Security: Preventing Browser Redirects / Hijackers
Lately I have had recurring problems with browser hijackers redirecting my searches from Google and Bing.
This is about how I got rid of it.
TLDR:
Open Chrome extensions (under Chrome settings), look for a "color picker" type extension, delete it. Extra points if you report it for abuse first.
Here's where I found the solution: https://superuser.com/questions/1734...edirecting-com
TLRA:
I installed a color picker years ago. But the malicious behavior only started recently. Whether an old extension was hijacked or whether this was a malicious install I don't know. I don't remember getting rid of the old one. But that doesn't mean anything.
Previously I posted about the same thing and "solved" it by deleting my old cookies. But clearly that only solved that one instance of it, without solving the root cause
https://www.kubuntuforums.net/forum/...owser-hijacker
Symptoms:
You begin in some big well known search engine, and when you click search the tab blanks with "about:blank" in the address bar, for a very short moment "www.getsearchredirecting.com" appears in the address bar, then you end up at some rando search engine like "mobiletips.in". Strongly recommend you NOT click on anything on that tab.
Solutions:
sudo ufw deny to [rando ip address]
sudo ufw deny from [rando ip address
If you don't have ufw enabled, then read up on it and get it working. It's easy and covered elsewhere.
Note: the use of hosts.allow and hosts.deny files are ( I have heard ) deprecated. Universal Firewall has taken over that responsibility.
Additional Info Sought:
I know this is a very short and incomplete guide. If you have anything to add, please add it.
This is about how I got rid of it.
TLDR:
Open Chrome extensions (under Chrome settings), look for a "color picker" type extension, delete it. Extra points if you report it for abuse first.
Here's where I found the solution: https://superuser.com/questions/1734...edirecting-com
TLRA:
I installed a color picker years ago. But the malicious behavior only started recently. Whether an old extension was hijacked or whether this was a malicious install I don't know. I don't remember getting rid of the old one. But that doesn't mean anything.
Previously I posted about the same thing and "solved" it by deleting my old cookies. But clearly that only solved that one instance of it, without solving the root cause
https://www.kubuntuforums.net/forum/...owser-hijacker
Symptoms:
You begin in some big well known search engine, and when you click search the tab blanks with "about:blank" in the address bar, for a very short moment "www.getsearchredirecting.com" appears in the address bar, then you end up at some rando search engine like "mobiletips.in". Strongly recommend you NOT click on anything on that tab.
Solutions:
- Kill all color picker extensions.
- Look up the IP address of the rando search engine and block it in Universal Firewall.
sudo ufw deny to [rando ip address]
sudo ufw deny from [rando ip address
If you don't have ufw enabled, then read up on it and get it working. It's easy and covered elsewhere.
Note: the use of hosts.allow and hosts.deny files are ( I have heard ) deprecated. Universal Firewall has taken over that responsibility.
Additional Info Sought:
- Is it advisable to ban IP address using the iptables command per https://www.cyberciti.biz/faq/linux-...inst-iptables/ ?
- Is there an existing service or list to mass block malicious sites ?
- Is there a way to block specific domain names?
- How can a malicious extension be added to Chromium without my knowing?
I know this is a very short and incomplete guide. If you have anything to add, please add it.