Is there a packet sniffer out there that bores him/her self?

[kgun]

Background:

1. I have formatted two disks and reinstalled software. I get some problems with Microsoft Word 2002 and Adobe PDF professional 7. It stops formatting Word documents when nearly finished. Stand still on 72 %. Same happens three times even if I shut down the computer and restart it.
2. I have msn messenger open with some contacts active.
3. I use internet explorer 6.* and the last versions of FF and Opera.
4. There is no problem reading emails at my ISP provider using Internet Explorer 6. But the email account hang when I use Opera that I regard as more secure. So I have to use IE to read emails at my ISP provider.

Related important threads:

Macromedia problem.

What has happened to my Opera browser?

Serious problems:

1. My ftp password for the sites at my American hoster did not function even if I am 99 % sure that I wrote it down correctly on paper.
2. I got a new password for the main domain from my hoster. That functions still.
3. The add on domains have other passwords. On connecting to the first add on domain, the connection was OK.
4. I changed code in DreamWeaver and tried to upload code to the add on domain, but it did not function. I got an ftp connection error on the first, second and third try. Even if I logged into cPanel and changed the password back to the old for the add on domains, I still get the same ftp error.

Questions:

1. Time to delete or block all my external msn messenger contacts for security reasons?
2. I do not use encrypted communication or encrypted ftp transfer since it does not always function in DreamWeaver.

Conclusions:

1. Time to change hoster? I don't think it is their fault, so that is the last resort. I want to solve this problem with them.
2. Remarkable coincidence? Problems with Adobe products and Opera.

You may need to read the posts in the above links to understand the problem deeply enough. Any help, suggestions and proposals is very much appreciated.

Copy:

Myself or other forums if I do not get a help at WPW.

[wige]

It seems like there are two seperate problems, a PC issue, and a communications issue.

As far as the Adobe and Word issues, which are guaranteed to be local (since Word doesn't use the Internet to do formatting). The first thing I would check is the RAM installed in your PC. It can go bad/overheat/etc and when the computer tries to run a process on that spot of memory, the entire operation could hang or fail. Beyond that, it is possible that there is a hard drive problem, or even a motherboard issue - for instance there might be a deteriorated connection on the motherboard that sporadically interferes with communication between components. This is probably the least likely scenario.

As far as the FTP issues, I take it from your comments you are doing the operations in Dreamweaver. I would suggest downloading a different FTP application and trying to perform the operations from there. Dreamweaver sometimes shows the wrong error message, either because it misinterprets the error message from the server, or the server uses the response code. Many communication problems can show up as incorrect password in older versions of Dreamweaver. If you can find a free or evaluation version of WS_FTP or CoffeeCup FTP, try them, running the connection with the same settings as Dreamweaver, with the log window open.

As far as Background #4, a lot of webmail systems now use very complex Ajax functions that have been highly mangled to get them to work with the widest variety of IE and Firefox variants, and in many cases these functions don't get tested properly in the somewhat less frequently used Opera. I know Firefox, and I believe Opera, has an addin that allows you to open specific sites with the IE rendering engine. This might be the best workaround at present if the problem is a compatibility issue. Unfortunately I am not to familiar with the available debuggers for Opera as I spend most of my hacking time in Firefox.

[kgun]

Quote:

Originally Posted by wige

As far as the FTP issues, I take it from your comments you are doing the operations in Dreamweaver. I would suggest downloading a different FTP application and trying to perform the operations from there. Dreamweaver sometimes shows the wrong error message, either because it misinterprets the error message from the server, or the server uses the response code. Many communication problems can show up as incorrect password in older versions of Dreamweaver. If you can find a free or evaluation version of WS_FTP or CoffeeCup FTP, try them, running the connection with the same settings as Dreamweaver, with the log window open.

Difficult to accept that since, there is no problem connecting to the Main Domain.

[wige]

Without knowing how your account is set up, its hard to say what the exact problem could be. It could be a default Dreamweaver setting that is overridden in the main domain settings but not changed for the secondary domains (especially if the Test button works but an actual upload fails). It could be a permissions problem on the host. It could even be a problem with the way Dreamweaver is handling the paths, for some reason trying to get into the wrong folder. It is just likely to be easier to troubleshoot when you can view the actual commands in the control connection.

[kgun]

Serious problem solved. User error as usual.

[kgun]

May be I was too early to conclude that everything is correct. The password has also been changed on all add on domains.

That is not a coincidence.

Now I use Opera to log in and change passwords, so the chance of cross browser scripting is less. Since my Cdrive is formatted, there is also less chance that there is key logger trojan. Interesting to see what happens.

