LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-05-2019, 04:42 AM   #1
trumpforprez
Member
 
Registered: Nov 2016
Location: UK
Distribution: Debian Jessie
Posts: 154

Rep: Reputation: Disabled
Suspicious actions happening when web browsing


I've recently had some unusual things happening with my web browsing.
Yesterday I received a message from my HTTPS Everywhere addon asking 'permission' to access all the sites I visit.
I thought that was an unusual request - so I disabled the addon.

Today, I updated Ubuntu 16.04 and 3 openSSH packages were downloaded.
After that, the internet went offline. But I didn't switch off internet access.

After a reboot I went onto Wikipedia.
The site said I had a message from them - but I'm not registered with the site.
When I pressed the link to see the message it said I had made a change to a page but I didn't provide a source to justify the change.
The page is about some boy band in the UK which I've never heard of.

The OS I have is a lightweight version of Ubuntu and doesn't have all the protection features.

1. Is there a way I can make sure my OS isn't accessed remotely?

2. Has anyone else received openSSH packages recently from Ubuntu?

3. Why has Wikipedia mixed me up with some other guy when I don't even have an account with them?
Does the edited Wikipedia page indicate anything?

4.Is that message from HTTPS Everywhere normal?
 
Old 03-05-2019, 07:45 PM   #2
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Ubuntu MATE, Mageia, and whatever VMs I happen to be playing with
Posts: 19,272
Blog Entries: 28

Rep: Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124
Offhand, I'd say that none of this is normal.

Do you have the firewall enabled?

I'm guessing you're using Firefox. Do you have NoScript or something like it enabled?

Have you emptied your browser cache and cleared the browser history and cookies?
 
1 members found this post helpful.
Old 03-06-2019, 04:58 AM   #3
hydrurga
LQ Guru
 
Registered: Nov 2008
Location: Pictland
Distribution: Linux Mint 21 MATE
Posts: 8,048
Blog Entries: 5

Rep: Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925
Both openssh-client and ssh-askpass-gnome were updated on my system from the Ubuntu repos on 4 March. The latter may have affected HTTPS Everywhere. My reaction on seeing what you experienced would have been to reboot my system and check again.

Does anyone else share your internet router? On the other hand, your ISP might have given you a rotated IP address that had previously been used by someone else editing Wikipedia.
 
1 members found this post helpful.
Old 03-06-2019, 04:25 PM   #4
trumpforprez
Member
 
Registered: Nov 2016
Location: UK
Distribution: Debian Jessie
Posts: 154

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by frankbell View Post
Offhand, I'd say that none of this is normal.

Do you have the firewall enabled?

I'm guessing you're using Firefox. Do you have NoScript or something like it enabled?

Have you emptied your browser cache and cleared the browser history and cookies?
Good to know others find this unusual too.
I don't think the lightweight OS had a firewall.

Certainly use NoScript.
Only recently have I found you can delete cookies on Firefox browser!
But I now use this feature regularly. Not sure how effective it is though.
 
Old 03-06-2019, 04:58 PM   #5
trumpforprez
Member
 
Registered: Nov 2016
Location: UK
Distribution: Debian Jessie
Posts: 154

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by hydrurga View Post
Both openssh-client and ssh-askpass-gnome were updated on my system from the Ubuntu repos on 4 March.
Yes, I have just seen some ssh apps being upgraded on Debian on my second PC.

Quote:
The latter may have affected HTTPS Everywhere. My reaction on seeing what you experienced would have been to reboot my system and check again.
Yes, and switch router off and on again at the mains to get a new dynamic IP.
At the end of the day, I think it's best just to get a paid VPN from a 'non-Five Eyes' provider.

Quote:
Does anyone else share your internet router? On the other hand, your ISP might have given you a rotated IP address that had previously been used by someone else editing Wikipedia.
That's an interesting point.
However, I prefer suspicion and paranoia to gentle innocence.

Even so, I think the problem has been resolved temporarily.
I found a way to upgrade Ubuntu (dist-upgrade) to the latest version.
This would mean I can upgrade from the pre-installed lightweight Ubuntu to the full fat version.
Unfortunately, this doesn't work with the RK3399 single board computer as I now get the Black Screen of Facepalm on boot.

I now need to refer to the OEM to find a way to flash the lightweight Ubuntu OS back onto the SBC.
This may be problematic as my Mandarin is not so great.
 
Old 03-06-2019, 05:06 PM   #6
hydrurga
LQ Guru
 
Registered: Nov 2008
Location: Pictland
Distribution: Linux Mint 21 MATE
Posts: 8,048
Blog Entries: 5

Rep: Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925Reputation: 2925
Quote:
Originally Posted by trumpforprez View Post
However, I prefer suspicion and paranoia to gentle innocence.
I'm more a fan of Occam's razor.
 
Old 03-06-2019, 08:43 PM   #7
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Ubuntu MATE, Mageia, and whatever VMs I happen to be playing with
Posts: 19,272
Blog Entries: 28

Rep: Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124
I don't know anything about Lightweight OS, but, if it uses the Linux kernel, is should have firewall capability built in; it's called "iptables."

https://wiki.debian.org/Firewalls

I recommend GUFW as a GUI front-end for configuring iptables; UFW is a nice command line front-end.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Browsing the web with Min, a minimalist open source web browser LXer Syndicated Linux News 0 10-17-2018 10:01 AM
So What's Happening To Linux Web Support? ie: Flash enorbet Linux - Software 2 12-01-2013 05:39 PM
[SOLVED] How to turn Turtle-speed browsing into penguin-speed browsing?? :D IlIl7 Linux - Newbie 7 10-18-2010 05:21 AM
Strange actions happening all the time kozaru Linux - Newbie 11 09-06-2008 12:13 PM
My Network Browsing desktop icon is gone > my network browsing desktop icon i kkempter SUSE / openSUSE 1 01-12-2006 12:14 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:15 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration