Skip to comments.My ISP is by-passing Firefox's Location bar search
Posted on 04/28/2010 9:26:38 AM PDT by ShadowAce
I just got back from 10 days abroad and noticed my Firefox at home was acting oddly. My preferred way to go to many websites is simply to type their name into the location bar, and then let Google's "I'm feeling lucky" feature take me to the actual site. I realize this might not be the most conventional way to do it (sure, I could have bookmarks etc.), but it's they way I like to do it.. I also use KDE's Alt-F2 launcher to start programs.
Today I noticed that this great feature of Firefox (combined with Google of course) has stopped working, and has instead been replaced with an add-laden search result from another website. For example, typing in just "slashdot" into the location bar used to get me to the Slashdot website, but now I end up with this instead (full size version):
I've confirmed that my keyword.URL setting is still pointed at Google, so this must be happening at the traffic level, I would imagine either by use of a web proxy or something to do with DNS lookup, which makes we wonder if this new 'feature' my ISP (Netvigator by PCCW in Hong Kong) has introduced is also affecting my privacy?
Is there anyway to get Firefox working the way it used to again? For me using that feature was my main way of visiting websites, and it's really annoying that I can't do that any more. In addition, the search provider my ISP is forcing on me does not seem to know about many websites, I would rather be receiving result from Google when the word typed does not have an obvious site match, not from yp.com.hk
As a last though, if other ISPs start doing this too, will it have any affect on the deal Mozilla has with Google, as this effectively replaces that feature in Firefox, so the traffic does not go though Google anymore.
Any help or advise would be much appreciated.
I'd scan your computer with a few different A/V products to check.
It's even possible that your router got hacked. Might be worth trying a connection bypassing your router to test for it.
Probably some type of “re-director” malware. Had a PC at work that had the exact problem and it was a malware/Trojan Horse infection.
That’s where I’d start anyway.
That is a good explanation for it, though.
Uhm - the “I use KDE Ctl-F2” was a clue that a “virus” was likely not his problem. He’s using Linux.
That being the case - look at your resolv.conf to make sure it’s pointing at the DNS you expect it to be pointing at. Perhaps reinstall Firefox - or better yet - use Konqueror to determine if it has similar behavior. This will tell you whether your DNS is being hi-jacked, or it’s a problem with just Firefox.
Hope these help some.
Sounds like Malware to me.
You're running Linux?
works for me — I suspect a virus on you machine. Check it now.
This is not my issue. This was a post on MozillaZine that I posted here.
This does not affect me (yet). I was merely pointing out the potential for ISPs to hijack network traffic to their own purposes.
Malware, or a virus, is a good explanation of this, though.
Textbook browser hijacker.
The obvious answer is somebody ****** with his box while he was away.
Do you get to this same page no matter what you search for? it looks like a website in and of itself...PCCW.
The last time I saw this it was just a Firefox add-on that was installed by the open source software PDFCreator.
All one has to do is remove the add-on.
Okay - but a virus or malware isn’t a good explanation because of the simple fact that it’s linux.
Linux systems can certainly be “rooted” but this is going to be through a direct attack over the net through some loop-hole like BIND being broken, or some such. Linux just doesn’t get infected by email or website problems.
If the guy is nutty enough to be running root while he is doing web browsing - maybe. But because of the admin setup within Linux... and it’s different model of security AND the fact that it isn’t a dominant environment. The likelyhood of this being the explanation is maybe 0.001%
I run linux - have for better than 15 years. I’ve had a couple of “rooted” systems. These systems were compromised by direct attack. People managed to setup an ftp site one time, and another time managed to modify my web server. They didn’t get in through “malware” but rather holes in the web-server or ftp client themselves.
You could say that the results are the same - what I’m trying to explain is that the method of attack is different than you are offering.
I stand corrected on the malware portion of the explanation. A malevolent Fire-fox add-on could be called “malware.” He had to agree to add this though. They don’t just download automatically.
I don’t believe a “virus” is likely to be the culprit.
Don’t use your ISP’s DNS servers (I use OpenDNS, www.opendns.com).
Someone installed a BHO in the White House, too. Wasn’t me.
Ees no prollem, esse.
Would that removal of that infection were as easy.
T'would be a grand day indeed.
The user is apparently using Linux. A virus or other malware is possible but extremely unlikely. From reading the /. article mentioned earlier, it would appear this is actually occuring at the ISP level.
AFAIK, malware might still mess directly with Firefox even in Linux, no? A hacked home router is still possible too.
If it IS the ISP, really stoooopid move.
redirector malware phishing using the hong kong yellow pages as the phisher’s false front.
the screencap doesnt’ schow the address bar, which makes the whole story suspect, anyone who posts scare stories worth their salt would have posted the url so people could look in to it properly.
And Cablevision in the NYC metro area does the same thing unless you manually opt out of their redirector search service. Magically the opt out gets erased every few months on their systems, and users have to opt out again, funny how that works.
I should rtfa before posting.
So yes, this guy has the same situation we have in the NYC metro area with Optimum Online broadband by CableVision,
At least Cablevision provides a opt out page about 6 clicks deep to stop this nonsense.
Anyone else suffering from this with OptimumONline,
is the opt-out page.
It is also the easiest to determine if it is the cause.
mv ~/.mozilla ~/.mozilla.bad
if the problem goes away, your browser has been hacked and you should investigate further. If not close FF again, then
rm -fr ~/.mozilla
mv ~/.mozilla.bad ~/.mozilla
A hacked router is going to be a bit harder to troubleshoot.
Try running “Super Anti Spyware” (www.superantispyware.com). I had malware get past my A/V software and it turned off my Windows update. Super Anti Spyware was the only thing that removed this malware.