There is also a related problem. For a long time I have been an Amazon affiliate. Even if I have their contextual banner Ad on many sites, 0 commision has been earned over the whole periode.

When I log into my Amazon account and order books, the order is registered. Books should be sent in January, but so long no books have been sent.

I have contacted Amazon once, but they do not answer.

Can a computer have been placed between mine and the web server, to hijack affiliate links?

I have had that suspicion for a long time.

Thank you wige for taking the time to comment so long. Any other comments or proposals to a solution?

[wige]

It is possible but very unlikely that there is a man-in-the-middle attack at work to break your passwords. Current NSA and CIA estimates place the time to break a 256-bit encrypted communication at approximately 150,000 years with neural-networked server banks (but, the algorithms to actually break the encryption do exist). Opera and Firefox both use 256, IE is still at 128. As long as the certificate shows as valid, you can be fairly certain there is no man in the middle attack.

Your FTP passwords, however, you have admitted are subject to compromise since they are transmitted in plain text. I would suggest implementing a secure FTP connection as soon as possible. Dreamweaver supports several variants, and this will help your security if you are being targeted.

On your local end, it is possible another computer on your network has been compromised, or an area of your computer has been compromised and this area was not cleaned during the reformat. I have seen boot sector viruses (rootkits) that were quite nasty - as soon as you delete the rootkit portion, it is reinstalled by the OS portion, and vice-versa. The only way to clean these types of infections is to replace the hard drive, reinstall the OS, connect the infected HD to another operating system as a secondard drive, and run a security-level wipe (six pass degauss, where each pass resets every bit on the drive, first to 1, then to 0, and so forth.) Doing it this way ensures the hard drive has no way to talk to the cleaning operating system.

Just for more information, are your sites on shared or dedicated servers? Also, how does the computer connect to the Internet? Is it a direct connection, or do you use a hardware firewall or router? And how many computers are on the same network as the computer in question? Finally, do you have access to a laptop (or desktop if desperate) that can be heavily secured to run some tests on the network?

[kgun]

Quote:

Originally Posted by wige

It is possible but very unlikely that there is a man-in-the-middle attack at work to break your passwords. Current NSA and CIA estimates place the time to break a 256-bit encrypted communication at approximately 150,000 years with neural-networked server banks (but, the algorithms to actually break the encryption do exist). Opera and Firefox both use 256, IE is still at 128. As long as the certificate shows as valid, you can be fairly certain there is no man in the middle attack.

The communication has (and is still) not (been) encrypted so a packet sniffer should still be able to grab the information between the client and the server. The passwords have been changed. Can they routinely have been changed by the web sever without reminding me or I not noting it?

And there are two other possibilities:

1. A key logger trojan sending the passwords that were installed on my computer before I reformatted the harddrives.
2. In addition a cross browser script / ActiveX control installed on my computer grabbing the password through a smart redirect.

As a side note, my son regard toolbars as spam / Ad. I agree, they can even be worse. This time I have not actively installed any toolbar. But the ms toolbar for I.E. 6.0 installed itself by default during the reinstallation. Can not remember that I was asked about that. I was asked during the Sp II upgrade whether I wanted to install I.E. 7.0. I choose not to.

Quote:

Originally Posted by wige

Your FTP passwords, however, you have admitted are subject to compromise since they are transmitted in plain text. I would suggest implementing a secure FTP connection as soon as possible. Dreamweaver supports several variants, and this will help your security if you are being targeted.

I know that, but the encrypted (secure) ftp do not always function. Shall try it again.

Quote:

Originally Posted by wige

On your local end, it is possible another computer on your network has been compromised, or an area of your computer has been compromised and this area was not cleaned during the reformat. I have seen boot sector viruses (rootkits) that were quite nasty - as soon as you delete the rootkit portion, it is reinstalled by the OS portion, and vice-versa. The only way to clean these types of infections is to replace the hard drive, reinstall the OS, connect the infected HD to another operating system as a secondard drive, and run a security-level wipe (six pass degauss, where each pass resets every bit on the drive, first to 1, then to 0, and so forth.) Doing it this way ensures the hard drive has no way to talk to the cleaning operating system.

I have seen the same on stand alone computers like mine. I don't think this is the problem.

Quote:

Originally Posted by wige

Just for more information, are your sites on shared or dedicated servers? Also, how does the computer connect to the Internet? Is it a direct connection, or do you use a hardware firewall or router? And how many computers are on the same network as the computer in question? Finally, do you have access to a laptop (or desktop if desperate) that can be heavily secured to run some tests on the network?

