X
Tap here to go to the mobile version of the site.

ஆதரவு மன்றம்

How can I report an attack site

  • 17 replies
  • 3 இந்த பிரச்னைகள் உள்ளது
  • Last reply by James
பதிவிடப்பட்டது

Several times I've accidentally clicked on a link that takes me to http://fbi.gov.id281381365-2647936272.v167621.com/?flow_id=5594&730856=60962/case_id=27075 (Do not follow this link, except in a separate tab, as the only way to get away from it is to kill Firefox.) I'd like to report this as an attack site so that Firefox can block it, but don't know how.

Several times I've accidentally clicked on a link that takes me to http://fbi.gov.id281381365-2647936272''.''v167621''.''com/?flow_id=5594&730856=60962/case_id=27075 (Do not follow this link, except in a separate tab, as the only way to get away from it is to kill Firefox.) I'd like to report this as an attack site so that Firefox can block it, but don't know how.

John99 மூலமாக திருத்தப்பட்டது

தீர்வு தேர்ந்தெடுக்கப்பட்டது

I use Linux too, but try not to be too complacent about it security wise. It lacks proper AV etc software. Macs and Android are being target more frequently, the same could happen with Linux. At least it is easy and cost free to install as many copies as you want.

I hope any compromise from opening such files would be limited to the memory stick or partition used. I also use restricted, not admin accounts for day-to-day browsing.

The particular file / link you are reporting does not even lock my normal browser as I routinely use no-script.

Firefox is moving towards restricting plugins natively, but moved in the opposite direction with JavaScript and removed the easy UI option to disable js.

I have not tested this form of attack on Windows yet, it affects Firefox but not Google Chrome,and Windows IE may also be immune to this.

Read this answer in context 0

Additional System Details

நிறுவப்பட்ட நிரல்கள்

  • The IcedTea-Web Plugin executes Java applets.
  • Shockwave Flash 11.2 r202
  • Gecko Media Player 1.0.8Video Player Plug-in for QuickTime, RealPlayer and Windows Media Player streams using MPlayer
  • MozPlugger version 1.14.3, maintained by Louis Bavoil and Peter Leese, a fork of plugger written by Fredrik Hübinette.For documentation on how to configure mozplugger, check the man page. (type man mozplugger) Configuration file:/etc/mozpluggerrc Helper binary:mozplugger-helper Controller binary:mozplugger-controller Link launcher binary:mozplugger-linker

பயன்பாடு

  • Firefox 26.0
  • User Agent: Mozilla/5.0 (X11; Linux i686; rv:26.0) Gecko/20100101 Firefox/26.0
  • Support URL: https://support.mozilla.org/1/firefox/26.0/Linux/en-US/

நீட்சிகள்

  • Adblock Plus 2.4 ({d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d})
  • BetterPrivacy 1.68 ({d40f5e7b-d2cf-4856-b441-cc613eeffbe3})
  • BugMeNot 2.2 ({987311C6-B504-4aa2-90BF-60CC49808D42})
  • CheckPlaces 2.6.2 (checkplaces@andyhalford.com)
  • Downloads Window 0.4.0 ({a7213cf2-fa1e-4373-88ff-255d0abd3020})
  • Flashblock 1.5.17 ({3d7eb24f-2740-49df-8937-200b1cc08f8a})
  • Forecastfox 2.2.3 ({0538E3E3-7E9B-4d49-8831-A227C80A7AD3})
  • Ghostery 5.0.6 (firefox@ghostery.com)
  • Google Analytics Opt-out Browser Add-on 0.9.6 ({6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65})
  • Greasemonkey 1.13 ({e4a8a97b-f2ed-450b-b12d-ee082ba24781})
  • Password Exporter 1.2.1 ({B17C1C5A-04B1-11DB-9804-B622A1EF5492})
  • Rotor Throbber 1.7.0 (admin@foxed.ca)
  • Springpad Extension 2.6.1212.17 (ext@sprng.me)
  • Tab Mix Plus 0.4.1.2.02 ({dc572301-7619-498c-a57d-39143191b318})
  • Troubleshooter 1.1a (troubleshooter@mozilla.org)
  • Tweak Network 1.8 ({DAD0F81A-CF67-4eed-98D6-26F6E47274CA})
  • User Agent Switcher 0.7.3 ({e968fc70-8f95-4ab9-9e79-304de2a71ee1})
  • Beef Taco (Targeted Advertising Cookie Opt-Out) 1.3.7 (john@velvetcache.org) (Inactive)
  • Novell Moonlight 2.4.1 (moonlight@novell.com) (Inactive)
  • Slashdotter 2.2.3 ({c4f1fdfb-49f5-4cb5-a4e5-3b857ca2ef95}) (Inactive)

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription: NVIDIA Corporation -- GeForce 7300 GS/PCIe/SSE2/3DNOW!
  • adapterDeviceID: GeForce 7300 GS/PCIe/SSE2/3DNOW!
  • adapterDrivers:
  • adapterRAM:
  • adapterVendorID: NVIDIA Corporation
  • driverDate:
  • driverVersion: 2.1.2 NVIDIA 304.116
  • info: {u'AzureContentBackend': u'none', u'AzureCanvasBackend': u'cairo', u'AzureFallbackCanvasBackend': u'none', u'AzureSkiaAccelerated': 0}
  • numAcceleratedWindows: 0
  • numAcceleratedWindowsMessage: [u'']
  • numTotalWindows: 1
  • webglRenderer: NVIDIA Corporation -- GeForce 7300 GS/PCIe/SSE2/3DNOW!
  • windowLayerManagerRemote: False
  • windowLayerManagerType: Basic

Modified Preferences

  • accessibility.typeaheadfind.flashBar: 0
  • browser.cache.disk.capacity: 1048576
  • browser.cache.disk.smart_size.first_run: False
  • browser.cache.disk.smart_size_cached_value: 419840
  • browser.link.open_newwindow: 1
  • browser.places.smartBookmarksVersion: 4
  • browser.search.context.loadInBackground: True
  • browser.search.openintab: True
  • browser.search.useDBForOrder: True
  • browser.sessionstore.resume_from_crash: False
  • browser.sessionstore.upgradeBackup.latestBuildID: 20131209183026
  • browser.startup.homepage: http://start.fedoraproject.org/
  • browser.startup.homepage_override.buildID: 20131209183026
  • browser.startup.homepage_override.mstone: 26.0
  • browser.tabs.loadBookmarksInBackground: True
  • browser.tabs.loadDivertedInBackground: True
  • browser.tabs.onTop: False
  • browser.tabs.selectOwnerOnClose: False
  • dom.max_script_run_time: 0
  • dom.mozApps.used: True
  • dom.w3c_touch_events.expose: False
  • extensions.lastAppVersion: 26.0
  • network.cookie.prefsMigrated: True
  • network.http.max-connections: 40
  • network.http.max-connections-per-server: 16
  • network.http.max-persistent-connections-per-proxy: 16
  • network.http.max-persistent-connections-per-server: 16
  • network.http.pipelining: True
  • network.http.pipelining.maxrequests: 8
  • network.http.proxy.pipelining: True
  • places.database.lastMaintenance: 1388375983
  • places.history.enabled: False
  • places.history.expiration.transient_current_max_pages: 26281
  • places.history.expiration.transient_optimal_database_size: 42032332
  • plugin.disable_full_page_plugin_for_types: application/pdf
  • plugin.importedState: True
  • privacy.clearOnShutdown.cookies: False
  • privacy.clearOnShutdown.formdata: False
  • privacy.clearOnShutdown.sessions: False
  • privacy.donottrackheader.enabled: True
  • privacy.popups.showBrowserMessage: False
  • privacy.sanitize.migrateFx3Prefs: True
  • privacy.sanitize.sanitizeOnShutdown: True
  • security.warn_viewing_mixed: False
  • storage.vacuum.last.index: 1
  • storage.vacuum.last.places.sqlite: 1387365489

Misc

  • User JS: No
  • Accessibility: No
John99 971 தீர்வுகள் 13138 பதில்கள்
பதிவிடப்பட்டது

I have edited the link in your post so it is not clickable.

The file I am receiving is not too problematic, but the files will probably vary by download address.

If you ok using that site in a separate tab, maybe you would this time try.

  • to save the web page. It would be interesting to look at.
    the right click and save page option will probably work.
    edit unwise to try
  • see also thread WARNING FBI LOCKED BROWSER!!! /questions/981475
    • do both the solutions given there work ok for you ?
I have edited the link in your post so it is not clickable. The file I am receiving is not too problematic, but the files will probably vary by download address. <s>If you ok using that site in a separate tab, maybe you would this time try. *to save the web page. It would be interesting to look at.<br /> the right click and save page option will probably work.</s>'''edit''' unwise to try * see also thread ''WARNING FBI LOCKED BROWSER!!!'' [/questions/981475] ** do both the solutions given there work ok for you ?

John99 மூலமாக திருத்தப்பட்டது

பதிவிடப்பட்டது

கேள்வியின் உரிமையாளர்

First, thank you for editing the link to deactivate it. I would have put it in that way if I'd known how, but I did want people to see the url because others might have the same issue. Second, that link solves the main problem of getting away without killing the browser. However, it does leave the original question unanswered: how can I report that site so that Firefox blocks it as an attack site?

