[opensuse-factory] really malware??
At my Kmail "akonadictl restart" comes with following information. I have re-installed my account with 20180202 and would not expect such a message. I gave following text to google: Connecting to deprecated signal QDBusConnectionInterface:: ----- I found an interesting text at https://www.kubuntuforums.net/ and received following message: ----- 403 FORBIDDEN! The attempt to connect to our site has been blocked for posing an undue risk based on analysis by the software protecting our site. The analysis (detected reason(s)) for why you were blocked are: HTTP_REFERER detection of myway search. You are blocked due to a heavy malware infection. Please get Malwarebytes anti-malware free ( http:// www.malwarebytes.org/products/malwarebytes_free/ ), clean your computer, and return (BADREF-051.2). Your IP, Domain Name (if resolvable), the referring page (if any), QUERY, POST, User Agent, time of access, and date have been logged and flagged for admin review. If you believe you should not have been blocked; that you pose no risk to our site; an e-mail link to start a trouble ticket about this block is being provided. Please do not change the beginning of the subject line or the preamble of the body text. Click HERE to start a trouble ticket. Your connection details: Record #: 644839 Time: Tue, 13 Feb 2018 05:33:35 +0000 Running: 0.4.10a3 / MS-77g / COOK-2015-02a / KP-2017.93.516 Host: 26.subnet125-161-138.speedy.telkom.net.id IP: 125.161.138.26 Post: Query: Stripped Query: Referer: https://int.search.myway.com/search/ggmain.jhtml?p2= %5eba5%5echr999%5es25743%5e&ptb=e67ff847-5f46-4c41- b368-104759f4edc1&n=78488f63&ind=&cn=us&ln=en&si=&tpr=hpsb&trs=wtt&brwsid=f809ba64- c8a5-4d3e-a739-3ed2aadf8f50&searchfor=connecting%20to%20deprecated%20signal %20%20qdbusconnectioninterface%3a%3a&st=tab User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Reconstructed URL: http:// www.kubuntuforums.net /showthread.php/71591-Knotes- and-Akonadi-Problem Generated by ZB Block 0.4.10a3 / MS-77g / COOK-2015-02a / KP-2017.93.516 ----- I ran rkhunters and except following warnings I did not see any malware problems. ----- # rkhunter -c --rwo Warning: The following suspicious shared memory segments have been found: Process: /usr/bin/kmail PID: 2557 Owner: constant Process: /usr/bin/yakuake PID: 2560 Owner: constant Warning: The SSH configuration option 'PermitRootLogin' has not been set. The default value may be 'yes', to allow root access. Warning: The SSH configuration option 'Protocol' has not been set. The default value may be '2,1', to allow the use of protocol version 1. ----- I just installed clamav but did not find any help so I am looking around for helpfiles. Any other advice. I am not yet ready to fight malware :( ------ opensuse:tumbleweed:20180209 Qt: 5.10.0 KDE Frameworks: 5.42.0 - KDE Plasma: 5.12.0 - kwin 5.12.0 kmail2 5.7.1 - akonadiserver 5.7.1 - Kernel: 4.15.1-1-default -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday, 2018-02-13 at 15:03 +0700, Constant Brouerius van Nidek wrote:
----- I found an interesting text at https://www.kubuntuforums.net/ and received following message: ----- 403 FORBIDDEN!
The attempt to connect to our site has been blocked for posing an undue risk based on analysis by the software protecting our site.
The analysis (detected reason(s)) for why you were blocked are: HTTP_REFERER detection of myway search. You are blocked due to a heavy malware infection. Please get Malwarebytes anti-malware free ( http:// www.malwarebytes.org/products/malwarebytes_free/ ), clean your computer, and return (BADREF-051.2).
That scanner is for Windows, and you are using Linux - I hope. Ask them.
If you believe you should not have been blocked; that you pose no risk to our site; an e-mail link to start a trouble ticket about this block is being provided.
However, I don't understand what importance has to them that you may run an infected machine for browsing. - -- Cheers, Carlos E. R. (from openSUSE 42.3 x86_64 "Malachite" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlqCpMIACgkQtTMYHG2NR9UHFwCfWK2rkGily1tqwtv/WBVQn9US UmkAmgNMXwTWN+6zc89B4pdgk0gw+nmb =H16u -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Tuesday, February 13, 2018 3:41:38 PM WIB Carlos E. R. wrote:
On Tuesday, 2018-02-13 at 15:03 +0700, Constant Brouerius van Nidek wrote:
----- I found an interesting text at https://www.kubuntuforums.net/ and received following message: -----
403 FORBIDDEN!
The attempt to connect to our site has been blocked for posing an undue risk based on analysis by the software protecting our site.
The analysis (detected reason(s)) for why you were blocked are: HTTP_REFERER detection of myway search. You are blocked due to a heavy malware infection. Please get Malwarebytes anti-malware free ( http:// www.malwarebytes.org/products/malwarebytes_free/ ), clean your computer, and return (BADREF-051.2).
That scanner is for Windows, and you are using Linux - I hope. Ask them.
