Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I installed a Fire Fox browser on Win 7 and it got infected with malware from kat.cr when I tried to download a torrent. This malware ONLY AFFECTS Fire Fox, Chrome works fine and is not affected. I have completely removed and reinstalled FireFox but clearly some files are not being removed because the new invocation already has ghostery installed and it immediately goes back to the last site. That's where Linux gets involved.
The site that seems to trigger the malware to start all sorts of popups and ads is my local server running Linux Slackware 11 and an Apache HTTP server. I can go to other site with Fire Fox (e.g., google.com) without triggering the infection but when I go to my local server stuff starts happening. I have run 4 different virus/malware scanners on this Win 7 machine, all of which find a couple of dozen files that they remove but none of that gets at the seed that reloads all those. One thing it does is reset the "home page" on FireFox. It even does it while I'm on that page setting it, I set it resets.
I'm not sure but I think the same malware tried to attack FireFox on my Slackware64 14.1 machine but it doesn't take there. I closed the browser and reopened it and no more problem. None of these problems show up with the other browsers on Slack 14.1 either. It's only the FireFox on the windows machine, and esp when connecting to the Slack 11 server.
oops, an ad just popped up on the wikipedia site so it's not just my local server.
Last edited by rdx; 10-22-2015 at 01:41 AM.
Reason: added
Is your server accessible from internet? If it is the web pages it serves may be hacked.
Yes, it must be accessible because my logs show I was attacked like 200k times last year in attempted breakins. Based on the dictionary of user names that were thrown at it I would say that attack came from Italy. Sometimes I had as many as 12 attempts/second of guessing the root password (ssh). The thing is, I don't see any changes to the web pages. They're simple, < 100 lines, mostly menus which select and run .php routines (small simple ones which I wrote). If web pages are hacked, what would it look like? Added links, right?
Create a new Firefox profile and check using the new profile.
Let us know.
I'm not sure what you mean by "create a new Firefox profile." However I did login as a different user and Firefox seems to be clean for that user. So it seems it is tied to the user and not the browser or the server? That doesn't sound so bad then.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.