Sonsivri
 
*
Welcome, Guest. Please login or register.
Did you miss your activation email?
November 28, 2024, 07:53:31 19:53


Login with username, password and session length


Pages: [1]
Print
Author Topic: WARNING IF YOU USE PAYPAL - THIS IS NOT A JOKE  (Read 8047 times)
0 Members and 2 Guests are viewing this topic.
LabVIEWguru
Senior Member
****
Offline Offline

Posts: 300

Thank You
-Given: 273
-Receive: 593



« on: February 10, 2011, 11:07:52 23:07 »

I was digging around in my computer and found in the hosts file located in:

c:\windows\ System32 \ drivers \ etc \

178.32.95.1  paypal.com

This is a redirect, any time papal is accessed it is redirected to this IP address located in France!

I checked using this ip address using ipwhois and typed in into google. It would be wise to check your hosts file!

178.32.95.1 IP address location & more:
IP address [?]:            178.32.95.1 [Whois] [Reverse IP]
IP country code:            FR
IP address country:    ip address flag France
IP address state:    n/a
IP address city:            n/a
IP address latitude:    46.0000
IP address longitude:    2.0000
ISP of this IP [?]:    Ovh Systems
Organization:            VPS services

My friends, I keep my computer locked down pretty tight - I even use "drive drawers" to keep the internet drive separate from my work - but I never thought to check my hosts file!  I'm going to cruise this IP address and see what is up. Check your computers!
Logged
pickit2
Moderator
Hero Member
*****
Online Online

Posts: 4667

Thank You
-Given: 834
-Receive: 4322


There is no evidence that I muted SoNsIvRi


« Reply #1 on: February 11, 2011, 12:13:42 00:13 »

