ib.adnxs.com
os fedora 14, kernal 2.6.35.14-106.fc14.i686
application firefox mozilla 5.0 i have picked up some malware, ib.adnxs.com. it redirects my browser when i am on sites with lots of ad content and can make things so slow that i eventually give up. i have solved the problem by redirecting the url to local host, 127.0.0.1 in /etc/hosts. what bothers me now is how the redirection to ib.adnxs.com is accomplished. there is no entry in /etc/hosts. i can't find any suspicious processes running. any ideas? thanks- larry |
Quote:
*BTW Fedora is at 17 so either update or choose another distribution and keep your SW current. |
Sounds like DNS poisoning.
Wipe an install a newer OS like Debian. And TURN OFF those unneeded daemons and install Shorewall! Then use DNSCrypt chained to unbound. (You must turn off DNSSEC) |
Quote:
If you don't have proof then either don't post or phrase your "advice" as a question. Quote:
|
Put your shirt back on unSpawn.
Why don't you act like a man and prove I'm wrong? Is it that you don't know what I'm talking about? |
You made a statement w/o providing proof any so I asked you to support your claim. Instead what I get is a lack of respect, you trying to counter-challenge me and a completely unwarranted personal attack, the latter of which earns you this official warning:
Warning: You have violated LQ Rule 2 which states that personal attacks on others will not be tolerated. Do not let that happen again. |
some other ideas
i have some new ideas about this problem. the site that seems to be worst is the seattle post web site. perhaps they have been hacked. meanwhile i have added about thirty entries to /etc/hosts to block rogue ad and tracking urls found at seattlepi.com. i will use another computer and/or os. to see if the problem is local.
i know that fedora 14 is stone age but i am an old fart and set in my ways. once i get something working well i tend to hang on to it. also, i don't much like the latest from gnome. i probably have an old box somewhere with suse 5.5 running on two pentium 3's. thanks for the help- larry |
Well as it happens I read the P-I every day and could help, but I'm sure not now.
|
update
seattlepi.com seems to be free of the abundant ad urls this morning. i suspect that the problem was on their end. it looks like unscrupulous characters are posting adds on websites without paying for the privilege, cyber-tresspass. someone in eastern europe probably made a few currency units, just a theory. meanwhile, i wore a blister on my thumb editing /etc/hosts.
thanks again- larry |
Quote:
Quote:
Quote:
Quote:
|
Quote:
finally, i'm still puzzled. the problem could be on my computer or lan but it is odd that the bad behavior seems to have ceased without any known action by me. Quote:
and... yes, it is probably time to update my linux boxes to the latest. funny though that redhat is probably still running an older, more stable version of fedora. i do keep my packages up to date. thanks again- larry |
Quote:
Quote:
Quote:
Quote:
|
thanks-
Quote:
Quote:
anyway, i'm going to consider this problem resolved. i do need to institute an audit trail. it would save time when problems come up in the future. maybe i could just go back to usenet. here's part of my /etc/hosts file redirecting problem urls to localhost. most seem to display no actual content on the page that requests them leading me to wonder if someone just neglected to remove them after they became obsolete. others, like ad.doubleclick.net display content but slow things down. 127.0.0.1 rd.meebo.com 127.0.0.1 ib.adnxs.com 127.0.0.1 ad.doubleclick.net 127.0.0.1 outbrain.com 127.0.0.1 odb.outbrain.com 127.0.0.1 ads.undertone.com 127.0.0.1 p.raasnet.com 127.0.0.1 ct.buzzfeed.com 127.0.0.1 pixel.dimestore.com 127.0.0.1 a.collective-media.net 127.0.0.1 q1.checkm8.com 127.0.0.1 ad-l.media6degrees.com 127.0.0.1 vads-svx.adbrite.com 127.0.0.1 adbrite.com 127.0.0.1 adinterax.com 127.0.0.1 newsinc.com 127.0.0.1 sana.newsinc.com 127.0.0.1 a23-3-68-122.deploy.akamaitechnologies.com 127.0.0.1 quantserve.com 127.0.0.1 ad.yieldmanager.com 127.0.0.1 ads.revsci.net 127.0.0.1 rd.reebo.com 127.0.0.1 newrelic.com 127.0.0.1 beacon-1.newrelic.com 127.0.0.1 beacon.jumptime.com 127.0.0.1 plusone.google.com 127.0.0.1 tag.beanstalk.com 127.0.0.1 c10014.ic-live.com |
don't confuse a problem url with a problem service. the entry there for akamai is slightly dubious I'd say. If you start binning random akamai addresses (of which there are SO SO SO many) you could easily find yourself being unable pull other very legit content on other sites that use their CDN.
|
chris-
Quote:
thanks again- larry |
All times are GMT -5. The time now is 11:16 AM. |