First, thank you for editing the link to deactivate it. I would have put it in that way if I'd known how, but I did want people to see the url because others might have the same issue. Second, that link solves the main problem of getting away without killing the browser. However, it does leave the original question unanswered: how can I report that site so that Firefox blocks it as an attack site?
John99 971 தீர்வுகள் 13138 பதில்கள்
பதிவிடப்பட்டது

உதவிகரமான பதில்

You will have the option to report as a web forgery (It is malicious and impersonating the FBI) from the help menu. I have also done that. What you could also try to do is

I did risk opening the file myself as I knew you had already done so without reporting damage. (I usually do so from a memory stick OS to reduce risk). It does contain quite a bit of code in common with that from the page in the other other thread.

Also see

You will have the option to report as a web forgery (It is malicious and impersonating the FBI) from the help menu. I have also done that. What you could also try to do is *Report the site that had the original link on it, and advise the site themselves *Consider reporting to https://www.fbi.gov/scams-safety/e-scams -> https://www.ic3.gov/default.aspx ** Don't be surprised by the shield and warning from Firefox, the FBI site is not secure !! I did risk opening the file myself as I knew you had already done so without reporting damage. (I usually do so from a memory stick OS to reduce risk). It does contain quite a bit of code in common with that from the page in the other other thread. Also see * [[How does built-in Phishing and Malware Protection work?]] ** [https://www.stopbadware.org/report-badware] * https://www.google.com/safebrowsing/report_badware/
பதிவிடப்பட்டது

கேள்வியின் உரிமையாளர்

No, I didn't download any files. Of course, I'm sure it would have been safe for me because I use Linux, and whatever malware they're delivering is Windows-specific. Still, thanx for reporting this and for all of your help.

No, I didn't download any files. Of course, I'm sure it would have been safe for me because I use Linux, and whatever malware they're delivering is Windows-specific. Still, thanx for reporting this and for all of your help.
John99 971 தீர்வுகள் 13138 பதில்கள்
பதிவிடப்பட்டது

தீர்வு தேர்ந்தெடுக்கப்பட்டது

I use Linux too, but try not to be too complacent about it security wise. It lacks proper AV etc software. Macs and Android are being target more frequently, the same could happen with Linux. At least it is easy and cost free to install as many copies as you want.

I hope any compromise from opening such files would be limited to the memory stick or partition used. I also use restricted, not admin accounts for day-to-day browsing.

The particular file / link you are reporting does not even lock my normal browser as I routinely use no-script.

Firefox is moving towards restricting plugins natively, but moved in the opposite direction with JavaScript and removed the easy UI option to disable js.

I have not tested this form of attack on Windows yet, it affects Firefox but not Google Chrome,and Windows IE may also be immune to this.

I use Linux too, but try not to be too complacent about it security wise. It lacks proper AV etc software. Macs and Android are being target more frequently, the same could happen with Linux. At least it is easy and cost free to install as many copies as you want. I hope any compromise from opening such files would be limited to the memory stick or partition used. I also use restricted, not admin accounts for day-to-day browsing. The particular file / link you are reporting does not even lock my normal browser as I routinely use ''no-script''. *http://noscript.net/ Firefox is moving towards restricting plugins natively, but moved in the opposite direction with JavaScript and removed the easy UI option to disable js. I have not tested this form of attack on Windows yet, it affects Firefox but not Google Chrome,and Windows IE may also be immune to this.
FredMcD
  • Top 10 Contributor
4254 தீர்வுகள் 59572 பதில்கள்
பதிவிடப்பட்டது

உதவிகரமான பதில்

Check out the Mozilla Add-ons Web Page. I use an add-on called BlockSite. Here's hoping it works.

Check out the '''''[https://addons.mozilla.org/en-US/firefox/ Mozilla Add-ons Web Page]'''''. I use an add-on called '''''[https://addons.mozilla.org/en-US/firefox/addon/blocksite/?src=external-Add-ons_Manager_Context_Menu-extension BlockSite].''''' Here's hoping it works.
John99 971 தீர்வுகள் 13138 பதில்கள்
பதிவிடப்பட்டது

Problem with that is it only works after the event. No script allows blocking of scripts pre-emptivley , on reload and selectively.

Check out the Mozilla Add-ons Web Page. I use an add-on called BlockSite. 
Problem with that is it only works after the event. No script allows blocking of scripts pre-emptivley , on reload and selectively. ''Check out the Mozilla Add-ons Web Page. I use an add-on called BlockSite. '' *General link for BlockSite https://addons.mozilla.org/firefox/addon/blocksite/<br /> (Does not seem to have a proper support site)
FredMcD
  • Top 10 Contributor
4254 தீர்வுகள் 59572 பதில்கள்
பதிவிடப்பட்டது

I used the Insert A Link to shorted the post. The word BlockSite and Mozilla Add-Ons Web Page in the post above are links.