If you believe you should not have been blocked; that you pose no risk to our site; an e-mail link to start a trouble ticket about this block is being provided.
However, I don't understand what importance has to them that you may run an infected machine for browsing.
You are completely right Carlos, Do not understand their problem. My system perhaps full of malware but why do they not recognize me as a linux system. My browser was until 5 minutes ago chromium!! and not chrome. The myway name was found only one time in Opere under adblocker-rules.json and some 300 times in the chromium cache. Windows is not available on my computers and after some 25 years of Linux (on Suse for 95% of the time) windows make no chance for a comeback. Sory for not being on the opensuse list for this problem but I stood under the impression that something was amiss with akonadictl and chromium. Thanks for the assistance, Constant -- opensuse:tumbleweed:20180209 Qt: 5.10.0 KDE Frameworks: 5.42.0 - KDE Plasma: 5.12.0 - kwin 5.12.0 kmail2 5.7.1 - akonadiserver 5.7.1 - Kernel: 4.15.1-1-default -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday, 2018-02-13 at 18:52 +0700, Constant Brouerius van Nidek wrote:
On Tuesday, February 13, 2018 3:41:38 PM WIB Carlos E. R. wrote:
That scanner is for Windows, and you are using Linux - I hope. Ask them.
If you believe you should not have been blocked; that you pose no risk to our site; an e-mail link to start a trouble ticket about this block is being provided.
However, I don't understand what importance has to them that you may run an infected machine for browsing.
You are completely right Carlos, Do not understand their problem. My system perhaps full of malware but why do they not recognize me as a linux system. My browser was until 5 minutes ago chromium!! and not chrome. The myway name was found only one time in Opere under adblocker-rules.json and some 300 times in the chromium cache. Windows is not available on my computers and after some 25 years of Linux (on Suse for 95% of the time) windows make no chance for a comeback. Sory for not being on the opensuse list for this problem but I stood under the impression that something was amiss with akonadictl and chromium.
Thanks for the assistance, Constant
Well, I don't know what a malignant plugin can do to a web site. But both Richard B. and Marcus M. point to .myway.com plugin or search engine, so I would listen to them. - -- Cheers, Carlos E. R. (from openSUSE 42.3 x86_64 "Malachite" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlqDJAEACgkQtTMYHG2NR9WbTwCgjONQU8BwBP+Q34phfX0SburH m8UAn0Ht6FjK+Koky3cx376TvRNlPogO =aRQg -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 13 February 2018 at 09:03, Constant Brouerius van Nidek <constant@indo.net.id> wrote:
At my Kmail "akonadictl restart" comes with following information. I have re-installed my account with 20180202 and would not expect such a message. I gave following text to google:
Connecting to deprecated signal QDBusConnectionInterface:: ----- I found an interesting text at https://www.kubuntuforums.net/ and received following message: ----- 403 FORBIDDEN!
The attempt to connect to our site has been blocked for posing an undue risk based on analysis by the software protecting our site.
The analysis (detected reason(s)) for why you were blocked are: HTTP_REFERER detection of myway search. You are blocked due to a heavy malware infection. Please get Malwarebytes anti-malware free ( http:// www.malwarebytes.org/products/malwarebytes_free/ ), clean your computer, and return (BADREF-051.2).
Your IP, Domain Name (if resolvable), the referring page (if any), QUERY, POST, User Agent, time of access, and date have been logged and flagged for admin review.
If you believe you should not have been blocked; that you pose no risk to our site; an e-mail link to start a trouble ticket about this block is being provided. Please do not change the beginning of the subject line or the preamble of the body text.
