phazey

Wordpress is a good starter.

Question that's just came into my head. Have you considered some PowerLine adapters ? Use your existing infrastructure etc.....

http://www.dailymail.co.uk/news/article-2871044/Myanmar-bar-manager-accused-insulting-Buddhism.html

Recommend a malware scan.

Humph - turns out i'm now working for C&A

+1 Full message envelope source please.

<script type='text/javascript'>window.mod_pagespeed_start = Number(new Date());</script>

He's getting the alert for www.google-analytics.com/analytics.js - this is OK

If you host a website www.blah.com, you can have that URL in the header information and it helps you track visitors etc.

As for your last line, No, it's google, so the .js is safe....

What if his hosts file has been maliciously edited, or his DNS poisoned? Then that's not safe.

This could very well be a real detection.

Checking host file sanity is the first thing that's usually done in a virus scan, particularly a "quick scan" either user invoked, or on startup.

Thank you for your reply. Still the same AVG comes up with virus found html/framer www.google-analytics.com/analytics.js

The official Google Analytics site is http://www.google.com/analytics/ not google-analytics .com so the latter is likely to be malicious.

Please see the lookup i did of the site, OR run this command;

whois google-analytics.com

Please let me know what portion you are having problems understanding and why you think google-analytics.com is not a Google domain. Actually, just copy and paste from below why you are suspicious after your lengthy investigations.

Domain Name: google-analytics.com

FWIW some AV vendors will look at the cross site javascript and mark it as malware based on it's injection method. Others however have a technology that runs in the background called "link-following" that will traverse a website and test 3rd of 4th impression links for their actions. These results in turn get put into the respective signature database and will return "safe" when a user encounters them.

Here's an example;

https://www.virustotal.com/en/file/b305235eaab62d2a74cf94ec3844bebf6905c1239ff7944f5ea85826ada1b9ae/analysis/

Are you getting this message after visiting a particular website?

.js stands for JavaScript and it is browser-based code delived to a web browser to run computer code (usually fancy menus or graphic).

Doing a google search reveals that some servers have had their google .js code compromised. This is what your AVG is detecting.

He's getting the alert for www.google-analytics.com/analytics.js - this is OK

If you host a website www.blah.com, you can have that URL in the header information and it helps you track visitors etc.

As for your last line, No, it's google, so the .js is safe....

Registrant Name: DNS Admin

Registrant Organization: Google Inc.

Registrant Street: 1600 Amphitheatre Parkway

Registrant City: Mountain View

Registrant State/Province: CA

Registrant Postal Code: 94043

Registrant Country: US

Registrant Phone: +1.6502530000

Registrant Phone Ext:

Registrant Fax: +1.6506188571

Registrant Fax Ext:

Registrant Email: [email protected]

This is correct and probably a false positive. Depending how a web host configures GoogleAnal, the .js plugin is one way for the webmaster to track hits to his site. I think it's save for you to whitelist this, it's not a virus or malware injector. AVG has just picked up on the fact the website is using cross site scripting, and correctly rang a few alarm bells.

Last point,

The call (not VOIP) quality is dependant of the RTP stream between you and the recipient. SIP only sets up the call,does the signalling between your provider and your destination, then hands off to a peer to peer RTP stream (Between you and your call destination). UNLESS you have configured to use a RTP Proxying service as part of your SIP/VoIP package.

Not yet, i'll update you tomorrow though

I've been jonesing for a few weekend projects, something along the lines of building Pi SD card images set up for those of us who do not have as much exposure. This of course would be peer reviewed by other community Linux/Pi people for security reasons. Although half the challenge is doing this stuff, I understand the urge to play DigDug again

Way to go Sony!!

First, you infect user computers with rootkits/viruses, and now engage in active hacktivism...

Time to fire up my LOICs and let the Anons have it... If big International Corps can do it, why can't us mere mortals...?

Because the corps will dust off and nuke your site from orbit. Keep your LOIC in your pants fella.

When gmail address owner sends email via gmail SMTP server, his IP address is included in the headers just as usual.