what you don't have hosts locked down, you need to be on top of it.
copy of my host file
Code:
127.0.0.1 tonec.com
127.0.0.1 www.tonec.com
127.0.0.1 registeridm.com
127.0.0.1 www.registeridm.com
127.0.0.1 secure.registeridm.com
127.0.0.1 internetdownloadmanager.com
127.0.0.1 www.internetdownloadmanager.com
127.0.0.1 secure.internetdownloadmanager.com
127.0.0.1 mirror.internetdownloadmanager.com
127.0.0.1 mirror2.internetdownloadmanager.com
127.0.0.1 mirror3.internetdownloadmanager.com
127.0.0.1 533soft.com
127.0.0.1 nero.com
127.0.0.1 http://www.nero.com
127.0.0.1 activate.nero.com
127.0.0.1 http://www.activate.nero.com
127.0.0.1 http://www.533soft.com/
127.0.0.1 gpsoftware.com.au
127.0.0.1 www.gpsoftware.com.au
127.0.0.1 3dns-2.adobe.com #192.150.22.22
127.0.0.1 3dns-3.adobe.com #192.150.14.21
127.0.0.1 3dns-4.adobe.com #192.150.18.247
127.0.0.1 3dns-5.adobe.com #192.150.22.46
127.0.0.1 adobe-dns.adobe.com #192.150.11.30
127.0.0.1 adobe-dns-2.adobe.com #192.150.11.247
127.0.0.1 adobe-dns-3.adobe.com #192.150.22.30
127.0.0.1 adobe.activate.com #69.175.22.26
127.0.0.1 activate.adobe.com #192.150.22.40
127.0.0.1 activate.wip3.adobe.com #192.150.22.40
127.0.0.1 activate.wip4.adobe.com #192.150.22.40
127.0.0.1 activate-sea.adobe.com #192.150.22.40
127.0.0.1 activate-sjc0.adobe.com #192.150.14.69
127.0.0.1 ereg.adobe.com #192.150.18.103
127.0.0.1 ereg.wip3.adobe.com #192.150.18.63
127.0.0.1 ereg.wip4.adobe.com #192.150.18.103
127.0.0.1 practivate.adobe.com #192.150.18.54
127.0.0.1 www.wip3.adobe.com #192.150.8.60
127.0.0.1 www.wip4.adobe.com #192.150.18.200
127.0.0.1 www.adobeereg.com #75.125.24.83
127.0.0.1 adobeereg.com #207.66.2.10
127.0.0.1 hl2rcv.adobe.com #192.150.14.174
127.0.0.1 wwis-dubc1-vip30.adobe.com #192.150.8.30
127.0.0.1 wwis-dubc1-vip31.adobe.com #192.150.8.31
127.0.0.1 wwis-dubc1-vip32.adobe.com #192.150.8.32
127.0.0.1 wwis-dubc1-vip33.adobe.com #192.150.8.33
127.0.0.1 wwis-dubc1-vip34.adobe.com #192.150.8.34
127.0.0.1 wwis-dubc1-vip35.adobe.com #192.150.8.35
127.0.0.1 wwis-dubc1-vip36.adobe.com #192.150.8.36
127.0.0.1 wwis-dubc1-vip37.adobe.com #192.150.8.37
127.0.0.1 wwis-dubc1-vip38.adobe.com #192.150.8.38
127.0.0.1 wwis-dubc1-vip39.adobe.com #192.150.8.39
127.0.0.1 wwis-dubc1-vip40.adobe.com #192.150.8.40
127.0.0.1 wwis-dubc1-vip41.adobe.com #192.150.8.41
127.0.0.1 wwis-dubc1-vip42.adobe.com #192.150.8.42
127.0.0.1 wwis-dubc1-vip43.adobe.com #192.150.8.43
127.0.0.1 wwis-dubc1-vip44.adobe.com #192.150.8.44
127.0.0.1 wwis-dubc1-vip45.adobe.com #192.150.8.45
127.0.0.1 wwis-dubc1-vip46.adobe.com #192.150.8.46
127.0.0.1 wwis-dubc1-vip47.adobe.com #192.150.8.47
127.0.0.1 wwis-dubc1-vip48.adobe.com #192.150.8.48
127.0.0.1 wwis-dubc1-vip49.adobe.com #192.150.8.49
127.0.0.1 wwis-dubc1-vip50.adobe.com #192.150.8.50
127.0.0.1 wwis-dubc1-vip51.adobe.com #192.150.8.51
127.0.0.1 wwis-dubc1-vip52.adobe.com #192.150.8.52
127.0.0.1 wwis-dubc1-vip53.adobe.com #192.150.8.53
127.0.0.1 wwis-dubc1-vip54.adobe.com #192.150.8.54
127.0.0.1 wwis-dubc1-vip55.adobe.com #192.150.8.55
127.0.0.1 wwis-dubc1-vip56.adobe.com #192.150.8.56
127.0.0.1 wwis-dubc1-vip57.adobe.com #192.150.8.57
127.0.0.1 wwis-dubc1-vip58.adobe.com #192.150.8.58
