

MCVenom
May 14th, 2010, 02:44 AM
I think, because this happens even when using the live cd, that it is obviously a case of my internet provider hijacking my google and yahoo search results and sending me to bogus websites that pay my ISP a fraction of a penny every time I am redirected to those sites. This sort of profiteering is going to cost at&t the loss of one long-time customer (me). I'm sure they don't really care about losing me as a customer, so as a parting shot: "Dear AT&T Broadband, please, EAT MY SHORTS."
Hehheh.... If you didn't believe in or know about the issue of net neutrality before, now's a pretty good time to start. :lolflag:

Barring politics... just to make absolutely sure your ISP is doing this, do you have another computer or wi-fi capable media device (ie: iTouch, MotoDroid, etc) that you could connect to the network in question and see if the same occurs on any of them?

Paqman
May 14th, 2010, 02:46 AM
I think, because this happens even when using the live cd, that it is obviously a case of my internet provider hijacking my google and yahoo search results and sending me to bogus websites that pay my ISP a fraction of a penny every time I am redirected to those sites. This sort of profiteering is going to cost at&t the loss of one long-time customer (me). I'm sure they don't really care about losing me as a customer, so as a parting shot: "Dear AT&T Broadband, please, EAT MY SHORTS."

In the meantime, you can stop using their DNS. Either switch to Google as mentioned above, or OpenDNS. I can vouch for the latter. Switching your DNS should solve the issue immediately.

CharlesA
May 14th, 2010, 03:01 AM
In the meantime, you can stop using their DNS. Either switch to Google as mentioned above, or OpenDNS. I can vouch for the latter. Switching your DNS should solve the issue immediately.

I use Google's DNS servers and it seems to be a bit faster then my ISP's DNS.

4Orbs
May 14th, 2010, 03:06 AM
This seems like something I should try. But I don't have a clue as to how. Could you point me to some instructions on how to accomplish changing the DNS (remember, I can't search for this).

k3lt01
May 14th, 2010, 05:05 AM
For another layer of defence you could modify your HOSTS file to block junk like this.

I'm in a rush atm so if you haven't already found out how to do this I'll post when I get back home.

HermanAB
May 14th, 2010, 05:34 AM
DNS is set in /etc/resolv.conf, but if you use DHCP then it will be overwritten when you reconnect to the network.

Paqman
May 14th, 2010, 05:53 AM
This seems like something I should try. But I don't have a clue as to how. Could you point me to some instructions on how to accomplish changing the DNS (remember, I can't search for this).

You need to change the settings in your router. Open a browser and go to your router's control panel, which will be at something like 192.168.1.1, 192.168.0.1, or something similar (it depends on your model of router).

Punch in your password (which should absolutley NOT still be the default one!) and find the item in the menus that deals with DNS (aka name servers). Change the name servers from your ISP's ones to the new ones and you're done!

If you tell us what model of router you have we can provide more specific instructions.

4Orbs
May 14th, 2010, 06:32 AM
I have some previous experience on my router control panel. The things I am unsure about ore these: My router and dsl modem are separate devices, so do I need to change dns on both? Do I first need to set up an account with OpenDNS or Google to acquire a DNS from them? At least two times in the past I have had to contact at&t support to have them reset my account; will having a different DNS server cause any conflict with my ISP?

I apologize for being so clueless, but in the eight years I've had a computer... I have almost never had to deal with any sort of problem connecting to the internet or messing with modem and router settings.

EDIT: I should probably mention this; the problem only started a few days ago when I added the router to my setup so that my kids could connect with their wireless PS3 and laptops. Previously I had been using only my computer connected directly to the modem. The router has been connected and disconnected from my setup numerous times during the past three years (no problems until now).

4Orbs
May 14th, 2010, 08:28 AM
I'm eating humble pie here. Guess I owe an apology to AT&T Broadband.

