Help, I've been hacked somehow.

Ray Parrish crp at cmc.net
Tue Mar 16 08:48:33 UTC 2010 

Gilles Gravier wrote:
> Facebook uses many IP addresses. This week I'm in Spain and I get it on
> 66.220.x.x ...
>
> >From my machine, your 74.X address doesn't go to facebook. The 69.x does.
>
> Try moving your .mozilla directory to something different and starting
> with a FRESH browser configuration. Does that work?
>
> Gilles.
>
> On 16/03/2010 09:13, Ray Parrish wrote:
>   
>> Gilles Gravier wrote:
>>   
>>     
>>> Hi!
>>>
>>> Try by looking at your browser. Clear up your cache. Clear up your
>>> cookies for facebook domain. Then try again.
>>>
>>> Gilles.
>>>
>>> On 16/03/2010 08:28, Ray Parrish wrote:
>>>   
>>>     
>>>       
>>>> Hello,
>>>>
>>>> I ws on Face Book, and had decided to unfan Karmaceutical Records, since 
>>>> all they dispense is porno music videos, and immediately after surfing 
>>>> to their fan page, and clicking the remove me as a fan link, I tried to 
>>>> surf back to FaceBook, and I could no longer load my home page.
>>>>
>>>> I tried the is it everyone, or just me page, and they say it's just me. 
>>>> I can not even load the top level page on Face Book. How in the hell did 
>>>> they do that?
>>>>
>>>> Here is my iptables, and hosts file, both of which show nothing 
>>>> untoward. Can some network guru please tell me how else I mght be being 
>>>> blocked?
>>>>
>>>> ray at RaysComputer:~$ sudo iptables -L
>>>> Chain INPUT (policy ACCEPT)
>>>> target     prot opt source               destination        
>>>> DROP       tcp  --  anywhere             anywhere            tcp 
>>>> flags:FIN,SYN,RST,ACK/SYN
>>>>
>>>> Chain FORWARD (policy ACCEPT)
>>>> target     prot opt source               destination        
>>>>
>>>> Chain OUTPUT (policy ACCEPT)
>>>> target     prot opt source               destination        
>>>> ray at RaysComputer:~$ cat etc/hosts
>>>> cat: etc/hosts: No such file or directory
>>>> ray at RaysComputer:~$ cat /etc/hosts
>>>> 127.0.0.1 localhost
>>>> 127.0.1.1 RaysComputer
>>>>
>>>> # The following lines are desirable for IPv6 capable hosts
>>>> ::1 ip6-localhost ip6-loopback
>>>> fe00::0 ip6-localnet
>>>> ff00::0 ip6-mcastprefix
>>>> ff02::1 ip6-allnodes
>>>> ff02::2 ip6-allrouters
>>>> ff02::3 ip6-allhosts
>>>> ray at RaysComputer:~$
>>>>
>>>> Thanks for any help you can be.
>>>>
>>>> Later, Ray Parrish
>>>>     
>>>>       
>>>>         
>> That did not work. Here is more information that I am getting. Can you 
>> confirm that the ip address I telneted to is the Face Book address? If 
>> it is, I am able to connect to them via Telnet, but not my browser.
>> ray at RaysComputer:~$ traceroute www.facebook.com
>> traceroute to www.facebook.com (69.63.189.39), 30 hops max, 40 byte packets
>>  1  * * *
>>  2  eugn (67.42.192.201)  41.047 ms  42.289 ms  44.295 ms
>>  3  eugn (67.42.193.65)  46.373 ms  48.490 ms  50.408 ms
>>  4  eug-core-01.inet.qwest.net (205.171.150.57)  52.977 ms  54.830 ms  
>> 56.787 ms
>>  5  sea-brdr-02.inet.qwest.net (205.171.26.146)  64.571 ms  66.337 ms  
>> 68.302 ms
>>  6  te8-3-10G.ar5.SEA1.gblx.net (64.208.110.141)  70.348 ms  46.861 ms  
>> 46.739 ms
>>  7  FACEBOOK-INC.TenGigabitEthernet6-2.ar1.PAO2.gblx.net (67.17.162.38)  
>> 60.761 ms  60.192 ms  59.815 ms
>>  8  ae0.bb01.pao1.tfbnw.net (74.119.76.132)  83.289 ms  60.392 ms  61.103 ms
>>  9  xe-7-2-0.bb01.iad1.tfbnw.net (74.119.76.173)  130.024 ms  127.667 
>> ms  128.398 ms
>> 10  ae0.dr01.ash2.tfbnw.net (74.119.76.65)  127.430 ms  127.229 ms  
>> 191.376 ms
>> 11  eth-18-1.csw01.ash2.tfbnw.net (74.119.76.125)  128.114 ms 
>> eth-17-2.csw01a.ash2.tfbnw.net (74.119.76.127)  127.285 ms 
>> eth17-1.csw01b.ash2.tfbnw.net (74.119.76.117)  127.934 ms
>> 12  * * *
>> 13  * * *
>> 14  * * *
>> 15  * * *
>> 16  * * *
>> 17  * * *
>> 18  * * *
>> 19  * * *
>> 20  * * *
>> 21  * * *
>> 22  * * *
>> 23  * * *
>> 24  * * *
>> 25  * * *
>> 26  * * *
>> 27  * * *
>> 28  * * *
>> 29  * * *
>> 30  * * *
>> ray at RaysComputer:~$ whois 74.119.76.117
>>
>> OrgName:    Facebook, Inc.
>> OrgID:      THEFA-3
>> Address:    156 University Ave, 3rd floor
>> City:       Palo Alto
>> StateProv:  CA
>> PostalCode: 94301
>> Country:    US
>>
>> NetRange:   74.119.76.0 - 74.119.79.255
>> CIDR:       74.119.76.0/22
>> OriginAS:   AS32934
>> NetName:    TFBNET4
>> NetHandle:  NET-74-119-76-0-1
>> Parent:     NET-74-0-0-0-0
>> NetType:    Direct Assignment
>> NameServer: DNS04.SF2P.TFBNW.NET
>> NameServer: DNS05.SF2P.TFBNW.NET
>> Comment:   
>> RegDate:    2009-10-28
>> Updated:    2009-11-10
>>
>> OrgTechHandle: OPERA82-ARIN
>> OrgTechName:   Operations
>> OrgTechPhone:  +1-650-543-4800
>> OrgTechEmail:  ops at facebook.com
>>
>> # ARIN WHOIS database, last updated 2010-03-15 20:00
>> # Enter ? for additional hints on searching ARIN's WHOIS database.
>> #
>> # ARIN WHOIS data and services are subject to the Terms of Use
>> # available at https://www.arin.net/whois_tou.html
>> ray at RaysComputer:~$ telnet 74.119.76.117 80
>> Trying 74.119.76.117...
>>
>> ray at RaysComputer:~$ telnet 69.63.181.12 80
>> Trying 69.63.181.12...
>> Connected to 69.63.181.12.
>>
>>
>>
>> Thanks for your quick reply.
>>
>> Later, Ray Parrish
>>     
Ok, moving the profile folder results in Firefox claiming it is already 
running so it cannot start another window... got any other ideas?

Later, Ray Parrish

-- 
Linux dpkg Software Report script set..
http://www.rayslinks.com/LinuxdpkgSoftwareReport.html
Ray's Links, a variety of links to usefull things, and articles by Ray.
http://www.rayslinks.com
Writings of "The" Schizophrenic, what it's like to be a schizo, and other
things, including my poetry.
http://www.writingsoftheschizophrenic.com

More information about the ubuntu-users mailing list