X
Nhấn vào đây để đến phiên bản di động của trang web.

Diễn đàn trợ giúp

How can I report an attack site

Được đăng

Several times I've accidentally clicked on a link that takes me to http://fbi.gov.id281381365-2647936272.v167621.com/?flow_id=5594&730856=60962/case_id=27075 (Do not follow this link, except in a separate tab, as the only way to get away from it is to kill Firefox.) I'd like to report this as an attack site so that Firefox can block it, but don't know how.

Several times I've accidentally clicked on a link that takes me to http://fbi.gov.id281381365-2647936272''.''v167621''.''com/?flow_id=5594&730856=60962/case_id=27075 (Do not follow this link, except in a separate tab, as the only way to get away from it is to kill Firefox.) I'd like to report this as an attack site so that Firefox can block it, but don't know how.

Được chỉnh sửa bởi John99 vào

Giải pháp được chọn

I use Linux too, but try not to be too complacent about it security wise. It lacks proper AV etc software. Macs and Android are being target more frequently, the same could happen with Linux. At least it is easy and cost free to install as many copies as you want.

I hope any compromise from opening such files would be limited to the memory stick or partition used. I also use restricted, not admin accounts for day-to-day browsing.

The particular file / link you are reporting does not even lock my normal browser as I routinely use no-script.

Firefox is moving towards restricting plugins natively, but moved in the opposite direction with JavaScript and removed the easy UI option to disable js.

I have not tested this form of attack on Windows yet, it affects Firefox but not Google Chrome,and Windows IE may also be immune to this.

Đọc câu trả lời này trong ngữ cảnh 0

Chi tiết hệ thống bổ sung

Phần bổ trợ đã cài đặt

  • The IcedTea-Web Plugin executes Java applets.
  • Shockwave Flash 11.2 r202
  • Gecko Media Player 1.0.8Video Player Plug-in for QuickTime, RealPlayer and Windows Media Player streams using MPlayer
  • MozPlugger version 1.14.3, maintained by Louis Bavoil and Peter Leese, a fork of plugger written by Fredrik Hübinette.For documentation on how to configure mozplugger, check the man page. (type man mozplugger) Configuration file:/etc/mozpluggerrc Helper binary:mozplugger-helper Controller binary:mozplugger-controller Link launcher binary:mozplugger-linker

Ứng dụng

  • Firefox 26.0
  • Chuỗi đại diện người dùng: Mozilla/5.0 (X11; Linux i686; rv:26.0) Gecko/20100101 Firefox/26.0
  • URL hỗ trợ: https://support.mozilla.org/1/firefox/26.0/Linux/en-US/

Tiện ích mở rộng

  • Adblock Plus 2.4 ({d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d})
  • BetterPrivacy 1.68 ({d40f5e7b-d2cf-4856-b441-cc613eeffbe3})
  • BugMeNot 2.2 ({987311C6-B504-4aa2-90BF-60CC49808D42})
  • CheckPlaces 2.6.2 (checkplaces@andyhalford.com)
  • Downloads Window 0.4.0 ({a7213cf2-fa1e-4373-88ff-255d0abd3020})
  • Flashblock 1.5.17 ({3d7eb24f-2740-49df-8937-200b1cc08f8a})
  • Forecastfox 2.2.3 ({0538E3E3-7E9B-4d49-8831-A227C80A7AD3})
  • Ghostery 5.0.6 (firefox@ghostery.com)
  • Google Analytics Opt-out Browser Add-on 0.9.6 ({6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65})
  • Greasemonkey 1.13 ({e4a8a97b-f2ed-450b-b12d-ee082ba24781})
  • Password Exporter 1.2.1 ({B17C1C5A-04B1-11DB-9804-B622A1EF5492})
  • Rotor Throbber 1.7.0 (admin@foxed.ca)
  • Springpad Extension 2.6.1212.17 (ext@sprng.me)
  • Tab Mix Plus 0.4.1.2.02 ({dc572301-7619-498c-a57d-39143191b318})
  • Troubleshooter 1.1a (troubleshooter@mozilla.org)
  • Tweak Network 1.8 ({DAD0F81A-CF67-4eed-98D6-26F6E47274CA})
  • User Agent Switcher 0.7.3 ({e968fc70-8f95-4ab9-9e79-304de2a71ee1})
  • Beef Taco (Targeted Advertising Cookie Opt-Out) 1.3.7 (john@velvetcache.org) (không hoạt động)
  • Novell Moonlight 2.4.1 (moonlight@novell.com) (không hoạt động)
  • Slashdotter 2.2.3 ({c4f1fdfb-49f5-4cb5-a4e5-3b857ca2ef95}) (không hoạt động)

