PDA

View Full Version : [SOLVED] Ads in notifier?



mvandemar
1st July 2017, 04:31 AM
Today, for the first time ever, I got an actual ad in my notifier:

http://i.imgur.com/8fhl7Eq.png

When I clicked on it I was brought to Amazon with a tracking link:


https://www.amazon.com/dp/b019fn63dk/?&tag=tomshardware_onesignal-20

1) I don't know if this was the initial link, or if the first click brought me somewhere else first. Is there any way to view past notifications, a log of what shows and what process initiated it?

2) Do I have actual adware on Fedora? I have never seen this before.

3) Has anyone else experienced this?

Thanks.

-Michael

PS Running clamav right now to see if anything pops up, just to be safe.

antikythera
1st July 2017, 08:06 AM
Is that an email notification? adware doesn't ship with fedora and as far as I am aware they haven't started entering agreements with Amazon or anyone else to bombard users with adverts.

the only way you'd get such a notification is from email or another application you've installed.

what are those 3 icons to the top right? the round one looks suspiciously like Cortana

mvandemar
1st July 2017, 07:51 PM
Is that an email notification?

Nope. Direct link to a product, as I said.


adware doesn't ship with fedora and as far as I am aware they haven't started entering agreements with Amazon or anyone else to bombard users with adverts.

I wasn't aware of any either, but I know (or seem to recall anyway) that Ubuntu started something or other like that a couple years back.


the only way you'd get such a notification is from email or another application you've installed.

Again, is there a way to read old notifications and see what triggered them? Is there any kind of log? Or any way to search the event log to see what might have caused it? I have the timestamp on the screenshot which would at least help me narrow down the window on when it happened.


what are those 3 icons to the top right? the round one looks suspiciously like Cortana

Hamster time tracker, deluge, and pidgin.

-Michael

mvandemar
2nd July 2017, 01:53 AM
And it happened again:

http://i.imgur.com/0GVJXsc.png

clamav is still running, because I didn't realize that when it got to /run/media it would start scanning my other mounted drives, and there are a ton of files to go through on those.

Edit: This is the update history of the last update prior to the ads showing, does anything look off here?