127.0.0.1 wwis-dubc1-vip59.adobe.com #192.150.8.59
127.0.0.1 wwis-dubc1-vip60.adobe.com #192.160.8.60
127.0.0.1 wwis-dubc1-vip61.adobe.com #192.160.8.61
127.0.0.1 wwis-dubc1-vip62.adobe.com #192.160.8.62
127.0.0.1 wwis-dubc1-vip63.adobe.com #192.160.8.63
127.0.0.1 wwis-dubc1-vip64.adobe.com #192.160.8.64
127.0.0.1 wwis-dubc1-vip65.adobe.com #192.160.8.65
127.0.0.1 wwis-dubc1-vip66.adobe.com #192.160.8.66
127.0.0.1 wwis-dubc1-vip67.adobe.com #192.160.8.67
127.0.0.1 wwis-dubc1-vip68.adobe.com #192.160.8.68
127.0.0.1 wwis-dubc1-vip69.adobe.com #192.160.8.69
127.0.0.1 wwis-dubc1-vip70.adobe.com #192.170.8.70
127.0.0.1 wwis-dubc1-vip71.adobe.com #192.170.8.71
127.0.0.1 wwis-dubc1-vip72.adobe.com #192.170.8.72
127.0.0.1 wwis-dubc1-vip73.adobe.com #192.170.8.73
127.0.0.1 wwis-dubc1-vip74.adobe.com #192.170.8.74
127.0.0.1 wwis-dubc1-vip75.adobe.com #192.170.8.75
127.0.0.1 wwis-dubc1-vip76.adobe.com #192.170.8.76
127.0.0.1 wwis-dubc1-vip77.adobe.com #192.170.8.77
127.0.0.1 wwis-dubc1-vip78.adobe.com #192.170.8.78
127.0.0.1 wwis-dubc1-vip79.adobe.com #192.170.8.79
127.0.0.1 wwis-dubc1-vip80.adobe.com #192.180.8.80
127.0.0.1 wwis-dubc1-vip81.adobe.com #192.180.8.81
127.0.0.1 wwis-dubc1-vip82.adobe.com #192.180.8.82
127.0.0.1 wwis-dubc1-vip83.adobe.com #192.180.8.83
127.0.0.1 wwis-dubc1-vip84.adobe.com #192.180.8.84
127.0.0.1 wwis-dubc1-vip85.adobe.com #192.180.8.85
127.0.0.1 wwis-dubc1-vip86.adobe.com #192.180.8.86
127.0.0.1 wwis-dubc1-vip87.adobe.com #192.180.8.87
127.0.0.1 wwis-dubc1-vip88.adobe.com #192.180.8.88
127.0.0.1 wwis-dubc1-vip89.adobe.com #192.180.8.89
127.0.0.1 wwis-dubc1-vip90.adobe.com #192.190.8.90
127.0.0.1 wwis-dubc1-vip91.adobe.com #192.190.8.91
127.0.0.1 wwis-dubc1-vip92.adobe.com #192.190.8.92
127.0.0.1 wwis-dubc1-vip93.adobe.com #192.190.8.93
127.0.0.1 wwis-dubc1-vip94.adobe.com #192.190.8.94
127.0.0.1 wwis-dubc1-vip95.adobe.com #192.190.8.95
127.0.0.1 wwis-dubc1-vip96.adobe.com #192.190.8.96
127.0.0.1 wwis-dubc1-vip97.adobe.com #192.190.8.97
127.0.0.1 wwis-dubc1-vip98.adobe.com #192.190.8.98
127.0.0.1 wwis-dubc1-vip99.adobe.com #192.190.8.99
127.0.0.1 wwis-dubc1-vip100.adobe.com #192.1100.8.100
127.0.0.1 wwis-dubc1-vip101.adobe.com #192.1100.8.101
127.0.0.1 wwis-dubc1-vip102.adobe.com #192.1100.8.102
127.0.0.1 wwis-dubc1-vip103.adobe.com #192.1100.8.103
127.0.0.1 wwis-dubc1-vip104.adobe.com #192.1100.8.104
127.0.0.1 wwis-dubc1-vip105.adobe.com #192.1100.8.105
127.0.0.1 wwis-dubc1-vip106.adobe.com #192.1100.8.106
127.0.0.1 wwis-dubc1-vip107.adobe.com #192.1100.8.107
127.0.0.1 wwis-dubc1-vip108.adobe.com #192.1100.8.108
127.0.0.1 wwis-dubc1-vip109.adobe.com #192.1100.8.109
127.0.0.1 wwis-dubc1-vip110.adobe.com #192.1110.8.110
127.0.0.1 wwis-dubc1-vip111.adobe.com #192.1110.8.111
127.0.0.1 wwis-dubc1-vip112.adobe.com #192.1110.8.112
127.0.0.1 wwis-dubc1-vip113.adobe.com #192.1110.8.113
127.0.0.1 wwis-dubc1-vip114.adobe.com #192.1110.8.114
127.0.0.1 wwis-dubc1-vip115.adobe.com #192.1110.8.115
127.0.0.1 wwis-dubc1-vip116.adobe.com #192.1110.8.116
127.0.0.1 wwis-dubc1-vip117.adobe.com #192.1110.8.117
127.0.0.1 wwis-dubc1-vip118.adobe.com #192.1110.8.118
127.0.0.1 wwis-dubc1-vip119.adobe.com #192.1110.8.119
127.0.0.1 wwis-dubc1-vip120.adobe.com #192.1120.8.120
127.0.0.1 wwis-dubc1-vip121.adobe.com #192.1120.8.121
127.0.0.1 wwis-dubc1-vip122.adobe.com #192.1120.8.122
127.0.0.1 wwis-dubc1-vip123.adobe.com #192.1120.8.123
127.0.0.1 wwis-dubc1-vip124.adobe.com #192.1120.8.124
127.0.0.1 wwis-dubc1-vip125.adobe.com #192.1120.8.125
127.0.0.1 3dns-2.adobe.com #192.150.22.22
127.0.0.1 3dns-3.adobe.com #192.150.14.21
127.0.0.1 3dns-4.adobe.com #192.150.18.247
127.0.0.1 3dns-5.adobe.com #192.150.22.46
127.0.0.1 adobe-dns.adobe.com #192.150.11.30
127.0.0.1 adobe-dns-2.adobe.com #192.150.11.247
127.0.0.1 adobe-dns-3.adobe.com #192.150.22.30
127.0.0.1 adobe.activate.com #69.175.22.26
127.0.0.1 activate.adobe.com #192.150.22.40
127.0.0.1 activate.wip3.adobe.com #192.150.22.40
127.0.0.1 activate.wip4.adobe.com #192.150.22.40
127.0.0.1 activate-sea.adobe.com #192.150.22.40
127.0.0.1 activate-sjc0.adobe.com #192.150.14.69
127.0.0.1 ereg.adobe.com #192.150.18.103
127.0.0.1 ereg.wip3.adobe.com #192.150.18.63
127.0.0.1 ereg.wip4.adobe.com #192.150.18.103
127.0.0.1 practivate.adobe.com #192.150.18.54
127.0.0.1 www.wip3.adobe.com #192.150.8.60
127.0.0.1 www.wip4.adobe.com #192.150.18.200
127.0.0.1 www.adobeereg.com #75.125.24.83
127.0.0.1 adobeereg.com #207.66.2.10
127.0.0.1 hl2rcv.adobe.com #192.150.14.174
127.0.0.1 wwis-dubc1-vip30.adobe.com #192.150.8.30
127.0.0.1 wwis-dubc1-vip31.adobe.com #192.150.8.31
127.0.0.1 wwis-dubc1-vip32.adobe.com #192.150.8.32
127.0.0.1 wwis-dubc1-vip33.adobe.com #192.150.8.33
127.0.0.1 wwis-dubc1-vip34.adobe.com #192.150.8.34
127.0.0.1 wwis-dubc1-vip35.adobe.com #192.150.8.35
127.0.0.1 wwis-dubc1-vip36.adobe.com #192.150.8.36
127.0.0.1 wwis-dubc1-vip37.adobe.com #192.150.8.37
127.0.0.1 wwis-dubc1-vip38.adobe.com #192.150.8.38
127.0.0.1 wwis-dubc1-vip39.adobe.com #192.150.8.39
127.0.0.1 wwis-dubc1-vip40.adobe.com #192.150.8.40
127.0.0.1 wwis-dubc1-vip41.adobe.com #192.150.8.41
127.0.0.1 wwis-dubc1-vip42.adobe.com #192.150.8.42
127.0.0.1 wwis-dubc1-vip43.adobe.com #192.150.8.43
127.0.0.1 wwis-dubc1-vip44.adobe.com #192.150.8.44
127.0.0.1 wwis-dubc1-vip45.adobe.com #192.150.8.45
127.0.0.1 wwis-dubc1-vip46.adobe.com #192.150.8.46
127.0.0.1 wwis-dubc1-vip47.adobe.com #192.150.8.47
127.0.0.1 wwis-dubc1-vip48.adobe.com #192.150.8.48
127.0.0.1 wwis-dubc1-vip49.adobe.com #192.150.8.49
127.0.0.1 wwis-dubc1-vip50.adobe.com #192.150.8.50
127.0.0.1 wwis-dubc1-vip51.adobe.com #192.150.8.51
127.0.0.1 wwis-dubc1-vip52.adobe.com #192.150.8.52
127.0.0.1 wwis-dubc1-vip53.adobe.com #192.150.8.53
127.0.0.1 wwis-dubc1-vip54.adobe.com #192.150.8.54
127.0.0.1 wwis-dubc1-vip55.adobe.com #192.150.8.55
127.0.0.1 wwis-dubc1-vip56.adobe.com #192.150.8.56
127.0.0.1 wwis-dubc1-vip57.adobe.com #192.150.8.57
127.0.0.1 wwis-dubc1-vip58.adobe.com #192.150.8.58
127.0.0.1 wwis-dubc1-vip59.adobe.com #192.150.8.59
127.0.0.1 wwis-dubc1-vip60.adobe.com #192.160.8.60
127.0.0.1 wwis-dubc1-vip61.adobe.com #192.160.8.61
127.0.0.1 wwis-dubc1-vip62.adobe.com #192.160.8.62
127.0.0.1 wwis-dubc1-vip63.adobe.com #192.160.8.63
127.0.0.1 wwis-dubc1-vip64.adobe.com #192.160.8.64
127.0.0.1 wwis-dubc1-vip65.adobe.com #192.160.8.65
127.0.0.1 wwis-dubc1-vip66.adobe.com #192.160.8.66
127.0.0.1 wwis-dubc1-vip67.adobe.com #192.160.8.67
127.0.0.1 wwis-dubc1-vip68.adobe.com #192.160.8.68
127.0.0.1 wwis-dubc1-vip69.adobe.com #192.160.8.69
127.0.0.1 wwis-dubc1-vip70.adobe.com #192.170.8.70
127.0.0.1 wwis-dubc1-vip71.adobe.com #192.170.8.71
127.0.0.1 wwis-dubc1-vip72.adobe.com #192.170.8.72
127.0.0.1 wwis-dubc1-vip73.adobe.com #192.170.8.73
127.0.0.1 wwis-dubc1-vip74.adobe.com #192.170.8.74
127.0.0.1 wwis-dubc1-vip75.adobe.com #192.170.8.75
127.0.0.1 wwis-dubc1-vip76.adobe.com #192.170.8.76
127.0.0.1 wwis-dubc1-vip77.adobe.com #192.170.8.77
127.0.0.1 wwis-dubc1-vip78.adobe.com #192.170.8.78
127.0.0.1 wwis-dubc1-vip79.adobe.com #192.170.8.79
127.0.0.1 wwis-dubc1-vip80.adobe.com #192.180.8.80
127.0.0.1 wwis-dubc1-vip81.adobe.com #192.180.8.81
127.0.0.1 wwis-dubc1-vip82.adobe.com #192.180.8.82
127.0.0.1 wwis-dubc1-vip83.adobe.com #192.180.8.83
127.0.0.1 wwis-dubc1-vip84.adobe.com #192.180.8.84
127.0.0.1 wwis-dubc1-vip85.adobe.com #192.180.8.85
127.0.0.1 wwis-dubc1-vip86.adobe.com #192.180.8.86
127.0.0.1 wwis-dubc1-vip87.adobe.com #192.180.8.87
127.0.0.1 wwis-dubc1-vip88.adobe.com #192.180.8.88
127.0.0.1 wwis-dubc1-vip89.adobe.com #192.180.8.89
127.0.0.1 wwis-dubc1-vip90.adobe.com #192.190.8.90
127.0.0.1 wwis-dubc1-vip91.adobe.com #192.190.8.91
127.0.0.1 wwis-dubc1-vip92.adobe.com #192.190.8.92
127.0.0.1 wwis-dubc1-vip93.adobe.com #192.190.8.93
127.0.0.1 wwis-dubc1-vip94.adobe.com #192.190.8.94
127.0.0.1 wwis-dubc1-vip95.adobe.com #192.190.8.95
127.0.0.1 wwis-dubc1-vip96.adobe.com #192.190.8.96
127.0.0.1 wwis-dubc1-vip97.adobe.com #192.190.8.97
127.0.0.1 wwis-dubc1-vip98.adobe.com #192.190.8.98
127.0.0.1 wwis-dubc1-vip99.adobe.com #192.190.8.99
127.0.0.1 wwis-dubc1-vip100.adobe.com #192.1100.8.100
127.0.0.1 wwis-dubc1-vip101.adobe.com #192.1100.8.101
127.0.0.1 wwis-dubc1-vip102.adobe.com #192.1100.8.102
127.0.0.1 wwis-dubc1-vip103.adobe.com #192.1100.8.103
127.0.0.1 wwis-dubc1-vip104.adobe.com #192.1100.8.104
127.0.0.1 wwis-dubc1-vip105.adobe.com #192.1100.8.105
127.0.0.1 wwis-dubc1-vip106.adobe.com #192.1100.8.106
127.0.0.1 wwis-dubc1-vip107.adobe.com #192.1100.8.107
127.0.0.1 wwis-dubc1-vip108.adobe.com #192.1100.8.108
127.0.0.1 wwis-dubc1-vip109.adobe.com #192.1100.8.109
127.0.0.1 wwis-dubc1-vip110.adobe.com #192.1110.8.110
127.0.0.1 wwis-dubc1-vip111.adobe.com #192.1110.8.111
127.0.0.1 wwis-dubc1-vip112.adobe.com #192.1110.8.112
127.0.0.1 wwis-dubc1-vip113.adobe.com #192.1110.8.113
127.0.0.1 wwis-dubc1-vip114.adobe.com #192.1110.8.114
127.0.0.1 wwis-dubc1-vip115.adobe.com #192.1110.8.115
127.0.0.1 wwis-dubc1-vip116.adobe.com #192.1110.8.116
127.0.0.1 wwis-dubc1-vip117.adobe.com #192.1110.8.117
127.0.0.1 wwis-dubc1-vip118.adobe.com #192.1110.8.118
127.0.0.1 wwis-dubc1-vip119.adobe.com #192.1110.8.119
127.0.0.1 wwis-dubc1-vip120.adobe.com #192.1120.8.120
127.0.0.1 wwis-dubc1-vip121.adobe.com #192.1120.8.121
127.0.0.1 wwis-dubc1-vip122.adobe.com #192.1120.8.122
127.0.0.1 wwis-dubc1-vip123.adobe.com #192.1120.8.123
127.0.0.1 wwis-dubc1-vip124.adobe.com #192.1120.8.124
127.0.0.1 wwis-dubc1-vip125.adobe.com #192.1120.8.125
Logged

Note: I stoped Muteing bad members OK I now put thier account in sleep mode
LabVIEWguru
Senior Member
****
Offline Offline

Posts: 300

Thank You
-Given: 273
-Receive: 593



« Reply #2 on: February 11, 2011, 02:28:53 02:28 »

Got it - thanks.
That's what I was originally doing - I didn't want anything calling home. I usually have *nothing* on my internet drive. I decided to upgrade a piece of software that uses one of the addresses you show, and that's when I found it. I went to the address and there is a page that is apparently been shut down for a while. Now I'm wondering what I downloaded that contains a script to modify the hosts file.

man, I must be developing Alzheimer's disease. I can't believe I fell for something like this...
« Last Edit: February 11, 2011, 03:18:13 03:18 by LabVIEWguru » Logged
itp
Junior Member
**
Offline Offline

Posts: 66

Thank You
-Given: 224
-Receive: 20


« Reply #3 on: February 11, 2011, 04:55:17 04:55 »

Hi LabViewguru

You can also refer following link about "Blocking Unwanted Parasites with a Hosts File".
http://www.mvps.org/winhelp2002/hosts.htm

Regards
Itp
Logged
solutions
Hero Member
*****
Offline Offline

Posts: 1826

Thank You
-Given: 656
-Receive: 905



« Reply #4 on: February 11, 2011, 09:01:13 09:01 »

Due to this alert, I found that my friends at Microshaft, the guys that make so much money, and whose CEO is the richest nerd in the world because they do not include a Win7 disk with my computer, decided to plant some redirect "genuine" garbage in my LMHOSTS just because I restored the same OS due to a disk changeout with a "convenient" replacement.  I was getting all kinds of ID questions on Paypal the other day...can't help but wonder now if they were trying to track me down.
Logged
LabVIEWguru
Senior Member
****
Offline Offline

Posts: 300

Thank You
-Given: 273
-Receive: 593



« Reply #5 on: February 11, 2011, 04:05:46 16:05 »

What ?!? Now THAT is scary - is this the same guy that wants everyone to be issued a card with your own "Internet ID" that *must* be used every time you log on?

