Is there a packet sniffer out there that bores him/her self?

[kgun]

Background:

1. I have formatted two disks and reinstalled software. I get some problems with Microsoft Word 2002 and Adobe PDF professional 7. It stops formatting Word documents when nearly finished. Stand still on 72 %. Same happens three times even if I shut down the computer and restart it.
2. I have msn messenger open with some contacts active.
3. I use internet explorer 6.* and the last versions of FF and Opera.
4. There is no problem reading emails at my ISP provider using Internet Explorer 6. But the email account hang when I use Opera that I regard as more secure. So I have to use IE to read emails at my ISP provider.

Related important threads:

http://www.webproworld.com/internet-...tml#post345836

http://www.webproworld.com/internet-...tml#post346122

Serious problems:

1. My ftp password for the sites at my American hoster did not function even if I am 99 % sure that I wrote it down correctly on paper.
2. I got a new password for the main domain from my hoster. That functions still.
3. The add on domains have other passwords. On connecting to the first add on domain, the connection was OK.
4. I changed code in DreamWeaver and tried to upload code to the add on domain, but it did not function. I got an ftp connection error on the first, second and third try. Even if I logged into cPanel and changed the password back to the old for the add on domains, I still get the same ftp error.

Questions:

1. Time to delete or block all my external msn messenger contacts for security reasons?
2. I do not use encrypted communication or encrypted ftp transfer since it does not always function in DreamWeaver.

Conclusions:

1. Time to change hoster? I don't think it is their fault, so that is the last resort. I want to solve this problem with them.
2. Remarkable coincidence? Problems with Adobe products and Opera.

You may need to read the posts in the above links to understand the problem deeply enough. Any help, suggestions and proposals is very much appreciated.

Copy:

Myself or other forums if I do not get a help at WPW.

[wige]

It seems like there are two seperate problems, a PC issue, and a communications issue.

As far as the Adobe and Word issues, which are guaranteed to be local (since Word doesn't use the Internet to do formatting). The first thing I would check is the RAM installed in your PC. It can go bad/overheat/etc and when the computer tries to run a process on that spot of memory, the entire operation could hang or fail. Beyond that, it is possible that there is a hard drive problem, or even a motherboard issue - for instance there might be a deteriorated connection on the motherboard that sporadically interferes with communication between components. This is probably the least likely scenario.

As far as the FTP issues, I take it from your comments you are doing the operations in Dreamweaver. I would suggest downloading a different FTP application and trying to perform the operations from there. Dreamweaver sometimes shows the wrong error message, either because it misinterprets the error message from the server, or the server uses the response code. Many communication problems can show up as incorrect password in older versions of Dreamweaver. If you can find a free or evaluation version of WS_FTP or CoffeeCup FTP, try them, running the connection with the same settings as Dreamweaver, with the log window open.

As far as Background #4, a lot of webmail systems now use very complex Ajax functions that have been highly mangled to get them to work with the widest variety of IE and Firefox variants, and in many cases these functions don't get tested properly in the somewhat less frequently used Opera. I know Firefox, and I believe Opera, has an addin that allows you to open specific sites with the IE rendering engine. This might be the best workaround at present if the problem is a compatibility issue. Unfortunately I am not to familiar with the available debuggers for Opera as I spend most of my hacking time in Firefox.

[kgun]

As far as the FTP issues, I take it from your comments you are doing the operations in Dreamweaver. I would suggest downloading a different FTP application and trying to perform the operations from there. Dreamweaver sometimes shows the wrong error message, either because it misinterprets the error message from the server, or the server uses the response code. Many communication problems can show up as incorrect password in older versions of Dreamweaver. If you can find a free or evaluation version of WS_FTP or CoffeeCup FTP, try them, running the connection with the same settings as Dreamweaver, with the log window open.

Difficult to accept that since, there is no problem connecting to the Main Domain.

[wige]

Without knowing how your account is set up, its hard to say what the exact problem could be. It could be a default Dreamweaver setting that is overridden in the main domain settings but not changed for the secondary domains (especially if the Test button works but an actual upload fails). It could be a permissions problem on the host. It could even be a problem with the way Dreamweaver is handling the paths, for some reason trying to get into the wrong folder. It is just likely to be easier to troubleshoot when you can view the actual commands in the control connection.

[kgun]

Serious problem solved. User error as usual.

[kgun]

May be I was too early to conclude that everything is correct. The password has also been changed on all add on domains.

That is not a coincidence.

Now I use Opera to log in and change passwords, so the chance of cross browser scripting is less. Since my Cdrive is formatted, there is also less chance that there is key logger trojan. Interesting to see what happens.

There is also a related problem. For a long time I have been an Amazon affiliate. Even if I have their contextual banner Ad on many sites, 0 commision has been earned over the whole periode.

When I log into my Amazon account and order books, the order is registered. Books should be sent in January, but so long no books have been sent.

