Urgent, Need Expert Advice: May Have Serious Sniffing/redirect/hijack Attempt Problem Via Isp

[bangkokburning]

Hours ago I posted regarding difficlties I was having with he KAL website in processing tickets. For 24 hours I have been unable to access the > Next page after making selection. The site simply stalls. It stalls on all browsers and on my Nex7 tablet.

BPB has verified the site is functioning.

I have run the following: GMER, AVAST Quick Scan, AntiSpyware, HijackThis, Glary, Kaspersky rootkit and found nothing out of ordinary.

Just for chuckles, I accessed the site on my netbook via phone modem and it works!!!!

HERE IS MY ISSUE: I ACCESS INTERNET VIA UNSECURED APT WIFI

I should add, I never place my cc details or banking pwds/user over unsecured wifi.

I set up the page, click thru to the point of needing to add details, log out, disconnect from apt wifi and then start the phone modem.

WHAT THE HELL?

I should be at least safe over the phone modem or no???

I am going to run full Avast scan at boot, maybe online scan.

?????????????????????????

Edited January 24, 2013 by bangkokburning

[bangkokburning]

Don't know why I did not think of this before....attempted the action using my wifes computer. Same deal, click next and the site spins and stalls.

I am currently runing MS Malicious Removal Tool, will reboot and run Avast from boot and SAS full and in extreme mode.

Can anyone tell me what is going on? I guess I cannot trust the ISP and/or the wireless network at all now. What a hassle this is going to be...

[JakeBKK]

URL ? did you consider the page is messed up?

[bangkokburning]

"Messed Up"? No.

As I stated, I have selected the ticket options and clicked > NEXT. It then stals.

This has ocurred on my netbook, my Nex7 and my wifes Acer laptop.

Black Pudding Bertha has been able to get thru the initial screen.

I have been able to get thru the frst screen using my phones modem

THEREFORE - there is something between my connection and the site that is stalling. ISP malware, packet sniffing amature, I ont know but I am very concerned.

Never put my C details in he browser while connected to UNSECURED WIFI. Always disconnect and use phone modem. I do though click thru and set up the page so next click would be pw/user or cc details.

We do though enter our fb and email over unsecure. Site is https and or we have https anywhere runing on my netbook as well.

Ghostery and noscript running BUT noscript allows site to run.

Was all good 24hrs ago.

[NHJ]

you worry too much, the site is certainly contacting its CC broker and that's where your connection fails to reach the host thus why you can access is using another ISP.

[bangkokburning]

I don't know. When you go to the apt login page there is some crap script that never has run correctly stating - run this to protect against ARP Spoofing. Seems to me this could very much be the situation. Maybe this is a problem of this apt and has taken yrs for me to see it.

Yes, when I do click the NEXT button it appears it attempts to contact the site. But hey, maybe this is MIM attack or ARP Spoof???

I am just going to do the entitre thing thru the modem.

I am off to Trang in an hour, cant respond but would appreciate input.

I havewritten a leter for office to fax to apt ISP.

Worry to much about my credit card?!!

Edited January 24, 2013 by bangkokburning

[Mrjlh]

Just a suggestion. If there is a phone number to call why not just call them. You have all the flight info and the price should be the same over the phone. One less worry.

[RKASA]

All kinds of sites have had hick ups after the last java exploits - some browsers may block Java plugins have you done updates - even then I see blocks in the plugins still.

[lopburi3]

All of your posts have been on the same IP from the same provider and expect it is that provider causing the issues - I am having the same problems for the last week on some IP connections from them and have to reboot to get a new connection to get sites to load. You do not have that option using Wi-Fi from apartment but do not believe it is your computer or a security issue with your system.

[BlackPuddingBertha]

My bet is that the apartment building is using a cheap router that hasnt been rebooted since the last time the power went down.

When I install domestic routers for this sort of use I put them on a timer switch so that they reboot every night. Makes them work 10 times better.

[RandomSand]

OP: "I set up the page, click thru to the point of needing to add details, log out, disconnect from apt wifi and then start the phone modem."

This is good. It means that the remote server / SSL technology is keeping track of the IP address and making sure that one single IP is used throughout the session.

If you did the whole thing off your private connection s it would likely work. If you did the whole thing from your shared connection then it would likely be ok also.... but you are right to not put in your details on shared wifi.

There's no problem that I can see and certainly no signs that you've been hacked!

