tech question?
Oct. 16th, 2020 04:01 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
kradeelavbit of a call for halp / minor tech question here (since there's a few of you that are far more of a natural than I am here)
but it seems like there's a "bestaryua" worm/malware that's either (a) on my chrome browser, or (b) on the front page of my site? (strangest thing - it only shows itself when I'm on that browser, on that one site, and click the front page once. then there's a suspicious redirect which I immediately close).
I've done the standard step where you ...
- reset all chrome settings + restarted chrome
- double checked applications folder (haven't added anything in a year; this only started appearing ... a week ago?)
- checked /library/launchagents - nothing's changed in a year
- checked activity monitor - nothing sus there.
.... but it's come back after I clicked once already and I'm more than a little annoyed. What do? how do I flush it out for good regardless of where it is?
(keep in mind i run a 10+ year old mac and yes i know this is exactly the problem with it, i've been able to so far not have any viruses with an impressive collection of ublock origin / privacy badger, but i'm intent on using it until it dies for money reasons. just a tightwad like that.)
___
edit 1: I've already checked all chrome extensions (all were disabled even before checking) but i nuked them for sure.
five minutes later i realized kradeelav.com was one of the few http:// sites i visit on that browser vs https:// - hmm, is it a MTM attack that managed to hook itself in via a cookie? just deleted all the cookies from that site (why are there so many?? wtf.) and now slightly kicking myself that i didn't outright block them all.
but it seems like there's a "bestaryua" worm/malware that's either (a) on my chrome browser, or (b) on the front page of my site? (strangest thing - it only shows itself when I'm on that browser, on that one site, and click the front page once. then there's a suspicious redirect which I immediately close).
I've done the standard step where you ...
- reset all chrome settings + restarted chrome
- double checked applications folder (haven't added anything in a year; this only started appearing ... a week ago?)
- checked /library/launchagents - nothing's changed in a year
- checked activity monitor - nothing sus there.
.... but it's come back after I clicked once already and I'm more than a little annoyed. What do? how do I flush it out for good regardless of where it is?
(keep in mind i run a 10+ year old mac and yes i know this is exactly the problem with it, i've been able to so far not have any viruses with an impressive collection of ublock origin / privacy badger, but i'm intent on using it until it dies for money reasons. just a tightwad like that.)
___
edit 1: I've already checked all chrome extensions (all were disabled even before checking) but i nuked them for sure.
five minutes later i realized kradeelav.com was one of the few http:// sites i visit on that browser vs https:// - hmm, is it a MTM attack that managed to hook itself in via a cookie? just deleted all the cookies from that site (why are there so many?? wtf.) and now slightly kicking myself that i didn't outright block them all.
hmm hmm time to get a security cert for the site and see if i have further issues, fuckin' bluehost should've done that.
____
edit 2: apparently... it does.... have a free SSL cert on it? ?__? but i wonder why it doesn't show up on the old chrome/firefox and does on the work computer. thinking it was the cookies that were it?
(no subject)
Date: 2020-10-16 08:48 pm (UTC)(no subject)
Date: 2020-10-16 08:52 pm (UTC)(no subject)
Date: 2020-11-12 04:30 am (UTC)turns out those 'free website hit counter' sites where you copypaste the javascript for your counter are jam packed with viruses/malware/etc, so it was the old hit counter! (which explains why it only popped up on that one site and the one browser lol).
ended up basically following a 10 minute API tutorial here ( https://www.youtube.com/watch?v=R8GS-8nlekY ) which feels pretty dang safe given you're making your own from ... well, not scratch, but much closer to scratch.
TIL hit counters can be mean lmao
(no subject)
Date: 2020-11-12 07:52 am (UTC)