I have contacted Amazon once, but they do not answer.

Can a computer have been placed between mine and the web server, to hijack affiliate links?

I have had that suspicion for a long time.

Thank you wige for taking the time to comment so long. Any other comments or proposals to a solution?

[wige]

It is possible but very unlikely that there is a man-in-the-middle attack at work to break your passwords. Current NSA and CIA estimates place the time to break a 256-bit encrypted communication at approximately 150,000 years with neural-networked server banks (but, the algorithms to actually break the encryption do exist). Opera and Firefox both use 256, IE is still at 128. As long as the certificate shows as valid, you can be fairly certain there is no man in the middle attack.

Your FTP passwords, however, you have admitted are subject to compromise since they are transmitted in plain text. I would suggest implementing a secure FTP connection as soon as possible. Dreamweaver supports several variants, and this will help your security if you are being targeted.

On your local end, it is possible another computer on your network has been compromised, or an area of your computer has been compromised and this area was not cleaned during the reformat. I have seen boot sector viruses (rootkits) that were quite nasty - as soon as you delete the rootkit portion, it is reinstalled by the OS portion, and vice-versa. The only way to clean these types of infections is to replace the hard drive, reinstall the OS, connect the infected HD to another operating system as a secondard drive, and run a security-level wipe (six pass degauss, where each pass resets every bit on the drive, first to 1, then to 0, and so forth.) Doing it this way ensures the hard drive has no way to talk to the cleaning operating system.

Just for more information, are your sites on shared or dedicated servers? Also, how does the computer connect to the Internet? Is it a direct connection, or do you use a hardware firewall or router? And how many computers are on the same network as the computer in question? Finally, do you have access to a laptop (or desktop if desperate) that can be heavily secured to run some tests on the network?

[kgun]

It is possible but very unlikely that there is a man-in-the-middle attack at work to break your passwords. Current NSA and CIA estimates place the time to break a 256-bit encrypted communication at approximately 150,000 years with neural-networked server banks (but, the algorithms to actually break the encryption do exist). Opera and Firefox both use 256, IE is still at 128. As long as the certificate shows as valid, you can be fairly certain there is no man in the middle attack.

The communication has (and is still) not (been) encrypted so a packet sniffer should still be able to grab the information between the client and the server. The passwords have been changed. Can they routinely have been changed by the web sever without reminding me or I not noting it?

And there are two other possibilities:

1. A key logger trojan sending the passwords that were installed on my computer before I reformatted the harddrives.
2. In addition a cross browser script / ActiveX control installed on my computer grabbing the password through a smart redirect.

As a side note, my son regard toolbars as spam / Ad. I agree, they can even be worse. This time I have not actively installed any toolbar. But the ms toolbar for I.E. 6.0 installed itself by default during the reinstallation. Can not remember that I was asked about that. I was asked during the Sp II upgrade whether I wanted to install I.E. 7.0. I choose not to.

Your FTP passwords, however, you have admitted are subject to compromise since they are transmitted in plain text. I would suggest implementing a secure FTP connection as soon as possible. Dreamweaver supports several variants, and this will help your security if you are being targeted.

I know that, but the encrypted (secure) ftp do not always function. Shall try it again.

On your local end, it is possible another computer on your network has been compromised, or an area of your computer has been compromised and this area was not cleaned during the reformat. I have seen boot sector viruses (rootkits) that were quite nasty - as soon as you delete the rootkit portion, it is reinstalled by the OS portion, and vice-versa. The only way to clean these types of infections is to replace the hard drive, reinstall the OS, connect the infected HD to another operating system as a secondard drive, and run a security-level wipe (six pass degauss, where each pass resets every bit on the drive, first to 1, then to 0, and so forth.) Doing it this way ensures the hard drive has no way to talk to the cleaning operating system.

I have seen the same on stand alone computers like mine. I don't think this is the problem.

Just for more information, are your sites on shared or dedicated servers? Also, how does the computer connect to the Internet? Is it a direct connection, or do you use a hardware firewall or router? And how many computers are on the same network as the computer in question? Finally, do you have access to a laptop (or desktop if desperate) that can be heavily secured to run some tests on the network?

My sites are on a shared server. I connect to the internet via a router with inbuilt firewall. In addition I use the firewall in Xp home edition with default options. There is only one computer on the network. I don't have access to a laptop.

I have three hosters:

• A relatively expensive Norwegian hoster, my registrar where I have never had any problem like this. Nearly instant upgrade to the last version of PHP.
• A cheaper Danish hoster with no such problem either. There have been PHP XML processor problems. Code that needed recompilation. They are far more up to date on PHP than other hosters.
• A foreign hoster, where I have experienced a lot of problems. Iframes installed on my forum. And passwords changed more than once. Design changed etc. Very slow to upgrade PHP. Last I saw they were still using PHP 4.*. I have most of my sites there. ForumNorway.com is the main domain. The other (example last link in my signature) are add on domains. There must be a reason why they are cheap, but I do not intend to give them up and they are fast to answer and fix problems from their part. In theory I can have infinite add on domains.