[oldgeezer]

I use GFI Vipre anti spy and malware program. Now will not update definitions. After 3 hours with Vipre's extremely competent and professional staff night before last, they determined the problem is my True internet ISP. Not just passing the buck. They followed up with an email saying they verified no one in Thailand can update software or definitions even though no other countries are having this problem.

At their advice yesterday I called true, explained the problem and they said they would check and get back to me in two hours. 26 hours later I still have no response.

At least I know where the problem is if not how to correct.

Verified:

No proxy

No virus

True is blocking

GFI Vipre is hot on the trail.

Most professional, courteous and knowledgeable technical support I have ever experienced with a software or hardware provider and I bought my first computer in 1987.

At least I know it is fruitless to deal with True on this issue.

[oldgeezer]

I use GFI Vipre anti spy and malware program. Now will not update definitions. After 3 hours with Vipre's extremely competent and professional staff night before last, they determined the problem is my True internet ISP. Not just passing the buck. They followed up with an email saying they verified no one in Thailand can update software or definitions even though no other countries are having this problem.

At their advice yesterday I called true, explained the problem and they said they would check and get back to me in two hours. 26 hours later I still have no response.

At least I know where the problem is if not how to correct.

Verified:

No proxy

No virus

True is blocking

GFI Vipre is hot on the trail.

Most professional, courteous and knowledgeable technical support I have ever experienced with a software or hardware provider and I bought my first computer in 1987.

At least I know it is fruitless to deal with True on this issue.

Udate:

I was too hasty with the true comment.Just got off the phone with their tech support. Took remote control of my pc and seemed to conclude they had to go to their networking people to see what was going on. Very courteous and helpful with nice lady translating for the tech. Who seemed to be very proficient.

[bendejo]

Just a thought: are you using a script-blocking add-in (like NoScript) in your browser?

[oldgeezer]

Just a thought: are you using a script-blocking add-in (like NoScript) in your browser?

Both Vipre tech and True tech remote accessed my pc using two different browsers and checked every possible windows and true status. The conclusion was true had a problem that they will have to take to their network group so sort out.

I followed them on the screen all through their checks and True tech checked link Vipre/True and got "timed out" signal immediately many times in succession. It is a True network problem. I also have two computers that worked fine, showing latest Vipre updates as Jan 18. Both computers have same problem even though my wife rarely uses her laptop.

But thanks for your interest. Hope they get this sorted out soon.

One question: Is anyone else out there experiencing problems with virus program updates?

[NeverSure]

-snip-

One question: Is anyone else out there experiencing problems with virus program updates?

I'm not, and that would concern me.

Here are a couple of really good articles on being more secure with public wifi, and using the 'net in general. Good stuff, methinks.

Safe on a public wifi network.

Free VPN and why, including accessing banned domains and your own computers.

[lopburi3]

As someone also having severe issues resorted to loading the True proxy server yesterday and so far everything is working OK without the often major delays so might be worth a try if they did not already do or if you do not already use. It may not work but easy to make the try and see.

Method in Windows 7 is select Control Panel/Networking and Sharing Center/(bottom left) internet options/Connections/Settings/Use Proxy and enter "proxy.trueinternet.co.th" and in the port "8080"

[lopburi3]

Now the proxy gives error 500 and can not connect so have removed the proxy setting and connecting OK again.

[OxfordWill]

The least likely are the items you are concerned about. More likely (by quite some margin of probability) is one of about 15 boring technical issues that can and do exist on such networks as those typical found serving apartment internet access. Majority of which you have no control over.

[oldgeezer]

The least likely are the items you are concerned about. More likely (by quite some margin of probability) is one of about 15 boring technical issues that can and do exist on such networks as those typical found serving apartment internet access. Majority of which you have no control over.

Hear here. Right on the money

[JakeBKK]

With linux, it is petty easy to look at your network connections. As far as i know : ALL isp's here have transparent proxy's running . Getting normal things like reverse - nat to work.in the LOS is a nightmare, especially on mobile networks.

[astral]

This could just be a browser issue.

Many sites are optimised for IE and do not work well with other browsers

[oldgeezer]

This could just be a browser issue.

Many sites are optimised for IE and do not work well with other browsers

The first thing both techs checked was browser issues. Both IE and Chrome were ok. True admits there problem as they have to go to their networking people to sort out. Vipre has confirmed none of their customers in Thailand can update software or definitions.

[koolbreez]

A lot of times this happens when your pop-up blocker is turned on, or you have webpage re-direct blocked. Some things, especially pop-ups do not happen on phone connections, with the reduced webpage content.