Izimpendulo zakamuva ze-Mozila FireFox system tools 17.54.5468https://support.mozilla.org/zu/questions/10073522014-06-30T17:33:33-07:00At xarnaye:
Since I have my new DSL router, and new (good) passwords:
everything is fine.
Something 2014-06-30T17:33:33-07:00fredmobbinghttps://support.mozilla.org/zu/questions/1007352?page=4#answer-598838<p>At xarnaye:
Since I have my new DSL router, and new (good) passwords:
everything is fine.
</p><p>Something to mention: The bad http links could be still in the cache of the browser. Then you might see the download side using this cached entry in the browser.
So: It is best to remove history and coocies etc in the browser, too.
</p><p>Greetings,
FredMobbing
</p>Try pressing RESET button on router for more than 10 seconds. User and password should be changed to2014-06-30T17:31:51-07:00zuwikhttps://support.mozilla.org/zu/questions/1007352?page=4#answer-598837<p>Try pressing RESET button on router for more than 10 seconds. User and password should be changed to default (for my router it was admin, admin, as noted on the label under devive).
</p>sorry about not answering you Lord_Brainstorm but i've been offline for a few days. when i click the2014-06-30T09:32:56-07:00xarnayehttps://support.mozilla.org/zu/questions/1007352?page=4#answer-598685<p>sorry about not answering you Lord_Brainstorm but i've been offline for a few days. when i click the link you gave for youtube it opened up fine, i was even able to go into my playlists and watch what i wanted to. my isp did not get back to me after that initial response and when i called them they passed me on to TP_Link who told me that because my isp gave me the router and because it was out of warranty that they can't help me with anything - trust me its news to me that it was out of warranty! and to answer your question my ISP is SpinTel (australia).
</p><p>Now onto how the problem is right now. Its funny but it actually stopped for a couple of days - i was able to get into everything without those annoying messages showing up and it was great. But this morning after coming home from picking my mum up at the hospital the problem is back. I just tried to get into youtube and that annoying message showed up again! I've done the nslookup thing again and its once more showing default server unknown, address 94.102.63.137
</p><p>i can't change my modem's passwords because its no longer accepting the right password and username to access it. I know i've got to buy a new one but i just can't afford it right now. But even after i get a new one, how do i stop this from happening again? I'm sure i don't have to mention that the next one WON'T be tp-link! Did anyone find out WHY this is happening? Is it still happening with anyone else?
</p>I've worked on the problem yesterday.
tp-link tl-w8961nd V1, firmware stock. DNS changed as posted b2014-06-28T21:02:09-07:00zuwikhttps://support.mozilla.org/zu/questions/1007352?page=4#answer-597983<p>I've worked on the problem yesterday.
</p><p>tp-link tl-w8961nd V1, firmware stock. DNS changed as posted before.
</p><p>What I've done:
- password changed
- update to latest firmware from 2012
- ACL configured as in tp-link solution <a href="http://uk.tp-link.com/article/?faqid=569" rel="nofollow">http://uk.tp-link.com/article/?faqid=569</a>
</p><p>As far everything is all right.
</p>P.S.
Lord_Brainstorm
Mozila.systemtools17.FireFox.54.5468__7818_i930854344_il6790280.exe actually i2014-06-28T20:52:40-07:00John99https://support.mozilla.org/zu/questions/1007352?page=4#answer-597982<p>P.S.
Lord_Brainstorm
</p><pre><em>Mozila.systemtools17.FireFox.54.5468__7818_i930854344_il6790280.exe actually installs, so can antivirus things definitely remove it and whatever its effects are? </em>
</pre>
<p>I did send a copy of that file to Firefox staff, but I have no response so far.
</p>Lord_Brainstorm
Great work with your last post thanks for all the detail. it should help those unfor2014-06-28T20:49:18-07:00John99https://support.mozilla.org/zu/questions/1007352?page=4#answer-597981<h3 id="w_lord-brainstorm">Lord_Brainstorm</h3>
<p>Great work with your last post thanks for all the detail. it should help those unfortunate enough to be using TP-Link routers.
</p>
<hr>
<h3 id="w_xarnaye">xarnaye,</h3>
<p>You started this question.
</p>
<ul><li>How is it working for you now&nbsp;?
</li><li>Taking your last post <sup><a href="https://support.mozilla.org/en-US/questions/1007352?page=2#answer-595174" rel="nofollow">answer-595174</a></sup>as an example
<ul><li>What happens if you try to get to YouTube site are you getting a 404 error still&nbsp;?
</li><li>What about if you use this link <a href="https://www.youtube.com/" rel="nofollow">https://www.youtube.com/</a>
</li><li> What about just <a href="http://google.com" rel="nofollow">google.com</a> &nbsp;? <br> Or this direct one <a href="http://173.194.41.128" rel="nofollow">http://173.194.41.128</a>&nbsp;?
</li></ul>
</li><li> Who is your ISP&nbsp;? <br> I understand you contacted them<sup><a href="https://support.mozilla.org/en-US/questions/1007352#answer-594784" rel="nofollow">answer-594784</a></sup>, did they get back to you&nbsp;?
</li><li> This thread was escalated <sup><a href="https://support.mozilla.org/en-US/questions/1007352?page=3#answer-595431" rel="nofollow">answer-595431</a></sup> so I am hoping HelpDesk staff may post.
<ul><li> It is an active thread <em> 61 replies, 92 have this problem, 2039 views</em>
</li></ul>
</li><li> Most of this thread has been answered in relation or TP_link routers, what is the make and model of your router&nbsp;?
</li></ul>Lord_Brainstorm - what a superb great write-up.
My understanding of several of your points:
Firmware2014-06-27T20:43:00-07:00abecrabthttps://support.mozilla.org/zu/questions/1007352?page=4#answer-597604<p>Lord_Brainstorm - what a superb great write-up.
</p><p>My understanding of several of your points:
</p><p>Firmware: TP-Link said they had firmware that included a rule to block web access from the public internet (which I believe to be the WAN - Wide Area Network.) They haven't yet supplied anything that stops the ROM being unloaded without the router's admin password. Thus the new firmware should prevent further stealing by a firewall rule, which would be good enough. If that firmware is 2012 that suggests TP-link new about this problem and kept quiet. i find that a bit hard to believe.
</p><p>That's interesting about the chipset. If there's a bug in the chipset does that mean new firmware couldn't fix the problem? We don't know and anyway tp-link aren't supplying new firmware that fixes this problem, just a firewall rule.
</p><p>"I never-ever save passwords in any web browser" and "no-remote" - saving passwords in the browser is irrelevant here: this is a problem inside the router. The router stores the admin password in order to check it when you log into it, and the hackers have found out how to unload the router rom remotely and scan out that password, then to log in to your router and alter the DNS set-up. If you were "no-remote" that should not have happened. I absolutely distrust this router (and tp-link) now - I don't even trust its firewall.
</p><p>I'm more worried about your sister's laptop because as far as I can tell no one yet knows what Mozila.systemtools17.FireFox.54.5468__7818_i930854344_il6790280.exe actually installs, so can antivirus things definitely remove it and whatever its effects are? Furthermore that DNS hack offered other dubious links, but quite possibly to the same malware, with a different name (e.g. I saw one in IE on my Mrs' laptop.)
</p><p>I put questions against the top 6 listed tp-link routers on Amazon, asking whether each one had this problem. The question has been ignored.
</p><p>I'm back on my Netgear router now.
</p>(23.06.2014 - 03:15am)Hey forum folks,
I'm back at my parent's this weekend to fix this problem.
The2014-06-27T11:14:13-07:00Lord_Brainstormhttps://support.mozilla.org/zu/questions/1007352?page=3#answer-597459(23.06.2014 - 03:15am)<h3 id="w_hey-forum-folks"><b>Hey forum folks,</b></h3>
<p>I'm back at my parent's this weekend to fix this problem.
