MozillaZine

Determine which AWS pages are Mozilla and which are crap.

Discussion of general topics about Mozilla Firefox
therube

User avatar
 
Posts: 19163
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post Posted November 28th, 2017, 12:26 pm

I'm trying to determine what's real and whats bogus

Try a different browser, Chrome or whatever.
Or close all browsers.
If you get the same traffic...

Try Safe Mode.
Could be extension related.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript

RobertJ
Moderator

User avatar
 
Posts: 10679
Joined: October 15th, 2003, 7:40 pm
Location: Chicago IL/Oconomowoc WI

Post Posted November 28th, 2017, 12:36 pm

.
FWIW - NoScript 10.1.3rc3 works just fine on FF57.0 and NS 5.1.7 works fine on FF56.0.2

The interface on NS10.1.... is not what you are used to but after reading the faq's on the NS site and playing with it, it is quite logical and works as advertised on a site by site basis.

.
FF 63.0.3 - FF 64b9 - FF 65a - TB 60.3 - Mac OSX 10.13.6
Computers I've used: IBM 7094/UNIVAC 1108/IBM 360/DEC PDP11/DEC VAX-11 780/DEC VAXstation 8000/Sun SPARCstation 2/Mac from 1984 to 2018

Brummelchen
 
Posts: 3846
Joined: March 19th, 2005, 10:51 am

Post Posted November 28th, 2017, 1:00 pm

@therube - i dont care about your statement about blank trust - but that not the matter.
amazonaws is a CDN at first - read wikipedia about what is a cdn.
and then you can start research what mozilla is using of that cdn/gateway for its services to maintain a flawless firefox working around the world.

amazonaws is no single gateway computer - its a cd-network around the world to deliver fast and reliable > content.

thats why i wrote to cut down firefox functions.

if some blocks aws cdn he also cuts down many more service around the world - important webpages also using it.

there are several cdn at work:
ajax.aspnetcdn.com
alicdn.com
cdnjs.cloudflare.com
fbcdn.net
jwpcdn.com (jw-player)
tiqcdn.com
addons.cdn.mozilla.net
boxcdn.net (box.com)
g.cdn1.megaad.nz (mega file hoster)
cdn.gmxpro.net
cdn.akamai.steamstatic.com (used by steam)
akamai is one of the first cdn of the world (adobe and MS are using it to distribute patches)
aso.

in fact blocking cdn services ist stupid and lack of knowledge.

RobertJ
Moderator

User avatar
 
Posts: 10679
Joined: October 15th, 2003, 7:40 pm
Location: Chicago IL/Oconomowoc WI

Post Posted November 28th, 2017, 1:04 pm

.
Brummelchen well put and well informed. =D>

.
FF 63.0.3 - FF 64b9 - FF 65a - TB 60.3 - Mac OSX 10.13.6
Computers I've used: IBM 7094/UNIVAC 1108/IBM 360/DEC PDP11/DEC VAX-11 780/DEC VAXstation 8000/Sun SPARCstation 2/Mac from 1984 to 2018

therube

User avatar
 
Posts: 19163
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post Posted November 28th, 2017, 1:20 pm

While any number of companies/services may use, even rely upon, any number of cdn's, just because "they are there & they are used" does not mean that one should trust them - IMO.

And sure, if you block them, if you block anything, by virtue of blocking, you're liable to break something too.

Google: "cloudflare exploit", "akamai exploit", ...
The NoScript Misnomer – Why should I trust vjs.zendcdn.net?

Everything is exploitable, so by limiting exposure, you could limit or negate exploits.
And again, by limiting, you can break.
So one decides which path is right for them, & takes it.
You don't go into the sun, you don't get sunburn, but that does not mean you won't develop melanoma.

Anyhow, if he's getting unexplained "hits" & if he feels he shouldn't, & he is not OK with that, then he ought to try to figure out the cause.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript

RobertJ
Moderator

User avatar
 
Posts: 10679
Joined: October 15th, 2003, 7:40 pm
Location: Chicago IL/Oconomowoc WI

Post Posted November 28th, 2017, 1:28 pm

.
This is a support forum, moving to General.

.
FF 63.0.3 - FF 64b9 - FF 65a - TB 60.3 - Mac OSX 10.13.6
Computers I've used: IBM 7094/UNIVAC 1108/IBM 360/DEC PDP11/DEC VAX-11 780/DEC VAXstation 8000/Sun SPARCstation 2/Mac from 1984 to 2018

therube

User avatar
 
Posts: 19163
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post Posted November 28th, 2017, 2:04 pm

I get the permission notices

Then that means you're wanting to install 10.x, not 5.

Tried cleaning the system of NoScript and a new install

Oh, that reminds me, I don't think extensions use prefs.js any longer (at least NoScript doesn't seem to).
Instead some (I forgot the name & can't check now), some "storage" something or the other ? .sqlite ?
Anyhow, its a new name, & would be found in your Profile folder (top level, not with the any "storage" subdirectory).
Don't know if all extension use the same file or what?

I just tried to access the 'zine to say I had tried somethg else to no avail and got a General Erros - SQL too many connections.

forum under attack?
You & Bob C may have something in common?
Last edited by therube on November 28th, 2017, 2:10 pm, edited 1 time in total.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript

Brummelchen
 
Posts: 3846
Joined: March 19th, 2005, 10:51 am

Post Posted November 28th, 2017, 2:10 pm

if he's getting unexplained "hits" & if he feels he shouldn't, & he is not OK with that, then he ought to try to figure out the cause.

