[SOLVED] Spyware in my Ubuntu Firefox?
Abstract: This problem has been solved. Thanks, everyone! As it turns out, this wasn't really an Ubuntu problem, but a DNS server one, and it had something to do with meridiantelekoms.com. The problem was solved by using OpenDNS.
Hello, everyone! I'm new here, hope I'm not breaking any forum rules by posting about my problem right after signing up. Anyway. Thank you in advance for your replies. :)
I didn't think it was possible, but I might have spyware on my Firefox - when I'm running it on Ubuntu, that is. Pages take too long to load, and when they do, one of the following happens:
- Most common scenario - I'm redirected to this plain search page with floating keywords (screenshots here and here).
- Less often - I get a page loading error (page timed out, connection interrupted, network unavailable, etc).
- Rare, except with Google and Yahoo and other "major" pages - The page loads normally.
- Rare, never happened with Google or Yahoo - The page loads normally, except that its favicon is different. The favicon looks like this.
My unit is on dual-boot with Ubuntu Hardy and Windows XP. I thought there was a problem with XP that somehow found its way to my Ubuntu, but...is that even possible?
I first noticed this problem today while I was still using Firefox on Gutsy. So I upgraded to Hardy, reformatted the primary partition. (Not the swap one, though. Only the swap exists in a different partition; I keep everything Linux in one partition, though I admit that can be bad practice.) The problem didn't disappear with the upgrade.
I also tried installing and reinstalling Firefox; tried to browse in safe-mode. I haven't installed toolbars/any add-on in my Firefox Gutsy yet, and back when I was still using Gutsy I only had Screengrab and Flashblock. I avoid installing toolbars as a rule. I empty my private data every few minutes. Nothing works, I still get redirected to that darned page. I'm now posting this topic using Windows XP, as I couldn't properly browse the forums with Ubuntu Firefox.
What should I do?
Re: Spyware in my Ubuntu Firefox?
Welcome to the wonderful world of Ubuntu.
You could try using the No Script plug-in for firefox which will only allow JavaScript and Java from any domains that you allow. It will stop most spyware from loading and gives you control over what loads. Go to Tools - Add-ons - Browse all Add-ons and you can get it from there. You'll be surprised how many websites seem to want your personal browsing information.
Re: Spyware in my Ubuntu Firefox?
Things to verify:
1. Under XP bring up a command prompt and do ipconfig /all and note the dns and gateway settings. Are you behind a router or not?
2. Under Ubuntu go to System > Administration > Network and ensure that you have the same dns and gateway a in XP.
3. Under Ubuntu you can also try opendns, there are open dns servers that provide additional security if needed. These servers are most often free and just require minimal registration and can be used in either XP or Ubuntu.
Please in your next reply include the ipconfig results and Bring up a terminal window and do a netstat -r, please post results for this also.
Hope this helps.
Re: Spyware in my Ubuntu Firefox?
What extensions do you have installed?
Re: Spyware in my Ubuntu Firefox?
Quote:
Originally Posted by
Kevbert
You could try using the No Script plug-in for firefox which will only allow JavaScript and Java from any domains that you allow.
I have NoScript installed on my Windows Firefox, but not on the Ubuntu Firefox. I felt so safe with Ubuntu, didn't know I needed it. :P Wait, I'll have to reboot to try that. Will update later.
Quote:
Originally Posted by
aktiwers
What extensions do you have installed?
Before I upgraded to Hardy, I had Screengrab and Flashblock on my Ubuntu FF. Right now, I don't have any add-ons.
Re: Spyware in my Ubuntu Firefox?
Quote:
Originally Posted by
linux6994
Things to verify:
1. Under XP bring up a command prompt and do ipconfig /all and note the dns and gateway settings. Are you behind a router or not?
Okay, this is what I got. Will be posting the results from Ubuntu as soon as I reboot. Erm, sorry, how can I tell if I'm behind a router or not?
Windows IP Configuration
Host Name . . . . . . . . . . . . : home-5b14946dcb
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : meridiantelekoms.com
Ethernet adapter Smart:
Connection-specific DNS Suffix . : meridiantelekoms.com
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connecti
on
Physical Address. . . . . . . . . : 00-13-20-4B-48-9E
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.255.214
Subnet Mask . . . . . . . . . . . : 255.255.224.0
Default Gateway . . . . . . . . . : 192.168.224.1
DHCP Server . . . . . . . . . . . : 192.168.224.1
DNS Servers . . . . . . . . . . . : 121.1.3.208
121.1.3.199
203.84.191.216
121.1.3.250
Lease Obtained. . . . . . . . . . : Tuesday, August 19, 2008 4:20:32 AM
Lease Expires . . . . . . . . . . : Tuesday, August 26, 2008 4:20:32 AM
Re: Spyware in my Ubuntu Firefox?
have you tried another browser usch as epiphany to see if that does the same?
perhaps purgin firefox and re-installing might help?
Code:
sudo apt-get remove --purge firefox
then re-install
Code:
sudo apt-get update && sudo apt-get install firefox
Re: Spyware in my Ubuntu Firefox?
Quote:
Originally Posted by
laurenipsum
Erm, sorry, how can I tell if I'm behind a router or not?
simple, do you own a router?
what ISP are you with, did they provide you with a router (wifi?!) or have you only got a modem?
Re: Spyware in my Ubuntu Firefox?
Regarding spyware and snoopware. The problem with all browsers is it's possible to record surfing habits. Even though Ubuntu is relatively secure when compared with windows, it's still possible to snoop as you surf.
If you think anyone has compromised your system you could try Wireshark which is in the repos. From that you can use the Network Tool Whois? (with Hardy Heron by default) to find out who's IP is guilty of snooping.
If anyone has any other recommendations regarding browsing security tools please post them here.....
Re: Spyware in my Ubuntu Firefox?
You might want to make sure Firefox isn't using a proxy.
In Firefox:
edit > preferences > advanced > network > settings