I've met some *really* smart guys that thought Bill was the antichrist. I thought this was an extreme view until recently.  I've got to learn Linux.

I thought I had things pretty tight - hardware firewall, separate drive only for internet use, wiping LSOs and so on. Now that I've been educated about redirects using the hosts file, I wonder what else I've been missing? I always considered myself sufficiently paranoid, but I'm not so sure now......
Logged
I_R_Machinist
Guest
« Reply #6 on: March 08, 2011, 02:28:08 02:28 »

Can someone please explain the purpose of the hosts file to me? I think I get the gist of how it works, but not entirely.

The hosts file will redirect data going to the listed domain to the IP placed in the list, right? Is this why most Adobe patches have you modify the hosts file to redirect activation requests back to your own machine instead of the Adobe servers? I could see why having paypal redirected to some random IP would be dangerous, super phishing...

Now, what if I wanted to block a certain program's access to an activation server when I don't know the domain the program is trying to access. Can I use a packet sniffer to "see" what the program is trying to connect to and place just the IP in my hosts file? Or does the hosts file only work with domain names?

Thank you for the warning, I will check all of the computers I frequently use!


Logged
Istanbul18
Inactive

Offline Offline

Posts: 2

Thank You
-Given: 0
-Receive: 0


« Reply #7 on: May 27, 2011, 06:08:29 06:08 »

I am getting paranoid from this. So what if paypal is calling home?  What is the actual risk? Will it cause the kind of chaos that viruses cause. Is private info being sent? What kind of information will it transmit. I don't mean to belittle your concern, I just want to know what to worry about and if so what should I do about it?
Logged
pickit2
Moderator
Hero Member
*****
Online Online

Posts: 4667

Thank You
-Given: 834
-Receive: 4322


There is no evidence that I muted SoNsIvRi


« Reply #8 on: May 27, 2011, 02:10:10 14:10 »

I am getting paranoid from this. So what if paypal is calling home?  What is the actual risk? Will it cause the kind of chaos that viruses cause. Is private info being sent? What kind of information will it transmit. I don't mean to belittle your concern, I just want to know what to worry about and if so what should I do about it?
your not seeing the problem, you put in your browser www.paypal.com and your host fine that has been messed with sends you to www.ineedyourpaypaydetails.com you get there and see fake site that looks like paypal and you enter your login details. time only to watch your money exit your bank via windows.
All unless they are from Africa and want to find out you banking details, to put in your account the 4.5million that belongs to some dead guy, that dont have any family.
Logged

Note: I stoped Muteing bad members OK I now put thier account in sleep mode
PM3295
Senior Member
****
Offline Offline

Posts: 312

Thank You
-Given: 358
-Receive: 155


« Reply #9 on: May 27, 2011, 08:34:44 20:34 »

Handy host file editor
http://www.abelhadigital.com/hostsman
Logged
LabVIEWguru
Senior Member
****
Offline Offline

Posts: 300

Thank You
-Given: 273
-Receive: 593



« Reply #10 on: May 27, 2011, 09:47:30 21:47 »

Istanbul18: Here is what I originally had...


178.32.95.1  paypal.com
127.0.0.1 www.activate.adobe.com
127.0.0.1 www.porn.com
127.0.0.1 www.smut.com
127.0.0.1 www.whatever.com

(many, many more listed)

So, you are telling your computer when I type "www.porn.com" in my address bar and hit enter, instead of going to the DNS server and looking up the IP address for "www.porn.com," I will give you the IP address. In this case it is the "internal" IP address for the computer. You'll get a blank screen.

So I make up a fake paypal page that looks exactly like the real paypal page. I put it at IP 178.32.95.1. I put logon and password boxes on my page just like the real one. Only with mine, after you enter your logon and password it stores the data you just gave me, gives you a message that there was a mistake then redirects you to the real page. You just think you misspelled your password. The fake site is now about to clean you out of all your money since you gave paypal your logon and passord.

So Labviewguru is dumb and happy and when he goes to paypal.com his hosts file sends him to 178.32.95.1 rather than the real paypal.com I enter my logon and password. They now take all my money.

