MozillaZine

Tabs HIJACKED!

Discussion of bugs in Mozilla Firefox
msjayhawk

User avatar
 
Posts: 28
Joined: March 25th, 2004, 10:47 am

Post Posted April 25th, 2011, 8:31 pm

How in the world is it possible for one to navigate to a page, with seven or eight tabs open, and the front most go to a malicious site, AND THEN, the next tab back starts rolling to a hijack site, then another 2 deep, and then one three deep!!

This is a real problem. I don't care if it comes from all of your typical sleaze sites, porn, gambling, korean sales sites, etc.

I want to know how this is possible. It shakes my confidence in Firefox....

Second, how do you prevent the pop up that says "are you sure you want to leave the site", and you click the appropriate button, and all it does is open a new site in a new tab with the same stupid exit 'statement'. I have to close down firefox and then restart and close the tabs before they load...

Greatly appreciated. If this stuff is happening in small locations, soon people will be using it all over firefox :oops:

KWierso
 
Posts: 8821
Joined: May 7th, 2006, 10:29 pm
Location: California

Post Posted April 25th, 2011, 9:02 pm

Got some links to where this is happening? I've never seen anything like this.

Sounds more like the system is infected with some malware.

msjayhawk

User avatar
 
Posts: 28
Joined: March 25th, 2004, 10:47 am

Post Posted April 25th, 2011, 9:20 pm

KWierso wrote:Got some links to where this is happening? I've never seen anything like this.

Sounds more like the system is infected with some malware.
Trust me, not the system. I have had it happen 5 or 6 times since xmas. Probably 4 times in the last two months. Plus in Feb I put an new hard drive in and redid my MacBook Pro. I did not use time machine. New system

This is real. I am just asking how it happens. If you don't know now, I can't imagine what will happen when the mainstream gets it. Probably generated by the MS/IE crowd...

msjayhawk

User avatar
 
Posts: 28
Joined: March 25th, 2004, 10:47 am

Post Posted April 25th, 2011, 9:41 pm

The problem is, when you get attacked and start seeing you back tabs start rolling, you get out as fast as you can and shut it off. I can see by your platform that you don't know what it truly feels like to be hijacked since you are accustomed to weird results of clicks. I don't mean that badly, I just mean from someone that has XP Pro at work and Mac at home. We are just not as script ready on mac. But this happens on MAC and WINDOWS.

As long as you ignore the fact that this is hijackable, the longer it is going to take to recover when it is prevalent...

KWierso
 
Posts: 8821
Joined: May 7th, 2006, 10:29 pm
Location: California

Post Posted April 25th, 2011, 9:51 pm

Until you can show me where you're getting "hijacked", I can't do anything about it, as I've never seen it happen.

msjayhawk

User avatar
 
Posts: 28
Joined: March 25th, 2004, 10:47 am

Post Posted April 25th, 2011, 10:07 pm

Well, until you feel like willing searching for sites that do it, I don't know what to tell you. If you like looking for sites that you have to 'crash' out of and erase history before you can get back on the net. All I do know is it "is doable" and being done. Feel free to ignore my warning, but people are already talking about it in chat rooms...

Feel free to wait for it, or try to figure it out in a group forum.

I would feel free to talk to you on the phone, and give you my contact info. This is NO hoax, and I am not stupid when it comes to browsers.

I would be glad to talk about it, but basically it is "You go to an attack site, and it starts rolling through and resetting your back tabs to pop ups of it's choice'

dfoulkes

User avatar
 
Posts: 19087
Joined: June 28th, 2008, 10:31 pm
Location: Mesquite, Nevada

Post Posted April 25th, 2011, 10:44 pm

It sounds like you think that this site is Mozilla.... it isn't... we are just users helping users figure stuff out.
http://www.mozillazine.org/about/

You've basically stated that "something" is doing "stuff" to you comp. that you don't like but you have not given a single bit of info where people here could lend a hand.
This is a real problem. I don't care if it comes from all of your typical sleaze sites, porn, gambling, korean sales sites, etc.
I want to know how this is possible. It shakes my confidence in Firefox....