Click HERE to start a trouble ticket. Your connection details: Record #: 644839 Time: Tue, 13 Feb 2018 05:33:35 +0000 Running: 0.4.10a3 / MS-77g / COOK-2015-02a / KP-2017.93.516 Host: 26.subnet125-161-138.speedy.telkom.net.id IP: 125.161.138.26 Post: Query: Stripped Query: Referer: https://int.search.myway.com/search/ggmain.jhtml?p2= %5eba5%5echr999%5es25743%5e&ptb=e67ff847-5f46-4c41- b368-104759f4edc1&n=78488f63&ind=&cn=us&ln=en&si=&tpr=hpsb&trs=wtt&brwsid=f809ba64- c8a5-4d3e-a739-3ed2aadf8f50&searchfor=connecting%20to%20deprecated%20signal %20%20qdbusconnectioninterface%3a%3a&st=tab User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Reconstructed URL: http:// www.kubuntuforums.net /showthread.php/71591-Knotes- and-Akonadi-Problem
Generated by ZB Block 0.4.10a3 / MS-77g / COOK-2015-02a / KP-2017.93.516 ----- I ran rkhunters and except following warnings I did not see any malware problems. ----- # rkhunter -c --rwo Warning: The following suspicious shared memory segments have been found: Process: /usr/bin/kmail PID: 2557 Owner: constant Process: /usr/bin/yakuake PID: 2560 Owner: constant Warning: The SSH configuration option 'PermitRootLogin' has not been set. The default value may be 'yes', to allow root access. Warning: The SSH configuration option 'Protocol' has not been set. The default value may be '2,1', to allow the use of protocol version 1. ----- I just installed clamav but did not find any help so I am looking around for helpfiles. Any other advice. I am not yet ready to fight malware :(
------ opensuse:tumbleweed:20180209 Qt: 5.10.0 KDE Frameworks: 5.42.0 - KDE Plasma: 5.12.0 - kwin 5.12.0 kmail2 5.7.1 - akonadiserver 5.7.1 - Kernel: 4.15.1-1-default
The refences to ".myway.com" suggest the problem is malware in your browser , which your user agent is Chrome. MyWay appears to be a malicious browser plugin. It should be removable by deleting the ".config/google-chrome" folder in your home directly - which will have the side effect of removing all your other chrome settings. It's possible it got there by use of the Google Sync feature and an infection on another machine (eg. Windows/Mac), so please consider cleaning up any other machines you have also. If you have further problems, I suppose the best option would be to contact Google - Google Chrome is not openSUSE software. In the future, please consider emailing requests like this to our support mailinglist on opensuse@opensuse.org opensuse-factory@opensuse.org is intended as the project's development list, which sometimes mean Tumbleweed users feedback and questions are relevant given how Tumbleweed is so close to that ongoing development. But I don't think that applies in this case, especially as none of our projects software is involved. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Hi, Your use of the search engine "myway.com" seems to trigger this, your system itself is probably unaffected. Ciao, Marcus On Tue, Feb 13, 2018 at 03:03:08PM +0700, Constant Brouerius van Nidek wrote:
At my Kmail "akonadictl restart" comes with following information. I have re-installed my account with 20180202 and would not expect such a message. I gave following text to google:
Connecting to deprecated signal QDBusConnectionInterface:: ----- I found an interesting text at https://www.kubuntuforums.net/ and received following message: ----- 403 FORBIDDEN!
The attempt to connect to our site has been blocked for posing an undue risk based on analysis by the software protecting our site.
The analysis (detected reason(s)) for why you were blocked are: HTTP_REFERER detection of myway search. You are blocked due to a heavy malware infection. Please get Malwarebytes anti-malware free ( http:// www.malwarebytes.org/products/malwarebytes_free/ ), clean your computer, and return (BADREF-051.2).
Your IP, Domain Name (if resolvable), the referring page (if any), QUERY, POST, User Agent, time of access, and date have been logged and flagged for admin review.
If you believe you should not have been blocked; that you pose no risk to our site; an e-mail link to start a trouble ticket about this block is being provided. Please do not change the beginning of the subject line or the preamble of the body text.
Click HERE to start a trouble ticket. Your connection details: Record #: 644839 Time: Tue, 13 Feb 2018 05:33:35 +0000 Running: 0.4.10a3 / MS-77g / COOK-2015-02a / KP-2017.93.516 Host: 26.subnet125-161-138.speedy.telkom.net.id IP: 125.161.138.26 Post: Query: Stripped Query: Referer: https://int.search.myway.com/search/ggmain.jhtml?p2= %5eba5%5echr999%5es25743%5e&ptb=e67ff847-5f46-4c41- b368-104759f4edc1&n=78488f63&ind=&cn=us&ln=en&si=&tpr=hpsb&trs=wtt&brwsid=f809ba64- c8a5-4d3e-a739-3ed2aadf8f50&searchfor=connecting%20to%20deprecated%20signal %20%20qdbusconnectioninterface%3a%3a&st=tab User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Reconstructed URL: http:// www.kubuntuforums.net /showthread.php/71591-Knotes- and-Akonadi-Problem
Generated by ZB Block 0.4.10a3 / MS-77g / COOK-2015-02a / KP-2017.93.516 ----- I ran rkhunters and except following warnings I did not see any malware problems. ----- # rkhunter -c --rwo Warning: The following suspicious shared memory segments have been found: Process: /usr/bin/kmail PID: 2557 Owner: constant Process: /usr/bin/yakuake PID: 2560 Owner: constant Warning: The SSH configuration option 'PermitRootLogin' has not been set. The default value may be 'yes', to allow root access. Warning: The SSH configuration option 'Protocol' has not been set. The default value may be '2,1', to allow the use of protocol version 1. ----- I just installed clamav but did not find any help so I am looking around for helpfiles. Any other advice. I am not yet ready to fight malware :(
------ opensuse:tumbleweed:20180209 Qt: 5.10.0 KDE Frameworks: 5.42.0 - KDE Plasma: 5.12.0 - kwin 5.12.0 kmail2 5.7.1 - akonadiserver 5.7.1 - Kernel: 4.15.1-1-default
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-- Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409 Nuernberg; Zi. 3.1-33,+49-911-740 53-432,,serv=loki,mail=wotan,type=real <meissner@suse.de> -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (4)
-
Carlos E. R. -
Constant Brouerius van Nidek -
Marcus Meissner -
Richard Brown