Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How do you know that the site was hacked? If you know that then you may be able to find what malware was involved. That would tell you if you may have a problem.
Can you be more specific regarding the exploitation of the site? I have used cadtutor in the past and found it to be a good resource. I am sorry to hear that they are having potential trouble.
If you were running Debian Linux, your chances of being infected with operable mal-ware are small. This assumes, of course, that it was targeting Windows mal-ware which 99.99% of it is. If you were running as a regular user, not as root, the chances of you being permanently infected are exceedingly small. Clear out your browsers cache, cookies, etc, and reboot and things should be clear. You can always run an anti-virus scan to see if you have anything left over. The bigger risk is that you may pass an infection on to a Windows system and this would help in that regard as a precaution.
Last edited by Noway2; 02-28-2011 at 08:37 AM.
Reason: Added Windows mal-ware comment
I browsed forum 'cadtutor.net' which have been hacked to "serve" malware.
noscript was disabled for that site, should I worry about catching a virus on Debian?
An actual virus (in the technical sense) on GNU/Linux is quite unlikely. However, there may have been some other type of malware. On what date exactly did you visit the site with NoScript disabled? What browser (and version number) where you using? Were the rest of the installed packages up-to-date? Did you use your primary account on your computer or a dedicated/disposable account? Have you found any information that would indicate the type of malware that was being issued on the site? Answers to these questions would help us gauge your risk level from exposure. Of course, there's no replacement for the use of automated scanning tools and/or keen observation/analysis.
thanks for replies.
I had posted a question on cadtutor on 25 febrary and browsed it around that time, using latest Debian testing.
Google set me in 'panic mode' with its report. However now it doesn't report site is hacked.
It seems that they had problems in january too.
I'm gonna delete bunch of sites from my noscript now, to be safe.
Except for linuxquestions.org.
If this forum ever gets a virus, it will be probably end of the world, anyway.
No, cad tutor comes up just fine for me (tried at 9am EDT) and even browsed around a few tutorials. Do you have some example URLs and / or IP addresses? What happens if you do an nslookup from your PC of these URLs? Also try against another DNS like Google (8.8.8.8). You are going to cadtutor.NET correct?
yes, I am trying forum on cadtutor.net and get 'not found' page.
if I try www.cadtutor.net directly, it shows a page that looks like this: http://www.emilymyers.com/
url bar shows cadtutor.net.
can you send me email of moderator there, I want to complain.
grr
I'm at home now and it works normally. no its not 'upsidedown thingy'. I suspect that those *incompetent fools* (sorry, cannot think of better words) at cadtutor decided to play a little game with everyone using proxy.
At work we are FORCED to use corporate proxy+NAT.
many others probably have to use proxies, this is very unprofessional from such big website like cadtutor.
Definitely a DNS problem. Performing an nslookup on cadtutor.net is returning 109.228.20.69 AND 77.72.206.14 in alternating fashion. Both of them reverse lookup to an intermediate service provider, so it would taking additional digging to figure out who is in the error. Since it is alternatively giving right / wrong information, it looks like there are multiple DNS servers, one or more of which has incorrect zone information.
Definitely a DNS problem. Performing an nslookup on cadtutor.net is returning 109.228.20.69 AND 77.72.206.14 in alternating fashion. Both of them reverse lookup to an intermediate service provider, so it would taking additional digging to figure out who is in the error. Since it is alternatively giving right / wrong information, it looks like there are multiple DNS servers, one or more of which has incorrect zone information.
OK.
Thanks for the further information.
@qrange
If your DNS (maybe yours, maybe your ISP's) is broken you should not use "internet banking" or similar until you have this issue fully resolved.
I have asked that this thread be moved to "Linux-Security" where better informed members will be able to help you.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.