</p><p>The "3 steps to solve this problem" on the TP-Link webpage are real funny:
My ACL-Settings were never set on [WAN] - they're still at [LAN] as set 2 years ago.
And since I'm the only one in my family, who has the password to fumble around with the router settings, the posted Security holes...
</p><p><a href="http://www.tp-link.com.de/article/?id=10724" rel="nofollow">Both security holes TP-Link confessed (external, German) (°1)</a>
</p>
<ul><li> <strong>Cross Site Request Forgery</strong> - read the admin-pw out of the browser via a corrupted link/image.
</li></ul>
<ul><li> <strong>Mediatek-Chipset bug</strong> - download the router's config files via active WAN-remote access.
</li></ul>
<p>... doesn't fit on me. Because 1st: I never-ever save passwords in any web browser, and 2nd: the settings were still on no-remote.
</p><p>So I procrastinate the reasons for now and tried to reestablish a safe internet access, while follow the logical (and several times by <em>@abecrabt</em>, <em>@John99</em> and all the other helpful participants above) mentioned steps.
</p><p><br>
</p><p><strong>Eleven Steps to renovate your router firmware as TP-Link recommend.</strong> (worked out for my TP-Link TD-W8961NB router)
</p>
<ul><li> <strong>1.)</strong> Plug off all the router cables except DC-power supply.
</li></ul>
<ul><li> <strong>2.)</strong> Reset the router with a pin/pencil at the backside to the default settings
</li></ul>
<ul><li> <strong>3.)</strong> Download the newest firmware for your router model (<strong>beware!</strong> Also check for the right hardware version!) using a safe internet access (neighbor or friend - my Smartphone was it or me).
</li></ul>
<p><a href="http://www.tp-link.com.de/support/download/?pcid=203" rel="nofollow">TP-Link firmware download (external, Germany) (°2)</a>
<a href="http://uk.tp-link.com/support/download/?pcid=203" rel="nofollow">TP-Link firmware download (external, United Kingdom)</a>
</p>
<ul><li> <strong>4.)</strong> Connect a computer to the modem with a Ethernet cable (maybe called "LAN-Cable", "twisted pair", "ISDN-RJ-45", "RJ-61", ect. You know which I mean).
</li></ul>
<ul><li> <strong>5.)</strong> Start your web browser (maybe in "in-private", "stealth-mode" or whatever to make sure not to save the admin-password per mistake).
</li></ul>
<ul><li> <strong>6.)</strong> Type in the address row the router's IP (<em>192.168.1.1</em> by default) to access the router's web interface. (by default the user name is <em>admin</em> and the password is <em>admin</em> as well)
</li></ul>
<ul><li> <strong>7.)</strong> Go to the rider/slider called "Maintenance", sub-slider "firmware" and insert the path of your firmware download
</li></ul>
<ul><li> <strong>8.)</strong> After the new firmware is set up and <strong>BEFORE</strong> fill out your ISP information check the slider "Access Management", sub-slider "ACL"! In the first line ACL <strong>MUST</strong> be activated and the interface in the lower sub-section <strong>MUST</strong> be set on <em>LAN</em> (not WAN). After saving this settings with the button below, "Interface: LAN" must indicated in the grid.
</li></ul>
<ul><li> <strong>9.)</strong> <em>(optional)</em> Maybe you give a local home-computer - which is connected via cable - the sole claim to alter the router settings: Go to the sub-slider "Interface Setup, LAN", section DHCP-table, choose the MAC address of this home-computer. Type in your desired IP (or choose the given), and set <em>static</em> in the drop-down. Save, and go back to "Access Management, ACL". Replace in the line "safe/secure IP-address" (sorry, I've translated it from German) in both fields the <em>0.0.0.0</em> with your chosen <em>192.168.X.X</em> Address. (<strong>BEWARE!</strong> Saving this setting will permit further configuration of your router only via the computer with the chosen IP - which is only applied to the computer with the unique MAC-address set at the start of step 9)
</li></ul>
<ul><li> <strong>10.)</strong> Take the slider "Maintenance, Administration" and change your default password (<em>admin</em>) into a "real" password.