RE: The red above... you had better care because that's where all the crap lives and is waiting to invade your computer. I hope that you have proper security software residing on your comp... even Macs can get invaded.... and it could happen to any and all browsers if the user clicks on stuff in a bad-site.
As you can see she's (The CAT) always alert and on the prowl for Meoware !!

Gingerbread Man

User avatar
 
Posts: 7413
Joined: January 30th, 2007, 10:55 am

Post Posted April 26th, 2011, 9:14 am

msjayhawk wrote:Well, until you feel like willing searching for sites that do it, I don't know what to tell you.

Seriously? "Go look for random malicious sites on the Internet, I'm sure eventually you'll hit one similar to the ones I did", that's your answer? To put it politely, you're being unreasonable. If you won't post a link where the problem occurs, then no one can say if it's a bug in Firefox that should be fixed.

The developers are aware of malicious sites and do work to improve Firefox in that regard. For example, in Firefox 4.0 dialogs triggered by websites are no longer modal windows, allowing users to navigate away from the page or close the tab without being forced to answer a prompt.

msjayhawk

User avatar
 
Posts: 28
Joined: March 25th, 2004, 10:47 am

Post Posted April 26th, 2011, 8:18 pm

Hey, I am a mechanical engineer and fix problems all of the time, when I hear about them. I don't have the time to sit around and fix firefox problems. Sometimes I would love to, with all of the hassles.

I found one tonight. It does not show up as the same website, but in between clicks on it, I got the IP (213.174.154.21

It does not show up on history, which is weird in itself.

inetnum: 213.174.154.0 - 213.174.154.63
netname: ADVANCEDHOSTERS-NET
descr: Advanced Hosters
country: US
admin-c: AH36-RIPE
tech-c: AH36-RIPE
status: ASSIGNED PA
remarks: INFRA-AW
remarks: Send abuse reports to abuse@advancedhosters.com
mnt-by: ADVANCEDHOSTERS-MNT
mnt-lower: ADVANCEDHOSTERS-MNT
mnt-routes: ADVANCEDHOSTERS-MNT
source: RIPE # Filtered

role: ADVANCEDHOSTERS LIMITED
address: 27 OLD GLOUCESTER STREET
address: LONDON, CV1 2FL, United Kingdom
org: ORG-AH11-RIPE
abuse-mailbox: abuse@advancedhosters.com
admin-c: OAVO1-RIPE
tech-c: OAVO1-RIPE
nic-hdl: AH36-RIPE
mnt-by: ADVANCEDHOSTERS-MNT
source: RIPE # Filtered

msjayhawk

User avatar
 
Posts: 28
Joined: March 25th, 2004, 10:47 am

Post Posted April 27th, 2011, 10:30 am

This is not the IP of the website that shows up either. If you go to the website listed in the address, it has a different IP.

msjayhawk

User avatar
 
Posts: 28
Joined: March 25th, 2004, 10:47 am

Post Posted April 27th, 2011, 10:33 am

Here is the IP from a history tracker I was running!
Code: Select all
http://213.174.154.21/v/cl.php?r=1&slid=pJ%252Bppp6Vp5ala69jMDKlpfWll5Wn4aRjY2UwMaal9aWXk%252B6W8GSvY3wy79%252Fa38rQ4dvnYZaibXzb4
O3jn5Kh2NWfmKBvduaa3OLSku7S46ebmHJz59Xt5pPG4dLwlHuFMGO32%252B%252B%252Fl5Toybubn5ZuTqPN0cXfr9%252Bz6pWGaz0%253D


possibly bad news -ln

dfoulkes

User avatar
 
Posts: 19087
Joined: June 28th, 2008, 10:31 pm
Location: Mesquite, Nevada

Post Posted April 27th, 2011, 11:38 am

You might want do install these...the two top ones are the best...
The below is quoted from a Moderator of this board.
Daifne wrote:Install and run these free programs.
Malwarebytes' Anti-Malware
SuperAntispyware
AdAware
Spybot Search & Destroy

If these don't find it or can't clear it, post in one of these forums for specialized malware removal help:
http://www.spywarewarrior.com/index.php
http://forum.aumha.org/
http://www.spywareinfoforum.com/
http://www.bleepingcomputer.com/forums/forum79.html
As you can see she's (The CAT) always alert and on the prowl for Meoware !!

msjayhawk

User avatar
 
Posts: 28
Joined: March 25th, 2004, 10:47 am

Post Posted April 27th, 2011, 12:03 pm

Like I said, it is not running anything aside from FIREFOX. There is no notice of trying to install software, which I see all of the time on other hacks. I have spyware and full antivirus, all up to date.

This is a redirect that stems from the IP ADDRESS listed above. It some how uses fire fox to change tabs behind the one you are in.

I have seen hacked windows machines that send you to their sites only and such. I know what those are, idiots at work on Windows boxes get them all of the time.

I think this is from some company that has found a way to redirect tabs in fire fox and charge clients for their services.

There is no long term effect on fire fox, the only thing is that the tabs that were altered cannot be gone 'back' in. You just have to close them out. Then you can surf for months and never be redirected again.

msjayhawk

User avatar
 
Posts: 28
Joined: March 25th, 2004, 10:47 am

Post Posted April 27th, 2011, 12:09 pm

Here is more info on the IP ADDRESS:

The compilation, repackaging, dissemination or
other use of this Data is expressly
prohibited without the prior written consent
of Moniker.

Domain Name: SLY-HOSTING.COM
Registrar: MONIKER

Registrant [1963550]:
Moniker Privacy Services SLY-HOSTING.COM@domainservice.com
Moniker Privacy Services
20 SW 27th Ave.
Suite 201
Pompano Beach
FL
33069
US


Administrative Contact [1963550]:
Moniker Privacy Services SLY-HOSTING.COM@domainservice.com
Moniker Privacy Services
20 SW 27th Ave.
Suite 201
Pompano Beach
FL
33069
US
Phone: +1.9549848445
Fax: +1.9549699155


Billing Contact [1963550]:
Moniker Privacy Services SLY-HOSTING.COM@domainservice.com
Moniker Privacy Services
20 SW 27th Ave.
Suite 201
Pompano Beach
FL
33069
US
Phone: +1.9549848445
Fax: +1.9549699155


Technical Contact [1963550]:
Moniker Privacy Services SLY-HOSTING.COM@domainservice.com
Moniker Privacy Services
20 SW 27th Ave.
Suite 201
Pompano Beach
FL
33069
US
Phone: +1.9549848445
Fax: +1.9549699155


Domain servers in listed order:

ns5.public-ns.com
ns6.public-ns.com

Record created on: 2009-07-14 01:48:39.0
Database last updated on: 2010-07-05 06:27:57.663
Domain Expires on: 2011-07-14 01:48:40.0



e.g. 209.62.45.34 IPv4/IPv6 format for an IP Address, or maxmind.com for a website

Compare to another IP
IP Address: 213.174.154.21
IP Address Country: United States (US)
IP Address Region: VA Virginia
IP Address City: Ashburn
IP Postal Code
IP Address Area Code 703
IP Metro Code 511
IP Address Latitude: 39.0164985657
IP Address Longitude: -77.5062026978
IP Address ISP: Haldex
Organisation: Haldex

msjayhawk

User avatar
 
Posts: 28
Joined: March 25th, 2004, 10:47 am

Post Posted April 27th, 2011, 12:16 pm

Alternate Info:

Domain: sly-hosting.com
Global ranking: 287896 (Alexa, toplist global)
Ranking within .COM: 163377 (Alexa, toplist .COM)
Tags: sly-hosting
Hosting location: Kiev, Ukraine
Hosting network: Advancedhosters limited (AS39572)
Top websites on the Advancedhosters limited network
Launch date (first date with traffic): 2009-10-26 (Monday)
Sites launched on 2009-10-26
URL: http://www.sly-hosting.com/
IP-address: 213.174.154.21 Ukraine
Information last updated: 2011-04-21

Return to Firefox Bugs


Who is online

Users browsing this forum: No registered users and 1 guest