Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

My ISP is by-passing Firefox's Location bar search
MozillaZine ^ | 27 April 2010 | Gothicawakening

Posted on 04/28/2010 9:26:38 AM PDT by ShadowAce

Hi All,

I just got back from 10 days abroad and noticed my Firefox at home was acting oddly. My preferred way to go to many websites is simply to type their name into the location bar, and then let Google's "I'm feeling lucky" feature take me to the actual site. I realize this might not be the most conventional way to do it (sure, I could have bookmarks etc.), but it's they way I like to do it.. I also use KDE's Alt-F2 launcher to start programs.

Today I noticed that this great feature of Firefox (combined with Google of course) has stopped working, and has instead been replaced with an add-laden search result from another website. For example, typing in just "slashdot" into the location bar used to get me to the Slashdot website, but now I end up with this instead (full size version):

Image

I've confirmed that my keyword.URL setting is still pointed at Google, so this must be happening at the traffic level, I would imagine either by use of a web proxy or something to do with DNS lookup, which makes we wonder if this new 'feature' my ISP (Netvigator by PCCW in Hong Kong) has introduced is also affecting my privacy?

Is there anyway to get Firefox working the way it used to again? For me using that feature was my main way of visiting websites, and it's really annoying that I can't do that any more. In addition, the search provider my ISP is forcing on me does not seem to know about many websites, I would rather be receiving result from Google when the word typed does not have an obvious site match, not from yp.com.hk

As a last though, if other ISPs start doing this too, will it have any affect on the deal Mozilla has with Google, as this effectively replaces that feature in Firefox, so the traffic does not go though Google anymore.

Any help or advise would be much appreciated.


TOPICS: Computers/Internet
KEYWORDS: firefox; search
Another discussion on this is at Slashdot.
1 posted on 04/28/2010 9:26:38 AM PDT by ShadowAce
[ Post Reply | Private Reply | View Replies]

To: rdb3; Calvinist_Dark_Lord; GodGunsandGuts; CyberCowboy777; Salo; Bobsat; JosephW; ...

2 posted on 04/28/2010 9:27:00 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce
I had a similar thing happen to me a few weeks ago, and it turned out to be a virus. It had changed my DNS settings and inserted itself into registry entries which associated file types with executables.

I'd scan your computer with a few different A/V products to check.

It's even possible that your router got hacked. Might be worth trying a connection bypassing your router to test for it.

3 posted on 04/28/2010 9:33:10 AM PDT by TChris ("Hello", the politician lied.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

Probably some type of “re-director” malware. Had a PC at work that had the exact problem and it was a malware/Trojan Horse infection.

That’s where I’d start anyway.


4 posted on 04/28/2010 9:36:43 AM PDT by jcwky (Our response...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: TChris
heh--it wasn't me. I just copied the entry from MozillaZine.

That is a good explanation for it, though.

5 posted on 04/28/2010 9:36:59 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 3 | View Replies]

To: TChris

Uhm - the “I use KDE Ctl-F2” was a clue that a “virus” was likely not his problem. He’s using Linux.

That being the case - look at your resolv.conf to make sure it’s pointing at the DNS you expect it to be pointing at. Perhaps reinstall Firefox - or better yet - use Konqueror to determine if it has similar behavior. This will tell you whether your DNS is being hi-jacked, or it’s a problem with just Firefox.

Hope these help some.


6 posted on 04/28/2010 9:38:47 AM PDT by fremont_steve
[ Post Reply | Private Reply | To 3 | View Replies]

To: ShadowAce

Sounds like Malware to me.


7 posted on 04/28/2010 9:38:53 AM PDT by Malsua
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce
I also use KDE's Alt-F2 launcher to start programs.

You're running Linux?

8 posted on 04/28/2010 9:39:00 AM PDT by martin_fierro (< |:)~)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

works for me — I suspect a virus on you machine. Check it now.


9 posted on 04/28/2010 9:39:36 AM PDT by PapaBear3625 (Public healthcare looks like it will work as well as public housing did.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: fremont_steve; martin_fierro; PapaBear3625
I respectfully request your attention to post #5.

This is not my issue. This was a post on MozillaZine that I posted here.

This does not affect me (yet). I was merely pointing out the potential for ISPs to hijack network traffic to their own purposes.

Malware, or a virus, is a good explanation of this, though.

10 posted on 04/28/2010 9:48:35 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 6 | View Replies]

To: ShadowAce

Textbook browser hijacker.


11 posted on 04/28/2010 9:51:02 AM PDT by Melas
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

The obvious answer is somebody ****** with his box while he was away.


12 posted on 04/28/2010 9:53:11 AM PDT by VeniVidiVici (Everyone needs valid ID except illegal aliens and the President - only in America)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce
Could be a piece of spyware has installed a BHO...Browser Helper Object...that is doing a redirect to this site you posted the pic of. Use "HiJack This" (free) to find anything unusual and eliminate it.

Do you get to this same page no matter what you search for? it looks like a website in and of itself...PCCW.

13 posted on 04/28/2010 9:56:37 AM PDT by Bloody Sam Roberts (The only moral use of violence is in retaliation against those who initiate its use.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

The last time I saw this it was just a Firefox add-on that was installed by the open source software PDFCreator.

All one has to do is remove the add-on.


14 posted on 04/28/2010 9:58:55 AM PDT by Psycho_Bunny (The Quran and Mein Kampf: if you've read one you've read them both.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

Okay - but a virus or malware isn’t a good explanation because of the simple fact that it’s linux.