I was just too stupid and didn't check often enough. Maybe I will make the file read-only?

« Last Edit: May 27, 2011, 09:51:37 21:51 by LabVIEWguru » Logged
TomJackson69
Active Member
***
Offline Offline

Posts: 218

Thank You
-Given: 26
-Receive: 63


« Reply #11 on: May 28, 2011, 05:03:58 05:03 »

@LabVIEWguru,

So, what is the solution? what can the Paypal user do? Don't put money into the account until before use it???

Tom
Logged

Con Rong Chau Tien
LabVIEWguru
Senior Member
****
Offline Offline

Posts: 300

Thank You
-Given: 273
-Receive: 593



« Reply #12 on: May 28, 2011, 05:50:16 17:50 »

1) I put a shortcut on my desktop so I can look at the hosts file. before I use anything like paypal or log into my bank, I look at the hosts file to see if anything is there.
2) I am going to experiment with the hosts file. Unless I need to change it, software should not change it. So I will make it read-only.
3) I went to the Credit Union (like a bank, but not for profit and owned by the members) and opened a 2nd account with a debit card. I just keep a small amount of money ($25.00) in there and if I want to buy something I transfer the money.
4) I have "drive slides" (holders for my hard drives so I can remove them) and only allow 1 drive to access the internet. I have 2 other hard drives for my work and for my research and I do not allow them to talk to the internet. If something happens to my internet drive I will just format it.
5) ESET NOD32 on the Internet drive. Hardware firewall.
6) Called a friend in Ohio that teaches Networking & Security at a college. He said that is about all I can do without installing more software to slow my system down by doing file size compare, dates and such.


Posted on: May 28, 2011, 06:32:40 18:32 - Automerged

I wasn't going to write this, but it is a good story with a good moral: Five years ago I lived in another town and it had it's own small telephone company with DSL. They said I had to install their software if I was on their system. I said "OK" and threw it away as soon as I left their office. When I got everything running, I noticed the "Computers Near Me" icon had a large number next to it. I opened it and I was looking at about 75 other systems! I could just log into their hard drives from my desktop! (to make a long story short) A LOT of people began calling the telephone company complaining and they had to hire consultants to come in and fix the system.

Moral of the story: No matter what you do, you still have to deal with very, very stupid people.
Logged
TomJackson69
Active Member
***
Offline Offline

Posts: 218

Thank You
-Given: 26
-Receive: 63


« Reply #13 on: May 29, 2011, 12:53:59 00:53 »

LabVIEWguru,

I am OK with your solution; keep bank account dry until I need to buy something (the account registered with Paypal).

I have a question: What happen if you delete “178.32.95.1  paypal.com” from your “hosts file”?

Thank you,

Tom
Logged

Con Rong Chau Tien
LabVIEWguru
Senior Member
****
Offline Offline

Posts: 300

Thank You
-Given: 273
-Receive: 593



« Reply #14 on: May 29, 2011, 03:58:11 03:58 »

Ah! I should have said that. Once it is deleted, your system will go out to the DNS server and find the correct IP address for paypal.

When I opened the 2nd account the young lady said "You must be shopping on Ebay" so I guess this is a common solution.
Logged
TomJackson69
Active Member
***
Offline Offline

Posts: 218

Thank You
-Given: 26
-Receive: 63


« Reply #15 on: May 30, 2011, 05:45:30 17:45 »

LabVIEWguru,

Very good, at least there is a solution for it. I keep my eyes on the bank account and the Paypal account also to see if there are illigle activities. Just for my peace of mind.

Tom
Logged

Con Rong Chau Tien
Pages: [1]
Print
Jump to:  


DISCLAIMER
WE DONT HOST ANY ILLEGAL FILES ON THE SERVER
USE CONTACT US TO REPORT ILLEGAL FILES
ADMINISTRATORS CANNOT BE HELD RESPONSIBLE FOR USERS POSTS AND LINKS

... Copyright © 2003-2999 Sonsivri.to ...
Powered by SMF 1.1.18 | SMF © 2006-2009, Simple Machines LLC | HarzeM Dilber MC