Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 16
On hover, in Google Chrome, I am often redirected to other sites that display the attached screenshot telilng me to update my linux drivers. This is from several .eu domains. ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    May 2014
    Posts
    5

    Browser Hijack. Is there a way to block a domain?


    On hover, in Google Chrome, I am often redirected to other sites that display the attached screenshot telilng me to update my linux drivers. This is from several .eu domains. I've got some of them blocked in AdBlock but new ones seem to crop up daily.

    I know it's a scam but it is also an annoyance. Is there a way to block a domain in chrome?

    How do I find out (and is it necessary) if this is something that had infiltrated my OS? I would rather use the terminal if possible than try to weed through Nautilus. My OS is Ubuntu 12.04 LTS.

    Screenshot from 2014-05-16 22:48:46.jpg

  2. #2
    Linux Newbie nihili's Avatar
    Join Date
    Dec 2013
    Posts
    125
    on hover?

    that shouldn't happen.
    please check chrome's settings, esp. ALL the conveniently hidden advanced settings.

    maybe your browser got hijacked, but not your operating system.

    why not use a browser that makes it easier to adjust privacy and security settings?
    like firefox, or linux natives like midori...

  3. #3
    Just Joined!
    Join Date
    May 2014
    Posts
    5
    I have checked the advanced settings in Chrome and removed one extension I didn't recognize. Even so, I got the same redirect when I logged in here today. Go figure. I'm going to check my profile settings in Nautilus and then I'll post back and tell what I found, if anything.

    My husband is also getting this same junk on his computer. Always with .eu domains. And he uses Firefox.

  4. #4
    Linux Engineer
    Join Date
    Dec 2013
    Posts
    1,177
    It may help to reset settings to default:
    Settings-->Show Advanced Settings-->Reset Browser Settings

  5. #5
    Linux Newbie
    Join Date
    Jun 2012
    Location
    SF Bay area
    Posts
    162
    If you find that blocking an entire domain is the only option, meaning you try other things and decide that this "nuclear" solution is needed, here's on way to do it.

    Install a copy of "bind" on your system, change your DNS config so that "127.0.0.1" is the first entry in the search list for lookups. Then you can configure your local DNS as authoritative for any domains you want block and return "127.0.0.1" as the IP address for any hostname in that domain.

    That's obviously a bunch of steps not just a simple config/setting, and I've only described it at a 10,000 foot level. But it does work and I have something similar running on my home systems. I also have an Apache server running locally so I can log the requests that wind up being redirected to the problematic domains as well.

    And for what it's worth, a less gruesome way to accomplish something similar might be possible by installed a proxy server and configuring your browser to use it. The configs for the proxy server probably let you block domains in a more sophisticated way. I say "probably" since I haven't tried it before.

  6. #6
    Linux Newbie nihili's Avatar
    Join Date
    Dec 2013
    Posts
    125
    Quote Originally Posted by shyflower View Post
    My husband is also getting this same junk on his computer. Always with .eu domains. And he uses Firefox.
    i have the impression that this is more about browsing habits than about linux.
    you probably clicked something along the way, pressed "OK" without thinking, and now your browser is spy/malware infested... i'd think clearing all cookies and other offline data/cache on browser exit should do the trick.

  7. #7
    Just Joined!
    Join Date
    May 2014
    Posts
    5
    What I have done. Uninstalled and reinstalled google-chrome-stable via terminal. Before doing that, I put the hidden .google file in my home directory in the rubbish bin. Also checked Nautilus for any instances of Google in the usr directories, and the var directories in root. didn't find any after uninstall.

    Got the same redirect when I first accessed this site (but this isn't the only site that this comes up in).

    As for clicking something accidentally, seems odd that it would happen on both mine and my husbands systems. My husband's notebook is a Dell. Mine is an HP. He is also getting redirects for something called "Games Captain" and "Vube" both in a .com domain.

    Right now I am going to try to purge Google-Chrome and reinstall. I'll see if that works and let you all now.

    BTW thanks to all for trying to help.

  8. #8
    Just Joined!
    Join Date
    May 2014
    Posts
    5
    Quote Originally Posted by cnamejj View Post
    If you find that blocking an entire domain is the only option, meaning you try other things and decide that this "nuclear" solution is needed, here's on way to do it.

    Install a copy of "bind" on your system, change your DNS config so that "127.0.0.1" is the first entry in the search list for lookups. Then you can configure your local DNS as authoritative for any domains you want block and return "127.0.0.1" as the IP address for any hostname in that domain.

    That's obviously a bunch of steps not just a simple config/setting, and I've only described it at a 10,000 foot level. But it does work and I have something similar running on my home systems. I also have an Apache server running locally so I can log the requests that wind up being redirected to the problematic domains as well.

    And for what it's worth, a less gruesome way to accomplish something similar might be possible by installed a proxy server and configuring your browser to use it. The configs for the proxy server probably let you block domains in a more sophisticated way. I say "probably" since I haven't tried it before.
    The problem I see here is that I have lamp set up and I wonder if doing this will interfere with accessing my local host files?

  9. #9
    Linux Engineer docbop's Avatar
    Join Date
    Nov 2009
    Location
    Woodshed, CA
    Posts
    924
    Quote Originally Posted by shyflower View Post
    The problem I see here is that I have lamp set up and I wonder if doing this will interfere with accessing my local host files?
    No, the /etc/host is the first place names are tried to be resolved, then DNS is tried.
    A lion does not lose sleep, over the opinion of sheep.

  10. #10
    Linux Newbie
    Join Date
    Jun 2012
    Location
    SF Bay area
    Posts
    162
    Quote Originally Posted by docbop View Post
    No, the /etc/host is the first place names are tried to be resolved, then DNS is tried.
    And if you install bind and configure it properly, you CAN direct DNS requests to your local server and get any answer you need. DNS is designed to work in a chaotically configured web of servers and your local "bind" will go find the information needed to respond to any lookups it gets, then cache them locally. The trick here is to tell your local DNS that it is the authoritative source of information for the "bad domains". That short circuits the normal process of finding the DNS server that has the IP addresses and let's you substitute an alternative that effectively blocks the site.

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •