On 13 February 2018 at 09:03, Constant Brouerius van Nidek <constant@indo.net.id> wrote:
At my Kmail "akonadictl restart" comes with following information. I have re-installed my account with 20180202 and would not expect such a message. I gave following text to google:
Connecting to deprecated signal QDBusConnectionInterface:: ----- I found an interesting text at https://www.kubuntuforums.net/ and received following message: ----- 403 FORBIDDEN!
The attempt to connect to our site has been blocked for posing an undue risk based on analysis by the software protecting our site.
The analysis (detected reason(s)) for why you were blocked are: HTTP_REFERER detection of myway search. You are blocked due to a heavy malware infection. Please get Malwarebytes anti-malware free ( http:// www.malwarebytes.org/products/malwarebytes_free/ ), clean your computer, and return (BADREF-051.2).
Your IP, Domain Name (if resolvable), the referring page (if any), QUERY, POST, User Agent, time of access, and date have been logged and flagged for admin review.
If you believe you should not have been blocked; that you pose no risk to our site; an e-mail link to start a trouble ticket about this block is being provided. Please do not change the beginning of the subject line or the preamble of the body text.
Click HERE to start a trouble ticket. Your connection details: Record #: 644839 Time: Tue, 13 Feb 2018 05:33:35 +0000 Running: 0.4.10a3 / MS-77g / COOK-2015-02a / KP-2017.93.516 Host: 26.subnet125-161-138.speedy.telkom.net.id IP: 125.161.138.26 Post: Query: Stripped Query: Referer: https://int.search.myway.com/search/ggmain.jhtml?p2= %5eba5%5echr999%5es25743%5e&ptb=e67ff847-5f46-4c41- b368-104759f4edc1&n=78488f63&ind=&cn=us&ln=en&si=&tpr=hpsb&trs=wtt&brwsid=f809ba64- c8a5-4d3e-a739-3ed2aadf8f50&searchfor=connecting%20to%20deprecated%20signal %20%20qdbusconnectioninterface%3a%3a&st=tab User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Reconstructed URL: http:// www.kubuntuforums.net /showthread.php/71591-Knotes- and-Akonadi-Problem
Generated by ZB Block 0.4.10a3 / MS-77g / COOK-2015-02a / KP-2017.93.516 ----- I ran rkhunters and except following warnings I did not see any malware problems. ----- # rkhunter -c --rwo Warning: The following suspicious shared memory segments have been found: Process: /usr/bin/kmail PID: 2557 Owner: constant Process: /usr/bin/yakuake PID: 2560 Owner: constant Warning: The SSH configuration option 'PermitRootLogin' has not been set. The default value may be 'yes', to allow root access. Warning: The SSH configuration option 'Protocol' has not been set. The default value may be '2,1', to allow the use of protocol version 1. ----- I just installed clamav but did not find any help so I am looking around for helpfiles. Any other advice. I am not yet ready to fight malware :(
------ opensuse:tumbleweed:20180209 Qt: 5.10.0 KDE Frameworks: 5.42.0 - KDE Plasma: 5.12.0 - kwin 5.12.0 kmail2 5.7.1 - akonadiserver 5.7.1 - Kernel: 4.15.1-1-default
The refences to ".myway.com" suggest the problem is malware in your browser , which your user agent is Chrome. MyWay appears to be a malicious browser plugin. It should be removable by deleting the ".config/google-chrome" folder in your home directly - which will have the side effect of removing all your other chrome settings. It's possible it got there by use of the Google Sync feature and an infection on another machine (eg. Windows/Mac), so please consider cleaning up any other machines you have also. If you have further problems, I suppose the best option would be to contact Google - Google Chrome is not openSUSE software. In the future, please consider emailing requests like this to our support mailinglist on opensuse@opensuse.org opensuse-factory@opensuse.org is intended as the project's development list, which sometimes mean Tumbleweed users feedback and questions are relevant given how Tumbleweed is so close to that ongoing development. But I don't think that applies in this case, especially as none of our projects software is involved. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org