Javascript

  • incrementalGCEnabled: True

Đồ họa

  • adapterDescription: NVIDIA Corporation -- GeForce 7300 GS/PCIe/SSE2/3DNOW!
  • adapterDeviceID: GeForce 7300 GS/PCIe/SSE2/3DNOW!
  • adapterDrivers:
  • adapterRAM:
  • adapterVendorID: NVIDIA Corporation
  • driverDate:
  • driverVersion: 2.1.2 NVIDIA 304.116
  • info: {u'AzureContentBackend': u'none', u'AzureCanvasBackend': u'cairo', u'AzureFallbackCanvasBackend': u'none', u'AzureSkiaAccelerated': 0}
  • numAcceleratedWindows: 0
  • numAcceleratedWindowsMessage: [u'']
  • numTotalWindows: 1
  • webglRenderer: NVIDIA Corporation -- GeForce 7300 GS/PCIe/SSE2/3DNOW!
  • windowLayerManagerRemote: False
  • windowLayerManagerType: Basic

Thay đổi cài đặt

  • accessibility.typeaheadfind.flashBar: 0
  • browser.cache.disk.capacity: 1048576
  • browser.cache.disk.smart_size.first_run: False
  • browser.cache.disk.smart_size_cached_value: 419840
  • browser.link.open_newwindow: 1
  • browser.places.smartBookmarksVersion: 4
  • browser.search.context.loadInBackground: True
  • browser.search.openintab: True
  • browser.search.useDBForOrder: True
  • browser.sessionstore.resume_from_crash: False
  • browser.sessionstore.upgradeBackup.latestBuildID: 20131209183026
  • browser.startup.homepage: http://start.fedoraproject.org/
  • browser.startup.homepage_override.buildID: 20131209183026
  • browser.startup.homepage_override.mstone: 26.0
  • browser.tabs.loadBookmarksInBackground: True
  • browser.tabs.loadDivertedInBackground: True
  • browser.tabs.onTop: False
  • browser.tabs.selectOwnerOnClose: False
  • dom.max_script_run_time: 0
  • dom.mozApps.used: True
  • dom.w3c_touch_events.expose: False
  • extensions.lastAppVersion: 26.0
  • network.cookie.prefsMigrated: True
  • network.http.max-connections: 40
  • network.http.max-connections-per-server: 16
  • network.http.max-persistent-connections-per-proxy: 16
  • network.http.max-persistent-connections-per-server: 16
  • network.http.pipelining: True
  • network.http.pipelining.maxrequests: 8
  • network.http.proxy.pipelining: True
  • places.database.lastMaintenance: 1388375983
  • places.history.enabled: False
  • places.history.expiration.transient_current_max_pages: 26281
  • places.history.expiration.transient_optimal_database_size: 42032332
  • plugin.disable_full_page_plugin_for_types: application/pdf
  • plugin.importedState: True
  • privacy.clearOnShutdown.cookies: False
  • privacy.clearOnShutdown.formdata: False
  • privacy.clearOnShutdown.sessions: False
  • privacy.donottrackheader.enabled: True
  • privacy.popups.showBrowserMessage: False
  • privacy.sanitize.migrateFx3Prefs: True
  • privacy.sanitize.sanitizeOnShutdown: True
  • security.warn_viewing_mixed: False
  • storage.vacuum.last.index: 1
  • storage.vacuum.last.places.sqlite: 1387365489

Linh tinh

  • Người dùng JS: Không
  • Có thể tiếp cận: Không
John99 971 giải pháp 13138 câu trả lời
Được đăng

I have edited the link in your post so it is not clickable.

The file I am receiving is not too problematic, but the files will probably vary by download address.

If you ok using that site in a separate tab, maybe you would this time try.

  • to save the web page. It would be interesting to look at.
    the right click and save page option will probably work.
    edit unwise to try
  • see also thread WARNING FBI LOCKED BROWSER!!! /questions/981475
    • do both the solutions given there work ok for you ?
I have edited the link in your post so it is not clickable. The file I am receiving is not too problematic, but the files will probably vary by download address. <s>If you ok using that site in a separate tab, maybe you would this time try. *to save the web page. It would be interesting to look at.<br /> the right click and save page option will probably work.</s>'''edit''' unwise to try * see also thread ''WARNING FBI LOCKED BROWSER!!!'' [/questions/981475] ** do both the solutions given there work ok for you ?

Được chỉnh sửa bởi John99 vào

Người tạo câu hỏi

First, thank you for editing the link to deactivate it. I would have put it in that way if I'd known how, but I did want people to see the url because others might have the same issue. Second, that link solves the main problem of getting away without killing the browser. However, it does leave the original question unanswered: how can I report that site so that Firefox blocks it as an attack site?