My sites are on a shared server. I connect to the internet via a router with inbuilt firewall. In addition I use the firewall in Xp home edition with default options. There is only one computer on the network. I don't have access to a laptop.

I have three hosters:

• A relatively expensive Norwegian hoster, my registrar where I have never had any problem like this. Nearly instant upgrade to the last version of PHP.
• A cheaper Danish hoster with no such problem either. There have been PHP XML processor problems. Code that needed recompilation. They are far more up to date on PHP than other hosters.
• A foreign hoster, where I have experienced a lot of problems. Iframes installed on my forum. And passwords changed more than once. Design changed etc. Very slow to upgrade PHP. Last I saw they were still using PHP 4.*. I have most of my sites there. ForumNorway.com is the main domain. The other (example last link in my signature) are add on domains. There must be a reason why they are cheap, but I do not intend to give them up and they are fast to answer and fix problems from their part. In theory I can have infinite add on domains.

You did not comment on the problems with Amazon.

[activeco]

Quote:

Originally Posted by kgun

[*]There is no problem reading emails at my ISP provider using Internet Explorer 6. But the email account hang when I use Opera that I regard as more secure. So I have to use IE to read emails at my ISP provider.

You refer to webmail? It could be something trivial such as disabled scripting in Opera.
Can you access mail by using e-mail client?

Quote:

[*]My ftp password for the sites at my American hoster did not function even if I am 99 % sure that I wrote it down correctly on paper.

It looks more like the server side problem, which is difficult to confirm if they screw something up as you don't have controll of the OS.
Today, for anything serious, one needs at least VPS, eventually with full support if you don't have enough time to track the problems down by yourself. In any case you need a full control of the server too.

Quote:

[*]I have formatted two disks and reinstalled software.

A Norwegian relaying on Microsoft? A personal problem with Thorvalds?
My approach in using MS Windows is to install it in virtual space (Vmware, Xen...) on top of tiny Linux, just for portability.
A free server version could be found here: VMware Server, Virtual Server Consolidation, Free Virtualization - VMware

From there you can install and test anything and even invite viruses to play with it (in that case disconnect from the local network).
The "revert" button takes care of all serious problems.

[kgun]

Thank you very much. Finally a member took time to comment on this last post. You will get at least two positive reppoints for giving a positive answer. You must wait a time for the second, since I do not overuse them. To your post:

Quote:

Originally Posted by activeco

You refer to webmail? It could be something trivial such as disabled scripting in Opera.
Can you access mail by using e-mail client?

That was a much more serious problem and is fixed now.
<side note>
I use FF, IE and Opera daily. I know IE best, then FF and finally Opera. I am using Opera more and more. I note important differences. It seems that Opera trust very few sites. I more and more share their view. Don't trust anybody on the internet. By anybody, they of course mean any page (site). I can add until it is proved otherwise. The problem is that Opera is still correct. As you may have understood, I collect links. I link to articles and sites. Suddenly the target page or site you trusted and linked to changes to a spam page with other content than the original content. No problem when the content is related and better.
</side note>

Quote:

Originally Posted by activeco

It looks more like the server side problem, which is difficult to confirm if they screw something up as you don't have controll of the OS.
Today, for anything serious, one needs at least VPS, eventually with full support if you don't have enough time to track the problems down by yourself. In any case you need a full control of the server too.

You mean a Virtual Private (dedicated) server? That may be an option in the future.

Quote:

Originally Posted by activeco

A Norwegian relaying on Microsoft? A personal problem with Thorvalds?
My approach in using MS Windows is to install it in virtual space (Vmware, Xen...) on top of tiny Linux, just for portability.
A free server version could be found here: VMware Server, Virtual Server Consolidation, Free Virtualization - VMware

My bolding.

Here, A simple security hint if you use Windows Xp is my view on that. I have no problems with people from Finland. One of my best friends that visited me last week is from Finland. Linux may be an option if / when I buy a new computer (e.g. a Dell laptop). But my preferences for a new computer is a Mac Pro. I bought my Pc in 2002. I refomatted it recently and reinstalled Xp and software and now, it is as good as new. This computer has been exellent, and Widows Xp is definitely the best Os I have bought (follwed with the computer) from Microsoft. Good enough for me. The browser is not. You know which. Conclusion: Windows Vista (or later around 2012), Linux (on a laptop) or Mac Os on a new computer. It is too early. On a stationary, 3 (4) screens have a high priority, since I think that will double my productivity compared to one (I have 2 today).

Thank you for that link. I will study the VMware Server solution.

Quote:

Originally Posted by activeco

From there you can install and test anything and even invite viruses to play with it (in that case disconnect from the local network).
The "revert" button takes care of all serious problems.

Time is a limiting factor. May be I should use less time on forums. There is a reason that I use relatively much time on forums. KW's: Links, learn, tired, relations etc. I still read very much. So much is happening around XML (XSLT and XPath etc. renders good enough in modern broser, but XLink and XPointer support is still lacking), DOM, OO PHP (look forward to version 6) and I have nearly 50 sites. So there is no need to run.

If you look at the second and third link in my signature, you will note that I have used MacroMedia templates. These templates have been changed (made much more general and flexible, additional changes implemented on sites like Global resources for webmarketing, branding and digital ad at AdSchoolworld.com ) and more changes are to come. No need to reinvent the wheel. Better to concentrate on modifying that wheel.

But I still miss an answer to what has happened to my Amazon account. Has anybody experienced similar problems?

1. Not earned a single affiliate cent since I signed up as an affiliate.
2. I have orderes books, a comfirmation letter is sent, but my credit card is not debited and the books not sent. (I changed the strong password some weeks ago - Interesting to see if there is a change). A sniffer out there that do not like that I stand up to date or my own unprofessionalism?
3. They don't answer emails.

That is one reason why this thread got that heading.

Again thank you for answering.

[activeco]

Quote:

Time is a limiting factor.

Oh yes I know, don't remind me.
But I learned to abandon a journey even if I traveled 10,000 km, if I realize I was traveling in the wrong direction.

<Just a side note, sorry for the detour >

[kgun]

Quote:

Originally Posted by activeco

Oh yes I know, don't remind me.
But I learned to abandon a journey even if I traveled 10,000 km, if I realize I was traveling in the wrong direction.

What is a wrong direction when the earth is spherical?

Assume that you stand outside your house and want to reach a mountain top 10 km's away. Because of the spherical shape of the earth, that top can be reaced in infinite directions, even by travelling around the spehre. The direct air distance is the shortest, but can be the most boring

Quote:

Originally Posted by kgun

But I still miss an answer to what has happened to my Amazon account. Has anybody experienced similar problems?

So nobody on this spherical planet (space ship) can or will answer the most fundamental question / problem of this thread? Anybody that has had the same experience and found the solution? Andbody from https://rn.ftc.gov/pls/dod/widtpubl$..._ORG_CODE=PU03 that has received similar or related complaints?

The sufer / member that solves that problem will get (after some shuffeling that is not overused) at least 3 RepPoints and an important link to hers / his site.

Related WPW thread:
Getting Hacked Without Being Hacked

[activeco]

Quote:

Originally Posted by kgun

So nobody on this spherical planet (space ship) can or will answer the most fundamental question / problem of this thread?

Do you mean Amazon?

Quote:

For a long time I have been an Amazon affiliate. Even if I have their contextual banner Ad on many sites, 0 commision has been earned over the whole periode.

When I log into my Amazon account and order books, the order is registered. Books should be sent in January, but so long no books have been sent.

I have contacted Amazon once, but they do not answer.

Have you contacted them by phone? I can't see any connection with this problem and alleged hijacking.

Regarding 0 commission; have you checked your stats and seen how many clicks the ads had?
What is average conversion ratio for such ads or do you have enough clicks to draw statistical conclusions?
Are you sure you have 100% correctly formated links? Many merchants will screw you up if your links deviate a bit.

A lot of users' pc's are virus infected and that is where affiliate ID's are being mostly rewritten/stolen and no packet sniffing can help you there.
There is a system I invented <proud> to completely track all orders, even secure ones, from my sites all the way to the merchant (in order to uncover rogue merchants, in the first place), but it requires a lot of setting up.
Even if you catch an unfair merchant you can't do a lot about it.

Hopefully your order will be cleared soon so you'll be able to narrow your tracking down.

[kgun]

1. Have you read the whole story?
2. I do not get books that are ordered either.
3. May be OpenID is the solution for the future. Read: Autenthication using OpenID.

[activeco]

Quote:

Originally Posted by kgun

[*]Have you read the whole story?

I have to admit it is pretty difficult to follow you completely.
But as already mentioned it seems you had more (at least four or more separate) issues.

1. Local PC problem [looks solved]
2. FTP logging to your sub-domains (add-on) [most probable server problem - looks solved]
3a. No Amazon commissions
3b. Not receiving a product ordered through your own affiliate link

What do I miss?

Quote:

[*]I do not get books that are ordered either.

My question was: As a customer, have you contacted them by phone regarding non-delivery (as the first step)?

Quote:

[*]May be OpenID is the solution for the future. Read: