MozillaZine

Searchguide - perrenial P.I.T.A (linux) (SOLVED)

Discuss various technical topics not related to Mozilla.
Grumpus

User avatar
 
Posts: 11930
Joined: October 19th, 2007, 4:23 am
Location: ... Da' Swamp

Post Posted November 15th, 2017, 7:02 am

My guess is this is something from my ISP more than something from the Linux Mint install but . . .
198.105.240.0/198.105.255.255 is the range which needs to be blocked on ports 80,139,443 and 445.
I'm noting this because during the early stages of a new Linux Mint 18.2 Mate setup there was an endless stream of hits on the 139 and 445 ports
It's amazing how obnoxious these weasels can be and it would be good if someone closed them down as they attempt to act as man in the middle search when someone places anything in some form of search process which is not recognized or controlled by a normal process. In some case the whois which comes with the gnome-nettools package has even been affected and searchguide should in no way be affecting that program.
Just a heads up if you want to dump them,
http 80/tcp www # WorldWideWeb HTTP
netbios-ssn 139/tcp # NETBIOS session service
microsoft-ds 445/tcp # Microsoft Naked CIFS
https 443/tcp # http protocol over TLS/SSL
Last edited by Grumpus on July 20th, 2018, 5:41 am, edited 1 time in total.

mightyglydd

User avatar
 
Posts: 9187
Joined: November 4th, 2006, 7:07 pm
Location: Hollywood Ca.

Post Posted November 15th, 2017, 9:30 pm

Grumpus wrote:It's amazing how obnoxious these weasels can be

Image
#KeepFightingMichael

Grumpus

User avatar
 
Posts: 11930
Joined: October 19th, 2007, 4:23 am
Location: ... Da' Swamp

Post Posted July 17th, 2018, 6:20 am

This is getting really bad with the interruptions of connection from searchguide.com and searchguideinc.com
IPs appear to be 198.105.244.64 and 198.105.254.64out of Colorado but may be more.
Signals are coming through lax1.he.net; ash1.he.net; and nyc5.he.net
Secure sites which I have bookmarked, checked and double checked are being interrupted, delayed and redirected to bogus sites by searchguide. Indications of the redirects are missing controls or failures in visual changes once certain information is entered.
I've seen similar issue here in the 'zine with a bogus page missing some of the controls
It appears they are blowing past most protections and are faking their actual IPs.
This is occurring whether Firefox is open or not now and I believe it may be compromised beyond the maintainers/authors capabilites and appears to be expanding.


Mighty - Please remove the dopey cat gif?

PS: 176.58.90.154 apparently dislikes my post.

Return to MozillaZine Tech


Who is online

Users browsing this forum: No registered users and 1 guest