Yesterday I spent some time after downloading an empty theme template .zip off dev-host going over the dev-host connections and the malware that lurks right next to the button you need to push to download something.
I tested this on multiple networks and different operating systems and essentially it was a module watcher that caught it. Then I did a run down through PFSense firewall seeing what it was trying to do. This is not localized to one server as far as I can tell since I tested on several different server ip addresses and all did the same thing. So I guess this is a notice to the community and to dev-host who I imagine doesn't know several of there servers have been attacked with malware resulting in a phishing attack url attacged to a local button.
I could show you all the nitty-gritty firewall details and how the phising attack works but yeah thats to much time I'll just show you what button NOT to push on dev-host:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Clicking the orange download button results in an instant phishing attack. For those of you who dont know what a phising attack is let me explain:
Essentially it's a way of tricking you into thinking your browser is going somewhere its not. Which can result in many things ie: theft of data/malware/viruses/network attacks/trojan droppers and many many other nasty's most people really hate. I have tested where it goes and its completely random and its not this specific zip or this specific page its just the first one I tested it on. So one or more of the dev-hosts servers are infected. PFSense has blocked the crap out of it every time along with module watchers and even some very low lvl malware software may block it. Figured I'd share this information.
Oh and Id also like to say I use every adblocker and adblocker+ and several other ad blocking extensions and the button you need to click is right below it. So its definitely something to keep an eye out for. I'm usually very careful about what button I click. So I usually never even run into these situations but yeah. Figured I'd share to the community and to Dev-host
Related
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I have no intention of using the phone as a media server. Anyone know how I can prevent this from draining my battery?
You can try settings>apps and stopping dlna and media server services. but not sure if they won't just restart later.
dragonstalker said:
You can try settings>apps and stopping dlna and media server services. but not sure if they won't just restart later.
Click to expand...
Click to collapse
Couldn't find this DLNA service you're referring to under Settings>Apps>Running Services. This issue doesn't seem to always exist either. But it did just pop up and this time taking a huge % of my battery use.
Media server cannot be removed. It is a part of the android central process. WTF is that thing called, i keep botching the order of it but something like android.process.acore
It isn't used to be a mediaserver. In fact part of it controls at least one of the sensors on the phone... maybe the orientation sensing. but at 3 percent, you are doing very good. When people mess it up in custom kernels and whatnot it can freak the hell out and pull like 40 lol.
Anyways, don't worry about it, nothing you can do and 3 percent is awesome.
skydeaner said:
Media server cannot be removed. It is a part of the android central process. WTF is that thing called, i keep botching the order of it but something like android.process.acore
It isn't used to be a mediaserver. In fact part of it controls at least one of the sensors on the phone... maybe the orientation sensing. but at 3 percent, you are doing very good. When people mess it up in custom kernels and whatnot it can freak the hell out and pull like 40 lol.
Anyways, don't worry about it, nothing you can do and 3 percent is awesome.
Click to expand...
Click to collapse
3% was over a short period of time. I seen it take up much more as shown in the later pic. But if it can't be removed then I guess I'll just have to reboot the phone when it's draining the battery.
It is likely part of services.jar or framework.jar and trying to remove the service would likely be a huge undertaking as it controls anything media related, and some sound events are included in that.
Hey all,
I wanted to let everyone here know about an application I wrote a while back. I actually completely forgot about the application until earlier today when I flashed a new ROM onto my phone. I'm all about cyanogen which is why i never have to use this application but recently I wanted to try a Sense based ROM on my Evo 4G LTE. The issue i had was immediately after flashing the ROM (that will remain anonymous) none of my ads were working.
Long story short it's because of a modified hosts file in the OS (Which I had no idea would come with the ROM). Now, although this is an open source community, some people here prefer to block advertisements. I believe it is wrong and it completely goes against anything that we, as an open source community, stand for. It is ok and it is our choice to run these ad blocks or not but a lot of people must be using these ROMS with a modified hosts file without even knowing. What a lot of people don't realize is that the ads help keep things free. It helps pay for servers costs, etc.
I want to make something very clear. I do not have a problem with people blocking advertisements. I do have a problem with very popular ROM developers mass producing and giving other people roms that are pre packaged to block advertisements. They dont even inform the user that it will block ads. The fact that it is blocking advertisements is ok but the fact that it is blocking ads by default without checking that the user supports such a decision is wrong.
Anyways, I'm not here to preach, I am here to give people the option to remove these ad blockers.
If you want to support the open source community check out this very simple application called 'Ad Block Remover':
https://play.google.com/store/apps/details?id=com.av1rus.adblockremover
This application allows you to make a copy of your current hosts file and also restore it if you have an issue.
If you make a copy you can search it to see if you have popular ad blocks like admob or adsense. If you do you can either remove only the lines you choose or you can return it back to stock where it will not block any advertisements.
Let me know what you guys think...
Also, you guys are free to use this application however you please. You can even use it to transfer a hosts file from one rom to another or restore a hosts file to block advertisements.
Lastly, let me clarify one more time. I really do not care who blocks the ads... Just give an option.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Hi community.
Just stopping by to inform you, that the app/tool personalHTTPproxy has a new home.
New releases will come soon.
What is personalHTTPproxy?
It is a tool for Java enabled devices and an Android app that can filter all your HTTP traffic to block ads - no root needed.
The app/tool is open source software and is free of charge. No paid extended or premium version.
Check out
http://personalHTTPproxy.org
for more info...
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Kind regards
t-ryder
Downloaded, now i'm testing it, thank you
Inviato dal mio Nexus 4 con Tapatalk 2
Adblocking runs good for any Browser used on Android, but we are facing problems when it comes to block ads in apps.
This is caused by ads that just bypass the HTTP(s) proxy to download the ads from Google AdMob and other Google ad services.
There are apps (and this is as it's oughta be) that respect the proxy settings and the ad filtering is done right.
And there are apps that just ignore the proxy settings to fetch the ads from various hosts.
Without a VPN, a real global proxy (root) or messing with iptables on a rooted phone or the hosts file itself (using another app) those ads can not be blocked.
Nice app , will try it
I will give this application a try, thank you for throwing this information out here on the world wide web!
Hey.
Ingo Zenz got some new stuff!
Check out personalDNSfilter. Works even better than personalHTTPproxy - no root, VPN, blocks ads in apps and browsers ... system-wide!
http://zenz-solutions.de/personaldnsfilter/
How can I add new hosts in personal dns filter?
I tried to go to hosts-file.net but I don't understand what I have to do and what I have to download.
Mattiapk said:
How can I add new hosts in personal dns filter?
I tried to go to hosts-file.net but I don't understand what I have to do and what I have to download.
Click to expand...
Click to collapse
Sir, sorry for the late reply.
For further requests please see this thread https://forum.xda-developers.com/android/apps-games/app-personaldnsfilter-block-malware-t3567898
And please update to the latest version of pDNSf.
for support and manual usage, please join our group on TG
https://telegram.me/pdnsf
Hello.
About the “download manager mess up” take a look here (grossness warning!): Can't STOP a built-in manager download in an acceptable way… :-/ (v56, v57-Beta) @ Google forums
Briefing for documenting purposes: built-in download manager intercepts certain download links' files, I guess because of file extension (apk files not captured, for example). However, built-in download manager is deprived from file download cancelling ability. Had to delete all of the application data to stop the mess.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
In essence, a dodgy issue. Not overly critical in most situations, of course, but certainly dodgy. Better do not tap/click on overkill sized files, or you'll regret it.
With regards to the link disambiguation popups, this is something I've wished to get a solution for some time already, to no avail. So let me explain:
There are sites on which no popups are seen. Example: this very forum. You can tap where you want or need without popups. If something's a little cramped, just a little bit of zoom is all you may ever need. I use “force enable zoom” and you should also if not, as you may guess.
There are certain sites, though, where this is stuff gets in the way. Notorious example: eBay desktop mode (I've included the desktop site redirection to make your life easier in case you are using the @#$% mobile user agent).
It is obvious that there's something in these damned sites' coding which forces Chrome to go into “link disambiguation popup” disgusting mode. So, if any of you may know some sort of way to prevent the browser going disgusting mode, God would be grateful. Maybe some sort of mod and/or app? Any feedback/contribution welcome.
Mostly wrote this because I've recently revisited the Firefox browser, and I've been on the verge of switching to it. Too bad Firefox has 0 bookmark management capabilities.
Have a good time fellows.
Cheers
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
AdZHosts
This HOSTS file is available on all operating systems. It has been used worldwide since 2009. It has already proven itself and is used as a source by many other projects. It is even by default in Blokada.
Its goal is to offer you a very precise and effective advertising block. Plus it helps preserve your privacy by blocking spy trackers and unhealthy addresses. It's all in one.
Website | Telegram | XDA-Labs
In addition to offering a HOSTS file for your Android, Windows, MAC and Linux, AdZHosts also comes in pre-settings for your browser extensions. NandoAdblocker and uBlolck.
There are also presets for AdGuard and DNS66 extensions.
Blokada already offering AdZHosts by default.
Very good. ?
Hi! May I use your work for add it into keweonDNS?
working good with adaway+adzhost+magisk adsblock.
AdZHosts is down I'm sad.
Yeah, their main site says they are shutting down did anyone by chance make a backup of their android-hosts.txt? PM or post it. I would really appreciate it.
update: Energized Basic is identical
update 2: Energized is blocking my cable company login on ther History APP, when I disable blokada, I'm logged in, when I enable blockada, I'm logged out. Adzhosts seemed to have a fine balance. Anyone have a backup list?
update 3: whitelisting sp.auth.adobe.com getting some success
kodiportalgabe said:
Yeah, their main site says they are shutting down did anyone by chance make a backup of their android-hosts.txt? PM or post it. I would really appreciate it.
update: Energized Basic is identical
update 2: Energized is blocking my cable company login on ther History APP, when I disable blokada, I'm logged in, when I enable blockada, I'm logged out. Adzhosts seemed to have a fine balance. Anyone have a backup list?
update 3: whitelisting sp.auth.adobe.com getting some success
Click to expand...
Click to collapse
You can ask the dev on telegram from energized