It takes a large lump of clue by four to suss this out, the average user will stick to using the standard web based gmail interface.

I can tell you where it came from.

Mountain View, CA.

Not from my office, it didn't.

10.xxx.xxx.xxx IP's are just part of the private subnets, so not a router IP per se. It'll be a tough one tracing this one.

This may help

http://www.raspberrypi.org/forums/viewtopic.php?f=78&t=69420

No it's all local, and if it was a security risk, I, for one, would not recommend it. You could be thinking of LogMeIn

I had to use a "standard port" on my external network interface, so i forwarded 80 -> 5901 - it's common for ISP's to not allow ports above 1024 for inbound, and are lax on securing incoming for standard services, like 25, 53, 80, 443 etc. Also make sure you're forwarding both TCP & UDP.

If you can't get that working, give "Teamviewer" a shot

My smart TV can record to a USB stick or a hard drive connected by USB.

[The programs recorded cannot be played back on anything other than the TV as they are encoded or encrypted, so I can't view them on my PC. ]

If it's a Samsung, you can view/manage these with Samsung Share Manager app

You can also mount the drive in Linux and copy the files to your local PC.

Most modern CPU's nowadays have Thermal Throttling in place to slow the cpu down when it encounters high heat usage. Kicks in for me when I play games on my laptop.

OP FWIW i've just set up my sling box, with my router forwarding on 21, 443 and 5001, will let you know when i can log on to my Thai machine tomorrow. If that works, i have no issue giving you a guess account.

It's got an old Sony decoder on it, seems the new FreeView lineup on the mendip transmitter crashes all sling boxes apart from the Pro HD

EDIT: It's just occurred to me, are you guys using the web based player ? There's a good chance this is blocked as it uses 5001 as default!

Try the legacy SlingPlayer standalone app, and if possible, use "standard" ports, ones no one should block unless they really want to break the Internet.

Bluecoats are in deed wonderful boxes to work with. I did a pretty significant installation of them a number of years ago, and used right, do a lovely job.

But OP, if you are convinced your Slingbox is blocked, just have it listen on port 80 or 443 at your remote end, and map that port on your router. Also consider that your talk talk may be 4MB, but it's upload would be something like 1MB - and ToS/QoS would serve that at a lower priority.

I'm not 100% sure Bluecoats can intercept and decrypt SSL traffic. I know it's possible, but just not sure if they can.

Yes they can.

Managing SSL and HTTPS Traffic

Gain visibility with Encrypted Traffic Management. Only from Blue Coat. Advanced cyber threats are hiding in your encrypted SSL and HTTPS traffic. Eliminate the security blind spot. Blue Coat’s Encrypted Traffic Management solutions give you the tools to combat hidden risks in your SSL and HTTPS traffic, enforce your policies, and preserve privacy.

Although I can pretty much guarantee it's not enabled. To do so, they'd need to push out a new root CA to resign the pages certificates. In a corporate environment, these new CA's are pushed out with group policy. In our environment (we do SSL scanning/resigning as a portion of the service) We offer a new root CA group bundle the users can download to their infrastructure.

If all SSL pages come up with an untrusted connection, then yes, SSL scanning is in place as a MITM vector.

Bluecoats are in deed wonderful boxes to work with. I did a pretty significant installation of them a number of years ago, and used right, do a lovely job.

But OP, if you are convinced your Slingbox is blocked, just have it listen on port 80 or 443 at your remote end, and map that port on your router. Also consider that your talk talk may be 4MB, but it's upload would be something like 1MB - and ToS/QoS would serve that at a lower priority.

I'm not 100% sure Bluecoats can intercept and decrypt SSL traffic. I know it's possible, but just not sure if they can.

It's to do with Geo Location, or more specifically GeoIP - the IP address you submit the request from is in Thailand, so Google will serve you the Thai version of it's site (This is how my Global load balancers at work operate). Best suggestion I can offer is you use something like Hola Unblocked (a favourite video tool for getting local content) and selecting Australia as your exit node.

Better this thread be moved to the Internet & Tech forum - I'm sure someone will pick this up.