![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Entry tags:
tech question?
bit of a call for halp / minor tech question here (since there's a few of you that are far more of a natural than I am here)
but it seems like there's a "bestaryua" worm/malware that's either (a) on my chrome browser, or (b) on the front page of my site? (strangest thing - it only shows itself when I'm on that browser, on that one site, and click the front page once. then there's a suspicious redirect which I immediately close).
I've done the standard step where you ...
- reset all chrome settings + restarted chrome
- double checked applications folder (haven't added anything in a year; this only started appearing ... a week ago?)
- checked /library/launchagents - nothing's changed in a year
- checked activity monitor - nothing sus there.
.... but it's come back after I clicked once already and I'm more than a little annoyed. What do? how do I flush it out for good regardless of where it is?
(keep in mind i run a 10+ year old mac and yes i know this is exactly the problem with it, i've been able to so far not have any viruses with an impressive collection of ublock origin / privacy badger, but i'm intent on using it until it dies for money reasons. just a tightwad like that.)
___
edit 1: I've already checked all chrome extensions (all were disabled even before checking) but i nuked them for sure.
five minutes later i realized kradeelav.com was one of the few http:// sites i visit on that browser vs https:// - hmm, is it a MTM attack that managed to hook itself in via a cookie? just deleted all the cookies from that site (why are there so many?? wtf.) and now slightly kicking myself that i didn't outright block them all.
but it seems like there's a "bestaryua" worm/malware that's either (a) on my chrome browser, or (b) on the front page of my site? (strangest thing - it only shows itself when I'm on that browser, on that one site, and click the front page once. then there's a suspicious redirect which I immediately close).
I've done the standard step where you ...
- reset all chrome settings + restarted chrome
- double checked applications folder (haven't added anything in a year; this only started appearing ... a week ago?)
- checked /library/launchagents - nothing's changed in a year
- checked activity monitor - nothing sus there.
.... but it's come back after I clicked once already and I'm more than a little annoyed. What do? how do I flush it out for good regardless of where it is?
(keep in mind i run a 10+ year old mac and yes i know this is exactly the problem with it, i've been able to so far not have any viruses with an impressive collection of ublock origin / privacy badger, but i'm intent on using it until it dies for money reasons. just a tightwad like that.)
___
edit 1: I've already checked all chrome extensions (all were disabled even before checking) but i nuked them for sure.
five minutes later i realized kradeelav.com was one of the few http:// sites i visit on that browser vs https:// - hmm, is it a MTM attack that managed to hook itself in via a cookie? just deleted all the cookies from that site (why are there so many?? wtf.) and now slightly kicking myself that i didn't outright block them all.
hmm hmm time to get a security cert for the site and see if i have further issues, fuckin' bluehost should've done that.
____
edit 2: apparently... it does.... have a free SSL cert on it? ?__? but i wonder why it doesn't show up on the old chrome/firefox and does on the work computer. thinking it was the cookies that were it?
no subject
turns out those 'free website hit counter' sites where you copypaste the javascript for your counter are jam packed with viruses/malware/etc, so it was the old hit counter! (which explains why it only popped up on that one site and the one browser lol).
ended up basically following a 10 minute API tutorial here ( https://www.youtube.com/watch?v=R8GS-8nlekY ) which feels pretty dang safe given you're making your own from ... well, not scratch, but much closer to scratch.
TIL hit counters can be mean lmao
no subject