cancel
Showing results for 
Search instead for 
Did you mean: 

Unusual problem

FIXED
Community Veteran
Posts: 8,404
Thanks: 899
Fixes: 9
Registered: 02-08-2007

Unusual problem

I have a couple of desktop PC's which are a few years old along with a Android Tablet.

The Desktops are only connected to the internet when using Linux (Mint 18.1)

Using my bookmark link to to Plusnet using the tablet, no problem.

Using the bookmark link to plusnet using either Desktop I get some other website appearing showing someone with a cup of tea along with a obscene message.

I have tried deleting the link and tried to log into the PN website but the same thing keeps appearing.

I am not aware of anything I can use to check for malware or a virus in Linux.

Would be grateful for some advice on the above as the best way forward.

Bookmarks to all other bookmarked sites seem to work ok

Thanks

 

 

 

 

27 REPLIES
Community Veteran
Posts: 5,237
Thanks: 1,321
Fixes: 31
Registered: 16-10-2014

Re: Unusual problem

It looks to me that you've been hijacked in some way, so may be an exploit on the browser you are using which is? This is where my money is.

 

Community Veteran
Posts: 1,442
Thanks: 229
Fixes: 31
Registered: 13-08-2015

Re: Unusual problem

Time to run AntiMalwareBytes and see what it finds.

Community Veteran
Posts: 3,439
Thanks: 334
Fixes: 4
Registered: 05-04-2007

Re: Unusual problem

Interesting, it's been ages since I used Linux, so what I say is most probably wrong. I haven't heard of many exploits on it, it is more locked down and has a fewer user base so malware writers don't usually bother.

Can you check the hosts file .. I think you can either use an editor (I liked vi, never got on with emacs), or print it out, so say:

vi \etc\hosts
more \etc\hosts

Community Veteran
Posts: 5,237
Thanks: 1,321
Fixes: 31
Registered: 16-10-2014

Re: Unusual problem

@Alex - I was referring to an exploit in the browser being used, or more probable a plugin.

In order to modify the hosts file you need to be root and if that has been changed then there is much more of a problem than a hijack.

@gleneagles - If you do want to view then check it's timestamp first just to see when it was modified last

ls -la /etc/hosts
then
cat /etc/hosts
Community Veteran
Posts: 8,404
Thanks: 899
Fixes: 9
Registered: 02-08-2007

Re: Unusual problem

Thanks,

Will check that out later today.

Community Veteran
Posts: 8,404
Thanks: 899
Fixes: 9
Registered: 02-08-2007

Re: Unusual problem

When using the PN Bookmark or entering PN in Google Search engine the page that displays is,

WWW.zenzoneforum.com/threads/2153-nice-hot-cup-of-STFU

Looking in Linux using the instructions suggested get me,

DESKTOP-PC ~ $ ls -la /etc/hosts

-rw-r--r-- 1 root root 232 Aug 22 2014 /etc/hosts

DESKTOP-PC ~ $ cat /etc/hosts

127.0.0.1 localhost

127.0.1.1 DESKTOP-PC

 

# The following lines are desirable for IPv6 capable hosts

::1 ip6-localhost ip6-loopback

fe00::0 ip6-localnet

ff00::0 ip6-mcastprefix

ff02::1 ip6-allnodes

ff02::2 ip6-allrouters

DESKTOP-PC ~ $

 

Not sure what any of that means.

Community Veteran
Posts: 5,237
Thanks: 1,321
Fixes: 31
Registered: 16-10-2014

Re: Unusual problem

@gleneagles - There's is nothing wrong with the content of that file at all. So it looks like it might be related to your browser.

So what browser are you running?

Who are you using for DNS?

Also can you get here (46.19.168.229) this is the IP of the community?

What about a traceroute as well?

 

Community Veteran
Posts: 4,846
Thanks: 121
Fixes: 24
Registered: 14-07-2009

Re: Unusual problem

If you try to go to web site A and end up at different web site B then this suggest to me that the process of translating from web address to internet IP address may be failing.  If I understand correctly, the computer first checks for entries in the 'hosts' file so a bad entry there could cause a problem.  If there is nothing in the host file then the computer refers to whatever Domain Name Server is specified.  Check that your DNS server is set to be something sensible.  By deault it may well be set to be your router.     

Community Veteran
Posts: 8,404
Thanks: 899
Fixes: 9
Registered: 02-08-2007

Re: Unusual problem

Fix

Using Firefox web browser in Linux

46.19.168.229 does get me directly into the forum, having bookmarked that and then trying it, it works ok so that has solved the problem.

Namedserver is showing as 127.0.1.1

I did not perform a trace route as I was unsure how, is there some free trace route program or instruction in linux.

Thanks.

Community Veteran
Posts: 5,237
Thanks: 1,321
Fixes: 31
Registered: 16-10-2014

Re: Unusual problem

Well no its not, that's simply treating the symptom and not the cause. 127.0.1.1. Is a very odd address for a DNS server so you need to see why that is. As you're using DHCP then the DNS server used are configured in your router so you ought to check that out as well then restart your network on your PC. To do a trace route use:

traceroute community.plus.net

from a terminal.

 

Superuser
Superuser
Posts: 6,474
Thanks: 590
Fixes: 49
Registered: 30-07-2007

Re: Unusual problem

127.0.1.1 is the address that dnsmasq ( local forwarding DNS server ) listens on. That's the default for Ubuntu(and Mint) installations that use resolvconf.

To see the real DNS servers that are being used you need to use (well in Ubuntu anyway) Network manager -> connection information. I assume MInt has something similar...

Community Veteran
Posts: 8,404
Thanks: 899
Fixes: 9
Registered: 02-08-2007

Re: Unusual problem

OK,

Will check that out tomorrow and post back the results.

thanks

Community Veteran
Posts: 5,237
Thanks: 1,321
Fixes: 31
Registered: 16-10-2014

Re: Unusual problem

I didn't know that (evidently) thanks for that @MisterW

Superuser
Superuser
Posts: 6,474
Thanks: 590
Fixes: 49
Registered: 30-07-2007

Re: Unusual problem

If I'm honest, I didn't know that until I did an nslookup on my Ubuntu desktop and did some googling