+1

he should determine which domains are put on the attacking ip-adresses - aws share ip adresses, service are not seperated. unfortunately mozilla.org can share same ip as attacking server (less probability) and end user can not see which one.

you can check it yourself by going to NoScript > Options > Whitelist
The list includes the following:

some of them known here, some of the noop'ed or trusted (ublock).
i have some locks on cloudfront.net, cloudflare.com and cloudflaressl.com. they appeared middle 2017 here on screen - not theses domains in the addressbar, but the services behind were theses domains. and some of them serves ssl certs so the origin webpages was ssl trusted. i reported those but did not care further because i create some rules.

the problem behind is that starting with forcing ssl in chrome and firefox malicious ssl pages also starts rising.

therube

User avatar
 
Posts: 19163
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post Posted November 28th, 2017, 2:16 pm

*cough, again - I have seen 10 install in 56 - though it should NOT. Even though installed, it does nothing.

Actually, it was in FF 45 :-).

Image
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript

RobertJ
Moderator

User avatar
 
Posts: 10679
Joined: October 15th, 2003, 7:40 pm
Location: Chicago IL/Oconomowoc WI

Post Posted November 28th, 2017, 2:19 pm

therube wrote:Oh, that reminds me, I don't think extensions use prefs.js any longer (at least NoScript doesn't seem to).
Instead some (I forgot the name & can't check now), some "storage" something or the other ? .sqlite ?


I believe that the extension "data" is in the directory

browser-extension-data

in the profile which has sub-directories matching the UUID's of the the extensions.


.
FF 63.0.3 - FF 64b9 - FF 65a - TB 60.3 - Mac OSX 10.13.6
Computers I've used: IBM 7094/UNIVAC 1108/IBM 360/DEC PDP11/DEC VAX-11 780/DEC VAXstation 8000/Sun SPARCstation 2/Mac from 1984 to 2018

efox99

User avatar
 
Posts: 127
Joined: March 24th, 2011, 7:55 pm

Post Posted November 28th, 2017, 3:51 pm

Frank Lion wrote:browser.ping-centre.telemetry
toolkit.telemetry.archive.enabled
toolkit.telemetry.bhrPing.enabled
toolkit.telemetry.enabled
toolkit.telemetry.firstShutdownPing.enabled
toolkit.telemetry.newProfilePing.enabled
toolkit.telemetry.reportingpolicy.firstRun
toolkit.telemetry.shutdownPingSender.enabled
toolkit.telemetry.unified
toolkit.telemetry.updatePing.enabled
experiments.enabled
experiments.activeExperiment
experiments.supported
datareporting.healthreport.uploadEnabled
nsITelemetry.canRecordBase
nsITelemetry.canRecordExtended
geo.enabled

Then do a http search term search in about:config and right click>Modify>delete on all their addresses. They have quite a hard job figuring out where to connect to after doing that. Not that hard, is it?




Thanks. :D

Grumpus

User avatar
 
Posts: 12018
Joined: October 19th, 2007, 4:23 am
Location: ... Da' Swamp

Post Posted November 29th, 2017, 7:09 am

It does not matter what is done in respect to dropping shields, clearing hosts files or removing IPs from the system firewall.
I'm wondering if there is an "Install attempt limit" - I seem to remember coming across either this as a notation or a warning.
If Firefox or what ever CDN or other server the installation process detects, a number of failed attempt maybe the issue.
I've tried everything I am capable of with the exception of removing the Firefox installer which seems to linger about in a number of various locations.
Tried a safe-mode install, tried shields down approach on add-ons and from the link posted by therube.
Have one more thing I might not have tried but after that 57 might go.
Too much stuff from outside the system as noted by Frank Lion and too much experimentation plus as noted by therube and exampled HERE
I can understand wanting to gather performance data and use information but there has to be a sane limit, this all exceeds sane and secure.
Plus Google seems to have a proclivity with 216.58.218.196 to continually try and dump MB levels of something on the system as protections fro who knows what and the way it grabs the system create a DoS for downloads and other things. During the add-ons process there was a crap load of Google interferences for what, nothing more than to interfere. At least it appears that way.

Brummelchen
 
Posts: 3846
Joined: March 19th, 2005, 10:51 am

Post Posted November 29th, 2017, 7:57 am

browser-extension-data

some webextensions put its storage.js there, some put a database (sqlite) in \storage\default\

Grumpus

User avatar
 
Posts: 12018
Joined: October 19th, 2007, 4:23 am
Location: ... Da' Swamp

Post Posted November 29th, 2017, 11:29 am

@therube - to clarify, no issues with NoScript 5.1.7 in FF56.
I got the panel, same as you in 57 and initially it picked up on the allowed, disallowed list but for some reason that disappeared then it became just the simple bar without function.
Tried any number of ruminations to no avail and the only thing I can think is something is being blocked by Firefox somehow, attempt limit or one of the supporting url helpers.
I'll just put the iron pants on 56 on the one system and live with what's going on on the other.
It would still be nice to be able to determine what was Mozilla and what wasn't, also why the hell is Joe's Software popping up during install attempts, even with the NoSCript site install?

Brummelchen
 
Posts: 3846
Joined: March 19th, 2005, 10:51 am

Post Posted November 29th, 2017, 1:43 pm

without evidence (logs) we can not help further. could be anything around or in firefox.

either external logger or firefox -> about:networking#logging

Return to Firefox General


Who is online

Users browsing this forum: No registered users and 4 guests