After trying numerous dances to try and rid myself of the "Google Search Results redirect me to bogus websites" problem... including deleting the .mozilla folder and re-installing Firefox to no avail... I decided to just remove the router and plug directly into the broadband modem. The redirect problem immediately disappeared. So I guess the router was infected with a trojan or something. I was always under the impression that this couldn't happen because routers are firmware... I learned something new and important today. Thank you all for your generous assisstance.

Doug11
May 14th, 2010, 09:40 AM
I'm eating humble pie here. Guess I owe an apology to AT&T Broadband.

After trying numerous dances to try and rid myself of the "Google Search Results redirect me to bogus websites" problem... including deleting the .mozilla folder and re-installing Firefox to no avail... I decided to just remove the router and plug directly into the broadband modem. The redirect problem immediately disappeared. So I guess the router was infected with a trojan or something. I was always under the impression that this couldn't happen because routers are firmware... I learned something new and important today. Thank you all for your generous assisstance.

Depending on your router make, you can check their website and see if there are any software updates for it. This may or may not make a difference.

4Orbs
May 14th, 2010, 09:50 AM
I had already updated the router to the latest as of last week. Considering how inexpensive this thing was ($35.00), it seems prudent to just buy a new router and keep this one for last-resort usage. This one doesn't have a reset button, so I'm not sure if it can be set back to new condition... it probably can if I were willing to hook it up again and dig through the control panel. A new router sounds more logical and safer to me. Thanks for the reply.

alphacrucis2
May 14th, 2010, 10:07 AM
I had already updated the router to the latest as of last week. Considering how inexpensive this thing was ($35.00), it seems prudent to just buy a new router and keep this one for last-resort usage. This one doesn't have a reset button, so I'm not sure if it can be set back to new condition... it probably can if I were willing to hook it up again and dig through the control panel. A new router sounds more logical and safer to me. Thanks for the reply.

Before you hook these devices up to the internet make sure you change the factory default admin password to a strong password. Leaving it unchanged is asking for trouble.

CharlesA
May 14th, 2010, 02:52 PM
Before you hook these devices up to the internet make sure you change the factory default admin password to a strong password. Leaving it unchanged is asking for trouble.

Indeed. Most routers don't have any wireless security set by default either. Could be that someone got in and changed the DNS servers on the router.

eltonw
May 14th, 2010, 03:27 PM
Just did a new install of Ubuntu 10.04 on my daughter's Macbook Pro. Opened Firefox and used the searchbar to look for something, and when the google results page loaded... I clicked on the first result and was immediately redirected to a garbage webpage selling shoes... not at all the page that I was supposed to go to.

Now this is a new install of Ubuntu on a newly created partition. Also this was the very first time to use the search bar in firefox. Also the only pages I had visited prior to using the search bar were these ubuntu forums and yahoo.com

I thought Linux was immune to this sort of attack. I have searched for ways to clean this out of the computer. I get lots of results from the search engines but whenever I click on a link the only thing that happens is I get redirected to another garbage webpage. Please help.

It's not the OS (linux) but your security configurations in your browser. I strongly recommend that you DISABLE 'allow / accept cookies from third parties' AND get the following most invaluable extensions for Firefox: 1) AdBlock and 2) WOT (Web of Trust).
IMVHO, running a browser without WOT installed would be like speeding on an interstate without seatbelts and doors on your car! ... dangerous, to say the least.

respectfully...

s3a
May 15th, 2010, 04:52 PM
Use scroogle, it keeps you anonymous (assuming that actually is the problem).


I think, because this happens even when using the live cd, that it is obviously a case of my internet provider hijacking my google and yahoo search results and sending me to bogus websites that pay my ISP a fraction of a penny every time I am redirected to those sites. This sort of profiteering is going to cost at&t the loss of one long-time customer (me). I'm sure they don't really care about losing me as a customer, so as a parting shot: "Dear AT&T Broadband, please, EAT MY SHORTS."