$ sudo dnf history info 155
Transaction ID : 155
Begin time : Thu Jun 29 11:49:47 2017
Begin rpmdb : {snipped}
End time : 11:50:35 2017 (48 seconds)
End rpmdb : {snipped}
User : {snipped}
Return-Code : Success
Command Line : update
Transaction performed with:
Installed dnf-1.1.10-6.fc25.noarch @updates
Installed rpm-4.13.0.1-1.fc25.x86_64 @updates
Packages Altered:
Upgraded c-ares-1.12.0-1.fc25.x86_64 @anaconda
Upgrade 1.13.0-1.fc25.x86_64 @updates
Upgraded flatpak-0.9.5-1.fc25.x86_64 @updates
Upgrade 0.9.6-1.fc25.x86_64 @updates
Upgraded flatpak-libs-0.9.5-1.fc25.x86_64 @updates
Upgrade 0.9.6-1.fc25.x86_64 @updates
Upgrade graphite2-1.3.10-1.fc25.i686 @updates
Upgrade graphite2-1.3.10-1.fc25.x86_64 @updates
Upgraded graphite2-1.3.6-1.fc25.i686 @fedora
Upgraded graphite2-1.3.6-1.fc25.x86_64 @anaconda
Upgrade graphite2-devel-1.3.10-1.fc25.x86_64 @updates
Upgraded graphite2-devel-1.3.6-1.fc25.x86_64 @fedora
Upgraded gstreamer1-libav-1.10.4-1.fc25.x86_64 @rpmfusion-free-updates
Upgrade 1.10.5-1.fc25.x86_64 @rpmfusion-free-updates
Upgraded gstreamer1-libav-devel-docs-1.10.4-1.fc25.noarch @rpmfusion-free-updates
Upgrade 1.10.5-1.fc25.noarch @rpmfusion-free-updates
Upgraded gstreamer1-plugins-bad-freeworld-1.10.4-1.fc25.x86_64 @rpmfusion-free-updates
Upgrade 1.10.5-1.fc25.x86_64 @rpmfusion-free-updates
Upgraded gstreamer1-plugins-bad-nonfree-1.10.4-1.fc25.x86_64 @rpmfusion-nonfree-updates
Upgrade 1.10.5-1.fc25.x86_64 @rpmfusion-nonfree-updates
Upgraded gstreamer1-plugins-ugly-1.10.4-3.fc25.x86_64 @rpmfusion-free-updates
Upgrade 1.10.5-1.fc25.x86_64 @rpmfusion-free-updates
Upgraded gstreamer1-plugins-ugly-devel-docs-1.10.4-3.fc25.noarch @rpmfusion-free-updates
Upgrade 1.10.5-1.fc25.noarch @rpmfusion-free-updates
Upgraded gstreamer1-plugins-ugly-free-1.10.4-3.fc25.x86_64 @updates
Upgrade 1.10.5-1.fc25.x86_64 @updates
Upgraded libinput-1.6.3-5.fc25.x86_64 @updates
Upgrade 1.6.3-6.fc25.x86_64 @updates
Upgraded nemo-3.4.3-2.fc25.x86_64 @updates
Upgrade 3.4.4-2.fc25.x86_64 @updates
Upgraded nemo-extensions-3.4.3-2.fc25.x86_64 @updates
Upgrade 3.4.4-2.fc25.x86_64 @updates
Upgraded perl-Errno-1.25-385.fc25.x86_64 @updates
Upgrade 1.25-386.fc25.x86_64 @updates
Upgraded perl-IO-1.36-385.fc25.x86_64 @updates
Upgrade 1.36-386.fc25.x86_64 @updates
Upgraded perl-Math-Complex-1.59-385.fc25.noarch @updates
Upgrade 1.59-386.fc25.noarch @updates
Upgraded perl-Net-Ping-2.43-385.fc25.noarch @updates
Upgrade 2.43-386.fc25.noarch @updates
Upgraded perl-Pod-Html-1.22.01-385.fc25.noarch @updates
Upgrade 1.22.01-386.fc25.noarch @updates
Upgraded perl-open-1.10-385.fc25.noarch @updates
Upgrade 1.10-386.fc25.noarch @updates
Upgraded unrar-5.4.5-1.fc25.x86_64 @rpmfusion-nonfree
Upgrade 5.5.5-1.fc25.x86_64 @rpmfusion-nonfree-updates
Upgraded vlc-3.0.0-0.26snap.20170601git.fc25.x86_64 @rpmfusion-free-updates
Upgrade 3.0.0-0.28.git20170622.fc25.x86_64 @rpmfusion-free-updates
Upgraded vlc-core-3.0.0-0.26snap.20170601git.fc25.x86_64 @rpmfusion-free-updates
Upgrade 3.0.0-0.28.git20170622.fc25.x86_64 @rpmfusion-free-updates
Upgraded autocorr-en-1:5.2.7.2-3.fc25.noarch @updates
Upgrade 1:5.2.7.2-4.fc25.noarch @updates
Upgraded libreoffice-calc-1:5.2.7.2-3.fc25.x86_64 @updates
Upgrade 1:5.2.7.2-4.fc25.x86_64 @updates
Upgraded libreoffice-core-1:5.2.7.2-3.fc25.x86_64 @updates
Upgrade 1:5.2.7.2-4.fc25.x86_64 @updates
Upgraded libreoffice-data-1:5.2.7.2-3.fc25.noarch @updates
Upgrade 1:5.2.7.2-4.fc25.noarch @updates
Upgraded libreoffice-draw-1:5.2.7.2-3.fc25.x86_64 @updates
Upgrade 1:5.2.7.2-4.fc25.x86_64 @updates
Upgraded libreoffice-emailmerge-1:5.2.7.2-3.fc25.x86_64 @updates
Upgrade 1:5.2.7.2-4.fc25.x86_64 @updates
Upgraded libreoffice-filters-1:5.2.7.2-3.fc25.x86_64 @updates
Upgrade 1:5.2.7.2-4.fc25.x86_64 @updates
Upgraded libreoffice-graphicfilter-1:5.2.7.2-3.fc25.x86_64 @updates
Upgrade 1:5.2.7.2-4.fc25.x86_64 @updates
Upgraded libreoffice-gtk2-1:5.2.7.2-3.fc25.x86_64 @updates
Upgrade 1:5.2.7.2-4.fc25.x86_64 @updates
Upgraded libreoffice-gtk3-1:5.2.7.2-3.fc25.x86_64 @updates
Upgrade 1:5.2.7.2-4.fc25.x86_64 @updates
Upgraded libreoffice-impress-1:5.2.7.2-3.fc25.x86_64 @updates
Upgrade 1:5.2.7.2-4.fc25.x86_64 @updates
Upgraded libreoffice-langpack-en-1:5.2.7.2-3.fc25.x86_64 @updates
Upgrade 1:5.2.7.2-4.fc25.x86_64 @updates
Upgraded libreoffice-math-1:5.2.7.2-3.fc25.x86_64 @updates
Upgrade 1:5.2.7.2-4.fc25.x86_64 @updates
Upgraded libreoffice-ogltrans-1:5.2.7.2-3.fc25.x86_64 @updates
Upgrade 1:5.2.7.2-4.fc25.x86_64 @updates
Upgraded libreoffice-opensymbol-fonts-1:5.2.7.2-3.fc25.noarch @updates
Upgrade 1:5.2.7.2-4.fc25.noarch @updates
Upgraded libreoffice-pdfimport-1:5.2.7.2-3.fc25.x86_64 @updates
Upgrade 1:5.2.7.2-4.fc25.x86_64 @updates
Upgraded libreoffice-pyuno-1:5.2.7.2-3.fc25.x86_64 @updates
Upgrade 1:5.2.7.2-4.fc25.x86_64 @updates
Upgraded libreoffice-ure-1:5.2.7.2-3.fc25.x86_64 @updates
Upgrade 1:5.2.7.2-4.fc25.x86_64 @updates
Upgraded libreoffice-ure-common-1:5.2.7.2-3.fc25.noarch @updates
Upgrade 1:5.2.7.2-4.fc25.noarch @updates
Upgraded libreoffice-writer-1:5.2.7.2-3.fc25.x86_64 @updates
Upgrade 1:5.2.7.2-4.fc25.x86_64 @updates
Upgraded libreoffice-x11-1:5.2.7.2-3.fc25.x86_64 @updates
Upgrade 1:5.2.7.2-4.fc25.x86_64 @updates
Upgraded libreoffice-xsltfilter-1:5.2.7.2-3.fc25.x86_64 @updates
Upgrade 1:5.2.7.2-4.fc25.x86_64 @updates
Upgraded libreofficekit-1:5.2.7.2-3.fc25.x86_64 @updates
Upgrade 1:5.2.7.2-4.fc25.x86_64 @updates
Upgraded nfs-utils-1:2.1.1-5.rc3.fc25.x86_64 @updates
Upgrade 1:2.1.1-5.rc4.fc25.x86_64 @updates
Upgraded perl-IO-Zlib-1:1.10-385.fc25.noarch @updates
Upgrade 1:1.10-386.fc25.noarch @updates
Upgraded perl-Locale-Maketext-Simple-1:0.21-385.fc25.noarch @updates
Upgrade 1:0.21-386.fc25.noarch @updates
Upgraded perl-4:5.24.1-385.fc25.x86_64 @updates
Upgrade 4:5.24.1-386.fc25.x86_64 @updates
Upgraded perl-devel-4:5.24.1-385.fc25.x86_64 @updates
Upgrade 4:5.24.1-386.fc25.x86_64 @updates
Upgraded perl-libs-4:5.24.1-385.fc25.x86_64 @updates
Upgrade 4:5.24.1-386.fc25.x86_64 @updates
Upgraded perl-macros-4:5.24.1-385.fc25.x86_64 @updates
Upgrade 4:5.24.1-386.fc25.x86_64 @updates


-Michael

nonamedotc
2nd July 2017, 03:15 AM
So, what web browser are you using? Do you have browser notifications enabled?

Are you on Tom's Hardware by any chance when you see these ads? This is based on the URL you have posted.

mvandemar
2nd July 2017, 03:20 AM
So, what web browser are you using?

Firefox and rarely Chrome, but Chrome not open at all today.


Do you have browser notifications enabled?

Not that I am aware of. This is new, and nothing has changed as far as my browser goes, but how would I check that to be sure?


Are you on Tom's Hardware by any chance when you see these ads? This is based on the URL you have posted.

No, but I did visit tomshardware.com yesterday a few hours before the first notification, so possibly related. How would they be showing notifications in notifier though, especially a full day after I visited the site?

Edit: no running processes referencing "toms", not sure that means much though:


$ ps aux | grep toms
mvandem+ 10005 0.0 0.0 119400 956 pts/3 S+ 22:21 0:00 grep --color=auto toms

-Michael

dd_wizard
2nd July 2017, 04:14 AM
Do you use Thunderbird and it's gnotifier extension? That can pop email headers up as gnome notifications.

dd_wizard

mvandemar
2nd July 2017, 04:38 AM
Do you use Thunderbird and it's gnotifier extension? That can pop email headers up as gnome notifications.

dd_wizard

These are not email notifications, and there are no emails with those ads in them. I do use Thunderbird.

-Michael

ocratato
2nd July 2017, 06:56 AM
I was just looking at this: https://developer.mozilla.org/en/docs/Web/API/notification

One of the properties of a notification is a timestamp which may be in the future and specifies when the notification should be shown. A web page could set up a notification that pops up at some future time - which appears to be what is happening.

It also has an "on-click" property that can do things like open a web page - which could then set a new notification - ad nauseum.

I suspect you may need to restart Firefox to break the cycle.

mvandemar
2nd July 2017, 06:07 PM
I was just looking at this: https://developer.mozilla.org/en/docs/Web/API/notification

One of the properties of a notification is a timestamp which may be in the future and specifies when the notification should be shown. A web page could set up a notification that pops up at some future time - which appears to be what is happening.

It also has an "on-click" property that can do things like open a web page - which could then set a new notification - ad nauseum.

I suspect you may need to restart Firefox to break the cycle.

Thank you, that helps. It actually looks like restarting may not be enough. According to this KB:

https://support.mozilla.org/en-US/kb/push-notifications-firefox


What is Web Push?

Web Push is an optional feature that allows websites to send you messages even when the site isnít loaded. Sites can use this feature to provide you with notifications or update data in the background.

Which is some serious BS if you ask me, and they should be much more clear about that capability imo. However, when I go to look at tomshardware, it's saying I haven't actually granted them any permissions, which I would think would have had to happen for them to be able to do this:

http://i.imgur.com/WPcR4jW.png

Still looking to see if I can find where in the settings it lists all sites with permissions to pull something like this. Also, clamscan finally finished, didn't find anything that would explain this.

-Michael

mvandemar
2nd July 2017, 06:50 PM
Found it. Using the steps here I was able to list all of the sites that were either denied or allowed:

https://support.mozilla.org/en-US/kb/push-notifications-firefox#w_how-do-i-revoke-web-push-permissions-from-a-specific-site

And I can see that tomshardware is using extra sites beyind the .com to spread these ads:

https://tomshardware.onesignal.com
https://tomshardware.os.tc

Looks like you can globally disable notifications by going to about:config setting dom.webnotifications.enabled to false, which is what I am doing now. Thanks guys!

-Michael