</li></ul>
<ul><li> <strong>11.)</strong> Now fill out your ISP (easy task, using the "<em>Quick Start Assistant</em>"), activate/deactivate/alter the WLAN-settings and so on, to ready your average internet access.
</li></ul>
<p><br>
</p><p>Remember that I said "...doesn't fit on me"?
Yeah, these security holes which TP-Link had to confess to, (see Link °1) were issued on the 7th April 2014...
Now the big <strong>but</strong>:
The newest firmware I can use was released on 9th November 2012.
</p><p>So how can an older firmware update fix actual problem?
Have no clue? Me neither!
Maybe the email customer support? ...not a single reaction since 7 days!
</p><p>Based on both not applicable security holes, there must be another one wich altered my DNS to a differtent one - keep cautious!
</p><p>Finally I accompany <em>@abecrabt</em>: TP-Link is as good as dead for me!
</p><p>My next move is to buy a new router tomorrow morning (today in 5 hours *yawn*) at my local vendor, then straight to the Telekom shop to order a new set of access data. (the first one is your decision, but I advise you to get new access data too)
</p><p>After that I have a long day resetting my sister's laptop (she admit to clicked on the link) and help her and my mum (shared laptop) to renew every relevant online and email account - it's just Saturday morning but I can call it a weekend.
</p><p>Thank to you, hacker scum!
</p>
<h3 id="w_and-to-the-others-in-here-have-a-good-night-stay-tuned"><b>...and to the others in here: Have a good night &amp; stay tuned!</b></h3>
If you want to take the chance that your information has not been
compromised, that is your business2014-06-25T22:52:50-07:00fredmcd-hotmailhttps://support.mozilla.org/zu/questions/1007352?page=3#answer-596673<p>If you want to take the chance that your information has not been
compromised, that is your business. Most on line security agents
would tell you to change passwords now and then. And if one thinks
there was an issue, change them anyway.
</p>FredMcD - that is probably alarmist.
If you have this problem and you have not clicked the link and 2014-06-25T16:32:10-07:00abecrabthttps://support.mozilla.org/zu/questions/1007352?page=3#answer-596614<p>FredMcD - that is probably alarmist.
</p><p>If you have this problem and you have not clicked the link and installed the malware, then you just have to secure your router (firmware, dns, firewall) and change your ADSL password.
</p><p>If you use an email account associated with the same adsl account, you have to assume the hackers could hack this account.
</p>Since the hacker have a complete dump of the router, they are able to extract all information of the2014-06-25T16:30:12-07:00fredmobbinghttps://support.mozilla.org/zu/questions/1007352?page=3#answer-596613<p>Since the hacker have a complete dump of the router, they are able to extract all information of the router.
This means, they have at least:
WLAN Password,
ISP Account
Router Password
Mac Adresses of connected PCs
IP Adresses of home network
</p><p>For me: I see a high relevance in changing the ISP Account, but do not know how to do it, since it is given by ISP. Do I need to request it at ISP?
</p>WARNING ! ! ! !
You should change ALL of your password for EVERYTHING ! ! !
As s2014-06-25T11:25:58-07:00fredmcd-hotmailhttps://support.mozilla.org/zu/questions/1007352?page=3#answer-596549<p><strong>WARNING&nbsp;! !&nbsp;! !</strong>
</p><p>You should change <strong>ALL</strong> of your password for <strong>EVERYTHING&nbsp;! !&nbsp;!</strong>
</p><p>As soon as you can.
</p>A further worry for people it seems to me is that the router hackers will have your isp/adsl loginam2014-06-25T07:33:23-07:00abecrabthttps://support.mozilla.org/zu/questions/1007352?page=3#answer-596460<p>A further worry for people it seems to me is that the router hackers will have your isp/adsl loginame + password too.
</p><p>That is potentially bad.
</p><p>For my ISP the adsl password is the same as my ISP email, so they could hack my email. I don't use it much but all the same...