You did not comment on the problems with Amazon.

[activeco]

[*]There is no problem reading emails at my ISP provider using Internet Explorer 6. But the email account hang when I use Opera that I regard as more secure. So I have to use IE to read emails at my ISP provider.

You refer to webmail? It could be something trivial such as disabled scripting in Opera.
Can you access mail by using e-mail client?

[*]My ftp password for the sites at my American hoster did not function even if I am 99 % sure that I wrote it down correctly on paper.

It looks more like the server side problem, which is difficult to confirm if they screw something up as you don't have controll of the OS.
Today, for anything serious, one needs at least VPS, eventually with full support if you don't have enough time to track the problems down by yourself. In any case you need a full control of the server too.

[*]I have formatted two disks and reinstalled software.

A Norwegian relaying on Microsoft? A personal problem with Thorvalds?
My approach in using MS Windows is to install it in virtual space (Vmware, Xen...) on top of tiny Linux, just for portability.
A free server version could be found here: VMware Server, Virtual Server Consolidation, Free Virtualization - VMware

From there you can install and test anything and even invite viruses to play with it (in that case disconnect from the local network).
The "revert" button takes care of all serious problems.

[kgun]

Thank you very much. Finally a member took time to comment on this last post. You will get at least two positive reppoints for giving a positive answer. You must wait a time for the second, since I do not overuse them. To your post:

You refer to webmail? It could be something trivial such as disabled scripting in Opera.
Can you access mail by using e-mail client?

That was a much more serious problem and is fixed now.
<side note>
I use FF, IE and Opera daily. I know IE best, then FF and finally Opera. I am using Opera more and more. I note important differences. It seems that Opera trust very few sites. I more and more share their view. Don't trust anybody on the internet. By anybody, they of course mean any page (site). I can add until it is proved otherwise. The problem is that Opera is still correct. As you may have understood, I collect links. I link to articles and sites. Suddenly the target page or site you trusted and linked to changes to a spam page with other content than the original content. No problem when the content is related and better.
</side note>

It looks more like the server side problem, which is difficult to confirm if they screw something up as you don't have controll of the OS.
Today, for anything serious, one needs at least VPS, eventually with full support if you don't have enough time to track the problems down by yourself. In any case you need a full control of the server too.

You mean a Virtual Private (dedicated) server? That may be an option in the future.

A Norwegian relaying on Microsoft? A personal problem with Thorvalds?
My approach in using MS Windows is to install it in virtual space (Vmware, Xen...) on top of tiny Linux, just for portability.
A free server version could be found here: VMware Server, Virtual Server Consolidation, Free Virtualization - VMware

My bolding.

Here, A simple security hint if you use Windows Xp is my view on that. I have no problems with people from Finland. One of my best friends that visited me last week is from Finland. Linux may be an option if / when I buy a new computer (e.g. a Dell laptop). But my preferences for a new computer is a Mac Pro. I bought my Pc in 2002. I refomatted it recently and reinstalled Xp and software and now, it is as good as new. This computer has been exellent, and Widows Xp is definitely the best Os I have bought (follwed with the computer) from Microsoft. Good enough for me. The browser is not. You know which. Conclusion: Windows Vista (or later around 2012), Linux (on a laptop) or Mac Os on a new computer. It is too early. On a stationary, 3 (4) screens have a high priority, since I think that will double my productivity compared to one (I have 2 today).

Thank you for that link. I will study the VMware Server solution.

From there you can install and test anything and even invite viruses to play with it (in that case disconnect from the local network).
The "revert" button takes care of all serious problems.

Time is a limiting factor. May be I should use less time on forums. There is a reason that I use relatively much time on forums. KW's: Links, learn, tired, relations etc. I still read very much. So much is happening around XML (XSLT and XPath etc. renders good enough in modern broser, but XLink and XPointer support is still lacking), DOM, OO PHP (look forward to version 6) and I have nearly 50 sites. So there is no need to run.

If you look at the second and third link in my signature, you will note that I have used MacroMedia templates. These templates have been changed (made much more general and flexible, additional changes implemented on sites like Global resources for webmarketing, branding and digital ad at AdSchoolworld.com ) and more changes are to come. No need to reinvent the wheel. Better to concentrate on modifying that wheel.

But I still miss an answer to what has happened to my Amazon account. Has anybody experienced similar problems?

1. Not earned a single affiliate cent since I signed up as an affiliate.
2. I have orderes books, a comfirmation letter is sent, but my credit card is not debited and the books not sent. (I changed the strong password some weeks ago - Interesting to see if there is a change). A sniffer out there that do not like that I stand up to date or my own unprofessionalism?
3. They don't answer emails.

That is one reason why this thread got that heading.

Again thank you for answering.