[opensuse] Hijacked? - openSUSE Users - openSUSE Mailing Lists

newer
[opensuse] y2base gets zombie

[opensuse] Hijacked?

older
[opensuse] Disapearing accents...

Mark Misulich

26 Mar 2008 26 Mar '08

03:09

Hi, I am online at the moment at a foreign location (for me, not for the people who live here) and when I selected an website in my browser's history list and entered it, up popped an all-black browser window that I wasn't expecting. It reads: /www.g00ns.net owns you Anon7192 owns you. Get secure. irc.g00ns.net #g00ns if you wish to chat =D http://g00ns-forum.net / I immediately ran rkhunter, chkrootkit, and Klamav all with negative results. / /I am not sure what to do, has my system been breached? / / -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Reply

Sign in to reply online Use email software

Show replies by date

Anders Johansson

26 Mar 26 Mar

03:15

On Tue, 2008-03-25 at 23:09 -0400, Mark Misulich wrote:

Hi, I am online at the moment at a foreign location (for me, not for the people who live here) and when I selected an website in my browser's history list and entered it, up popped an all-black browser window that I wasn't expecting. It reads:

/www.g00ns.net owns you

Anon7192 owns you. Get secure.

irc.g00ns.net #g00ns if you wish to chat =D

http://g00ns-forum.net

/ I immediately ran rkhunter, chkrootkit, and Klamav all with negative results. /

/I am not sure what to do, has my system been breached?

Hard to say My immediate guess is that it's the web site you were trying to reach that's been hacked. Or do you get the same site for all addresses you try? If you do, try "host <address>" from a command line, where <address> is the host you're trying to reach. If you get 72.20.26.213, then it's the dns of the ISP that's been hacked Anders -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Reply

Sign in to reply online Use email software

Jim Henderson

03:20

New subject: [opensuse] Re: Hijacked?

On Tue, 25 Mar 2008 23:09:09 -0400, Mark Misulich wrote:

Hi, I am online at the moment at a foreign location (for me, not for the people who live here) and when I selected an website in my browser's history list and entered it, up popped an all-black browser window that I wasn't expecting. It reads:

/www.g00ns.net owns you

Anon7192 owns you. Get secure.

irc.g00ns.net #g00ns if you wish to chat =D

http://g00ns-forum.net

/ I immediately ran rkhunter, chkrootkit, and Klamav all with negative results. /

/I am not sure what to do, has my system been breached? /

/

Could be a DNS server that was compromised. I'd be inclined to try looking up your website's address in the local DNS server and in a known good DNS server (using nslookup) and see if they match/are in the same subnet. Jim -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Reply

Sign in to reply online Use email software

Sam Clemens

04:26

Mark Misulich wrote:

Hi, I am online at the moment at a foreign location (for me, not for the people who live here) and when I selected an website in my browser's history list and entered it, up popped an all-black browser window that I wasn't expecting. It reads:

/www.g00ns.net owns you

Anon7192 owns you. Get secure.

irc.g00ns.net #g00ns if you wish to chat =D

A browser pop-up is not evidence of being hacked.

http://g00ns-forum.net

/ I immediately ran rkhunter, chkrootkit, and Klamav all with negative results. /

Please don't post in anything other than plain text.

/I am not sure what to do, has my system been breached? /

/

-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Reply

Sign in to reply online Use email software

Mark Misulich

23:13

Sam Clemens wrote:

Mark Misulich wrote:

...
Hi, I am online at the moment at a foreign location (for me, not for the people who live here) and when I selected an website in my browser's history list and entered it, up popped an all-black browser window that I wasn't expecting. It reads:

/www.g00ns.net owns you

Anon7192 owns you. Get secure.

irc.g00ns.net #g00ns if you wish to chat =D

A browser pop-up is not evidence of being hacked.

...
http://g00ns-forum.net

/ I immediately ran rkhunter, chkrootkit, and Klamav all with negative results. /

Please don't post in anything other than plain text.

...
/I am not sure what to do, has my system been breached? /

/

Hi, the browser was not a pop-up (noun), it popped up (verb) as in "The browser window that I was expecting did not appear, a differant website appeared in its place (popped up)." I blame myself for placing it in a form that you didn't recognize. I often forget that most of the world can't read english, the rest can't right it. I did select plain text in the message tools, don't know what happened. I did figure out that the website I was trying to reach had been hacked. Where I was staying I found some employees hacking the company computers on several previous occasions. I was trying to be careful, thanks for all who helped. Mark -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Reply

Sign in to reply online Use email software

John Andersen

23:34

On Wed, Mar 26, 2008 at 4:13 PM, Mark Misulich wrote:

I often forget that most of the world can't read english, the rest can't right it.

How true. Thank you for demonstrating your own point. -- ----------JSA--------- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Reply

Sign in to reply online Use email software

Mark Misulich

23:41

John Andersen wrote:

On Wed, Mar 26, 2008 at 4:13 PM, Mark Misulich wrote:

...
I often forget that most of the world can't read english, the rest can't right it.

How true. Thank you for demonstrating your own point.

Yah, meant to be a joke. One can't take this too seriously or one will lose perspective on life. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Reply

Sign in to reply online Use email software

M. Skiba

27 Mar 27 Mar

00:04

John Andersen wrote:

...
On Wed, Mar 26, 2008 at 4:13 PM, Mark Misulich

wrote:

...
I often forget that most of the world can't read english, the rest can't right it.

How true. Thank you for demonstrating your own point.

Yah, meant to be a joke. One can't take this too seriously or one will lose perspective on life. Indeed, just a sidenote: all messages in this "Hijacked?"-Therad were received in

Am Donnerstag, 27. März 2008 00:41:18 schrieb Mark Misulich: plain text only.. Regards Michael

Reply

Sign in to reply online Use email software

peter nikolic

26 Mar 26 Mar

08:41

On Wednesday 26 March 2008, Mark Misulich wrote:

www.g00ns.net

Hi . If you check you will find that www.g00ns.net and g00ns-forum.net are 2 completely different sites with the unfortunate problem of having the same name just one is prefixed www thats what you get from lazy browser entrys there are a lot of sites around of a similar nature slashgot (slapshot) is one .. Pete . -- SuSE Linux 10.3-Alpha3. (Linux is like a wigwam - no Gates, no Windows, and an Apache inside.) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

Reply

Sign in to reply online Use email software

5906

Age (days ago)

5907

Last active (days ago)

Download

8 comments

7 participants

tags

participants (7)

Anders Johansson
Jim Henderson
John Andersen
M. Skiba
Mark Misulich
peter nikolic
Sam Clemens