</p><p>Anyone with this problem should change their ISP password too it seems to me, as I have.
</p><p>As ever - I'm not happy with TP-LINK, I think this was rather a basic error on their part. Although I suppose, these things do happen.
</p>xarnaye,
Simple answer the change to google-public-dns-b.google.com Address: 8.8.4.4 is good at leas2014-06-24T18:47:31-07:00John99https://support.mozilla.org/zu/questions/1007352?page=3#answer-596242<p>xarnaye,
</p><p>Simple answer the change to <a href="http://google-public-dns-b.google.com" rel="nofollow">google-public-dns-b.google.com</a> Address: 8.8.4.4 is good at least compared with the alternatives that you and some others may have seen which were bad.
</p>
<hr>
<p>Sorry if your own specifc question is getting sidelined somewhat. The question itself is showing
</p><pre><em>53 replies, 79 have this problem, 674 view </em>
</pre>
<p>That is above average for this forum. You have obviously discovered something rather odd, and potentially bad for security is happening.
</p><p>The average Firefox user normally relies on the Internet Service Provider (ISP) providing a router with default settings and some form of setup routine or software and just leaves it to work.
</p><p>It is in fact important, and often overlooked that the user change the actual passwords and logins from the Router's defaults. (The same advice is true for the computers BIOS login and the computers Operating System - Windows 7 or whatever).
</p><p>Mostly the other technical details may be left as they are and you rely on the software to sort it out for you. It appears (subject to further verification) in the case of the TP-Link router there is a particular specific flaw in this that is open to exploits.
</p><p>Detailed advice and discussions of Routers and Security is outside the scope of this forum, but being able to use Firefox safely is important. <strong>I also know Firefox Admin staff are interested in the popups problem.</strong> I was hoping one of them would have commented by now I did ping one of the Admins by email but I guess they are busy, and can take a few days or even weeks to respond to forum issues.
</p>
<hr>
<p>Here is some summary &amp; general information
</p>
<ul><li> Domain Name System (DNS)
<ul><li> Short explanation of what DNS is <a href="http://simple.wikipedia.org/wiki/Domain_Name_System" rel="nofollow">http://simple.wikipedia.org/wiki/Domain_Name_System</a>
</li><li> Fuller techi explanation of DNS <a href="http://en.wikipedia.org/wiki/Dns" rel="nofollow">http://en.wikipedia.org/wiki/Dns</a>
</li><li> <em>Using Google Public DNS</em> This is a useful short but full explanation of the basics and <strong>how to</strong> change related settings <a href="https://developers.google.com/speed/public-dns/docs/using" rel="nofollow">https://developers.google.com/speed/public-dns/docs/using</a>
</li></ul>
</li><li> TP-Link router and apparent exploit (Thanks to <em>abecrabt</em>) <a href="https://support.mozilla.org/en-US/questions/1007352#answer-5948113" rel="nofollow">answer-594813</a>
<ul><li>Looks like it's this: <a href="http://uk.tp-link.com/article/?faqid=569" rel="nofollow">http://uk.tp-link.com/article/?faqid=569</a>
</li><li>citing this: <a href="http://thehackernews.com/2014/01/TP-LINK-Routers-password-hacking.html" rel="nofollow">http://thehackernews.com/2014/01/TP-LINK-Routers-password-hacking.html</a> <br> I did think I was up to date with firmware, but perhaps they got in quickly. I'm changing my admin password and keeping watch...