I used the '''''Insert A Link''''' to shorted the post. The word ''BlockSite'' and ''Mozilla Add-Ons Web Page'' in the post above are links.
kobe 441 தீர்வுகள் 5048 பதில்கள்
பதிவிடப்பட்டது

i tested this in Chromium on linux and it just brings up a stupid moneypak crap FBI scam, tried to close the page and it brung a js box yelling YOUR COMPUTER IS LOCKED, after that it closed the page, but no processes were force killed (chrome/chromium is multiprocess).

i tested this in Chromium on linux and it just brings up a stupid moneypak crap FBI scam, tried to close the page and it brung a js box yelling YOUR COMPUTER IS LOCKED, after that it closed the page, but no processes were force killed (chrome/chromium is multiprocess).

kobe மூலமாக திருத்தப்பட்டது

பதிவிடப்பட்டது

கேள்வியின் உரிமையாளர்

I did start out by warning you not to go there; what else did you expect?

I did start out by warning you not to go there; what else did you expect?
kobe 441 தீர்வுகள் 5048 பதில்கள்
பதிவிடப்பட்டது

I run linux so there is much less of a chance (not zero chance but almost zero) of getting infected by malware, just wanted to see what it would do in chrome/ium.

See John99's comment around 7:30 EST

I have not tested this form of attack on Windows yet, it affects Firefox but not Google Chrome,and Windows IE may also be immune to this.

I run linux so there is much less of a chance (not zero chance but almost zero) of getting infected by malware, just wanted to see what it would do in chrome/ium. '''See John99's comment around 7:30 EST''' ''I have not tested this form of attack on Windows yet, it affects Firefox but not Google Chrome,and Windows IE may also be immune to this.''
jscher2000
  • Top 10 Contributor
8757 தீர்வுகள் 71649 பதில்கள்
பதிவிடப்பட்டது

Hi Waka_Flocka_Flame, I think there is a bug on file with Mozilla to suppress multiple instances of the "Stay on Page" / "Leave Page" dialog, which will make Firefox behavior similarly to Chromium and prevent entrapment. At least this particular method of entrapment.

P.S. I have no intention of visiting that page in Internet Explorer! IE 10 and IE 11 have automatic crash recovery, which could create an annoying loop like the one in Firefox.

Hi Waka_Flocka_Flame, I think there is a bug on file with Mozilla to suppress multiple instances of the "Stay on Page" / "Leave Page" dialog, which will make Firefox behavior similarly to Chromium and prevent entrapment. At least this particular method of entrapment. P.S. I have no intention of visiting that page in Internet Explorer! IE 10 and IE 11 have automatic crash recovery, which could create an annoying loop like the one in Firefox.
jscher2000
  • Top 10 Contributor
8757 தீர்வுகள் 71649 பதில்கள்
பதிவிடப்பட்டது

On the topic of the original post, the servers being exploited for this should start showing up in the phishing database, no? Maybe the list of addresses is mutating too quickly to be blocked that way.

On the topic of the original post, the servers being exploited for this should start showing up in the phishing database, no? Maybe the list of addresses is mutating too quickly to be blocked that way.
பதிவிடப்பட்டது

கேள்வியின் உரிமையாளர்

Just as a comment, I've run into a few "link farms" that have that warning pop up if you try to back up or close the tab, but mostly they don't ask more than once or twice. The weird thing is that I've seen pages where it pops up if you click on any of the links, rendering the page almost pointless. Just another example of how stupid some people are.

Just as a comment, I've run into a few "link farms" that have that warning pop up if you try to back up or close the tab, but mostly they don't ask more than once or twice. The weird thing is that I've seen pages where it pops up if you click on any of the links, rendering the page almost pointless. Just another example of how stupid some people are.
kobe 441 தீர்வுகள் 5048 பதில்கள்
பதிவிடப்பட்டது

The URL is so long, I can't even put it into this page.

The URL is so long, I can't even put it into this page. * http://www.mozilla.org/en-US/legal/fraud-report/
பதிவிடப்பட்டது

கேள்வியின் உரிமையாளர்

The url as posted is only for fraudulent use of Mozilla's trademarks. However, there's an option for this on the Help menu, and that's all I need.

The url as posted is only for fraudulent use of Mozilla's trademarks. However, there's an option for this on the Help menu, and that's all I need.
James
  • Moderator
1598 தீர்வுகள் 11285 பதில்கள்
பதிவிடப்பட்டது

Yes the Mozilla link suggested by waka above is for Mozilla trademark misuse/fraud reporting and not not for this.

Report the site at http://www.google.com/safebrowsing/report_phish/ which is the same when done while on site by going to Help -> Report Web Forgery

Yes the Mozilla link suggested by waka above is for Mozilla trademark misuse/fraud reporting and not not for this. Report the site at http://www.google.com/safebrowsing/report_phish/ which is the same when done while on site by going to '''Help -> Report Web Forgery'''

James மூலமாக திருத்தப்பட்டது