• AnyStream is having some DRM issues currently, Netflix is not available in HD for the time being.
    Situations like this will always happen with AnyStream: streaming providers are continuously improving their countermeasures while we try to catch up, it's an ongoing cat-and-mouse game. Please be patient and don't flood our support or forum with requests, we are working on it 24/7 to get it resolved. Thank you.

why does the new version 8.1.3.0 exe. show like this?

DrinkLyeAndDie said:
Concerning the DNS-related issues, I recommend people take a look at OpenDNS (https://www.opendns.com/). I've used it as a replacement for the default ISP-based DNS for years. You can simply use the provided DNS servers or create a free account which allows a bit more control over DNS-related things. I used to have an account but haven't used it in forever because just using the servers does enough. Give it a look.

Note: I also use DNSCrypt to encrypt packets between my computer and the OpenDNS servers. Purely optional but something else for the paranoid to make use of. :)
Click to expand...

That's some great information thank you


Sent from my iPhone using Tapatalk
 
DrinkLyeAndDie said:
Concerning the DNS-related issues, I recommend people take a look at OpenDNS (https://www.opendns.com/). I've used it as a replacement for the default ISP-based DNS for years. You can simply use the provided DNS servers or create a free account which allows a bit more control over DNS-related things. I used to have an account but haven't used it in forever because just using the servers does enough. Give it a look.

Note: I also use DNSCrypt to encrypt packets between my computer and the OpenDNS servers. Purely optional but something else for the paranoid to make use of. :)
Click to expand...
+1

Sent from my SM-N9005 using Tapatalk
 
What I would like to know is how the users that had their DNS cache poisoned actually had it happen. Did their computers get infected with something ahead of time that poisoned the cache or was the DNS server that the users were resolving with compromised (or just rogue)? It would be nice to know what DNS servers were used by the users that were affected. Is this information available and I just missed it?
 
I'm not going into details (since I am in that DNS world active). It's a bit like this. EVERY website has a set of what is called 'dns records' that tell any browser requesting a domain to which server IP it is linked, where the mail server is,... That sort of stuff. Every record has time set to it before it gets recached for quick access. There's several global caching servers that store those for quick retrieving rather than looking it up every time.

It looked like whoever was behind it somehow managed to poison such a CACHING servers DNS records and have it redirect is cache of the RedFox site download link to a 3rd party compromised server.

Now, the user used the file name 'SetupAnydvd.exe' I think can't remember if at the moment, but that is a fixed redirect on the RedFox site to always server the user with the latest version. The compromised server however was hosting an old, modified 8120. Now you need to combine both.

Scenario: user visits the actual RedFox site and clicks on download, your browser got served the malicious download location due to that caching mentioned above, thus the missing version number and incorrect icon...

It is important to note that NEITHER the RedFox site itself, nor the PC user visiting the RedFox site were compromised at the point of visiting the RedFox site. It is such a caching server that was compromised.

This technique is called 'dns poisoning' and is not easy to do. Due to how such caching servers keep records it might continue for a few more days, afterwards it should resolve itself automatically. In the mean time RedFox, with thanks to the forum users' quick alerting to this issue, was fast at work to hunt the culprit down.

I hope that helps. I tried to get not too technically detailed, but that stuff is highly technical by nature even for me at times. And I'm active in the hosting world myself, and have to research stuff at times or get some help.

Verstuurd vanaf mijn Nexus 7 met Tapatalk
 
Ch3vr0n said:
I'm not going into details (since I am in that DNS world active). It's a bit like this. EVERY website has a set of what is called 'dns records' that tell any browser requesting a domain to which server IP it is linked, where the mail server is,... That sort of stuff. Every record has time set to it before it gets recached for quick access. There's several global caching servers that store those for quick retrieving rather than looking it up every time.

It looked like whoever was behind it somehow managed to poison such a CACHING servers DNS records and have it redirect is cache of the RedFox site download link to a 3rd party compromised server.

Now, the user used the file name 'SetupAnydvd.exe' I think can't remember if at the moment, but that is a fixed redirect on the RedFox site to always server the user with the latest version. The compromised server however was hosting an old, modified 8120. Now you need to combine both.

Scenario: user visits the actual RedFox site and clicks on download, your browser got served the malicious download location due to that caching mentioned above, thus the missing version number and incorrect icon...

It is important to note that NEITHER the RedFox site itself, nor the PC user visiting the RedFox site were compromised at the point of visiting the RedFox site. It is such a caching server that was compromised.

This technique is called 'dns poisoning' and is not easy to do. Due to how such caching servers keep records it might continue for a few more days, afterwards it should resolve itself automatically. In the mean time RedFox, with thanks to the forum users' quick alerting to this issue, was fast at work to hunt the culprit down.

I hope that helps. I tried to get not too technically detailed, but that stuff is highly technical by nature even for me at times. And I'm active in the hosting world myself, and have to research stuff at times or get some help.

Verstuurd vanaf mijn Nexus 7 met Tapatalk
Click to expand...
Ch3vr0n, I'm glad you're not giving any of us that read up on what you described a "Pop Quiz" after all of this!!

I barely understood what you just wrote, and I'm computer literate!!

:thankyou:
 
That was a great description @Ch3vr0n. I am familiar with how DNS works for the same reasons as you are, but I am somewhat confused about what you mean when you say this:
Ch3vr0n said:
I'm not going into details (since I am in that DNS world active).
Click to expand...

Did you mean "the DNS world" instead of "that DNS world"? (I don't mean to be rude when asking if it is in fact a typo, but I want to make sure that it is in fact a typo and not me not understanding what you mean by that.)
 
Nope David. That, the,... Same thing. There's a whole lot more to hosting a domain safely than some DNS ;-)

Verstuurd vanaf mijn Nexus 7 met Tapatalk
 
Downloaded 8.1.3.0 from http://sandbox.redfox.bz/SetupAnyDVD8130.exe1 using FireFox 53.0.3 and also IE 11.1198.14393.0. File size was 13.5MB (13.45MB)?. In both cases, Norton Security Suite 22.9.3.13 says it's infected and immediately removes it. Can RedFox supply a legitimate version in a safe location for it's users?

Someone suggested just using the IP Address for download. Can some tell me exactly what that IP Address is?
 
The one from the sandbox is safe, check the file properties of the digital signature is intact.

Verstuurd vanaf mijn Nexus 7 met Tapatalk
 
Someone suggested just using the IP Address for download. Can some tell me exactly what that IP Address is?
Click to expand...
One of the mods posted it in this or the other thread. You could also do a whois lookup.
 
Finally told Norton to restore the file and leave it alone. Actual file size from Sandbox was 14,112,504. Ran an individual Norton virus scan on the file and it came up clean. Installed OK with the correct version number. Apparently Norton was rejecting it on the basis of an "Insight Network Threat" (WS.Reputation.1) which is not considered a virus or an adware or spyware threat, but instead a "wisdom of crowds" reputation-based system level. In other words, if the file is new and doesn't have a lot users yet, it will likely be rejected by Norton or any other AV software that, in part, uses a reputation-based model.

Since no one could answer my question about RedFox's IP address, I tried Whois using the address https://www.redfoz.bz. Couldn't find it. I've wasted way too much time this morning on this whole stupid issue.
 
Norton probably flagged it based on the actual infected one that was trying to be distributed by third party by compromising a DNS chaching server. The file had the EXACT name as a actual release by redfox but was modified with a trojan and signature was invalid. Since the filenames matched it probably was just being overly cautious.
 
pcarey said:
Finally told Norton to restore the file and leave it alone. Actual file size from Sandbox was 14,112,504. Ran an individual Norton virus scan on the file and it came up clean. Installed OK with the correct version number. Apparently Norton was rejecting it on the basis of an "Insight Network Threat" (WS.Reputation.1) which is not considered a virus or an adware or spyware threat, but instead a "wisdom of crowds" reputation-based system level. In other words, if the file is new and doesn't have a lot users yet, it will likely be rejected by Norton or any other AV software that, in part, uses a reputation-based model.

Since no one could answer my question about RedFox's IP address, I tried Whois using the address https://www.redfoz.bz. Couldn't find it. I've wasted way too much time this morning on this whole stupid issue.
Click to expand...

You need to look up the domain, not the url. I just did and their record came right up. Also, it's fox, not foz (but I assume that was just a typo).
 
pcarey said:
Since no one could answer my question about RedFox's IP address, I tried Whois using the address https://www.redfoz.bz. Couldn't find it. I've wasted way too much time this morning on this whole stupid issue.
Click to expand...
At least a helpful "Mod" should provide you with the IP address if the user community won't.
 
Yaris said:
At least a helpful "Mod" should provide you with the IP address if the user community won't.
Click to expand...

Please don't tell what the staff should or shouldn't do. Leave that to our superiors please. Maybe users should use the SEARCH before asking what's already available in the same topics the user posted in.
 
For me, IP Address 93.190.142.127 results in:
Welcome to nginx!
If you see this page, the nginx web server is successfully installed and working. Further configuration is required.

For online documentation and support please refer to nginx.org.
Commercial support is available at nginx.com.

Thank you for using nginx.
 
You must log in or register to reply here.
Back
Top