</li></ul>
</li><li> A related external forum thread on <strong>Mozila FireFox system tools 17.54.5468'</strong><a href="http://forums.mozillazine.org/viewtopic.php?f=38&amp;t=2846699" rel="nofollow">http://forums.mozillazine.org/viewtopic.php?f=38&amp;t=2846699</a> (Thanks to <em>Noah</em>) <a href="https://support.mozilla.org/en-US/forums/contributors/710407?last=60443#post-60415" rel="nofollow">{</a>elsethread)
</li><li>Standard malware advice (Thanks to <em>the-edmeister</em>) upthread <a href="https://support.mozilla.org/en-US/questions/1007352#answer-594370" rel="nofollow">answer-594370</a>
</li><li> What is an ISP see <a href="http://simple.wikipedia.org/wiki/Internet_service_provider" rel="nofollow">http://simple.wikipedia.org/wiki/Internet_service_provider</a> &amp; <a href="http://en.wikipedia.org/wiki/ISP" rel="nofollow">http://en.wikipedia.org/wiki/ISP</a>
</li></ul>FredMcD - that is not correct. See earlier posts, unplugging is useless, a reset will clear the set2014-06-24T16:26:43-07:00abecrabthttps://support.mozilla.org/zu/questions/1007352?page=3#answer-596214<p>FredMcD - that is not correct. See earlier posts, unplugging is useless, a reset will clear the settings but you are still vulnerable, so that would be inadequate.
</p><p>xarnaye - I think you should replace your tp-link router. You need to be able to understand how to connect to it, administrated it - check for the DNS settings, restore them to the correct ones, set up the firewall so it can't happen again. If you're struggling with these steps take the easy way out: buy a new adsl router.
</p>Resetting, or unplugging the modem should clear out any bad settings.
Are you still having problems?2014-06-24T09:51:10-07:00fredmcd-hotmailhttps://support.mozilla.org/zu/questions/1007352?page=3#answer-596070<p>Resetting, or unplugging the modem should clear out any bad settings.
Are you still having problems?
</p>so mum and i woke up this morning and turned on our computers and they are working fine now. i'm not2014-06-24T09:44:46-07:00xarnayehttps://support.mozilla.org/zu/questions/1007352?page=3#answer-596064<p>so mum and i woke up this morning and turned on our computers and they are working fine now. i'm not sure if anyone remembers Lord_Brainstorms post earlier about clicking:
</p><p>[windows key]+[r] to open the execute window
</p><pre>[c] [m] [d] [Enter] to open the command window
</pre>
<p>typed in "nslookup" (without "") to reveal me the standard-server and the address.
</p><p>There I found the 1st adress &gt;abecrabt&lt; has mentioned:
Standartserver: Unknown
Address&nbsp;: 94.102.63.137
</p><p>but when he mentioned it the first time i did what he did and got the same result. This morning i redid it and got back something that says Default server: <a href="http://google-public-dns-b.google.com" rel="nofollow">google-public-dns-b.google.com</a>
Address: 8.8.4.4
</p><p>now i've never had reason to check this stuff before so i'm not sure if this is a good thing or not or what it said before this strange attack occured. also i haven't done anything since reporting this - haven't been able to reset my modem, haven't run anti-virus etc - so i have no idea why its changed to google-public.
</p><p>so anyone know if this is a good thing? or is the problem now worse?
</p>I don't think anyone should use this router without being quite sure they've understood the problem 2014-06-24T07:24:01-07:00abecrabthttps://support.mozilla.org/zu/questions/1007352?page=3#answer-595965<p>I don't think anyone should use this router without being quite sure they've understood the problem and have successfully upgraded firmware and set up the firewall.
</p><p>Myself I'm packing it in with this tp-link router. I've lost all faith in tp-link.
</p><p>I'm suspicious of the quality of the new firmware. Admin pages take a very long time to come up. Once the router completely stopped responding and I had to reset, after which again, it crashed and lost settings.
</p><p>If it does this - how can we be sure without careful testing that even the firewall (if you can get it to configure,) would really work and stop this attack?
</p><p>I can't spend forever fiddling with a £35 router/adsl modem. I've gone back to my netgear.
</p><p>TP-link haven't answered my query and if you look at their instructions to protect:
</p><p><a href="http://uk.tp-link.com/article/?faqid=569" rel="nofollow">http://uk.tp-link.com/article/?faqid=569</a>
</p><p>they have a mistake: it should be WAN not LAN (that screen shows both,) so I don't see how that can be a real screenshot. I don't feel sure that TP-Link actually understand their own problem properly.
</p><p>The original finder of this problem (as far as we can tell,) the Algerian in Hacker News:
<a href="http://thehackernews.com/2014/01/TP-LINK-Routers-password-hacking.html#" rel="nofollow">http://thehackernews.com/2014/01/TP-LINK-Routers-password-hacking.html#</a>
thinks this router has firmware from "Zyxel". I don't understand myself, but I've had it with TP-Link
</p>This post is all just speculation on my part, whilst waiting for Admin Staff to post.
Remember to s2014-06-23T18:11:29-07:00John99https://support.mozilla.org/zu/questions/1007352?page=3#answer-595689<p><strong>This post is all just speculation on my part, whilst waiting for Admin Staff to post.</strong>
Remember to <s>sign in and </s> vote on this thread using the button <em>[I have this problem too]</em>
</p>
<ul><li>This is a security issue rather than a Firefox problem.
</li><li>I am hoping one of the Admin staff is going to step in with suggestions.
</li><li>It may be that we try to summarise the known advise, and are able (or YOU are able to) find a security related forum that is already dealing with and solving this issue.
</li></ul>
<p><u>More questions for those that have posted</u>
It may help to say
</p>
<ul><li>What the Internet Service Provider (ISP) is
</li><li>and what the router is that you are using. (Make, Model &amp; whether it is documented anywhere as being affected).
</li></ul>
<p>If someone is able to hack TP-Link routers there may well be other Routers and ISPs affected.
</p><p>But also there may well be more than one issue affecting people in this thread. it is probably unlikely everyone has the sameTP-Link router and TP-link firmware. I suppose one possibility is that malware exploiting the TP link routers, or other malware may attack routers having a weak or default password. Such malware may use the same DNS or Links
</p><p><u>Suggested actions for now </u>
</p>
<ol><li> Look for malware scan with multiple and up to date tools. (You may need to use an unaffected device to get hold of the tools.) See <a href="https://support.mozilla.org/en-US/questions/1007352#answer-594370" rel="nofollow"><em>the-edmeister'</em>s post-594370</a> up thread
</li><li> Check and report your DNS setting and at least temporarily try using the free Google DNS service see the two adjacent posts by <em>abecrabt</em> <a href="https://support.mozilla.org/en-US/questions/1007352#answer-594807" rel="nofollow">post=594807 &amp; 813</a>
<ul><li> Also See <em><strong>Using Google Public DNS <a href="https://developers.google.com/speed/public-dns/docs/using" rel="nofollow">https://developers.google.com/speed/p.../using</a> </strong></em> <br>Which explains also how to check and change DNS settings.
</li></ul>
</li></ol>
<p><u>Posting dodgy links</u>
It may well be usefull to post information about sites or links but not wish others to risk clicking them accidentally. If so please break the link to make it not clickable. One easy method that still allows the link to be seen and cut and pasted is to insert a pair of apostrophise around each dot.
(2x ' each side of the dot, not 1x double quotes " )
Demonstration
</p>
<ul><li> This site <br> <em><a href="http://support.mozilla.org" rel="nofollow">support.mozilla.org</a></em>
</li><li>Could write as <br><em>support&lt;dot&gt;mozilla&lt;dot&gt;org</em>
</li><li> Write as <br> <em>support''.''mozilla''.''org</em>
</li><li> Forum software converts that in preview and final post to pasteable but not clickable <br> <em>support</em>.<em>mozilla</em>.<em>org</em>
</li></ul>Hello!
I was not able to solve the DNS issue on the TP-Link router. But since I changed the router b2014-06-23T16:48:27-07:00fredmobbinghttps://support.mozilla.org/zu/questions/1007352?page=3#answer-595675<p>Hello!
I was not able to solve the DNS issue on the TP-Link router. But since I changed the router by another router from siemens, the issue disappeared.
</p><p>Since I live in Germany I tend to involve Police with "Anzeige gegen Unbekannt". Could they be successful getting the hacker through the Google Analytics account?
</p><p>Would anyone join this approach?
</p><p>Greetings,
Fredmobbing
</p>