First, thank you for editing the link to deactivate it. I would have put it in that way if I'd known how, but I did want people to see the url because others might have the same issue. Second, that link solves the main problem of getting away without killing the browser. However, it does leave the original question unanswered: how can I report that site so that Firefox blocks it as an attack site?
John99 971 giải pháp 13138 câu trả lời
Được đăng

Câu trả lời hữu ích

You will have the option to report as a web forgery (It is malicious and impersonating the FBI) from the help menu. I have also done that. What you could also try to do is

I did risk opening the file myself as I knew you had already done so without reporting damage. (I usually do so from a memory stick OS to reduce risk). It does contain quite a bit of code in common with that from the page in the other other thread.

Also see

You will have the option to report as a web forgery (It is malicious and impersonating the FBI) from the help menu. I have also done that. What you could also try to do is *Report the site that had the original link on it, and advise the site themselves *Consider reporting to https://www.fbi.gov/scams-safety/e-scams -> https://www.ic3.gov/default.aspx ** Don't be surprised by the shield and warning from Firefox, the FBI site is not secure !! I did risk opening the file myself as I knew you had already done so without reporting damage. (I usually do so from a memory stick OS to reduce risk). It does contain quite a bit of code in common with that from the page in the other other thread. Also see * [[How does built-in Phishing and Malware Protection work?]] ** [https://www.stopbadware.org/report-badware] * https://www.google.com/safebrowsing/report_badware/

Người tạo câu hỏi

No, I didn't download any files. Of course, I'm sure it would have been safe for me because I use Linux, and whatever malware they're delivering is Windows-specific. Still, thanx for reporting this and for all of your help.

No, I didn't download any files. Of course, I'm sure it would have been safe for me because I use Linux, and whatever malware they're delivering is Windows-specific. Still, thanx for reporting this and for all of your help.
John99 971 giải pháp 13138 câu trả lời
Được đăng

Giải pháp được chọn

I use Linux too, but try not to be too complacent about it security wise. It lacks proper AV etc software. Macs and Android are being target more frequently, the same could happen with Linux. At least it is easy and cost free to install as many copies as you want.

I hope any compromise from opening such files would be limited to the memory stick or partition used. I also use restricted, not admin accounts for day-to-day browsing.

The particular file / link you are reporting does not even lock my normal browser as I routinely use no-script.

Firefox is moving towards restricting plugins natively, but moved in the opposite direction with JavaScript and removed the easy UI option to disable js.

I have not tested this form of attack on Windows yet, it affects Firefox but not Google Chrome,and Windows IE may also be immune to this.

I use Linux too, but try not to be too complacent about it security wise. It lacks proper AV etc software. Macs and Android are being target more frequently, the same could happen with Linux. At least it is easy and cost free to install as many copies as you want. I hope any compromise from opening such files would be limited to the memory stick or partition used. I also use restricted, not admin accounts for day-to-day browsing. The particular file / link you are reporting does not even lock my normal browser as I routinely use ''no-script''. *http://noscript.net/ Firefox is moving towards restricting plugins natively, but moved in the opposite direction with JavaScript and removed the easy UI option to disable js. I have not tested this form of attack on Windows yet, it affects Firefox but not Google Chrome,and Windows IE may also be immune to this.
FredMcD
  • Top 10 Contributor
4314 giải pháp 60576 câu trả lời
Được đăng

Câu trả lời hữu ích

Check out the Mozilla Add-ons Web Page. I use an add-on called BlockSite. Here's hoping it works.

Check out the '''''[https://addons.mozilla.org/en-US/firefox/ Mozilla Add-ons Web Page]'''''. I use an add-on called '''''[https://addons.mozilla.org/en-US/firefox/addon/blocksite/?src=external-Add-ons_Manager_Context_Menu-extension BlockSite].''''' Here's hoping it works.
John99 971 giải pháp 13138 câu trả lời
Được đăng

Problem with that is it only works after the event. No script allows blocking of scripts pre-emptivley , on reload and selectively.

Check out the Mozilla Add-ons Web Page. I use an add-on called BlockSite. 
Problem with that is it only works after the event. No script allows blocking of scripts pre-emptivley , on reload and selectively. ''Check out the Mozilla Add-ons Web Page. I use an add-on called BlockSite. '' *General link for BlockSite https://addons.mozilla.org/firefox/addon/blocksite/<br /> (Does not seem to have a proper support site)
FredMcD
  • Top 10 Contributor
4314 giải pháp 60576 câu trả lời
Được đăng

I used the Insert A Link to shorted the post. The word BlockSite and Mozilla Add-Ons Web Page in the post above are links.

I used the '''''Insert A Link''''' to shorted the post. The word ''BlockSite'' and ''Mozilla Add-Ons Web Page'' in the post above are links.
kobe 441 giải pháp 5048 câu trả lời
Được đăng

i tested this in Chromium on linux and it just brings up a stupid moneypak crap FBI scam, tried to close the page and it brung a js box yelling YOUR COMPUTER IS LOCKED, after that it closed the page, but no processes were force killed (chrome/chromium is multiprocess).

i tested this in Chromium on linux and it just brings up a stupid moneypak crap FBI scam, tried to close the page and it brung a js box yelling YOUR COMPUTER IS LOCKED, after that it closed the page, but no processes were force killed (chrome/chromium is multiprocess).

Được chỉnh sửa bởi kobe vào

Người tạo câu hỏi

I did start out by warning you not to go there; what else did you expect?

I did start out by warning you not to go there; what else did you expect?
kobe 441 giải pháp 5048 câu trả lời
Được đăng

I run linux so there is much less of a chance (not zero chance but almost zero) of getting infected by malware, just wanted to see what it would do in chrome/ium.

See John99's comment around 7:30 EST

I have not tested this form of attack on Windows yet, it affects Firefox but not Google Chrome,and Windows IE may also be immune to this.

I run linux so there is much less of a chance (not zero chance but almost zero) of getting infected by malware, just wanted to see what it would do in chrome/ium. '''See John99's comment around 7:30 EST''' ''I have not tested this form of attack on Windows yet, it affects Firefox but not Google Chrome,and Windows IE may also be immune to this.''
jscher2000
  • Top 10 Contributor
8838 giải pháp 72243 câu trả lời
Được đăng

Hi Waka_Flocka_Flame, I think there is a bug on file with Mozilla to suppress multiple instances of the "Stay on Page" / "Leave Page" dialog, which will make Firefox behavior similarly to Chromium and prevent entrapment. At least this particular method of entrapment.

P.S. I have no intention of visiting that page in Internet Explorer! IE 10 and IE 11 have automatic crash recovery, which could create an annoying loop like the one in Firefox.

Hi Waka_Flocka_Flame, I think there is a bug on file with Mozilla to suppress multiple instances of the "Stay on Page" / "Leave Page" dialog, which will make Firefox behavior similarly to Chromium and prevent entrapment. At least this particular method of entrapment. P.S. I have no intention of visiting that page in Internet Explorer! IE 10 and IE 11 have automatic crash recovery, which could create an annoying loop like the one in Firefox.
jscher2000
  • Top 10 Contributor
8838 giải pháp 72243 câu trả lời
Được đăng

On the topic of the original post, the servers being exploited for this should start showing up in the phishing database, no? Maybe the list of addresses is mutating too quickly to be blocked that way.

On the topic of the original post, the servers being exploited for this should start showing up in the phishing database, no? Maybe the list of addresses is mutating too quickly to be blocked that way.

Người tạo câu hỏi

Just as a comment, I've run into a few "link farms" that have that warning pop up if you try to back up or close the tab, but mostly they don't ask more than once or twice. The weird thing is that I've seen pages where it pops up if you click on any of the links, rendering the page almost pointless. Just another example of how stupid some people are.

Just as a comment, I've run into a few "link farms" that have that warning pop up if you try to back up or close the tab, but mostly they don't ask more than once or twice. The weird thing is that I've seen pages where it pops up if you click on any of the links, rendering the page almost pointless. Just another example of how stupid some people are.
kobe 441 giải pháp 5048 câu trả lời
Được đăng

The URL is so long, I can't even put it into this page.

The URL is so long, I can't even put it into this page. * http://www.mozilla.org/en-US/legal/fraud-report/

Người tạo câu hỏi

The url as posted is only for fraudulent use of Mozilla's trademarks. However, there's an option for this on the Help menu, and that's all I need.

The url as posted is only for fraudulent use of Mozilla's trademarks. However, there's an option for this on the Help menu, and that's all I need.
James
  • Top 25 Contributor
  • Moderator
1603 giải pháp 11348 câu trả lời
Được đăng

Yes the Mozilla link suggested by waka above is for Mozilla trademark misuse/fraud reporting and not not for this.

Report the site at http://www.google.com/safebrowsing/report_phish/ which is the same when done while on site by going to Help -> Report Web Forgery

Yes the Mozilla link suggested by waka above is for Mozilla trademark misuse/fraud reporting and not not for this. Report the site at http://www.google.com/safebrowsing/report_phish/ which is the same when done while on site by going to '''Help -> Report Web Forgery'''

Được chỉnh sửa bởi James vào