Linux systems can certainly be “rooted” but this is going to be through a direct attack over the net through some loop-hole like BIND being broken, or some such. Linux just doesn’t get infected by email or website problems.

If the guy is nutty enough to be running root while he is doing web browsing - maybe. But because of the admin setup within Linux... and it’s different model of security AND the fact that it isn’t a dominant environment. The likelyhood of this being the explanation is maybe 0.001%

I run linux - have for better than 15 years. I’ve had a couple of “rooted” systems. These systems were compromised by direct attack. People managed to setup an ftp site one time, and another time managed to modify my web server. They didn’t get in through “malware” but rather holes in the web-server or ftp client themselves.

You could say that the results are the same - what I’m trying to explain is that the method of attack is different than you are offering.


15 posted on 04/28/2010 10:02:10 AM PDT by fremont_steve
[ Post Reply | Private Reply | To 10 | View Replies]

To: Psycho_Bunny

I stand corrected on the malware portion of the explanation. A malevolent Fire-fox add-on could be called “malware.” He had to agree to add this though. They don’t just download automatically.

I don’t believe a “virus” is likely to be the culprit.


16 posted on 04/28/2010 10:09:29 AM PDT by fremont_steve
[ Post Reply | Private Reply | To 14 | View Replies]

To: ShadowAce

Don’t use your ISP’s DNS servers (I use OpenDNS, www.opendns.com).


17 posted on 04/28/2010 10:12:06 AM PDT by shorty_harris
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bloody Sam Roberts

Someone installed a BHO in the White House, too. Wasn’t me.


18 posted on 04/28/2010 10:16:54 AM PDT by klystron
[ Post Reply | Private Reply | To 13 | View Replies]

To: ShadowAce

Ees no prollem, esse.

< |:)~


19 posted on 04/28/2010 10:18:38 AM PDT by martin_fierro (< |:)~)
[ Post Reply | Private Reply | To 10 | View Replies]

To: klystron
Someone installed a BHO in the White House, too.

Would that removal of that infection were as easy.

T'would be a grand day indeed.

20 posted on 04/28/2010 10:28:08 AM PDT by Bloody Sam Roberts (The only moral use of violence is in retaliation against those who initiate its use.)
[ Post Reply | Private Reply | To 18 | View Replies]

To: TChris; jcwky; Malsua; PapaBear3625
I'd scan your computer with a few different A/V products to check.

The user is apparently using Linux. A virus or other malware is possible but extremely unlikely. From reading the /. article mentioned earlier, it would appear this is actually occuring at the ISP level.

 

21 posted on 04/28/2010 12:13:54 PM PDT by zeugma (Waco taught me everything I needed to know about the character of the U.S. Government.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: zeugma
The user is apparently using Linux. A virus or other malware is possible but extremely unlikely. From reading the /. article mentioned earlier, it would appear this is actually occuring at the ISP level.

AFAIK, malware might still mess directly with Firefox even in Linux, no? A hacked home router is still possible too.

If it IS the ISP, really stoooopid move.

22 posted on 04/28/2010 12:21:44 PM PDT by TChris ("Hello", the politician lied.)
[ Post Reply | Private Reply | To 21 | View Replies]

To: ShadowAce

redirector malware phishing using the hong kong yellow pages as the phisher’s false front.

the screencap doesnt’ schow the address bar, which makes the whole story suspect, anyone who posts scare stories worth their salt would have posted the url so people could look in to it properly.

And Cablevision in the NYC metro area does the same thing unless you manually opt out of their redirector search service. Magically the opt out gets erased every few months on their systems, and users have to opt out again, funny how that works.


23 posted on 04/28/2010 12:31:19 PM PDT by JerseyHighlander
[ Post Reply | Private Reply | To 1 | View Replies]

To: JerseyHighlander

I should rtfa before posting.
So yes, this guy has the same situation we have in the NYC metro area with Optimum Online broadband by CableVision,
At least Cablevision provides a opt out page about 6 clicks deep to stop this nonsense.


24 posted on 04/28/2010 12:35:42 PM PDT by JerseyHighlander
[ Post Reply | Private Reply | To 23 | View Replies]

To: JerseyHighlander

Anyone else suffering from this with OptimumONline,
http://www.optimum.net/Article/DNS
is the opt-out page.


25 posted on 04/28/2010 12:40:21 PM PDT by JerseyHighlander
[ Post Reply | Private Reply | To 24 | View Replies]

To: TChris
Either of those is possible. Of the two, a browser attack is more likely, though easily fixable.

It is also the easiest to determine if it is the cause.

Close firefox.

mv ~/.mozilla ~/.mozilla.bad

start firefox.

if the problem goes away, your browser has been hacked and you should investigate further. If not close FF again, then

rm -fr ~/.mozilla

mv ~/.mozilla.bad ~/.mozilla

A hacked router is going to be a bit harder to troubleshoot.

26 posted on 04/28/2010 12:47:28 PM PDT by zeugma (Waco taught me everything I needed to know about the character of the U.S. Government.)
[ Post Reply | Private Reply | To 22 | View Replies]

To: ShadowAce

Try running “Super Anti Spyware” (www.superantispyware.com). I had malware get past my A/V software and it turned off my Windows update. Super Anti Spyware was the only thing that removed this malware.


27 posted on 04/28/2010 3:57:57 PM PDT by The Great RJ ("The trouble with socialism is that eventually you run out of other people's money'" M. Thatcher)
[ Post Reply | Private Reply | To 1 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson