[Solved] Do I have a botnet...?

Archived topics about LMDE 1
Locked
User avatar
Ness
Level 1
Level 1
Posts: 15
Joined: Sat Dec 31, 2011 5:05 pm

[Solved] Do I have a botnet...?

Post by Ness »

I'm trying to access a website I regularly visit and I get this message....

Code: Select all

One more step to access (website name)

What happened?
Your computer or another computer on your network is compromised with a virus. This allows online criminals to use it as part of a botnet to send spam and attack websites.

Why am I seeing this page?
This website is participating in a project to stop attacks and educate visitors with infected computers about how they can clean up their machines.

What should I do?
Make sure your anti-virus software is up to date and run a full scan.
When will this restriction go away?

This restriction will disappear when no more harmful behavior is detected. Completing the challenge above proves you are a human and gives you temporary access. You can ask the website owner to permanently whitelist you.
This really scares me.... I'm very new to Linux and I'm honestly scared if there is a botnet on my PC... Can you help? :(

I don't know how to check for this... or if there is software... I'm using LMDE xfce..

Thank you.

Edit: [Solved]
RESOLUTION
--------------------------------
I read on the CloudFlare Knowledge Base that if a region or an entire country is blocked it will give you the option to use a Captcha to prove you're human (which is what I received), but if you block an individual IP or small range it will just tell you you're blocked. With that being said I have nothing to worry about anymore.
Last edited by Ness on Fri Jan 27, 2012 2:32 pm, edited 2 times in total.

User avatar
Aging Technogeek
Level 13
Level 13
Posts: 4581
Joined: Sun Jan 11, 2009 9:54 am
Location: Right about here

Re: Do I have a botnet...?

Post by Aging Technogeek »

Ness,

This is most likely a scam to get you to buy an overpriced, under performing, anti-malware program.

If you respond to the suggestion to ask the website owner to whitelist you, you will probably be told that to be whitelisted you must purchase and install a specific protection program that the site owner just happens to sell.

Of course, they expect all those that get this message to be using Windows. The program they are selling, besides being at best worthless and at worst a malware generator itself, is not likely to be usable in Linux.

The inherent compartmentalization of Linux and the need to enter a password to change anything or run certain types of programs makes a Linux computer an unlikely target for botnets. (Unless you have been on line while running as root. In this case you are as vulnerable as if you were using Windows without an internet security application)

If you are truly worried, there are several anti-virus and anti-malware apps for Linux. ClamAV is available in Software Manager.(Also available is ClamTK - the Gui interface for ClamAV so you do not need to run it from the terminal. If this is not to your liking, just Google "linux anti-virus". I just did and this was the first item listed http://www.makeuseof.com/tag/free-linux ... -programs/
Registered Linux User 483387

dagon
Level 7
Level 7
Posts: 1673
Joined: Mon Dec 06, 2010 4:33 am
Location: Kungälv, Sweden
Contact:

Re: Do I have a botnet...?

Post by dagon »

Whenever something looks odd like that you simply do a search on a part of the text. Also, if a part of the url contains for instace "cloudflare", then that is a troublezone for sure.
search for (with the quotes): "Your computer or another computer on your network is compromised with a virus. This allows online criminals to use it as part of a botnet to send spam and attack websites."
And see what turns up. (quoted searches works much better in google than in duckduckgo).

User avatar
Ness
Level 1
Level 1
Posts: 15
Joined: Sat Dec 31, 2011 5:05 pm

Re: Do I have a botnet...?

Post by Ness »

Thank you Aging Technogeek and thank you dagon!

The website url does not say CloudFlare but at the bottom of the page it says.. "Performance & Security by CloudFlare"

So... am I good to disregard the page then? :D

I actually did more researching on the site and found out it was compromised about 7 days ago.

Edit: I'm just waiting for my friend to come online to help me install an antivirus so I can check to be sure.

User avatar
Ness
Level 1
Level 1
Posts: 15
Joined: Sat Dec 31, 2011 5:05 pm

Re: Do I have a botnet...?

Post by Ness »

dagon wrote:Also, if a part of the url contains for instace "cloudflare", then that is a troublezone for sure.
Err... I hope I didn't read that backwards.. Do you mean that cloudflare is a troublezone or if I see the message is from cloudflare I should worry?

secipolla
Level 4
Level 4
Posts: 355
Joined: Sun Sep 05, 2010 5:19 pm

Re: Do I have a botnet...?

Post by secipolla »

If you're using Mint, no you don't have a virus. And be glad you were not using Windows 'cos you would have caught a full infection probably by falling into that scam.

Arran
Level 4
Level 4
Posts: 213
Joined: Sat Jul 30, 2011 4:24 am

Re: Do I have a botnet...?

Post by Arran »

Hi Ness
If you browse with Firefox or Icewasel just install the NoScipt and the Ghostery add-ons and you are sure to be on the sure side. Do generally not accept Javascripts unless you know the site as to be a trusted one, then you can make the acceptance permanent. Very effective are also all the add-ons in respect of Adblock and Flashblock.

And do not click just on any link in Emails, again only on links for really trusted senders. For critical pages I wuse the broser «links» out of the repository. This is a pure textoriented browser and so you find out best if the page is genuine.

Same for Thunderbird/Icedove. Switch off the reception of any html, but install the add-on «Allow HTML Temp». Then you can click in the toolbar to watch an email with the HTML elements. And you then can well decide, if it is worthwhile to click on any link. I do this scenario now since five or more years and have found any malware up to now (quite a few under XP as well as one under Linux).

So, no need at all for a virus-checker under Linux.
Best greetings from Scotlands nicest Holiday Isle
Arran

OS: Mint xfce, Graphic: Nvidia 4800-GS, Monitor: HP ZR30w (2550x1600 px), «Broadband» Ø 50kib/sec!!!

Habitual
Level 13
Level 13
Posts: 4870
Joined: Sun Nov 21, 2010 8:31 pm
Location: 0.0.0.0

Re: Do I have a botnet...?

Post by Habitual »

Check the site you visit in this case at http://www.UnmaskParasites.com/security-report/?page=domain.com
Especially the section titled "External References" after it runs the scan.

And check the domain at http://www.google.com/safebrowsing/diagnostic?site=domain.com
Change domain.com to the offending site and see what Google Safe-Browsing says.

User avatar
Ness
Level 1
Level 1
Posts: 15
Joined: Sat Dec 31, 2011 5:05 pm

Re: Do I have a botnet...?

Post by Ness »

Arran wrote:Hi Ness
If you browse with Firefox or Icewasel just install the NoScipt and the Ghostery add-ons and you are sure to be on the sure side.
Ahh thanks for that. I actually have been a long time user of NoScript. But I just installed Ghostery and that's a pretty cool plugin, many thanks.
Habitual wrote:Check the site you visit in this case at http://www.UnmaskParasites.com/security-report/?page=domain.com
Especially the section titled "External References" after it runs the scan.

And check the domain at http://www.google.com/safebrowsing/diagnostic?site=domain.com
Change domain.com to the offending site and see what Google Safe-Browsing says.
That's some good info. Thanks a lot.

-------------------------------

I ran ClamAV and it found nothing, which is good. So I did more research and found that the website apparently blocked either part or my entire country using CloudFlare.

I read on the CloudFlare Knowledge Base that if a region or an entire country is blocked it will give you the option to use a Captcha to prove you're human (which is what I received), but if you block an individual IP or small range it will just tell you you're blocked. With that being said I have nothing to worry about anymore.

I'd like to thank you all for sharing this information with me I've definately learned a lot. :)

Locked

Return to “LMDE 1 Archive”